On Formalizing UML and OCL Features and Their Employment to Runtime Verification

Model-driven development (MDD) has been identified as a promising approach for developing software. By using abstract models of a system and by generating parts of the system out of these models, one tries to improve the efficiency of the overall development process and the quality of the resulting software. In the context of MDD the Unified Modeling Language (UML) and its related textual Object Constraint Language (OCL) have gained a high recognition. To be able to generate systems of high quality and to allow for interoperability between modeling tools, a well-defined semantics for these languages is required. This thesis summarizes published work in this context that employs an endogenous metamodeling approach to define the semantics of newer elements of the UML. While the covered elements are exhaustively used to define relations between elements of the metamodel of the UML, the UML specification leaves out a precise definition of their semantics. Our proposed approach uses models, not only to define the abstract syntax, but also to define the semantics of UML. By using UML and OCL for this, existing modeling tools can be used to validate the definition. The second part of this thesis covers work on the usage of UML and OCL models for runtime verification. It is shown how models can still be used at the end of a software development process, i. e., after an implementation has manually been added to generated parts, even though they are not used as central parts of the development process. This work also influenced the integration of protocol state machines into a modeling tool, which lead to publications about the runtime semantics of state machines and the capabilities to declaratively specify behavior using state machines

The Oracle Problem in Software Testing: A Survey

Testing involves examining the behaviour of a system in order to discover potential faults. Given an input for a system, the challenge of distinguishing the corresponding desired, correct behaviour from potentially incorrect behavior is called the “test oracle problem”. Test oracle automation is important to remove a current bottleneck that inhibits greater overall test automation. Without test oracle automation, the human has to determine whether observed behaviour is correct. The literature on test oracles has introduced techniques for oracle automation, including modelling, specifications, contract-driven development and metamorphic testing. When none of these is completely adequate, the final source of test oracle information remains the human, who may be aware of informal specifications, expectations, norms and domain specific information that provide informal oracle guidance. All forms of test oracles, even the humble human, involve challenges of reducing cost and increasing benefit. This paper provides a comprehensive survey of current approaches to the test oracle problem and an analysis of trends in this important area of software testing research and practice

Runtime observable and adaptable UML state machine-based software components generation and verification: [email protected] approach

Cyber-Physical Systems (CPSs) are embedded computing systems in which computation interacts closely with the physical world through sensors and actuators. CPSs are used to control context aware systems. These types of systems are complex systems that will have different configurations and their control strategy can be configured depending the environmental data and current situation of the context. Therefore, in current industrial environments, the software of embedded and Cyber-Physical systems have to cope with increasing complexity, uncertain scenarios and safe requirements at runtime. The UML State Machine is a powerful formalism to model the logical behaviour of these types of systems, and in Model Driven Engineering (MDE) we can generate code automatically from these models. MDE aims to overcome the complexity of software construction by allowing developers to work at the high-level models of software systems instead of low-level codes. However, determining and evaluating the runtime behaviour and performance of models of CPSs using commercial MDE tools is a challenging task. Such tools provide little support to observe at model-level the execution of the code generated from the model, and to collect the runtime information necessary to, for example, check whether defined safe properties are met or not. One solution to address these requirements is having the software components information in model terms at runtime ([email protected]). Work on [email protected] seeks to extend the applicability of models produced in MDE approaches to the runtime environment. Having the model at runtime is the first step towards the runtime verification. Runtime verification can be performed using the information of model elements (current state, event, next state,etc.) This thesis aims at advancing the current practice on generating automatically Unified Modeling Language - State Machine (UML-SM) based software components that are able to provide their internal information in model terms at runtime. Regarding automation, we propose a tool supported methodology to automatically generate these software components. As for runtime monitoring, verification and adaptation, we propose an externalized runtime module that is able to monitor and verify the correctness of the software components based on their internal status in model terms at component and system level. In addition, if an error is detected, the runtime adaptation module is activated and the safe adaptation process starts in the involved software components. All things considered, the overall safe level of the software components and CPSs is enhanced.Sistema Ziber-Fisikoak, konputazio sistema txertatuez osatuta daude. Konputazio sistema txertatu hauek, mundu birtuala mundu fisikoarekin uztartzeko gaitasuna eskaintzen dute. Sistema ziberfisikoak orokorrean sistema konplexuak izan ohi dira eta inguruan gertazen denaren araberako konfigurazio desberdinak izan ohi dituzte. Gaur egungo industria ingurunetan, sistema hauek daramaten kontroleko softwarea asko handitu da eta beren konplexutasunak ere gorakada handia izan du: aurrez ezagunak ez diren baldintza eta inguruetan lan egin beharra dute askotan, denbora errealeko eskakizunak eta segurtasun eskakizunak ere beteaz. UML State Machine formalismoa, goian aipaturiko sistema mota horien portaera logikoa modelizatzeko erabiltzen den formalismo indartsu bat da. Formalismo honen baitan eta Model Driven Engineering (MDE) enfokea jarraituaz, sistema modelatzeko erabilitako grafikoetatik sisteman txertatua izango den kodea automatikoki sor genezake. MDEk softwarea sortzeko orduan izan genezakeen konplexutasuna gainditu nahi du, garatzailei software-sistemen goi-mailako ereduetan lan egiteko aukera emanez. Hala ere, MDE-an oinarrituriko tresna komertzialak erabiliaz, zaila izaten da berauen bidez sorturiko kodearen errendimendua eta portaera sistema exekuzioan dagoenean ebaluatzea. Tresna horiek laguntza gutxi eskaintzen dute modelotatik sortutako kodea exekutatzen ari denean sisteman zer gertatzen ari denaren informazioa modeloaren terminoetan jasotzeko. Beraz, exekuzio denboran, oso zaila izaten da sistemaren portaera egokia den edo ez aztertzea modelo mailako informazio hori erabiliaz. Eskakizun horiek kudeatzeko modu bat, software modeloaren informazioa denbora errealean izatea da ([email protected] enfokea). [email protected] enfokearen helburu nagusietako bat, MDE enfokearekin garapen fasean sortutako modeloak exekuzio denboran (runtime-en) erabilgarri izatean datza. Exekuzio denboran egiaztapen edo testing-a egin ahal izateko lehen urratsa, testeatu nahi den software horren modeloa exekuzio denboran eskuragarri izatea da. Honela, exekuzio denborako egiaztapen edo berifikazioak softwarea modelatzeko erabili ditugun elementu berberak erabiliaz egin daitke (egungo egoera, gertaera, hurrengo egoera, eta abar). Tesi honen helburutako bat UML-State Machine modeloetan oinarritutako eta exekuzio denboran beren barne egoeraren informazioa modeloko elementu bidez probestu ahalko duten software osagaiak modu automatikoan sortzea da. Automatizazioari dagokionez, lehenik eta behin, software-osagai horiek automatikoki sortzen dituzten tresnak eskaintzen dituen metodologia proposatzen dugu. Bigarrenik, UMLSM oinarritutako software osagaiak automatikoki sortuko dituen herraminta bera proposatzen dugu. Exekuzio denboran eguneraketen jarraipenari, egiaztatzeari eta egokitzeari dagokionez, barne egoera UML-SM modelo terminoetan eskaintzen duten software osagaiak egiaztatzeko eta egokitzeko gai den kanpo exekuzio modulo bat proposatzen dugu. Honela, errore bat detektatzen bada, exekuzio garaian egokitze modulua aktibatuko da egokitzapen prozesu segurua martxan jarriaz. Honek, dagokion software osagaiari abixua bidaliko dio egokitzapena egin dezan. Gauza guztiak kontuan hartuta, software osagaien eta CPSen segurtasun maila orokorra hobetua izango da.Los sistemas cyber-físicos (CPSs) son sistemas de computación embebidos en los que la computación interactúa estrechamente con el mundo físico a través de sensores y actuadores. Los CPS se utilizan para controlar sistemas que proveen conocimiento del contexto. Este tipo de sistemas son sistemas complejos que suelen tener diferentes configuraciones y su estrategia de control puede configurarse en función de los datos del entorno y de la situación actual del contexto. Por lo tanto, en los entornos industriales actuales, el software de los sistemas embebidos tiene que hacer frente a la creciente complejidad, los escenarios inciertos y los requisitos de seguridad en tiempo de ejecución. Las máquinas de estado UML son un formalismo muy utilizado en industria para modelar el comportamiento lógico de este tipo de sistemas, y siguiendo el enfoque Model Driven Engineering (MDE) podemos generar código automáticamente a partir de estos modelos. El objetivo de MDE es superar la complejidad de la construcción de software permitiendo a los desarrolladores trabajar en los modelos de alto nivel de los sistemas de software en lugar de tener que codificar el control mediante lenguajes de programación de bajo nivel. Sin embargo, determinar y evaluar el comportamiento y el rendimiento en tiempo de ejecución de estos modelos generados mediante herramientas comerciales de MDE es una tarea difícil. Estas herramientas proporcionan poco apoyo para observar a nivel de modelo la ejecución del código generado a partir del modelo. Por lo tanto, no son muy adecuadas para poder recopilar la información de tiempo de ejecución necesaria para, por ejemplo, comprobar si se cumplen o no las restricciones definidas. Un enfoque para gestionar estos requisitos, es tener la información de los componentes de software en términos de modelo en tiempo de ejecución ([email protected]). El trabajo en [email protected] busca ampliar la aplicabilidad de los modelos producidos en fase de desarrollo mediante el enfoque MDE al entorno de tiempo de ejecución. Tener el modelo en tiempo de ejecución es el primer paso para poder llevar a cabo la verificación en tiempo de ejecución. Así, esta verificación se podrá realizar utilizando la información de los elementos del modelo (estado actual, evento, siguiente estado, etc.). El objetivo de esta tesis es avanzar en la práctica actual de generar automáticamente componentes software basados en Unified Modeling Language - State Machine (UML-SM) que sean capaces de proporcionar información interna en términos de modelos en tiempo de ejecución. En cuanto a la automatización, en primer lugar, proponemos una metodología soportada por herramientas para generar automáticamente estos componentes de software. En segundo lugar, proponemos un marco de trabajo de generación de componentes de software basado en UML-SM. En cuanto a la monitorización, verificación y adaptación en tiempo de ejecución, proponemos un módulo de tiempo de ejecución externalizado que es capaz de monitorizar y verificar la validez de los componentes del software en función de su estado interno en términos de modelo. Además, si se detecta un error, se activa el módulo de adaptación en tiempo de ejecución y se inicia el proceso de adaptación seguro en el componente de software correspondiente. Teniendo en cuenta todo esto, el nivel de seguridad global de los componentes del software y de los CPS se ve mejorado

Protocol modelling : synchronous composition of data and behaviour

This thesis develops and explores a technique called Protocol Modelling, a mathematics for the description of orderings. Protocol Modelling can be viewed as a hybrid of object orientation, as it supports ideas of data encapsulation and object instantiation; and process algebra, as it supports a formally defined idea of process and process composition. The first half of the thesis focuses on describing and defining the Protocol Modelling technique. A formal denotational semantics for protocol machines is developed and used to establish various properties; in particular that composition is closed and preserves type safety. The formal semantics is extended to cover instantiation of objects. Comparison is made with other process algebras and an approach to unification of different formulations of the semantics of process composition is proposed. The second half of the thesis explores three applications of Protocol Modelling: Object Modelling. This explores the use of Protocol Modelling as a medium for object modelling, and the facility to execute protocol models is described. Protocol Modelling is compared with other object modelling techniques; in particular by contrasting its compositional style with traditional hierarchical inheritance. Protocol Contracts. This proposes the use of protocol models as a medium for expressing formal behavioural contracts. This is compared with more traditional forms of software contract in the generalization of the notion of contractual obligation as a mechanism for software specification. Choreographed Collaborations. In this application Protocol Modelling is used as a medium to describe choreographies for asynchronous multiparty collaborations. A compositional approach to choreography engineering, enabled by the synchronous semantics of Protocol Modelling, is explored and results established concerning sufficient conditions for choreography realizability. The results are extended to address choreographies that employ behavioural rules based on data

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 23rd International Conference on Fundamental Approaches to Software Engineering, FASE 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 23 full papers, 1 tool paper and 6 testing competition papers presented in this volume were carefully reviewed and selected from 81 submissions. The papers cover topics such as requirements engineering, software architectures, specification, software quality, validation, verification of functional and non-functional properties, model-driven development and model transformation, software processes, security and software evolution

A Scholarship Approach to Model-Driven Engineering

Model-Driven Engineering is a paradigm for software engineering where software models are the primary artefacts throughout the software life-cycle. The aim is to define suitable representations and processes that enable precise and efficient specification, development and analysis of software. Our contributions to Model-Driven Engineering are structured according to Boyer\u27s four functions of academic activity - the scholarships of teaching, discovery, application and integration. The scholarships share a systematic approach towards seeking new insights and promoting progressive change. Even if the scholarships have their differences they are compatible so that theory, practice and teaching can strengthen each other.Scholarship of Teaching: While teaching Model-Driven Engineering to under-graduate students we introduced two changes to our course. The first change was to introduce a new modelling tool that enabled the execution of software models while the second change was to adapt pair lecturing to encourage the students to actively participate in developing models during lectures. Scholarship of Discovery: By using an existing technology for transforming models into source code we translated class diagrams and high-level action languages into natural language texts. The benefit of our approach is that the translations are applicable to a family of models while the texts are reusable across different low-level representations of the same model.Scholarship of Application: Raising the level of abstraction through models might seem a technical issue but our collaboration with industry details how the success of adopting Model-Driven Engineering depends on organisational and social factors as well as technical. Scholarship of Integration: Building on our insights from the scholarships above and a study at three large companies we show how Model-Driven Engineering empowers new user groups to become software developers but also how engineers can feel isolated due to poor tool support. Our contributions also detail how modelling enables a more agile development process as well as how the validation of models can be facilitated through text generation.The four scholarships allow for different possibilities for insights and explore Model-Driven Engineering from diverse perspectives. As a consequence, we investigate the social, organisational and technological factors of Model-Driven Engineering but also examine the possibilities and challenges of Model-Driven Engineering across disciplines and scholarships

The Meaning of UML Models

The Unified Modelling Language (UML) is intended to express complex ideas in an intuitive and easily understood way. It is important because it is widely used in software engineering and other disciplines. Although an official definition document exists, there is much debate over the precise meaning of UML models. ¶ In response, the academic community have put forward many different proposals for formalising UML, but it is not at all obvious how to decide between them. Indeed, given that UML practitioners are inclined to reject formalisms as non-intuitive, it is not even obvious that the definition should be “formal” at all. Rather than searching for yet another formalisation of UML, our main aim is to determine what would constitute a good definition of UML. ¶ The first chapter sets the UML definition problem in a broad context, relating it to work in logic and the philosophy of science. ..

Trust negotiation policy management for service-oriented applications

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected