Towards the Formal Verification of Model Transformations: An Application to Kermeta

Model-Driven Engineering (MDE) is becoming a popular engineering methodology for developing large-scale software applications, using models and transformations as primary principles. MDE is now being successfully applied to domain-specific languages (DSLs), which target a narrow subject domain like process management, telecommunication, product lines, smartphone applications among others, providing experts high-level and intuitive notations very close to their problem domain. More recently, MDE has been applied to safety-critical applications, where failure may have dramatic consequences, either in terms of economic, ecologic or human losses. These recent application domains call for more robust and more practical approaches for ensuring the correctness of models and model transformations. Testing is the most common technique used in MDE for ensuring the correctness of model transformations, a recurrent, yet unsolved problem in MDE. But testing suffers from the so-called coverage problem, which is unacceptable when safety is at stake. Rather, exhaustive coverage is required in this application domain, which means that transformation designers need to use formal analysis methods and tools to meet this requirement. Unfortunately, two factors seem to limit the use of such methods in an engineer’s daily life. First, a methodological factor, because MDE engineers rarely possess the effective knowledge for deploying formal analysis techniques in their daily life developments. Second, a practical factor, because DSLs do not necessarily have a formal explicit semantics, which is a necessary enabler for exhaustive analysis. In this thesis, we contribute to the problem of formal analysis of model transformations regarding each perspective. On the conceptual side, we propose a methodological framework for engineering verified model transformations based on current best practices. For that purpose, we identify three important dimensions: (i) the transformation being built; (ii) the properties of interest ensuring the transformation’s correctness; and finally, (iii) the verification technique that allows proving these properties with minimal effort. Finding which techniques are better suited for which kind of properties is the concern of the Computer-Aided Verification community. Consequently in this thesis, we focus on studying the relationship between transformations and properties. Our methodological framework introduces two novel notions. A transformation intent gathers all transformations sharing the same purpose, abstracting from the way the transformation is expressed. A property class captures under the same denomination all properties sharing the same form, abstracting away from their underlying property languages. The framework consists of mapping each intent with its characteristic set of property classes, meaning that for proving the correctness of a particular transformation obeying this intent, one has to prove properties of these specific classes. We illustrate the use and utility of our framework through the detailed description of five common intents in MDE, and their application to a case study drawn from the automative software domain, consisting of a chain of more than thirty transformations. On a more practical side, we study the problem of verifying DSLs whose behaviour is expressed with Kermeta. Kermeta is an object-oriented transformation framework aligned with Object Management Group standard specification MOF (Meta-Object Facility). It can be used for defining metamodels and models, as well as their behaviour. Kermeta lacks a formal semantics: we first specify such a semantics, and then choose an appropriate verification domain for handling the analysis one is interested in. Since the semantics is defined at the level of Kermeta’s transformation language itself, our work presents two interesting features: first, any DSL whose behaviour is defined using Kermeta (more precisely, any transformation defined with Kermeta) enjoys a de facto formal underground for free; second, it is easier to define appropriate abstractions for targeting specific analysis for this full-fledged semantics than defining specific semantics for each possible kind of analysis. To illustrate this point, we have selected Maude, a powerful rewriting system based on algebraic specifications equipped with model-checking and theorem-proving capabilities. Maude was chosen because its underlying formalism is close to the mathematical tools we use for specifying the formal semantics, reducing the implementation gap and consequently limiting the possible implementation mistakes. We validate our approach by illustrating behavioural properties of small, yet representative DSLs from the literature

Software Testing Techniques and Tools: A Review

The software development process is closely related to the creation and evaluation processes. The problem with this software development is that it often lacks testing which leads to software failures. In order To maintain a high quality product in excellent performance condition, testing becomes critical. The software can be tested by using White Box, Black-Box, or Gray testing techniques. In this investigation, the types of tests were reviewed. Performing Testing with White Box Testing uses a number of testing methodologies based on path testing, including the production of flowcharts, cyclomatic complexity assessment, and independent path testing. As a result, it is possible to implement a foundation path testing technique and white box approach to testing. This review included several axes, namely the definition of white box testing tools, then the testing techniques in general, the benefits and gains of each of these technologies, the levels of testing, and finally the steps of conducting the test. This review then came to several conclusions that are mentioned at the end of this paper

Operational analysis of sequence diagram specifications

This thesis is concerned with operational analysis of UML 2.x sequence diagram specifications. By operational analysis we mean analysis based on a characterization of the executions of sequence diagrams, or in other words an operational semantics for sequence diagrams. We define two methods for analysis of sequence diagram specifications – refinement verification and refinement testing – and both are implemented in an analysis tool we have named ‘Escalator’. Further, we make the first steps in the direction of extending our approach with support for availability analysis. In order to facilitate operational analysis, we define an operational semantics for UML 2.x sequence diagrams. The operational semantics is loyal to the intended semantics of UML, and is proven to be sound and complete with respect to the denotational semantics for sequence diagrams defined in STAIRS – a framework for stepwise development based on refinement of sequence diagram specifications. The operational semantics has a formalized meta-level, on which we define execution strategies. This meta-level allows us to make distinctions between positive and negative behavior, between potential and universal behavior, and between potential and mandatory choice, all of which are inherently difficult in an operational semantics. Based on the operational semantics and its formalized meta-level, we define trace generation, test generation and test execution. Further, based on a formalization of refinement in STAIRS, the trace generation is used to devise a method for refinement verification, and the test generation and the test execution are used to define a method for refinement testing. Both are methods for investigating whether or not a sequence diagram specification is a correct refinement of another sequence diagram specification. The operational semantics, the refinement verification and the refinement testing are implemented with the term rewriting language Maude, and these implementations are integrated in the Escalator tool. In addition, Escalator provides a graphical user interface for working with sequence diagram specifications and for running the analyses. In order to facilitate availability analysis, we define a conceptual model for service availability where the basic properties of availability are identified. Further, we extend the operational semantics with support for one class of these basic properties, namely real-time properties, and outline how the operation semantics extended with time can be applied to make methods for timed analysis of sequence diagram specifications

MODEL DRIVEN SOFTWARE PRODUCT LINE ENGINEERING: SYSTEM VARIABILITY VIEW AND PROCESS IMPLICATIONS

La Ingeniería de Líneas de Productos Software -Software Product Line Engineerings (SPLEs) en inglés- es una técnica de desarrollo de software que busca aplicar los principios de la fabricación industrial para la obtención de aplicaciones informáticas: esto es, una Línea de productos Software -Software Product Line (SPL)- se emplea para producir una familia de productos con características comunes, cuyos miembros, sin embargo, pueden tener características diferenciales. Identificar a priori estas características comunes y diferenciales permite maximizar la reutilización, reduciendo el tiempo y el coste del desarrollo. Describir estas relaciones con la suficiente expresividad se vuelve un aspecto fundamental para conseguir el éxito. La Ingeniería Dirigida por Modelos -Model Driven Engineering (MDE) en inglés- se ha revelado en los últimos años como un paradigma que permite tratar con artefactos software con un alto nivel de abstracción de forma efectiva. Gracias a ello, las SPLs puede aprovecharse en granmedida de los estándares y herramientas que han surgido dentro de la comunidad de MDE. No obstante, aún no se ha conseguido una buena integración entre SPLE y MDE, y como consecuencia, los mecanismos para la gestión de la variabilidad no son suficientemente expresivos. De esta manera, no es posible integrar la variabilidad de forma eficiente en procesos complejos de desarrollo de software donde las diferentes vistas de un sistema, las transformaciones de modelos y la generación de código juegan un papel fundamental. Esta tesis presenta MULTIPLE, un marco de trabajo y una herramienta que persiguen integrar de forma precisa y eficiente los mecanismos de gestión de variabilidad propios de las SPLs dentro de los procesos de MDE. MULTIPLE proporciona lenguajes específicos de dominio para especificar diferentes vistas de los sistemas software. Entre ellas se hace especial hincapié en la vista de variabilidad ya que es determinante para la especificación de SPLs.Gómez Llana, A. (2012). MODEL DRIVEN SOFTWARE PRODUCT LINE ENGINEERING: SYSTEM VARIABILITY VIEW AND PROCESS IMPLICATIONS [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/15075Palanci

A platform-independent domain-specific modeling language for multiagent systems

Associated with the increasing acceptance of agent-based computing as a novel software engineering paradigm, recently a lot of research addresses the development of suitable techniques to support the agent-oriented software development. The state-of-the-art in agent-based software development is to (i) design the agent systems basing on an agent-based methodology and (ii) take the resulting design artifact as a base to manually implement the agent system using existing agent-oriented programming languages or general purpose languages like Java. Apart from failures made when manually transform an abstract specification into a concrete implementation, the gap between design and implementation may also result in the divergence of design and implementation. The framework discussed in this dissertation presents a platform-independent domain-specific modeling language for MASs called Dsml4MAS that allows modeling agent systems in a platform-independent and graphical manner. Apart from the abstract design, Dsml4MAS also allows to automatically (i) check the generated design artifacts against a formal semantic specification to guarantee the well-formedness of the design and (ii) translate the abstract specification into a concrete implementation. Taking both together, Dsml4MAS ensures that for any well-formed design, an associated implementation will be generated closing the gap between design and code.Aufgrund wachsender Akzeptanz von Agentensystemen zur Behandlung komplexer Problemstellungen wird der Schwerpunkt auf dem Gebiet der agentenorientierten Softwareentwicklung vor allem auf die Erforschung von geeignetem Entwicklungswerkzeugen gesetzt. Stand der Forschung ist es dabei das Agentendesign mittels einer Agentenmethodologie zu spezifizieren und die resultierenden Artefakte als Grundlage zur manuellen Programmierung zu verwenden. Fehler, die bei dieser manuellen Überführung entstehen, machen insbesondere das abstrakte Design weniger nützlich in Hinsicht auf die Nachhaltigkeit der entwickelten Softwareapplikation. Das in dieser Dissertation diskutierte Rahmenwerk erörtert eine plattformunabhängige domänenspezifische Modellierungssprache für Multiagentensysteme namens Dsml4MAS. Dsml4MAS erlaubt es Agentensysteme auf eine plattformunabhängige und graphische Art und Weise darzustellen. Die Modellierungssprache umfasst (i) eine abstrakte Syntax, die das Vokabular der Sprache definiert, (ii) eine konkrete Syntax, die die graphische Darstellung spezifiziert sowie (iii) eine formale Semantik, die dem Vokabular eine präzise Bedeutung gibt. Dsml4MAS ist Bestandteil einer (semi-automatischen) Methodologie, die es (i) erlaubt die abstrakte Spezifikation schrittweise bis hin zur konkreten Implementierung zu konkretisieren und (ii) die Interoperabilität zu alternativen Softwareparadigmen wie z.B. Dienstorientierte Architekturen zu gewährleisten

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

This open access book coherently gathers well-founded information on the fundamentals of and formalisms for modelling cyber-physical systems (CPS). Highlighting the cross-disciplinary nature of CPS modelling, it also serves as a bridge for anyone entering CPS from related areas of computer science or engineering. Truly complex, engineered systems—known as cyber-physical systems—that integrate physical, software, and network aspects are now on the rise. However, there is no unifying theory nor systematic design methods, techniques or tools for these systems. Individual (mechanical, electrical, network or software) engineering disciplines only offer partial solutions. A technique known as Multi-Paradigm Modelling has recently emerged suggesting to model every part and aspect of a system explicitly, at the most appropriate level(s) of abstraction, using the most appropriate modelling formalism(s), and then weaving the results together to form a representation of the system. If properly applied, it enables, among other global aspects, performance analysis, exhaustive simulation, and verification. This book is the first systematic attempt to bring together these formalisms for anyone starting in the field of CPS who seeks solid modelling foundations and a comprehensive introduction to the distinct existing techniques that are multi-paradigmatic. Though chiefly intended for master and post-graduate level students in computer science and engineering, it can also be used as a reference text for practitioners