Integrated plan generation and recognition : a logic-based approach

The work we present in this paper is settled within the field of intelligent help systems. Intelligent help systems aim at supporting users of application systems by the achievements of qualified experts. In order to provide such qualified support our approach is based on the integration of plan generation and plan recognition components. Plan recognition in this context serves to identify the users goals and so forms the basis for an active user support. The planning component dynamically generates plans which are proposed for the user to reach her goal. We introduce a logic-based approach where plan generation and plan recognition is done on a common logical basis and both components work in some kind of cross-talk

Detecting Data-Flow Errors in BPMN 2.0

Data-flow errors in BPMN 2.0 process models, such as missing or unused data, lead to undesired process executions. In particular, since BPMN 2.0 with a standardized execution semantics allows specifying alternatives for data as well as optional data, identifying missing or unused data systematically is difficult. In this paper, we propose an approach for detecting data-flow errors in BPMN 2.0 process models. We formalize BPMN process models by mapping them to Petri Nets and unfolding the execution semantics regarding data. We define a set of anti-patterns representing data-flow errors of BPMN 2.0 process models. By employing the anti-patterns, our tool performs model checking for the unfolded Petri Nets. The evaluation shows that it detects all data-flow errors identified by hand, and so improves process quality

Detecting Data-Flow Errors in BPMN 2.0

Data-flow errors in BPMN 2.0 process models, such as missing or unused data, lead to undesired process executions. In particular, since BPMN 2.0 with a standardized execution semantics allows specifying alternatives for data as well as optional data, identifying missing or unused data systematically is difficult. In this paper, we propose an approach for detecting data-flow errors in BPMN 2.0 process models. We formalize BPMN process models by mapping them to Petri Nets and unfolding the execution semantics regarding data. We define a set of anti-patterns representing data-flow errors of BPMN 2.0 process models. By employing the anti-patterns, our tool performs model checking for the unfolded Petri Nets. The evaluation shows that it detects all data-flow errors identified by hand, and so improves process quality

Traceability of Requirements and Software Architecture for Change Management

At the present day, software systems get more and more complex. The requirements of software systems change continuously and new requirements emerge frequently. New and/or modified requirements are integrated with the existing ones, and adaptations to the architecture and source code of the system are made. The process of integration of the new/modified requirements and adaptations to the software system is called change management. The size and complexity of software systems make change management costly and time consuming. To reduce the cost of changes, it is important to apply change management as early as possible in the software development cycle. Requirements traceability is considered crucial in change management for establishing and maintaining consistency between software development artifacts. It is the ability to link requirements back to stakeholders’ rationales and forward to corresponding design artifacts, code, and test cases. When changes for the requirements of the software system are proposed, the impact of these changes on other requirements, design elements and source code should be traced in order to determine parts of the software system to be changed. Determining the impact of changes on the parts of development artifacts is called change impact analysis. Change impact analysis is applicable to many development artifacts like requirements documents, detailed design, source code and test cases. Our focus is change impact analysis in requirements and software architecture. The need for change impact analysis is observed in both requirements and software architecture. When a change is introduced to a requirement, the requirements engineer needs to find out if any other requirement related to the changed requirement is impacted. After determining the impacted requirements, the software architect needs to identify the impacted architectural elements by tracing the changed requirements to software architecture. It is hard, expensive and error prone to manually trace impacted requirements and architectural elements from the changed requirements. There are tools and approaches that automate change impact analysis like IBM Rational RequisitePro and DOORS. In most of these tools, traces are just simple relations and their semantics is not considered. Due to the lack of semantics of traces in these tools, all requirements and architectural elements directly or indirectly traced from the changed requirement are candidate impacted. The requirements engineer has to inspect all these candidate impacted requirements and architectural elements to identify changes if there are any. In this thesis we address the following problems which arise in performing change impact analysis for requirements and software architecture. Explosion of impacts in requirements after a change in requirements. In practice, requirements documents are often textual artifacts with implicit structure. Most of the relations among requirements are not given explicitly. There is a lack of precise definition of relations among requirements in most tools and approaches. Due to the lack of semantics of requirements relations, change impact analysis may produce high number of false positive and false negative impacted requirements. A requirements engineer may have to analyze all requirements in the requirements document for a single change. This may result in neglecting the actual impact of a change. Manual, expensive and error prone trace establishment. Considerable research has been devoted to relating requirements and design artifacts with source code. Less attention has been paid to relating Requirements (R) with Architecture (A) by using well-defined semantics of traces. Designing architecture based on requirements is a problem solving process that relies on human experience and creativity, and is mainly manual. The software architect may need to manually assign traces between R&A. Manual trace assignment is time-consuming, expensive and error prone. The assigned traces might be incomplete and invalid. Explosion of impacts in software architecture after a change in requirements. Due to the lack of semantics of traces between R&A, change impact analysis may produce high number of false positive and false negative impacted architectural elements. A software architect may have to analyze all architectural elements in the architecture for a single requirements change. In this thesis we propose an approach that reduces the explosion of impacts in R&A. The approach employs semantic information of traces and is supported by tools. We consider that every relation between software development artifacts or between elements in these artifacts can play the role of a trace for a certain traceability purpose like change impact analysis. We choose Model Driven Engineering (MDE) as a solution platform for our approach. MDE provides a uniform treatment of software artifacts (e.g. requirements documents, software design and test documents) as models. It also enables using different formalisms to reason about development artifacts described as models. To give an explicit structure to requirements documents and treat requirements, architecture and traces in a uniform way, we use metamodels and models with formally defined semantics. The thesis provides the following contributions: A modeling language for definition of requirements models with formal semantics. The language is defined according to the MDE principles by defining a metamodel. It is based on a survey about the most commonly found requirements types and relation types. With this language, the requirements engineer can explicitly specify the requirements and the relations among them. The semantics of these entities is given in First Order Logic (FOL) and allows two activities. First, new relations among requirements can be inferred from the initial set of relations. Second, requirements models can be automatically checked for consistency of the relations. Tool for Requirements Inferencing and Consistency Checking (TRIC) is developed to support both activities. The defined semantics is used in a technique for change impact analysis in requirements models. A change impact analysis technique for requirements using semantics of requirements relations and requirements change types. The technique aims at solving the problem of explosion of impacts in requirements when semantics of requirements relations is missing. The technique uses formal semantics of requirements relations and requirements change types. A classification of requirements changes based on the structure of a textual requirement is given and formalized. The semantics of requirements change types is based on FOL. We support three activities for impact analysis. First, the requirements engineer proposes changes according to the change classification before implementing the actual changes. Second, the requirements engineer indentifies the propagation of the changes to related requirements. The change alternatives in the propagation are determined based on the semantics of change types and requirements relations. Third, possible contradicting changes are identified. We extend TRIC with a support for these activities. The tool automatically determines the change propagation paths, checks the consistency of the changes, and suggests alternatives for implementing the change. A technique that provides trace establishment between R&A by using architecture verification and semantics of traces. It is hard, expensive and error prone to manually establish traces between R&A. We present an approach that provides trace establishment by using architecture verification together with semantics of requirements relations and traces. We use a trace metamodel with commonly used trace types. The semantics of traces is formalized in FOL. Software architectures are expressed in the Architecture Analysis and Design Language (AADL). AADL is provided with a formal semantics expressed in Maude. The Maude tool set allows simulation and verification of architectures. The first way to establish traces is to use architecture verification techniques. A given requirement is reformulated as a property in terms of the architecture. The architecture is executed and a state space is produced. This execution simulates the behavior of the system on the architectural level. The property derived from the requirement is checked by the Maude model checker. Traces are generated between the requirement and the architectural components used in the verification of the property. The second way to establish traces is to use the requirements relations together with the semantics of traces. Requirements relations are reflected in the connections among the traced architectural elements based on the semantics of traces. Therefore, new traces are inferred from existing traces by using requirements relations. We use semantics of requirements relations and traces to both generate/validate traces and generate/validate requirements relations. There is a tool support for our approach. The tool provides the following: (1) generation/validation of traces by using requirements relations and/or verification of architecture, (2) generation/validation of requirements relations by using traces. A change impact analysis technique for software architecture using architecture verification and semantics of traces between R&A. The software architect needs to identify the impacted architectural elements after requirements change. We present a change impact analysis technique for software architecture using architecture verification and semantics of traces. The technique is semi-automatic and requires participation of the software architect. Our technique has two parts. The first part is to identify the architectural elements that implement the system properties to which proposed requirements changes are introduced. By having the formal semantics of requirements relations and traces, we identify which parts of software architecture are impacted by a proposed change in requirements. We have extended TRIC for determining candidate impacted architectural elements. The second part of our technique is to propose possible changes for software architecture when the software architecture does not satisfy the new and/or changed requirements. The technique is based on architecture verification. The output of verification is a counter example if the requirements are not satisfied. The counter example is used with a classification of architectural changes in order to propose changes in the software architecture. These changes produce a new version of the architecture that possibly satisfies the new or the changed requirements

Heterogeneous verification of model transformations

Esta tesis trata sobre la verificación formal en el contexto de la Ingeniería Dirigida por Modelos (MDE por sus siglas en inglés). El paradigma propone un ciclo de vida de la ingeniería de software basado en una abstracción de su complejidad a través de la definición de modelos y en un proceso de construcción (semi)automático guiado por transformaciones de estos modelos. Nuestro propósito es abordar la verificación de transformaciones de modelos la cual incluye, por extensión, la verificación de sus modelos. Comenzamos analizando la literatura relacionada con la verificación de transformaciones de modelos para concluir que la heterogeneidad de las propiedades que interesa verificar y de los enfoques para hacerlo, sugiere la necesidad de utilizar diversos dominios lógicos, lo cual es la base de nuestra propuesta. En algunos casos puede ser necesario realizar una verificación heterogénea, es decir, utilizar diferentes formalismos para la verificación de cada una de las partes del problema completo. Además, es beneficioso permitir a los expertos formales elegir el dominio en el que se encuentran más capacitados para llevar a cabo una prueba formal. El principal problema reside en que el mantenimiento de múltiples representaciones formales de los elementos de MDE en diferentes dominios lógicos, puede ser costoso si no existe soporte automático o una relación formal clara entre estas representaciones. Motivados por esto, definimos un entorno unificado que permite la verificación formal transformaciones de modelos mediante el uso de métodos de verificación heterogéneos, de forma tal que es posible automatizar la traducción formal de los elementos de MDE entre dominios logicos. Nos basamos formalmente en la Teoría de Instituciones, la cual proporciona una base sólida para la representación de los elementos de MDE (a través de instituciones) sin depender de ningúningún dominio lógico específico. También proporciona una forma de especificar traducciones (a través de comorfismos) que preservan la semántica entre estos elementos y otros dominios lógicos. Nos basamos en estándares para la especificación de los elementos de MDE. De hecho, definimos una institución para la buena formación de los modelos especificada con una versión simplificada del MetaObject Facility y otra institución para transformaciones utilizando Query/View/Transformation Relations. No obstante, la idea puede ser generalizada a otros enfoques de transformación y lenguajes.Por último, demostramos la viabilidad del entorno mediante el desarrollo de un prototipo funcional soportado por el Heterogeneous Tool Set (HETS). HETS permite realizar una especificación heterogénea y provee facilidades para el monitoreo de su corrección global. Los elementos de MDE se conectan con otras lógicas ya soportadas en HETS (por ejemplo: lógica de primer orden, lógica modal, entre otras) a través del Common Algebraic Specification Language (CASL). Esta conexión se expresa teóricamente mediante comorfismos desde las instituciones de MDE a la institución subyacente en CASL. Finalmente, discutimos las principales contribuciones de la tesis. Esto deriva en futuras líneas de investigación que contribuyen a la adopción de métodos formales para la verificación en el contexto de MDE.This thesis is about formal verification in the context of the Model-Driven Engineering (MDE) paradigm. The paradigm proposes a software engineering life-cycle based on an abstraction from its complexity by defining models, and on a (semi)automatic construction process driven by model transformations. Our purpose is to address the verification of model transformations which includes, by extension, the verification of their models. We first review the literature on the verification of model transformations to conclude that the heterogeneity we find in the properties of interest to verify, and in the verification approaches, suggests the need of using different logical domains, which is the base of our proposal. In some cases it can be necessary to perform a heterogeneous verification, i.e. using different formalisms for the verification of each part of the whole problem. Moreover, it is useful to allow formal experts to choose the domain in which they are more skilled to address a formal proof. The main problem is that the maintenance of multiple formal representations of the MDE elements in different logical domains, can be expensive if there is no automated assistance or a clear formal relation between these representations. Motivated by this, we define a unified environment that allows formal verification of model transformations using heterogeneous verification approaches, in such a way that the formal translations of the MDE elements between logical domains can be automated. We formally base the environment on the Theory of Institutions, which provides a sound basis for representing MDE elements (as so called institutions) without depending on any specific logical domain. It also provides a way for specifying semantic-preserving translations (as so called comorphisms) from these elements to other logical domains. We use standards for the specification of the MDE elements. In fact, we define an institution for the well-formedness of models specified with a simplified version of the MetaObject Facility, and another institution for Query/View/Transformation Relations transformations. However, the idea can be generalized to other transformation approaches and languages. Finally, we evidence the feasibility of the environment by the development of a functional prototype supported by the Heterogeneous Tool Set (HETS). HETS supports heterogeneous specifications and provides capabilities for monitoring their overall correctness. The MDE elements are connected to the other logics already supported in HETS (e.g. first-order logic, modal logic, among others) through the Common Algebraic Specification Language (CASL). This connection is defined by means of comorphisms from the MDE institutions to the underlying institution of CASL. We carry out a final discussion of the main contributions of this thesis. This results in future research directions which contribute with the adoption of formal tools for the verification in the context of MDE

1st doctoral symposium of the international conference on software language engineering (SLE) : collected research abstracts, October 11, 2010, Eindhoven, The Netherlands

The first Doctoral Symposium to be organised by the series of International Conferences on Software Language Engineering (SLE) will be held on October 11, 2010 in Eindhoven, as part of the 3rd instance of SLE. This conference series aims to integrate the different sub-communities of the software-language engineering community to foster cross-fertilisation and strengthen research overall. The Doctoral Symposium at SLE 2010 aims to contribute towards these goals by providing a forum for both early and late-stage Ph.D. students to present their research and get detailed feedback and advice from researchers both in and out of their particular research area. Consequently, the main objectives of this event are: – to give Ph.D. students an opportunity to write about and present their research; – to provide Ph.D. students with constructive feedback from their peers and from established researchers in their own and in different SLE sub-communities; – to build bridges for potential research collaboration; and – to foster integrated thinking about SLE challenges across sub-communities. All Ph.D. students participating in the Doctoral Symposium submitted an extended abstract describing their doctoral research. Based on a good set of submisssions we were able to accept 13 submissions for participation in the Doctoral Symposium. These proceedings present final revised versions of these accepted research abstracts. We are particularly happy to note that submissions to the Doctoral Symposium covered a wide range of SLE topics drawn from all SLE sub-communities. In selecting submissions for the Doctoral Symposium, we were supported by the members of the Doctoral-Symposium Selection Committee (SC), representing senior researchers from all areas of the SLE community.We would like to thank them for their substantial effort, without which this Doctoral Symposium would not have been possible. Throughout, they have provided reviews that go beyond the normal format of a review being extra careful in pointing out potential areas of improvement of the research or its presentation. Hopefully, these reviews themselves will already contribute substantially towards the goals of the symposium and help students improve and advance their work. Furthermore, all submitting students were also asked to provide two reviews for other submissions. The members of the SC went out of their way to comment on the quality of these reviews helping students improve their reviewing skills

Translating between Alloy specifications and UML class diagrams annotated with OCL

Model-driven engineering (MDE) is a software engineering approach based on model transformations at different abstraction levels. It prescribes the development of software by successively transforming the models from abstract (specifications) to more concrete ones (code). Alloy is an increasingly popular lightweight formal specification language that supports automatic verification. Unfortunately, its widespread industrial adoption is hampered by the lack of an ecosystem of MDE tools, namely code generators. This paper presents a model transformation from Alloy to UML class diagrams annotated with OCL (UML+OCL) and shows how an existing transformation from UML+OCL to Alloy can be improved to handle dynamic issues. The proposed bidirectional transformation enables a smooth integration of Alloy in the current MDE contexts, by allowing UML+OCL specifications to be transformed to Alloy for validation and verification, to correct and possibly refine them inside Alloy, and to translate them back to UML+OCL for sharing with stakeholders or to reuse current model-driven architecture tools to refine them toward code.This work was funded by European Regional Development Fund (ERDF) through the COMPETE Programme (operational program for competitiveness) and by national funds through the FCT (Fundaaco para a Ciencia e a Tecnologia-portuguese Foundation for Science and Technology) within project FCOMP-01-0124-FEDER-020532. Part of the work was done while the first author was visiting the Software Design Group at CSAIL, MIT, USA, funded by FCT sabbatical grant SFRH/BSAB/1187/2011. The second author was also partially supported by QREN (the portuguese National Strategy Reference Chart) project 1621, while visiting the High-Assurance Software Laboratory at Universidade do Minho, Portugal. Finally, we would also like to thank all anonymous reviewers for the valuable comments and suggestions

1st doctoral symposium of the international conference on software language engineering (SLE) : collected research abstracts, October 11, 2010, Eindhoven, The Netherlands

The first Doctoral Symposium to be organised by the series of International Conferences on Software Language Engineering (SLE) will be held on October 11, 2010 in Eindhoven, as part of the 3rd instance of SLE. This conference series aims to integrate the different sub-communities of the software-language engineering community to foster cross-fertilisation and strengthen research overall. The Doctoral Symposium at SLE 2010 aims to contribute towards these goals by providing a forum for both early and late-stage Ph.D. students to present their research and get detailed feedback and advice from researchers both in and out of their particular research area. Consequently, the main objectives of this event are: – to give Ph.D. students an opportunity to write about and present their research; – to provide Ph.D. students with constructive feedback from their peers and from established researchers in their own and in different SLE sub-communities; – to build bridges for potential research collaboration; and – to foster integrated thinking about SLE challenges across sub-communities. All Ph.D. students participating in the Doctoral Symposium submitted an extended abstract describing their doctoral research. Based on a good set of submisssions we were able to accept 13 submissions for participation in the Doctoral Symposium. These proceedings present final revised versions of these accepted research abstracts. We are particularly happy to note that submissions to the Doctoral Symposium covered a wide range of SLE topics drawn from all SLE sub-communities. In selecting submissions for the Doctoral Symposium, we were supported by the members of the Doctoral-Symposium Selection Committee (SC), representing senior researchers from all areas of the SLE community.We would like to thank them for their substantial effort, without which this Doctoral Symposium would not have been possible. Throughout, they have provided reviews that go beyond the normal format of a review being extra careful in pointing out potential areas of improvement of the research or its presentation. Hopefully, these reviews themselves will already contribute substantially towards the goals of the symposium and help students improve and advance their work. Furthermore, all submitting students were also asked to provide two reviews for other submissions. The members of the SC went out of their way to comment on the quality of these reviews helping students improve their reviewing skills

A Case Study in Formal System Engineering with SysML

International audienceIn the development of complex critical systems, an important source of errors is the misinterpretation of system requirements allocated to the software, due to inadequate communication between system engineering teams and software teams. In response, organizations that develop such systems are searching for solutions allowing formal system engineering and system to software bridging, based on standard languages like SysML. As part of this effort, we have defined a formal profile for SysML (OMEGA SysML) and we have built a simulation and verification toolbox for this profile (IFx). This paper reports on the experience of modelling and validating an industry-grade system, the Solar Generation System (SGS) of the Automated Transfer Vehicle (ATV) built by Astrium, using IFx-OMEGA. The experience reveals what can currently be expected from such an approach and what are the weak points that should be addressed by future research and development