Step 0: An Idea for Automatic OCL Benchmark Generation

Model Driven Engineering (MDE) is an important software development paradigm. Within this paradigm, models and constraints are essential components for expressing specifications of a software artefact. Object Constraint Language (OCL), a specification language that allows users to freely express constraints over different model features. However, one major issue is that the lack of OCL benchmarks makes difficult to evaluate existing and newly created OCL tools. In this paper, we present our initial idea about automatic OCL benchmark generation. The purpose of this paper is to show a developing idea rather than presenting a more formal and complete approach. Our idea is to use an OCL metamodel to sketch abstract syntax trees for OCL expressions, and solve generated typing constraints to produce the concrete OCL expressions. We illustrate this idea by using an example, discuss our work-in-progress and outline challenges to be tackled in the future

Formal foundations for software model to model transformation operation

Software model transformation operations are central operations in Model-Driven approaches. In order to represent software models, graphical modeling notations, for example UML, are used. Quality of software model, obtained after transformation, influences on further operations with this model. Thus, it is important to design formal approaches for model to model transformation that are grounded on analytical and mathematical tools. These approaches should provide a background for flexible adopting software model transformational techniques for peculiarities of specific software development lifecycle model. Challenges to mathematical tools and transformation rules that are involved to designing of model to model transformation approaches are formulated in this paper. The ground of mathematical tools choice that is based on these challenges is performed. An approach for performing model to model transformation, which is based on graph transformation, is presented in this paper. Transformational operations are considered on meta-level and concrete level. On meta-level choosing of mathematical tools for representing of transformation stages and transformational artifacts are grounded. Software models are represented as graphs. Initial information for transformation is represented as a set of sub-graphs. Transformation rules are composed using second and first order logics. On the level of the first-order logic all software model elements that participate in transformation are considered. In the level of second-order logic transformation rule considers types of software model element that are participate in the transformation. Proposed approach is extensible and may be used for extend functionality of model to model tools that process software models. For example in MEDINI QVT there is no direct ways to compose a model to model transformation rule that considers those software models elements that have no direct links.Операції перетворення моделей програмного забезпечення є центральними операціями у модельно-орієнтованих підходах розробки програмного забезпечення. Для представлення моделей програмного забезпечення використовуються графічні нотації мов моделювання, наприклад UML. Якість отриманої моделі програмного забезпечення після трансформації визначає ефективність операцій подальшої її обробки. Це визначає актуальність завдання розробки нових формальних підходів для трансформації моделей програмного забезпечення. Такі підходи забезпечують підгрунття для гнучкої адаптації технік та підходів трансформації з урахуванням особливостей процесів життєвого циклу програмного розробки програмного забезпечення. У статті сформульовані вимоги до аналітичних інструментів та правил трансформації які застосовуються для розробки підходів трансформації моделей. Також наведено обґрунтування вибору аналітичних інструментів, що відповідають цим вимогам. У роботі представлено підхід проведення операції трансформації моделі в модель, який базується на графовому перетворенні. Опреації трансформації розглядаються на мета рівні та на рівні детального опису моделей. Вихідною інформацією для трансформації слугує множина під-графів. Правила трансформації задаються за допомогою логік першого і другого порядку. На рівні преставлення елементів моделей програмного забезпечення для задання правил трансформації використовується логіка першого порядку, на рівні опису типів елементів використовується логіка другого порядку. Представлений підхід є розширюваним та може використовуватися при модифікації існуючих середовищ перетворення моделей. Наприклад у MEDINI QVT відсутня можливість сформувати правила трансформації моделей, що включають елементи, які не зв’язані безпосередньо на UML діаграмі.Операции преобразования моделей программного обеспечения являются ключевыми в модельно-ориентированных подходах разработки программного обеспечения. Для представления моделей программного обеспечения используются графические нотации языков моделирования, например UML. Качество полученной модели программного обеспечения после трансформации определяет эффективность ее дальнейшей обработки. Это определяет актуальность задачи разработки новых формальных подходов для трансформации моделей программного обеспечения. Такие подходы обеспечивают основу для гибкой адаптации техник и методов трансформации с учетом особенностей процессов жизненного цикла разработки программного обеспечения. В статье сформулированы требования к аналитическим инструментам и правилам трансформации, которые применяются для разработки подходов трансформации моделей. Также приведено обоснование выбора аналитических инструментов, отвечающих этим требованиям. Представленый в статье подход преобразования из модели в модель, основанный на графовой трансформации. Опреации трансформации рассматриваются на общем уровне и на уровне детального описания моделей. Исходной информацией для трансформации служит множество под-графов. Правила трансформации задаются с помощью логик первого и второго порядка. На уровне элементов моделей программного обеспечения для задания правил трансформации используется логика первого порядка, на уровне описания типов элементов используется логика второго порядка. Представленный подход является расширяемым и может использоваться при модификации существующих сред преобразования моделей. Например, в MEDINI QVT отсутствует возможность сформировать правила трансформации моделей, включающих элементы, которые не связаны непосредственно на UML диаграмме

From examples to knowledge in model-driven engineering : a holistic and pragmatic approach

Le Model-Driven Engineering (MDE) est une approche de développement logiciel qui propose d’élever le niveau d’abstraction des langages afin de déplacer l’effort de conception et de compréhension depuis le point de vue des programmeurs vers celui des décideurs du logiciel. Cependant, la manipulation de ces représentations abstraites, ou modèles, est devenue tellement complexe que les moyens traditionnels ne suffisent plus à automatiser les différentes tâches. De son côté, le Search-Based Software Engineering (SBSE) propose de reformuler l’automatisation des tâches du MDE comme des problèmes d’optimisation. Une fois reformulé, la résolution du problème sera effectuée par des algorithmes métaheuristiques. Face à la pléthore d’études sur le sujet, le pouvoir d’automatisation du SBSE n’est plus à démontrer. C’est en s’appuyant sur ce constat que la communauté du Example-Based MDE (EBMDE) a commencé à utiliser des exemples d’application pour alimenter la reformulation SBSE du problème d’apprentissage de tâche MDE. Dans ce contexte, la concordance de la sortie des solutions avec les exemples devient un baromètre efficace pour évaluer l’aptitude d’une solution à résoudre une tâche. Cette mesure a prouvé être un objectif sémantique de choix pour guider la recherche métaheuristique de solutions. Cependant, s’il est communément admis que la représentativité des exemples a un impact sur la généralisabilité des solutions, l'étude de cet impact souffre d’un manque de considération flagrant. Dans cette thèse, nous proposons une formulation globale du processus d'apprentissage dans un contexte MDE incluant une méthodologie complète pour caractériser et évaluer la relation qui existe entre la généralisabilité des solutions et deux propriétés importantes des exemples, leur taille et leur couverture. Nous effectuons l’analyse empirique de ces deux propriétés et nous proposons un plan détaillé pour une analyse plus approfondie du concept de représentativité, ou d’autres représentativités.Model-Driven Engineering (MDE) is a software development approach that proposes to raise the level of abstraction of languages in order to shift the design and understanding effort from a programmer point of view to the one of decision makers. However, the manipulation of these abstract representations, or models, has become so complex that traditional techniques are not enough to automate its inherent tasks. For its part, the Search-Based Software Engineering (SBSE) proposes to reformulate the automation of MDE tasks as optimization problems. Once reformulated, the problem will be solved by metaheuristic algorithms. With a plethora of studies on the subject, the power of automation of SBSE has been well established. Based on this observation, the Example-Based MDE community (EB-MDE) started using application examples to feed the reformulation into SBSE of the MDE task learning problem. In this context, the concordance of the output of the solutions with the examples becomes an effective barometer for evaluating the ability of a solution to solve a task. This measure has proved to be a semantic goal of choice to guide the metaheuristic search for solutions. However, while it is commonly accepted that the representativeness of the examples has an impact on the generalizability of the solutions, the study of this impact suffers from a flagrant lack of consideration. In this thesis, we propose a thorough formulation of the learning process in an MDE context including a complete methodology to characterize and evaluate the relation that exists between two important properties of the examples, their size and coverage, and the generalizability of the solutions. We perform an empirical analysis, and propose a detailed plan for further investigation of the concept of representativeness, or of other representativities

A formal approach to finding inconsistencies in a metamodel

Checking the consistency of a metamodel involves finding a valid metamodel instance that provably meets the set of constraints that are defined over the metamodel. These constraints are often specified in Object Constraint Language. Often, a metamodel is inconsistent due to conflicts among the constraints. Existing approaches and tools are typically incapable of pinpointing the conflicting constraints, and this makes it difficult for users to debug and fix their metamodels. In this paper, we present a formal approach for locating conflicting constraints in inconsistent metamodels. Our approach has four distinct features: (1) users can rank individual metamodel features using their own domain-specific knowledge, (2) we transform these ranked features to a weighted maximum satisfiability modulo theories problem and solve it to compute the set of maximum achievable features, (3) we pinpoint the conflicting constraints by solving the set cover problem using a novel algorithm, and (4) we have implemented our approach into a fully automated tool called MaxUSE. Our evaluation results, using our assembled set of benchmarks, demonstrate the scalability of our work and that it is capable of efficiently finding conflicting constraints

Model Transformation Testing and Debugging: A Survey

Model transformations are the key technique in Model-Driven Engineering (MDE) to manipulate and construct models. As a consequence, the correctness of software systems built with MDE approaches relies mainly on the correctness of model transformations, and thus, detecting and locating bugs in model transformations have been popular research topics in recent years. This surge of work has led to a vast literature on model transformation testing and debugging, which makes it challenging to gain a comprehensive view of the current state of the art. This is an obstacle for newcomers to this topic and MDE practitioners to apply these approaches. This paper presents a survey on testing and debugging model transformations based on the analysis of \nPapers~papers on the topics. We explore the trends, advances, and evolution over the years, bringing together previously disparate streams of work and providing a comprehensive view of these thriving areas. In addition, we present a conceptual framework to understand and categorise the different proposals. Finally, we identify several open research challenges and propose specific action points for the model transformation community.This work is partially supported by the European Commission (FEDER) and Junta de Andalucia under projects APOLO (US-1264651) and EKIPMENT-PLUS (P18-FR-2895), by the Spanish Government (FEDER/Ministerio de Ciencia e Innovación – Agencia Estatal de Investigación) under projects HORATIO (RTI2018-101204-B-C21), COSCA (PGC2018-094905-B-I00) and LOCOSS (PID2020-114615RB-I00), by the Austrian Science Fund (P 28519-N31, P 30525-N31), and by the Austrian Federal Ministry for Digital and Economic Affairs and the National Foundation for Research, Technology and Development (CDG

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 23rd International Conference on Fundamental Approaches to Software Engineering, FASE 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 23 full papers, 1 tool paper and 6 testing competition papers presented in this volume were carefully reviewed and selected from 81 submissions. The papers cover topics such as requirements engineering, software architectures, specification, software quality, validation, verification of functional and non-functional properties, model-driven development and model transformation, software processes, security and software evolution

Diversity of graph models and graph generators in mutation testing

When custom modeling tools are used for designing complex safety-critical systems (e.g., critical cyber-physical systems), the tools themselves need to be validated by systematic testing to prevent tool-specific bugs reaching the system. Testing of such modeling tools relies upon an automatically generated set of models as a test suite. While many software testing practices recommend that this test suite should be diverse, model diversity has not been studied systematically for graph models. In the paper, we propose different diversity metrics for models by generalizing and exploiting neighborhood and predicate shapes as abstraction. We evaluate such shape-based diversity metrics using various distance functions in the context of mutation testing of graph constraints and access policies for two separate industrial DSLs. Furthermore, we evaluate the quality (i.e., bug detection capability) of different (random and consistent) model generation techniques for mutation testing purposes