Formal Verification Integration Approach for DSML

International audienceThe application of formal methods (especially, model check- ing and static analysis techniques) for the verification of safety critical embedded systems has produced very good results and raised the inter- est of system designers up to the application of these technologies in real size projects. However, these methods usually rely on specific verifica- tion oriented formal languages that most designers do not master. It is thus mandatory to embed the associated tools in automated verification toolchains that allow designers to rely on their usual domain-specific modeling languages (DSMLs) while enjoying the benefits of these power- ful methods. More precisely, we propose a language to formally express system requirements and interpret verification results so that system designers (DSML end-users) avoid the burden of learning some formal verification technologies. Formal verification is achieved through trans- lational semantics. This work is based on a metamodeling pattern for executable DSML that favors the definition of generative tools and thus eases the integration of tools for new DSML

Methods and tools for the integration of formal verification in domain-specific languages

Domain specific Modeling Languages (DSMLs) are increasingly used at the early phases in the development of complex systems, in particular, for safety critical systems. The goal is to be able to reason early in the development on these models and, in particular, to fulfill verification and validation activities (V and V). A widely used technique is the exhaustive behavioral model verification using model-checking by providing a translational semantics to build a formal model from DSML conforming models in order to reuse powerful tools available for this formal domain. Defining a translational semantics, expressing formal properties to be assessed and analysing such verification results require such an expertise in formal methods that it restricts their adoption and may discourage the designers. It is thus necessary to build for each DSML, a toolchain which hides formal aspects for DSML end-users. The goal of this thesis consists in easing the development of such verification toolchains. Our contribution includes 1) expressing behavioral properties in the DSML level by relying on TOCL (Temporal Object Constraint Language), a temporal extension of OCL; 2) An automated transformation of these properties on formal properties while reusing the key elements of the translational semantics; 3) the feedback of verification results thanks to a higher-order transformation and a language which defines mappings between DSML and formal levels; 4) the associated process implementation. Our approach was validated by the experimentation on a subset of the development process modeling language SPEM, and on Ladder Diagram language used to specify programmable logic controllers (PLCs), and by the integration of a formal intermediate language (FIACRE) in the verification toolchain. This last point allows to reduce the semantic gap between DSMLs and formal domains

A Catalog of Reusable Design Decisions for Developing UML/MOF-based Domain-specific Modeling Languages

In model-driven development (MDD), domain-specific modeling languages (DSMLs) act as a communication vehicle for aligning the requirements of domain experts with the needs of software engineers. With the rise of the UML as a de facto standard, UML/MOF-based DSMLs are now widely used for MDD. This paper documents design decisions collected from 90 UML/MOF-based DSML projects. These recurring design decisions were gained, on the one hand, by performing a systematic literature review (SLR) on the development of UML/MOF-based DSMLs. Via the SLR, we retrieved 80 related DSML projects for review. On the other hand, we collected decisions from developing ten DSML projects by ourselves. The design decisions are presented in the form of reusable decision records, with each decision record corresponding to a decision point in DSML development processes. Furthermore, we also report on frequently observed (combinations of) decision options as well as on associations between options which may occur within a single decision point or between two decision points. This collection of decision-record documents targets decision makers in DSML development (e.g., DSML engineers, software architects, domain experts).Series: Technical Reports / Institute for Information Systems and New Medi

Tool Paper: A Lightweight Formal Encoding of a Constraint Language for DSMLs

International audienceDomain Specific Modeling Languages (dsmls) plays a key role in the development of Safety Critical Systems to model system requirements and implementation. They often need to integrate property and query sub-languages. As a standardized modeling language, ocl can play a key role in their definition as they can rely both on its concepts and textual syntax which are well known in the Model Driven Engineering community. For example, most dsmls are defined using mof for their abstract syntax and ocl for their static semantics as a metamodeling dsml. OCLinEcore in the Eclipse platform is an example of such a metamodeling dsml integrating ocl as a language component in order to benefit from its property and query facilities. dsmls for Safety Critical Systems usually provide formal model verification activities for checking models completeness or consistency, and implementation correctness with respect to requirements. This contribution describes a framework to ease the definition of such formal verification tools by relying on a common translation from a subset of ocl to the Why3 verification toolset. This subset was selected to ease efficient automated verification. This framework is illustrated using a block specification language for data flow languages where a subset of ocl is used as a component language

A transformation-driven approach to automate feedback verification results

International audienceThe integration of formal verification methods in modeling activities is a key issue to ensure the correctness of complex system design models. In this purpose, the most common approach consists in defining a translational semantics mapping the abstract syntax of the designer dedicated Domain-Specific Modeling Language (DSML) to a formal verification dedicated semantic domain in order to reuse the available powerful verification technologies. Formal verification is thus usually achieved using model transformations. However, the verification results are available in the formal domain which significantly impairs their use by the system designer which is usually not an expert of the formal technologies. In this paper, we introduce a novel approach based on Higher-Order transformations that analyze and instrument the transformation that expresses the semantics in order to produce traceability data to automatize the back propagation of verification results to the DSML end-user

A Framework for Automatic Dynamic Constraint Verification in Cyber Physical System Modeling Languages

Design of Cyber-Physical Systems (CPSs) involves overlapping the domains of control theory, network communication, and computational algorithms. Involving multiple domains within the same design greatly increases the system complexity. Furthermore, the physical nature of CPSs generally involves important safety constraints where constraint violations can be catastrophic. The design of CPSs benefits from focusing on the construction of abstracted, high-level models in a DomainSpecific Modeling Language (DSML). A Domain-Specific Modeling Environment (DSME) may aid in the design of such complex systems by enforcing structural design constraints during the construction of models. Models built using a DSME may also use compilers or interpreters to produce real working, low-level artifacts that represent the high-level design. Though each model in a DSME may abide by a formal specification, the behavior of a design may violate dynamic constraints if deployed. Engineers are tasked to ensure that models behave safely by implementing their expert knowledge after using appropriate verification tools. Constraint violations may be eliminated by a modification of the model based on verification feedback, known as Dynamic Constraint Feedback (DCF). Mending such constraint violations is a task generally performed by the model designer. Such a process could potentially be automated through the capture of well-known design practices. The challenging task when automating model correction then becomes in the design of a DSML. A designer of a DSML may have a clear understanding of how to design the syntax and semantics for their domain, but there are no formal methods for implementing verification tools for automatic model correction. Such a framework could greatly aid in the selection of available verification tools, implement well-established design methods, and model dynamic constraints. Presented is the Dynamic Constraint Feedback Metamodeling Language (DCFML), a new metamodel to implement DCF upfront in DSML design. This particular solution provides a concrete solution to the abstraction of the various components of DCF, and then appends them to the DSML design process provided by a DSME

Leveraging formal verification tools for DSML users: a process modeling case study

15 pagesIn the last decade, Model Driven Engineering (MDE) has been used to improve the development of safety critical systems by providing early Validation and Verification (V&V) tools for Domain Specific Modeling Languages (DSML). Verification of behavioral models is mainly addressed by translating domain specific models to formal verification dedicated languages in order to use the sophisticated associated tools such as model-checkers. This approach has been successfully applied in many different contexts, but it has a major draw- back: the user has to interact with the formal tools. In this paper, we present an illustrated approach that allows the designer to formally express the expected behavioral properties using a user oriented language -- a temporal extension of OCL --, that is automatically translated into the formal language; and then to get feedback from the assessment of these properties using its domain language without having to deal with the formal verification language nor with the under- lying translational semantics. This work is based on the metamodeling pattern for executable DSML that extends the DSML metamodel to integrate concerns related to execution and behavior

Protocol for a Systematic Literature Review on Design Decisions for UML-based DSMLs

Series: Technical Reports / Institute for Information Systems and New Medi

A Proof Assistant Based Formalization of components in MDE

International audienceModel driven engineering (MDE) now plays a key role in the development of safety critical systems through the use of early validation and verification of models, and the automatic generation of software and hardware artifacts from the validated and verified models. In order to ease the integration of formal specification and verification technologies, various formalizations of the MDE technologies were proposed by different authors using term or graph rewriting, proof assistants, logical frameworks, etc. The use of components is also mandatory to improve the efficiency of system development. Invasive Software Composition (ISC) has been proposed by Assman to add a generic component structure to existing Domain Specific Modeling Languages in MDE. This approach is the basis of the ReuseWare toolset. We present in this paper an extension of a formal embedding of some key aspects of MDE in set theory in order to formalize ISC and prove the correctness of the proposed approach with respect to the conformance relation with the base metamodel. The formal embedding we rely on was developed by some of the authors and then implemented using the Calculus of Inductive Construction and the Coq proof-assistant. This work is a first step in the formalization of composable verification technologies in order to ease its integration for DSML extended with component features using ISC