Formal and efficient verification techniques for Real-Time UML models

The real-time UML profile TURTLE has a formal semantics expressed by translation into a timed process algebra: RT-LOTOS. RTL, the formal verification tool developed for RT-LOTOS, was first used to check TURTLE models against design errors. This paper opens new avenues for TURTLE model verification. It shows how recent work on translating RT-LOTOS specifications into Time Petri net model may be applied to TURTLE. RT-LOTOS to TPN translation patterns are presented. Their formal proof is the subject of another paper. These patterns have been implemented in a RT-LOTOS to TPN translator which has been interfaced with TINA, a Time Petri Net Analyzer which implements several reachability analysis procedures depending on the class of property to be verified. The paper illustrates the benefits of the TURTLE->RT-LOTOS->TPN transformation chain on an avionic case study

The Impact of Petri Nets on System-of-Systems Engineering

The successful engineering of a large-scale system-of-systems project towards deterministic behaviour depends on integrating autonomous components using international communications standards in accordance with dynamic requirements. To-date, their engineering has been unsuccessful: no combination of top-down and bottom-up engineering perspectives is adopted, and information exchange protocol and interfaces between components are not being precisely specified. Various approaches such as modelling, and architecture frameworks make positive contributions to system-of-systems specification but their successful implementation is still a problem. One of the most popular modelling notations available for specifying systems, UML, is intuitive and graphical but also ambiguous and imprecise. Supplying a range of diagrams to represent a system under development, UML lacks simulation and exhaustive verification capability. This shortfall in UML has received little attention in the context of system-of-systems and there are two major research issues: 1. Where the dynamic, behavioural diagrams of UML can and cannot be used to model and analyse system-of-systems 2. Determining how Petri nets can be used to improve the specification and analysis of the dynamic model of a system-of-systems specified using UML This thesis presents the strengths and weaknesses of Petri nets in relation to the specification of system-of-systems and shows how Petri net models can be used instead of conventional UML Activity Diagrams. The model of the system-of-systems can then be analysed and verified using Petri net theory. The Petri net formalism of behaviour is demonstrated using two case studies from the military domain. The first case study uses Petri nets to specify and analyse a close air support mission. This case study concludes by indicating the strengths, weaknesses, and shortfalls of the proposed formalism in system-of-systems specification. The second case study considers specification of a military exchange network parameters problem and the results are compared with the strengths and weaknesses identified in the first case study. Finally, the results of the research are formulated in the form of a Petri net enhancement to UML (mapping existing activity diagram elements to Petri net elements) to meet the needs of system-of-systems specification, verification and validation

Validation of reactive software from scenario-based models

This thesis proposal suggests a model-based approach to obtain, from a set of behavioural scenarios of a given reactive software system, a graphical animation for reproducing that set of scenarios for validation purposes. The approach assumes that the requirements of the system are described by a use case diagram, being the behaviour of each use case detailed by a collection of scenario descriptions. These use cases and scenarios are transformed into a Coloured Petri Net (CPN) model, which is next complemented with animation-specific elements. By executing the CPN model, it is possible to animate the scenarios in a user-friendly way and thus ensuring an effective involvement of the users in the system’s validation. The CPN model is enforced to be (1) parametric, allowing an easy modification of the initial conditions of the scenarios, (2) environment-descriptive, meaning that it includes the state of the relevant elements of the environment, and (3) animation-separated, implying that the elements related to animation are clearly separated from the other ones. We validate our approach based on its application to two examples of reactive systems

Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

UML sequence diagrams are used to graphically describe the message interactions between the objects participating in a certain scenario. Combined fragments extend the basic functionality of UML sequence diagrams with control structures, such as sequences, alternatives, iterations, or parallels. In this paper, we present a UML profile to annotate sequence diagrams with combined fragments to model timed Web services with distributed resources under the publish/subscribe paradigm. This profile is exploited to automatically obtain a representation of the system based on Colored Petri nets using a novel model-to-model (M2M) transformation. This M2M transformation has been specified using QVT and has been integrated in a new add-on extending a state-of-the-art UML modeling tool. Generated Petri nets can be immediately used in well-known Petri net software, such as CPN Tools, to analyze the system behavior. Hence, our model-to-model transformation tool allows for simulating the system and finding design errors in early stages of system development, which enables us to fix them at these early phases and thus potentially saving development costs

Designing tool support for translating use cases and UML 2.0 Sequence Diagrams into a Coloured Petri Net

Using a case study on the specification of an elevator controller, this paper presents an approach that can translate given UML descriptions into a Coloured Petri Net (CPN) model. The UML descriptions must be specified in the form of Use Cases and UML 2.0 Sequence Diagrams. The CPN model constitutes one single, coherent and executable representation of all possible behaviours that are specified by the given UML artefacts. CPNs consitute a formal modelling language that enables construction and analysis of scalable, executable models of behaviour. A combined use of UML and CPN can be useful in several projects. CPN is well supported by CPN Tools and the work we present here is aimed at building a CPN Tools front-end engine that implements the proposed translation.Fundação para a Ciência e a Tecnologia (FCT) - SFRH/BSAB/607/200

Towards Automated Test Sequence Generation

The article presents a novel control-flow based test sequence generation technique using UML 2.0 activity diagram, which is a behavioral type of UML diagram. Like other model-based techniques, this technique can be used in the earlier phases of the development process owing to the availability of the design models of the system. The activity diagram model is seamlessly converted into a colored Petri net. We proposed a technique that enables the automatic generation of test sequences according to a given coverage criteria from the execution of the colored Petri nets model. Two types of structural coverage criteria for AD based models, namely sequential and concurrent coverage are described. The proposed technique was applied to an example to demonstrate its feasibility and the generated test sequences were evaluated against selected coverage criteria. This technique can potentially be adapted to service oriented applications, workflows, and concurrent applications

Performance by Unified Model Analysis (PUMA)

Evaluation of non-functional properties of a design (such as performance, dependability, security, etc.) can be enabled by design annotations specific to the property to be evaluated. Performance properties, for instance, can be annotated on UML designs by using the UML Profile for Schedulability, Performance and Time (SPT) . However the communication between the design description in UML and the tools used for non-functional properties evaluation requires support, particularly for performance where there are many alternative performance analysis tools that might be applied. This paper describes a tool architecture called PUMA, which provides a unified interface between different kinds of design information and different kinds of performance models, for example Markov models, stochastic Petri nets and process algebras, queues and layered queues. The paper concentrates on the creation of performance models. The unified interface of PUMA is centered on an intermediate model called Core Scenario Model (CSM), which is extracted from the annotated design model. Experience shows that CSM is also necessary for cleaning and auditing the design information, and providing default interpretations in case it is incomplete, before creating a performance model

Validation of scenario-based business requirements with Coloured Petri Nets

A scenario can be used to describe a possible instantiation of a given business use case and can be expressed for example as a list of steps written in natural language, or by an interaction diagram. This paper discusses how a collection of scenarios, all expressed as UML2 sequence diagrams, can be described for validation purposes by a single model, written in the Coloured Petri Nets (CPN) modelling language. Due to the support for parallelism given by the CPN language, the obtained CPN model can: (1) simultaneously execute several scenarios; and (2) elegantly represent the parallel activities inside a scenario. This two-level parallelism is crucial during validation, since it allows one to detect problems that are only evident when several scenarios are in simultaneous execution and may affect each other. We exemplify our approach in a system that has a rich set of interactions with its users.Fundação para a Ciência e a Tecnologia (FCT) - bolsa SFRH/BD/19718/2004, programa PTDC/EIA/70271/2006 “AMADEUS: Aspects and Compiler Optimizations for Matlab System Development