Lightweight and static verification of UML executable models

Executable models play a key role in many software development methods by facilitating the (semi)automatic implementation/execution of the software system under development. This is possible because executable models promote a complete and fine-grained specification of the system behaviour. In this context, where models are the basis of the whole development process, the quality of the models has a high impact on the final quality of software systems derived from them. Therefore, the existence of methods to verify the correctness of executable models is crucial. Otherwise, the quality of the executable models (and in turn the quality of the final system generated from them) will be compromised. In this paper a lightweight and static verification method to assess the correctness of executable models is proposed. This method allows us to check whether the operations defined as part of the behavioural model are able to be executed without breaking the integrity of the structural model and returns a meaningful feedback that helps repairing the detected inconsistencies.Peer ReviewedPostprint (author's final draft

A Framework for Executable Systems Modeling

Systems Modeling Language (SysML), like its parent language, the Unified Modeling Language (UML), consists of a number of independently derived model languages (i.e. state charts, activity models etc.) which have been co-opted into a single modeling framework. This, together with the lack of an overarching meta-model that supports uniform semantics across the various diagram types, has resulted in a large unwieldy and informal language schema. Additionally, SysML does not offer a built in framework for managing time and the scheduling of time based events in a simulation. In response to these challenges, a number of auxiliary standards have been offered by the Object Management Group (OMG); most pertinent here are the foundational UML subset (fUML), Action language for fUML (Alf), and the UML profile for Modeling and Analysis of Real Time and Embedded Systems (MARTE). However, there remains a lack of a similar treatment of SysML tailored towards precise and formal modeling in the systems engineering domain. This work addresses this gap by offering refined semantics for SysML akin to fUML and MARTE standards, aimed at primarily supporting the development of time based simulation models typically applied for model verification and validation in systems engineering. The result of this work offers an Executable Systems Modeling Language (ESysML) and a prototype modeling tool that serves as an implementation test bed for the ESysML language. Additionally a model development process is offered to guide user appropriation of the provided framework for model building

Lightweight and static verification of UML executable models

Executable models play a key role in many development methods (such as MDD and MDA) by facilitating the immediate simulation/implementation of the software system under development. This is possible because executable models include a fine-grained specification of the system behaviour using an action language. Executable models are not a new concept but are now experiencing a comeback. As a relevant example, the OMG has recently published the first version of the “Foundational Subset for Executable UML Models” (fUML) standard, an executable subset of the UML that can be used to define, in an operational style, the structural and behavioural semantics of systems. The OMG has also published a beta version of the “Action Language for fUML” (Alf) standard, a concrete syntax conforming to the fUML abstract syntax, that provides the constructs and textual notation to specify the fine-grained behaviour of systems. The OMG support to executable models is substantially raising the interest of software companies for this topic. Given the increasing importance of executable models and the impact of their correctness on the final quality of software systems derived from them, the existence of methods to verify the correctness of executable models is becoming crucial. Otherwise, the quality of the executable models (and in turn the quality of the final system generated from them) will be compromised. Despite the number of research works targetting the verification of software models, their computational cost and poor feedback makes them difficult to integrate in current software development processes. Therefore, there is the need for efficient and useful methods to check the correctness of executable models and tools integrated to the modelling tools used by designers. In this thesis we propose a verification framework to help the designers to improve the quality of their executable models. Our framework is composed of a set of lightweight static methods, i.e. methods that do not require to execute the model in order to check the desired property. These methods are able to check several properties over the behavioural part of an executable model (for instance, over the set of operations that compose a behavioural executable model) such as syntactic correctness (i.e. all the operations in the behavioural model conform to the syntax of the language in which it is described), non-redundancy (i.e. there is no another operation with exactly the same behaviour), executability (i.e. after the execution of an operation, the reached system state is -in case of strong executability- or may be -in case of weak executability- consistent with the structural model and its integrity constraints) and completeness (i.e. all possible changes on the system state can be performed through the execution of the operations defined in the executable model). For incorrect models, the methods that compose our verification framework return a meaningful feedback that helps repairing the detected inconsistencies

A logic-based approach for the verification of UML timed models

This article presents a novel technique to formally verify models of real-time systems captured through a set of heterogeneous UML diagrams. The technique is based on the following key elements: (i) a subset of Unified Modeling Language (UML) diagrams, called Coretto UML (C-UML), which allows designers to describe the components of the system and their behavior through several kinds of diagrams (e.g., state machine diagrams, sequence diagrams, activity diagrams, interaction overview diagrams), and stereotypes taken from the UML Profile for Modeling and Analysis of Real-Time and Embedded Systems; (ii) a formal semantics of C-UML diagrams, defined through formulae of the metric temporal logic Tempo Reale ImplicitO (TRIO); and (iii) a tool, called Corretto, which implements the aforementioned semantics and allows users to carry out formal verification tasks on modeled systems. We validate the feasibility of our approach through a set of different case studies, taken from both the academic and the industrial domain

To Do or Not to Do: Semantics and Patterns for Do Activities in UML PSSM State Machines

State machines are used ubiquitously in engineering software-intensive systems. UML State Machines extend simple finite state machines with powerful constructs. Among the many extensions, there is one seemingly simple and innocent language construct that fundamentally changes state machines' reactive model of computation: doActivity behaviors. DoActivity behaviors describe behavior that is executed independently from the state machine once entered in a given state, typically modeling complex computation or communication as background tasks. However, the UML specification or textbooks are vague about how the doActivity behavior construct should be appropriately used. This lack of guidance is a severe issue as, when improperly used, doActivities can cause concurrent, non-deterministic bugs that are especially challenging to find and could ruin a seemingly correct software design. The Precise Semantics of UML State Machines (PSSM) specification introduced detailed operational semantics for state machines. To the best of our knowledge, there is no rigorous review yet of doActivity's semantics as specified in PSSM. We analyzed the semantics by collecting evidence from cross-checking the text of the specification, its semantic model and executable test cases, and the simulators supporting PSSM. We synthesized insights about subtle details and emergent behaviors relevant to tool developers and advanced modelers. We reported inconsistencies and missing clarifications in more than 20 issues to the standardization committee. Based on these insights, we studied 11 patterns for doActivities detailing the consequences of using a doActivity in a given situation and discussing countermeasures or alternative design choices. We hope that our analysis of the semantics and the patterns help vendors develop conformant simulators or verification tools and engineers design better state machine models

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

An approach to design smart grids and their IT system by cosimulation

International audienceSmart grids are the oncoming generation of power grids, which rely on information and communication technologies to tackle decentralized and intermittent energy sources such as wind farms and photovoltaic plants. They integrate electronics, software information processing and telecommunications technical domains. Therefore the design of smart grids is complex because of the various technical domains and modeling tools at stake. In this article, we present an approach to their design, which relies on model driven engineering, executable models and FMI based cosimulation. This approach is illustrated on the use case of an insular power grid and allows to study the impact of power production decision

Case Study Comparing Model-Driven Approaches to Software Design

Táto bakalárska práca sa zaoberá problematikou vývoja softwaru za pomoci rôznych prístupov k návrhu a implementácii softwaru. Hlavným cieľom práce je na základe navrhnutých kritérií porovnať klasický prístup k vývoju softwaru s alternatívnym prístupom založeným na transformácii abstraktných modelov, zvaným Model-Driven Engineering (MDE). Tieto dva prístupy sú následne demonštrované na prípadovej štúdii jednoduchého konferenčného recenzného systému. V závere práce sú diskutované možnosti a obmedzenia techník MDE.This bachelor thesis deals with various approaches to software design and its implementation. The main goal of this thesis is to compare the classical approach of software development to an alternate approach called Model-Driven Engineering (MDE), which is based on abstract models transformations. These two approaches are then demonstrated on a case study of simple conference review system. At the end of the work, the possibilities and limitations of MDE techniques are discussed.