Correctness, completeness and termination of pattern-based model-to-model transformation

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-03741-2_26Proceedings of Third International Conference, CALCO 2009, Udine, Italy, September 7-10, 2009.Model-to-model (M2M) transformation consists in trans- forming models from a source to a target language. Many transformation languages exist, but few of them combine a declarative and relational style with a formal underpinning able to show properties of the transformation. Pattern-based transformation is an algebraic, bidirectional, and relational approach to M2M transformation. Specifications are made of patterns stating the allowed or forbidden relations between source and target models, and then compiled into low level operational mechanisms to perform source-to-target or target-to-source transformations. In this paper, we study the compilation into operational triple graph grammar rules and show: (i) correctness of the compilation of a specification without negative patterns; (ii) termination of the rules, and (iii) completeness, in the sense that every model considered relevant can be built by the rules.Work supported by the Spanish Ministry of Science and Innovation, projects METEORIC (TIN2008-02081), MODUWEB (TIN2006-09678) and FORMALISM (TIN2007-66523). Moreover, part of this work was done during a sabbatical leave of the first author at TU Berlin, with financial support from the Spanish Ministry of Science and Innovation (grant ref. PR2008-0185). We thank the referees for their useful comment

Avoiding Unnecessary Information Loss: Correct and Efficient Model Synchronization Based on Triple Graph Grammars

Model synchronization, i.e., the task of restoring consistency between two interrelated models after a model change, is a challenging task. Triple Graph Grammars (TGGs) specify model consistency by means of rules that describe how to create consistent pairs of models. These rules can be used to automatically derive further rules, which describe how to propagate changes from one model to the other or how to change one model in such a way that propagation is guaranteed to be possible. Restricting model synchronization to these derived rules, however, may lead to unnecessary deletion and recreation of model elements during change propagation. This is inefficient and may cause unnecessary information loss, i.e., when deleted elements contain information that is not represented in the second model, this information cannot be recovered easily. Short-cut rules have recently been developed to avoid unnecessary information loss by reusing existing model elements. In this paper, we show how to automatically derive (short-cut) repair rules from short-cut rules to propagate changes such that information loss is avoided and model synchronization is accelerated. The key ingredients of our rule-based model synchronization process are these repair rules and an incremental pattern matcher informing about suitable applications of them. We prove the termination and the correctness of this synchronization process and discuss its completeness. As a proof of concept, we have implemented this synchronization process in eMoflon, a state-of-the-art model transformation tool with inherent support of bidirectionality. Our evaluation shows that repair processes based on (short-cut) repair rules have considerably decreased information loss and improved performance compared to former model synchronization processes based on TGGs.Comment: 33 pages, 20 figures, 3 table

Feasibility of EPC to BPEL Model Transformations Based on Ontology and Patterns

Model-Driven Engineering holds the promise of transforming\ud business models into code automatically. This requires the concept of\ud model transformation. In this paper, we assess the feasibility of model\ud transformations from Event-driven Process Chain models to Business\ud Process Execution Language specifications. To this purpose, we use a\ud framework based on ontological analysis and workflow patterns in order\ud to predict the possibilities/limitations of such a model transformation.\ud The framework is validated by evaluating the transformation of several\ud models, including a real-life case.\ud The framework indicates several limitations for transformation. Eleven\ud guidelines and an approach to apply them provide methodological support\ud to improve the feasibility of model transformation from EPC to\ud BPEL

COSMICAH 2005: workshop on verification of COncurrent Systems with dynaMIC Allocated Heaps (a Satellite event of ICALP 2005) - Informal Proceedings

Lisboa Portugal, 10 July 200

Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols

We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder in a simple and modular way. Furthermore, using proof theoretic tools like the analysis of permutability of rules, we are able to find efficient proof strategies that we prove complete for special classes of security protocols including Needham-Schroeder. Based on the results of this preliminary analysis, we have implemented a Prolog meta-interpreter which allows for rapid prototyping and for checking safety properties of security protocols, and we have applied it for finding error traces and proving correctness of practical examples

Verification of model transformations

Model transformations are a central element of model-driven development (MDD) approaches such as the model-driven architecture (MDA). The correctness of model transformations is critical to their effective use in practical software development, since users must be able to rely upon the transformations correctly preserving the semantics of models. In this paper we define a formal semantics for model transformations, and provide techniques for proving the termination, confluence and correctness of model transformations

A System for Deduction-based Formal Verification of Workflow-oriented Software Models

The work concerns formal verification of workflow-oriented software models using deductive approach. The formal correctness of a model's behaviour is considered. Manually building logical specifications, which are considered as a set of temporal logic formulas, seems to be the significant obstacle for an inexperienced user when applying the deductive approach. A system, and its architecture, for the deduction-based verification of workflow-oriented models is proposed. The process of inference is based on the semantic tableaux method which has some advantages when compared to traditional deduction strategies. The algorithm for an automatic generation of logical specifications is proposed. The generation procedure is based on the predefined workflow patterns for BPMN, which is a standard and dominant notation for the modeling of business processes. The main idea for the approach is to consider patterns, defined in terms of temporal logic,as a kind of (logical) primitives which enable the transformation of models to temporal logic formulas constituting a logical specification. Automation of the generation process is crucial for bridging the gap between intuitiveness of the deductive reasoning and the difficulty of its practical application in the case when logical specifications are built manually. This approach has gone some way towards supporting, hopefully enhancing our understanding of, the deduction-based formal verification of workflow-oriented models.Comment: International Journal of Applied Mathematics and Computer Scienc