Toward a decision support system for the clinical pathways assessment

This paper presents a decision support system to be used in hospital management taskswhich is based on the clinical pathways. We propose a very simple graphical modeling lan-guage based on a small number of primitive elements through which the medical doctorscould introduce a clinical pathway for a specific disease. Three essential aspects relatedto a clinical pathway can be specified in this language: (1) patient flow; (2) resource uti-lization; and (3) information interchange. This high-level language is a domain specificmodeling language calledHealthcare System Specification (HSS), and it is defined as anUnified Modeling Language (UML) profile. A model to model transformation is also pro-posed in order to obtain, from the pathways HSS specification, a Stochastic Well-formedNet (SWN) model that enables a formal analysis of the modeled system and, if needed, toapply synthesis methods enforcing specified requirements. The transformation is based onthe application of local rules. The clinical pathway of hip fracture from the “Lozano Blesa”University hospital in Zaragoza is taken as an example

Application Of Formal Specification Technique To Microgrid Representation

This thesis uses formal specification techniques to analyze and model a microgrid. A microgrid is a small, local electrical grid, often supplied by a single generator, that can connect to the larger electrical grid, but can also disconnect from it, going into “island mode.” Thanks to the growth in renewable energy, microgrids represent a growing segment of the electrical power generation domain. And like any member of the domain they are safety-critical systems, meaning that even a small mistake in their implementation risks damage to life and property.Formal specification is a way to abrogate the risks of safety critical systems by ensuring that the system under consideration is fully described, modeled, and analyzed prior to implementation, and the description and model are robust and error-free. However, at present there is no established approach to the use of formal specification techniques of microgrid systems. This thesis proposes a specification that can serve as a foundation for future work in the microgrid domain as well as an aid to communication about microgrids. The work uses Unified Modeling Language (UML) graphical notation and an accompanying Object Constraint Language (OCL) formal specification. The model transformation accomplished through the use of Iterative Development techniques is outlined in detail to serve as a guide to future researchers

Bridging formal models : an engineering perspective

The thesis presents different techniques that can be used to build formal behavioral models. If modal properties are formulated, the models can be subjected to verification techniques to determine whether a model possesses the desired properties. However many native environments do not facilitate tools or techniques to verify them. Hence, these models need to be transformed into other models that provide suitable techniques for a formal analysis. The transformations are classified into two engineering approaches, namely syntactically engineered models and semantically engineered models. Syntactically engineered models are constructed from input specifications without explicitly considering the semantics. Semantically engineered models are constructed from input specifications by explicitly considering the semantics. The syntactic engineering approach presents four dedicated modeling techniques that construct or disseminate verification results for formal models. The first modeling technique describes a way to create models from system descriptions that specify concurrent behavior. Here, we model three variations of a 2×2 switch, for which the models are subsequently compared to models created in the specification languages: TLA+, Bluespec, Statecharts, and ACP. The comparison validates that mCRL2 is a suitable specification language to model descriptions or specify the behavior for prototype systems. The second syntactic technique constructs an mCRL2 model from a software implementation that operates a printer for printing Printed Circuit Boards. The model is used to advise (other) software engineers on dangerous language constructs in the control software. Hence, the model is model checked for various safety properties. The implementation is modeled through an over-approximation on the behavior by abstracting from program variables, such that only interface calls between processes and non-deterministic choices in procedures remain. The third modeling technique describes a language transformation from the language Chi 2.0 language to the mCRL2 language. The purpose of the transformation is to facilitate model checking techniques to the discrete part of the Chi 2.0 language

From AADL to Timed Abstract State Machines: A Verified Model Transformation

International audienceArchitecture Analysis and Design Language (AADL) is an architecture description language standard for embedded real-time systems widely used in the avionics and aerospace industry to model safety-critical applications. To verify and analyze the AADL models, model transformation technologies are often used to automatically extract a formal specification suitable for analysis and verification. In this process, it remains a challenge to prove that the model transformation preserves the semantics of the initial AADL model or, at least, some of the specific properties or requirements it needs to satisfy. This paper presents a machine checked semantics-preserving transformation of a subset of AADL (including periodic threads, data port communications, mode changes, and the AADL behavior annex) into Timed Abstract State Machines (TASM). The AADL standard itself lacks at present a formal semantics to make this translation validation possible. Our contribution is to bridge this gap by providing two formal semantics for the subset of AADL. The execution semantics provided by the AADL standard is formalized as Timed Transition Systems (TTS). This formalization gives a reference expression of AADL semantics which can be compared with the TASM-based translation (for verification purpose). Finally, the verified transformation is mechanized in the theorem prover Coq

Transforming OCL to PVS: Using Theorem Proving Support for Analysing Model Constraints

The Unified Modelling Language (UML) is a de facto standard language for describing software systems. UML models are often supplemented with Object Constraint Language (OCL) constraints, to capture detailed properties of components and systems. Sophisticated tools exist for analysing UML models, e.g., to check that well-formedness rules have been satisfied. As well, tools are becoming available to analyse and reason about OCL constraints. Previous work has been done on analysing OCL constraints by translating them to formal languages and then analysing the translated constraints with tools such as theorem provers. This project contributes a transformation from OCL to the specification language of the Prototype Verification System (PVS). PVS can be used to analyse and reason about translated OCL constraints. A particular novelty of this project is that it carries out the transformation of OCL to PVS by using model transformation, as exemplified by the OMG's Model-Driven Architecture. The project implements and automates model transformations from OCL to PVS using the Epsilon Transformation Language (ETL) and tests the results using the Epsilon Comparison Language (ECL )

Translating alloy apecifications to UML class diagrams annotated with OCL

Proceedings of the 9th International Conference on Software Engineering and Formal MethodsModel-Driven Engineering (MDE) is a Software Engineering approach based on model transformations at different abstraction levels. It prescribes the development of software by successively transforming models from abstract (specifications) to more concrete ones (code). Alloy is an increasingly popular lightweight formal specification language that supports automatic verification. Unfortunately, its widespread industrial adoption is hampered by the lack of an ecosystem of MDE tools, namely code generators. This paper presents a model transformation between Alloy and UML Class Diagrams annotated with OCL. The proposed transformation enables current UML-based tools to also be applied to Alloy specifications, thus unleashing its potential for MDE

Evaluation of Kermeta for Solving Graph-based Problems

Kermeta is a meta-language for specifying the structure and behavior of graphs of interconnected objects called models. In this paper,\ud we show that Kermeta is relatively suitable for solving three graph-based\ud problems. First, Kermeta allows the specification of generic model\ud transformations such as refactorings that we apply to different metamodels\ud including Ecore, Java, and Uml. Second, we demonstrate the extensibility\ud of Kermeta to the formal language Alloy using an inter-language model\ud transformation. Kermeta uses Alloy to generate recommendations for\ud completing partially specified models. Third, we show that the Kermeta\ud compiler achieves better execution time and memory performance compared\ud to similar graph-based approaches using a common case study. The\ud three solutions proposed for those graph-based problems and their\ud evaluation with Kermeta according to the criteria of genericity,\ud extensibility, and performance are the main contribution of the paper.\ud Another contribution is the comparison of these solutions with those\ud proposed by other graph-based tools

UML ACTION SEMANTICS FOR MODEL TRANSFORMATION SYSTEMS

The Action Semantics for UML provides a standard and platform independent way to describe the behavior of methods and executable actions in object-oriented system design prior to implementation allowing the development of highly automated and optimized code generators for UML CASE tools. Model transformation systems provide visual but formal background to specify arbitrary transformations in the Model Driven Architecture (the leading trend in software engineering). In the current paper, we describe a general encoding of model transformation systems as executable Action Semantics expressions to provide a standard way for automatically generating the implementation of formal (and provenly correct) transformations by off-the-shelf MDA tools. In addition, we point out a weakness in the Action Semantics standard that must be improved to achieve a stand-alone and functionally complete action specification language

Specification-driven model transformation testing

The final publication is available at Springer via http://dx.doi.org/10.1007/s10270-013-0369-xTesting model transformations poses several challenges, among them the automatic generation of appropriate input test models and the specification of oracle functions. Most approaches for the generation of input models ensure a certain coverage of the source meta-model or the transformation implementation code, whereas oracle functions are frequently defined using query or graph languages. However, these two tasks are usually performed independently regardless of their common purpose, and sometimes, there is a gap between the properties exhibited by the generated input models and those considered by the transformations. Recently, we proposed a formal specification language for the declarative formulation of transformation properties (by means of invariants, pre-, and postconditions) from which we generated partial oracle functions used for transformation testing. Here, we extend the usage of our specification language for the automated generation of input test models by SAT solving. The testing process becomes more intentional because the generated models ensure a certain coverage of the transformation requirements. Moreover, we use the same specification to consistently derive both the input test models and the oracle functions. A set of experiments is presented, aimed at measuring the efficacy of our technique.We thank the referees for their useful comments. This work has been sponsored by the Spanish Ministry of Science and Innovation with project “Go-Lite” (TIN2011-24139), by the R&D program of the Community of Madrid with project “e- Madrid” (S2009/TIC-1650), and by the German Research Foundation (DFG) within the Reinhart Koselleck project (DR 287/23-1)

Specification-driven test generation for model transformations

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-30476-7_3Proceedings of 5th International Conference, ICMT 2012, Prague, Czech Republic, May 28-29, 2012Testing model transformations poses several challenges, among them the automatic generation of appropriate input test models and the specification of oracle functions. Most approaches to the generation of input models ensure a certain level of source meta-model coverage, whereas the oracle functions are frequently defined using query or graph languages. Both tasks are usually performed independently regardless their common purpose, and sometimes there is a gap between the properties exhibited by the generated input models and those demanded to the transformations (as given by the oracles). Recently, we proposed a formal specification language for the declarative formulation of transformation properties (invariants, pre- and postconditions) from which we generated partial oracle functions that facilitate testing of the transformations. Here we extend the usage of our specification language for the automated generation of input test models by constraint solving. The testing process becomes more intentional because the generated models ensure a certain coverage of the interesting properties of the transformation. Moreover, we use the same specification to consistently derive both the input test models and the oracle functions.Work funded by the Spanish Ministry of Economy and Competitivity (TIN2011-24139) and by the R&D programme of Madrid Region (S2009/TIC-1650