7 research outputs found

    Assessing and improving the quality of model transformations

    Get PDF
    Software is pervading our society more and more and is becoming increasingly complex. At the same time, software quality demands remain at the same, high level. Model-driven engineering (MDE) is a software engineering paradigm that aims at dealing with this increasing software complexity and improving productivity and quality. Models play a pivotal role in MDE. The purpose of using models is to raise the level of abstraction at which software is developed to a level where concepts of the domain in which the software has to be applied, i.e., the target domain, can be expressed e??ectively. For that purpose, domain-speci??c languages (DSLs) are employed. A DSL is a language with a narrow focus, i.e., it is aimed at providing abstractions speci??c to the target domain. This makes that the application of models developed using DSLs is typically restricted to describing concepts existing in that target domain. Reuse of models such that they can be applied for di??erent purposes, e.g., analysis and code generation, is one of the challenges that should be solved by applying MDE. Therefore, model transformations are typically applied to transform domain-speci??c models to other (equivalent) models suitable for di??erent purposes. A model transformation is a mapping from a set of source models to a set of target models de??ned as a set of transformation rules. MDE is gradually being adopted by industry. Since MDE is becoming more and more important, model transformations are becoming more prominent as well. Model transformations are in many ways similar to traditional software artifacts. Therefore, they need to adhere to similar quality standards as well. The central research question discoursed in this thesis is therefore as follows. How can the quality of model transformations be assessed and improved, in particular with respect to development and maintenance? Recall that model transformations facilitate reuse of models in a software development process. We have developed a model transformation that enables reuse of analysis models for code generation. The semantic domains of the source and target language of this model transformation are so far apart that straightforward transformation is impossible, i.e., a semantic gap has to be bridged. To deal with model transformations that have to bridge a semantic gap, the semantics of the source and target language as well as possible additional requirements should be well understood. When bridging a semantic gap is not straightforward, we recommend to address a simpli??ed version of the source metamodel ??rst. Finally, the requirements on the transformation may, if possible, be relaxed to enable automated model transformation. Model transformations that need to transform between models in di??erent semantic domains are expected to be more complex than those that merely transform syntax. The complexity of a model transformation has consequences for its quality. Quality, in general, is a subjective concept. Therefore, quality can be de??ned in di??erent ways. We de??ned it in the context of model transformation. A model transformation can either be considered as a transformation de??nition or as the process of transforming a source model to a target model. Accordingly, model transformation quality can be de??ned in two di??erent ways. The quality of the de??nition is referred to as its internal quality. The quality of the process of transforming a source model to a target model is referred to as its external quality. There are also two ways to assess the quality of a model transformation (both internal and external). It can be assessed directly, i.e., by performing measurements on the transformation de??nition, or indirectly, i.e., by performing measurements in the environment of the model transformation. We mainly focused on direct assessment of internal quality. However, we also addressed external quality and indirect assessment. Given this de??nition of quality in the context of model transformations, techniques can be developed to assess it. Software metrics have been proposed for measuring various kinds of software artifacts. However, hardly any research has been performed on applying metrics for assessing the quality of model transformations. For four model transformation formalisms with di??fferent characteristics, viz., for ASF+SDF, ATL, Xtend, and QVTO, we de??ned sets of metrics for measuring model transformations developed with these formalisms. While these metric sets can be used to indicate bad smells in the code of model transformations, they cannot be used for assessing quality yet. A relation has to be established between the metric sets and attributes of model transformation quality. For two of the aforementioned metric sets, viz., the ones for ASF+SDF and for ATL, we conducted an empirical study aiming at establishing such a relation. From these empirical studies we learned what metrics serve as predictors for di??erent quality attributes of model transformations. Metrics can be used to quickly acquire insights into the characteristics of a model transformation. These insights enable increasing the overall quality of model transformations and thereby also their maintainability. To support maintenance, and also development in a traditional software engineering process, visualization techniques are often employed. For model transformations this appears as a feasible approach as well. Currently, however, there are few visualization techniques available tailored towards analyzing model transformations. One of the most time-consuming processes during software maintenance is acquiring understanding of the software. We expect that this holds for model transformations as well. Therefore, we presented two complementary visualization techniques for facilitating model transformation comprehension. The ??rst-technique is aimed at visualizing the dependencies between the components of a model transformation. The second technique is aimed at analyzing the coverage of the source and target metamodels by a model transformation. The development of the metric sets, and in particular the empirical studies, have led to insights considering the development of model transformations. Also, the proposed visualization techniques are aimed at facilitating the development of model transformations. We applied the insights acquired from the development of the metric sets as well as the visualization techniques in the development of a chain of model transformations that bridges a number of semantic gaps. We chose to solve this transformational problem not with one model transformation, but with a number of smaller model transformations. This should lead to smaller transformations, which are more understandable. The language on which the model transformations are de??ned, was subject to evolution. In particular the coverage visualization proved to be bene??cial for the co-evolution of the model transformations. Summarizing, we de??ned quality in the context of model transformations and addressed the necessity for a methodology to assess it. Therefore, we de??ned metric sets and performed empirical studies to validate whether they serve as predictors for model transformation quality. We also proposed a number of visualizations to increase model transformation comprehension. The acquired insights from developing the metric sets and the empirical studies, as well as the visualization tools, proved to be bene??cial for developing model transformations

    Cost-benefit analysis for software process improvement

    Get PDF
    Justification of investments to improve software development processes and technol- ogy continues to be a significant challenge for software management. Managers interested in improving quality, cost, and cycle-time of their products have a large set of methods, tools, and techniques from which to choose. The implementation of one or more of these potential improvements can require considerable time and cost. Decision makers must be able to understand the benefits from each proposed improvement and decide which improvements to implement. While a variety of approaches exist for evaluating the costs and benefits of a few specific improvements such as inspections or systematic reuse, there is no general model for evaluating software process improvements. The result of this research is a practical, useful framework to assist practitioners in evaluating potential process improvements. This general framework can accommodate a variety of methods for estimating the cost-benefit effects of a process change. To illustrate this framework a set of cost-benefit templates for Emerald and Cleanroom technologies were developed and validated. Methods for evaluating effects range from constants and simple equations to bayesian decision models and dynamic process simulations. A prototype tool was developed to assist in performing cost-benefit analysis of software process improvements

    Resource-based Verification for Robust Composition of Aspects

    Get PDF
    Aspect Oriented Software Development has been proposed as a means to improve modularization of software in the presence of crosscutting concerns. Compared to object-oriented or procedural approaches, Aspect Oriented Programming (AOP) has not yet been applied in many industrial applications. In this thesis we investigate the application of AOP within an industrial context and propose a novel solution to the problem of behavioral conflicts between aspects. We report on our experience transferring an aspect-oriented solution to a company called Advanced Semi-conductor Material Lithography (ASML). We investigate the acceptance criteria for AOP in industry, based on two industrial cases studies. We present a process that includes quantification of the benefits of AOP and elicitation of key worries expressed by stakeholders. We conducted a controlled experiment to assess the advantages and disadvantages of an aspect-based approach using a tracing example. Twenty developers from ASML were requested to carry out five maintenance scenarios. This experiment has shown that, in case the tracing concern is implemented using an AOP implementation instead of a procedural language, the development effort is on average 6% reduced while the impact of errors is reduced by 77%, for maintaining code related to tracing. For a subset of the scenarios, the results were statistically significant on a confidence interval of 95%. The so-called aspect interference problem is one of the major concerns in introducing AOP. Aspects can be developed independently and behave correct in isolation. However, due to intended or unintended composition of aspects, undesired behavior can emerge. In this thesis we focus on behavioral conflicts between aspects at shared join points. These are illustrated by a realistic example based on crosscutting concerns from ASML. We present an approach for the detection of behavioral interference that is based on a novel abstraction of the behavior of aspects, using resources and operations. This abstraction enables the expression of behavior in a simple manner that is suitable for automated detection of interference among aspects. The approach employs a set of conflict detection rules that can be used to detect both generic conflicts as well as domain specific conflicts. Our approach is general for AOP languages, its application to one specific AOP language Composition Filters is also illustrated in this thesis. The application to Composition Filters demonstrates how the use of a declarative advice language can be exploited for automated conflict detection. We detail the analysis process and discuss what information is required from the aspect developer to be able perform the analysis. We also discuss when static analysis is insufficient for detecting behavioral conflicts. We present a run time extension aiming at detecting dynamic conflicts. We discuss optimizations for this run time approach, which exploits the static verification results. Finally, we propose three improvements to the Composition Filters model to support automated and manual reasoning even further. The first improvement separates what behavior is executed from when this behavior is executed. Secondly, we introduce atomic filters that can be used to build more complex filters. The semantics of these filters are well defined. Although this approach has clear benefits from an automated reasoning perspective, the introduction of atomic filters results in the definition of numerous filters for specifying more complex behavior. Therefore, we introduce a filter composition language that enables the declarative composition of (atomic) filters, such that composed filter behavior can be reused elsewhere

    Electronic Performance Support for E-Learning Analysis and Design

    Get PDF
    Corporate instructional designers often follow an instructional systems design (ISD) process to plan, create, and implement training programs. Increased demand for elearning as a replacement or addition to classroom training means that, in the current corporate environment, instructional designers are called upon to produce a wide variety of instructional formats and have to make more decisions during the ISD process. E-learning is evolving into a total performance improvement solution rather than simply as a means to delivering distance training and consequently, in an effort to achieve business goals, many corporations are turning to it as a cost effective way to deliver training and support to employees and customers. Corporate e-learning applications can incorporate knowledge management and electronic performance support as well as support for multiple formats of online learning, adding to the complexity of the instructional designer\u27s job and the ISD process. While the ISD process is well documented and numerous operational models exist, instructional designers often have difficulty in its application given the complexity of an e-learning application. The study analyzed the impact of an experimental electronic performance support system (EPSS) on the performance of e-learning instructional designers. An EPSS intended to provide assistance during the analysis and design stages of an e-learning project was created to aid corporate instructional designers make tradeoffs among time, cost, and quality of various analysis and design procedures and techniques. Formative reviews by instructional designers experienced in e-learning added to the validity of the contents of the EPSS. Summative evaluator’s pilot tested the EPSS by using it in conjunction with the analysis and design activities of three corporate e-learning projects. Evaluation results indicated that an instructional design EPSS can help designers sequence and prioritize tasks, allocate time and resources to task execution, and focus tasks on user performance and client goals

    Formal development of control software in the medical systems domain

    Get PDF
    In this thesis we describe the effectiveness of applying a number of formal techniques to the development of industrial control software at Philips Healthcare. We demonstrate how these techniques were tightly incorporated to the industrial workflow and the issues encountered during the application. The work was established in an industrial context, dealing with real industrial projects and a real product concerning the development of interventional X-ray systems. The results are very conclusive in the sense that the used formal techniques could deliver substantially better quality code compared to the code developed in conventional development methods. Also, the results show that the productivity of the formally developed code is better than the productivity of code developed by projects at Philips Healthcare or projects reported worldwide. The thesis also includes a number of design and specification guidelines that assist constructing verifiable components using model checking. The guidelines were successful in designing and verifying a controller component developed at Philips Healthcare. Hence, the guidelines can provide an effective framework to design verifiable control components in industrial settings

    Capturing and exploiting abstract views of states in OO verification

    Get PDF
    In this thesis, we study several implementation, specification and verification techniques for Object-Oriented (OO) programs. Our focus is on capturing conceptual structures in OO states in abstractions, and then exploiting such an abstract view of the state in specification and implementation approaches in a way that allows for formal verification. Generally, an OO state consists of many objects that reference each other in possibly complicated ways. At the same time, at any one point in the execution of the program, we can often reason about what is happening using an abstract view of the state that is much less complicated. To further improve the quality of implementations, better techniques must be developed for 1) specification of the abstract views that are used by the client and the programmer, and 2) the verification that an implementation satisfies its specification. This thesis contributes to that effort. We distinguish between client-level and programmer-level specification. A client-level specification acts as a contract between the client and the implementer. A programmer-level specification allows to reason formally about the implementation. We consider two specification formalisms that differ in the basic abstract view that is used: Algebraic Specification and OO Specification. We consider both client-level and programmer-level specifications based on algebraic specification. We contribute a novel syntax and semantics for the former, and we contribute an implementation approach for OO implementations based on the latter. We show that the implementation approach is suitable for problem-independent verification. We propose the programmer-level OO specification constructs inc and coop. The inc construct allows method specification to make explicit that a certain enumeration of invariants does not have to hold when that method is executed. The coop construct allows a field specification to make explicit that a certain enumeration of invariants might be invalidated when the field is updated. This allows for the specification and verification of OO designs in which in the process of updating one object, other objects with which it together implements a common purpose must be updated as well. We then generalize the inc and coop constructs by removing a restriction to enumerations of invariants. For instance, this is needed in the well-known Observer Pattern, where a Subject can have an arbitrary and dynamically changing number of Observers. A more general interpretation of invariants and accompanying proof system are provided as well. We contribute a programmer-level OO specification technique to capture layers in OO architectures, and we exploit these layers by providing a more liberal semantics of class invariants. We also provide a verification technique for the semantics. Layers are an abstraction at the architectural level in OO implementations that designate certain object structures in the design as sub-structures that are shared by other structures. An object in a higher layer is not relevant to the purpose of an object in the sub-structure. Given this intuition, an object in a higher layer is not part of the abstract view from an object in a lower layer. Therefore, the invariant of a higher layer object does not have to hold when a method of a lower-layer object is executing. Finally, we contribute a verification technique for pure methods and model fields, which are existing specification techniques for capturing an abstract view of the state in OO specifications. A method that is pure can be used as a function in predicates in class specifications. The function is axiomatized using the pre- and postcondition that are specified for the method. A model field abstracts part of the concrete state of an object into an abstract value. This too introduces an additional axiom in the underlying reasoning. The technique contributed establishes that such additional axioms do no introduce inconsistencies into the formal reasoning. It comes with heuristics that that make it amenable to automatic verification
    corecore