Automated verification of model transformations based on visual contracts

The final publication is available at Springer via http://dx.doi.org/10.1007/s10515-012-0102-yModel-Driven Engineering promotes the use of models to conduct the different phases of the software development. In this way, models are transformed between different languages and notations until code is generated for the final application. Hence, the construction of correct Model-to-Model (M2M) transformations becomes a crucial aspect in this approach. Even though many languages and tools have been proposed to build and execute M2M transformations, there is scarce support to specify correctness requirements for such transformations in an implementation-independent way, i.e., irrespective of the actual transformation language used. In this paper we fill this gap by proposing a declarative language for the specification of visual contracts, enabling the verification of transformations defined with any transformation language. The verification is performed by compiling the contracts into QVT to detect disconformities of transformation results with respect to the contracts. As a proof of concept, we also report on a graphical modeling environment for the specification of contracts, and on its use for the verification of transformations in several case studies.This work has been funded by the Austrian Science Fund (FWF) under grant P21374-N13, the Spanish Ministry of Science under grants TIN2008-02081 and TIN2011-24139, and the R&D programme of the Madrid Region under project S2009/TIC-1650

Specification and Validation of Model Transformations for Certified Systems' Development

Certifying critical systems requires very precise specifications and ability to ver- ify each development step. However, proofreading and test based verification are usually not exhaustive and as systems get more complex, their coverage is less and less adequate. Use of models allows early verification, validation and automated building of "correct by construction" systems. Our work targets formal specification and verification of model trans- formations. Such techniques provide significantly higher confidence of correctness and can even reach exhaustiveness. In this paper, we rely on common model driven engineering tech- niques to allow common engineers to write these specifications and to conduct verification. We propose to use a simple transformation model for specifying the expected relation between the source and target models after the transformation. The source and target metamodels are extended with a traceability model that defines a set of links that must exist after the transformation and whose correctness is specified as OCL constraints

Putting formal specifications under the magnifying glass: Model-based testing for validation

A software development process is effectively an abstract form of model transformation, starting from an end-user model of requirements, through to a system model for which code can be automatically generated. The success (or failure) of such a transformation depends substantially on obtaining a correct, well-formed initial model that captures user concerns. Model-based testing automates black box testing based on the model of the system under analysis. This paper proposes and evaluates a novel model-based testing technique that aims to reveal specification/requirement-related errors by generating test cases from a test model and exercising them on the design model. The case study outlined in the paper shows that a separate test model not only increases the level of objectivity of the requirements, but also supports the validation of the system under test through test case generation. The results obtained from the case study support the hypothesis that there may be discrepancies between the formal specification of the system modeled at developer end and the problem to be solved, and using solely formal verification methods may not be sufficient to reveal these. The approach presented in this paper aims at providing means to obtain greater confidence in the design model that is used as the basis for code generation

Using Graph Transformation Systems to Specify and Verify Data Abstractions

This paper proposes an approach for the specification of the behavior of software components that implement data abstractions. By generalizing the approach of behavior models using graph transformation, we provide a concise specification for data abstractions that describes the relationship between the internal state, represented in a canonical form, and the observers of the component. Graph transformation also supports the generation of behavior models that are amenable to verification. To this end, we provide a translation approach into an LTL model on which we can express useful properties that can be model-checked with a SAT solver

Using Graph Transformation Systems to Specify and Verify Data Abstractions

This paper proposes an approach for the specification of the behavior of software components that implement data abstractions. By generalizing the approach of behavior models using graph transformation, we provide a concise specification for data abstractions that describes the relationship between the internal state, represented in a canonical form, and the observers of the component. Graph transformation also supports the generation of behavior models that are amenable to verification. To this end, we provide a translation approach into an LTL model on which we can express useful properties that can be model-checked with a SAT solver

Generalization Strategies for the Verification of Infinite State Systems

We present a method for the automated verification of temporal properties of infinite state systems. Our verification method is based on the specialization of constraint logic programs (CLP) and works in two phases: (1) in the first phase, a CLP specification of an infinite state system is specialized with respect to the initial state of the system and the temporal property to be verified, and (2) in the second phase, the specialized program is evaluated by using a bottom-up strategy. The effectiveness of the method strongly depends on the generalization strategy which is applied during the program specialization phase. We consider several generalization strategies obtained by combining techniques already known in the field of program analysis and program transformation, and we also introduce some new strategies. Then, through many verification experiments, we evaluate the effectiveness of the generalization strategies we have considered. Finally, we compare the implementation of our specialization-based verification method to other constraint-based model checking tools. The experimental results show that our method is competitive with the methods used by those other tools. To appear in Theory and Practice of Logic Programming (TPLP).Comment: 24 pages, 2 figures, 5 table

Correct Transformation from CCSL to Promela for verification

Transforming a specification language into a language supported by a verification tool is a widely adopted way of doing formal verification. It enables the reuse of existing languages and tools. In this paper, we propose a correct transformation from CCSL to Promela to do formal verification by SPIN. To implement the transformation, we introduce "coincident instant" into Promela to deal with the discrete time in CCSL. Then we define property patterns to ensure that correctness properties are verified "coincident instant" by "coincident instant" during the verification. We define checkpoint transition systems (CTSs) to model source CCSL specifications and transformed Promel models. The proof of the correctness of our transformation relies on the checkpoint bisimulation defined over CTS. If a property is satisfied by a transformed Promela model, then it is satisfied by the source CCSL specification

Supporting a Multi-formalism Model Driven Development Process with Model Transformation, a TOPCASED implementation

International audienceThe ASSERT (Automated proof based System and Software Engineering for Real-Time Applications) European Integrated Project (IST-FP6-004033, http://www.assert-project.net/) defined and experimented a multi formalism Model Driven Engineering (MDE) process, enforcing an approach with separated specification and refinement of functional and non-functional properties.• Functional specification, design and development is based on UML profiles to support AADL concepts [2] and behavioural specification.• Real time Architecture properties are based on extensions targeting Ravenscar Computing execution Model (RCM see [6]) constraints upon component interface and ports.• Model transformation is supporting correctness preserving rules towards a Virtual Machine execution environment or a verification dedicated environment.A tool chain called IDEA (Integrated Development Environment for ASSERT) supporting the process was developed by the CS ASSERT team on top of the Eclipse/TOPCASED environment allowing:• Integrated use of several formalisms in a development life-cycle (UML, AADL, IF[4]) .• Model transformation from UML to IF, AADL to RCM and RCM to Ada• Automated code generationThe approach experimented allows combined use of best suited formalisms and features for MDE developments. The TOPCASED tool proved to be a unique integrated toolset for prototyping UML and meta models supporting tools.The main feedback gained from applying the notations and approach on small to medium case studies is that UML profiling is not scalable, and that use of several Domain Specific Languages (DSL) seems far more suitable. Semantic clashes can be limited by raising the abstraction level, and by partitioning properties for verification

Automated Verification by Declarative Description of Graph Rewriting-Based Model Transformations

Usually, verification of graph rewriting-based model transformations is performed manually, however, the industrial applications require automated methods. In several cases, transformation developers are interested in the offline analysis, when only the definition of the transformation and the specification of the modeling languages are taken into account. Hence, the analysis must be performed only once, and the results are independent from the concrete input models. For this purpose, transformations should be specified in a formalism that can be automatically analyzed. Based on our previous work that presented the mathematical background, this paper provides a platform-independent, declarative formalism for the specification of graph rewriting-based model transformations, and demonstrates its applicability on a case study of refactoring mobile-based social network models. Our results prove that several functional properties of the model transformations can be automatically verified, moreover, the capabilities of our methods can be extended in the future