Multi-amalgamation of rules with application conditions in M-adhesive categories

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG geförderten) Allianz- bzw. Nationallizenz frei zugänglich.This publication is with permission of the rights owner freely accessible due to an Alliance licence and a national licence (funded by the DFG, German Research Foundation) respectively.Amalgamation is a well-known concept for graph transformations that is used to model synchronised parallelism of rules with shared subrules and corresponding transformations. This concept is especially important for an adequate formalisation of the operational semantics of statecharts and other visual modelling languages, where typed attributed graphs are used for multiple rules with nested application conditions. However, the theory of amalgamation for the double-pushout approach has so far only been developed on a set-theoretical basis for pairs of standard graph rules without any application conditions. For this reason, in the current paper we present the theory of amalgamation for M-adhesive categories, which form a slightly more general framework than (weak) adhesive HLR categories, for a bundle of rules with (nested) application conditions. The two main results are the Complement Rule Theorem, which shows how to construct a minimal complement rule for each subrule, and the Multi-Amalgamation Theorem, which generalises the well-known Parallelism and Amalgamation Theorems to the case of multiple synchronised parallelism. In order to apply the largest amalgamated rule, we use maximal matchings, which are computed according to the actual instance graph. The constructions are illustrated by a small but meaningful running example, while a more complex case study concerning the firing semantics of Petri nets is presented as an introductory example and to provide motivation

Multi-amalgamation of rules with application conditions in M-adhesive categories

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG geförderten) Allianz- bzw. Nationallizenz frei zugänglich.This publication is with permission of the rights owner freely accessible due to an Alliance licence and a national licence (funded by the DFG, German Research Foundation) respectively.Amalgamation is a well-known concept for graph transformations that is used to model synchronised parallelism of rules with shared subrules and corresponding transformations. This concept is especially important for an adequate formalisation of the operational semantics of statecharts and other visual modelling languages, where typed attributed graphs are used for multiple rules with nested application conditions. However, the theory of amalgamation for the double-pushout approach has so far only been developed on a set-theoretical basis for pairs of standard graph rules without any application conditions. For this reason, in the current paper we present the theory of amalgamation for M-adhesive categories, which form a slightly more general framework than (weak) adhesive HLR categories, for a bundle of rules with (nested) application conditions. The two main results are the Complement Rule Theorem, which shows how to construct a minimal complement rule for each subrule, and the Multi-Amalgamation Theorem, which generalises the well-known Parallelism and Amalgamation Theorems to the case of multiple synchronised parallelism. In order to apply the largest amalgamated rule, we use maximal matchings, which are computed according to the actual instance graph. The constructions are illustrated by a small but meaningful running example, while a more complex case study concerning the firing semantics of Petri nets is presented as an introductory example and to provide motivation

Multi-Amalgamation in M-Adhesive Categories : Long Version

Amalgamation is a well-known concept for graph transformations in order to model synchronized parallelism of rules with shared subrules and corresponding transformations. This concept is especially important for an adequate formalization of the operational semantics of statecharts and other visual modeling languages, where typed attributed graphs are used for multiple rules with general application conditions. However, the theory of amalgamation for the double pushout approach has been developed up to now only on a set-theoretical basis for pairs of standard graph rules without any application conditions. For this reason, we present the theory of amalgamation in this paper in the framework of M-adhesive categories, short for weak adhesive HLR categories, for a bundle of rules with (nested) application conditions. The main result is the Multi-Amalgamation Theorem, which generalizes the well-known Parallelism and Amalgamation Theorems to the case of multiple synchronized parallelism. The constructions are illustrated by a small running example. A more complex case study for the operational semantics of statecharts based on multi-amalgamation is presented in a separate paper

Model consistency management for systems engineering

Um der Komplexität der interdisziplinären Entwicklung moderner technischer Systeme Herr zu werden, findet die Entwicklung heutzutage meist modellbasiert statt. Dabei werden zahlreiche verschiedene Modelle genutzt, die jeweils unterschiedliche Gesichtspunkte berücksichtigen und sich auf verschiedenen Abstraktionsebenen befinden. Wenn die hierbei auftretenden Inkonsistenzen zwischen den Modellen ungelöst bleiben, kann dies zu Fehlern im fertigen System führen. Modelltransformations- und -synchronisationstechniken sind ein vielversprechender Ansatz, um solche Inkonsistenzen zu erkennen und aufzulösen. Existierende Modellsynchronisationstechniken sind allerdings nicht mächtig genug, um die komplexen Beziehungen in so einem Entwicklungsszenario zu unterstützen. In dieser Arbeit wird eine neue Modellsynchronisationstechnik präsentiert, die es erlaubt, Modelle verschiedener Sichten und Abstraktionsebenen zu synchronisieren. Dabei werden Metriken zur Erhöhung des Automatisierungsgrads eingesetzt, die Expertenwissen abbilden. Der Ansatz erlaubt unterschiedliche Grade an Benutzerinteraktion, von vollautomatischer Funktionsweise bis zu feingranularen manuellen Entscheidungen.The development of complex mechatronic systems requires the close collaboration of different disciplines, like mechanical engineering, electrical engineering, control engineering, and software engineering. To tackle the complexity of such systems, such a development is heavily based on models. Engineers use several models on different abstraction levels, for different purposes and with different view-points. Usually, a discipline-spanning system model is developed during the first, interdisciplinary system design phase. For the implementation phase, the disciplines use different models and tools to develop the discipline-specific aspects of the system. During such a model-based development, inconsistencies between the different discipline-specific models and the discipline-spanning system model are likely to occur, because changes to discipline-specific models may affect the discipline-spanning system model and models of other disciplines. These inconsistencies lead to increased development time and costs if they remain unresolved. Model transformation and synchronization are promising techniques to detect and resolve such inconsistencies. However, existing model synchronization solutions are not powerful enough to support the complex consistency relations of such an application scenario. In this thesis, we present a novel model synchronization technique that allows for synchronized models with multiple views and abstraction levels. To minimize the information loss and improve automation during the synchronization, it employs metrics to encode expert knowledge. The approach can be customized to allow different amounts of user interaction, from full automation to fine-grained manual decisions.Tag der Verteidigung: 24.10.2014Paderborn, Univ., Diss., 201

Towards the Formal Verification of Model Transformations: An Application to Kermeta

Model-Driven Engineering (MDE) is becoming a popular engineering methodology for developing large-scale software applications, using models and transformations as primary principles. MDE is now being successfully applied to domain-specific languages (DSLs), which target a narrow subject domain like process management, telecommunication, product lines, smartphone applications among others, providing experts high-level and intuitive notations very close to their problem domain. More recently, MDE has been applied to safety-critical applications, where failure may have dramatic consequences, either in terms of economic, ecologic or human losses. These recent application domains call for more robust and more practical approaches for ensuring the correctness of models and model transformations. Testing is the most common technique used in MDE for ensuring the correctness of model transformations, a recurrent, yet unsolved problem in MDE. But testing suffers from the so-called coverage problem, which is unacceptable when safety is at stake. Rather, exhaustive coverage is required in this application domain, which means that transformation designers need to use formal analysis methods and tools to meet this requirement. Unfortunately, two factors seem to limit the use of such methods in an engineer’s daily life. First, a methodological factor, because MDE engineers rarely possess the effective knowledge for deploying formal analysis techniques in their daily life developments. Second, a practical factor, because DSLs do not necessarily have a formal explicit semantics, which is a necessary enabler for exhaustive analysis. In this thesis, we contribute to the problem of formal analysis of model transformations regarding each perspective. On the conceptual side, we propose a methodological framework for engineering verified model transformations based on current best practices. For that purpose, we identify three important dimensions: (i) the transformation being built; (ii) the properties of interest ensuring the transformation’s correctness; and finally, (iii) the verification technique that allows proving these properties with minimal effort. Finding which techniques are better suited for which kind of properties is the concern of the Computer-Aided Verification community. Consequently in this thesis, we focus on studying the relationship between transformations and properties. Our methodological framework introduces two novel notions. A transformation intent gathers all transformations sharing the same purpose, abstracting from the way the transformation is expressed. A property class captures under the same denomination all properties sharing the same form, abstracting away from their underlying property languages. The framework consists of mapping each intent with its characteristic set of property classes, meaning that for proving the correctness of a particular transformation obeying this intent, one has to prove properties of these specific classes. We illustrate the use and utility of our framework through the detailed description of five common intents in MDE, and their application to a case study drawn from the automative software domain, consisting of a chain of more than thirty transformations. On a more practical side, we study the problem of verifying DSLs whose behaviour is expressed with Kermeta. Kermeta is an object-oriented transformation framework aligned with Object Management Group standard specification MOF (Meta-Object Facility). It can be used for defining metamodels and models, as well as their behaviour. Kermeta lacks a formal semantics: we first specify such a semantics, and then choose an appropriate verification domain for handling the analysis one is interested in. Since the semantics is defined at the level of Kermeta’s transformation language itself, our work presents two interesting features: first, any DSL whose behaviour is defined using Kermeta (more precisely, any transformation defined with Kermeta) enjoys a de facto formal underground for free; second, it is easier to define appropriate abstractions for targeting specific analysis for this full-fledged semantics than defining specific semantics for each possible kind of analysis. To illustrate this point, we have selected Maude, a powerful rewriting system based on algebraic specifications equipped with model-checking and theorem-proving capabilities. Maude was chosen because its underlying formalism is close to the mathematical tools we use for specifying the formal semantics, reducing the implementation gap and consequently limiting the possible implementation mistakes. We validate our approach by illustrating behavioural properties of small, yet representative DSLs from the literature

Diagrammatic Representations in Domain-Specific Languages

One emerging approach to reducing the labour and costs of software development favours the specialisation of techniques to particular application domains. The rationale is that programs within a given domain often share enough common features and assumptions to enable the incorporation of substantial support mechanisms into domain-specific programming languages and associated tools. Instead of being machine-oriented, algorithmic implementations, programs in many domain-specific languages (DSLs) are rather user-level, problem-oriented specifications of solutions. Taken further, this view suggests that the most appropriate representation of programs in many domains is diagrammatic, in a way which derives from existing design notations in the domain. This thesis conducts an investigation, using mathematical techniques and supported by case studies, of issues arising from the use of diagrammatic representations in DSLs. Its structure is conceptually divided into two parts: the first is concerned with semantic and reasoning issues; the second introduces an approach to describing the syntax and layout of diagrams, in a way which addresses some pragmatic aspects of their use. The empirical context of our work is that of IEC 1131-3, an industry standard programming language for embedded control systems. The diagrammatic syntax of IEC 1131-3 consists of circuit (i.e. box-and-wire) diagrams, emphasising a data- flow view, and variants of Petri net diagrams, suited to a control-flow view. The first contribution of the thesis is the formalisation of the diagrammatic syntax and the semantics of IEC 1131-3 languages, as a prerequisite to the application of algebraic techniques. More generally, we outline an approach to the design of diagrammatic DSLs, emphasising compositionality in the semantics of the language so as to allow the development of simple proof systems for inferring properties which are deemed essential in the domain. The control-flow subset of IEC 1131-3 is carefully evaluated, and is subsequently re-designed, to yield a straightforward proof system for a restricted, yet commonly occurring, class of safety properties. A substantial part of the thesis deals with DSLs in which programs may be represented both textually and diagrammatically, as indeed is the case with IEC 1131-3. We develop a formalisation of the data-flow diagrams in IEC 1131-

A Visual Interpreter Semantics for Statecharts Based on Amalgamated Graph Transformation

Several different approaches to define the formal operational semantics of statecharts have been proposed in the literature, including visual techniques based on graph transformation. These visual approaches either define a compiler semantics (translating a concrete statechart into a semantical domain) or they define an interpreter using complex control and helper structures. Existing visual semantics definitions make it difficult to apply the classical theory of graph transformations to analyze behavioral statechart properties due to the complex control structures. In this paper, we define an interpreter semantics for statecharts based on amalgamated graph transformation where rule schemes are used to handle an arbitrary number of transitions in orthogonal states in parallel. We build on an extension of the existing theory of amalgamation from binary to multi-amalgamation including nested application conditions to control rule applications for automatic simulation. This is essential for the interpreter semantics of statecharts. The theory of amalgamation allows us to show termination of the interpreter semantics of well-behaved statecharts, and especially for our running example, a producer-consumer system

Qualitätssicherung von Modelltransformationen - Über das dynamische Testen programmierter Graphersetzungssysteme

Modelle und Metamodelle repräsentieren Kernkonzepte der modellgetriebenen Softwareentwicklung (MDSD). Programme, die Modelle (unter Bezugnahme auf ihre Metamodelle) manipulieren oder ineinander überführen, werden als Modelltransformationen (MTs) bezeichnet und bilden ein weiteres Kernkonzept. Für dieses klar umrissene Aufgabenfeld wurden und werden speziell angepasste, domänenspezifische Transformationssprachen entwickelt und eingesetzt. Aufgrund der Bedeutung von MTs für das MDSD-Paradigma ist deren Korrektheit essentiell und eine gründliche Qualitätssicherung somit angeraten. Entsprechende Ansätze sind allerdings rar. In der Praxis erweisen sich die vornehmlich erforschten formalen Verifikationsansätze häufig als ungeeignet, da sie oft zu komplex oder zu teuer sind. Des Weiteren skalieren sie schlecht in Abhängigkeit zur Größe der betrachteten MT oder sind auf Abstraktionen bezogen auf die Details konkreter Implementierungen angewiesen. Demgegenüber haben testende Verfahren diese Nachteile nicht. Allerdings lassen sich etablierte Testverfahren für traditionelle Programmiersprachen aufgrund der Andersartigkeit der MT-Sprachen nicht oder nur sehr eingeschränkt wiederverwenden. Zudem sind angepasste Testverfahren grundsätzlich wünschenswert, da sie typische Eigenschaften von MTs berücksichtigen können. Zurzeit existieren hierzu überwiegend funktionsbasierte (Black-Box-)Verfahren. Das Ziel dieser Arbeit besteht in der Entwicklung eines strukturbasierten (White-Box-)Testansatzes für eine spezielle Klasse von Modelltransformationen, den sog. programmierten Graphtransformationen. Dafür ist anhand einer konkreten Vertreterin dieser Sprachen ein strukturelles Überdeckungskonzept zu entwickeln, um so den Testaufwand begrenzen oder die Güte der Tests bewerten zu können. Auch müssen Aspekte der Anwendbarkeit sowie der Leistungsfähigkeit der resultierenden Kriterien untersucht werden. Hierzu wird ein auf Graphmustern aufbauendes Testüberdeckungskriterium in der Theorie entwickelt und im Kontext des eMoflon-Werkzeugs für die dort genutzte Story- Driven-Modeling-Sprache (SDM) praktisch umgesetzt. Als Basis für eine Wiederverwendung des etablierten Ansatzes der Mutationsanalyse zur Leistungsabschätzung des Kriteriums hinsichtlich der Fähigkeiten zur Fehlererkennung werden Mutationen zur synthetischen Einbringung von Fehlern identifiziert und in Form eines Mutationstestrahmenwerks realisiert. Letzteres ermöglicht es, Zusammenhänge zwischen dem Überdeckungskonzept und der Mutationsadäquatheit zu untersuchen. Im Rahmen einer umfangreichen Evaluation wird anhand zweier nichttrivialer Modelltransformationen die Anwendbarkeit und die Leistungsfähigkeit des Ansatzes in der Praxis untersucht und eine Abgrenzung gegenüber einer quellcodebasierten Testüberdeckung durchgeführt. Es zeigt sich, dass das entwickelte Überdeckungskonzept praktisch umsetzbar ist und zu einer brauchbaren Überdeckungsmetrik führt. Die Visualisierbarkeit einzelner Überdeckungsanforderungen ist der grafischen Programmierung bei Graphtransformationen besonders nahe, so dass u. a. die Konstruktion sinnvoller Tests erleichtert wird. Die Mutationsanalyse stützt die These, dass die im Hinblick auf Steigerungen der Überdeckungsmaße optimierten Testmengen mehr Fehler erkennen als vor der Optimierung. Vergleiche mit quellcodebasierten Überdeckungskriterien weisen auf die Existenz entsprechender Korrelationen hin. Die Experimente belegen, dass die vorgestellte Überdeckung klassischen, codebasierten Kriterien vielfach überlegen ist und sich so insbesondere auch für das Testen von durch einen Interpreter ausgeführte Transformationen anbietet