Reifying Concurrency for Executable Metamodeling

International audienceCurrent metamodeling techniques can be used to specify the syntax and semantics of domain specific modeling languages (DSMLs). However, there is currently very little support for explicitly specifying concurrency semantics using metamodels. Often, such semantics are provided through implicit concurrency models embedded in the underlying execution environment supported by the language workbench used to implement the DSMLs. The lack of an explicit concurrency model has several drawbacks: it not only prevents from developing a complete understanding of the behavioral semantics, it also prevents development of effective concurrency-aware analysis techniques, and effective techniques for producing semantic variants in the cases where the semantic base has variation points. This work reifies concurrency as a metamodeling facility, leveraging formalization work from the concurrency theory and models of computation (MoC) community. The essential contribution of this paper is a proposed language workbench for binding domain-specific concepts and models of computation through an explicit event structure at the metamodel level. We illustrate these novel metamodeling facilities for designing two variants of a concurrent and timed final state machine, and provide other experiments to validate the scope of our approach

Framework for Heterogeneous Modeling and Composition

National audienceEmbedded and cyber-physical systems are becoming more and more complex. They are often split into subsystems and each subsystem can be addressed by a Domain Specific Modeling Language (DSML). A DSML efficiently specifies the domain concepts as well as their behavioral semantics. For a single system, several models conforming to different DSMLs are then developed and the system specification is consequently heterogeneous, \textit{i.e.}, it is specified by using heterogeneous languages. The behaviors of these models have to be coordinated to provide simulation and/or verification of the overall system. This thesis studies this coordination problem with the objective of enabling the execution and the verification of the heterogeneous systems, by relying on the behavioral composition of DSMLs. We are currently proposing a language named B-COoL (Behavioral Composition Operator Language) to specify the composition of DSMLs behavior. The aim of B-COoL is two-fold: to capitalize the coordination at the language level, and to enable the automatic generation of the coordination between models conforming to composed DSMLs

A Tool-Supported Approach for Concurrent Execution of Heterogeneous Models

International audienceIn the software and systems modeling community, research on domain-specific modeling languages (DSMLs) is focused on providing technologies for developing languages and tools that allow domain experts to develop system solutions efficiently. Unfortunately, the current lack of support for explicitly relating concepts expressed in different DSMLs makes it very difficult for software and system engineers to reason about information spread across models describing different system aspects [4]. As a particular challenge, we investigate in this paper relationships between, possibly heterogeneous, behavioral models to support their concurrent execution. This is achieved by following a modular executable metamodeling approach for behavioral semantics understanding, reuse, variability and composability [5]. This approach supports an explicit model of concurrency (MoCC) [6] and domain-specific actions (DSA) [10] with a well-defined protocol between them (incl., mapping, feedback and callback) reified through explicit domain-specific events (DSE) [12]. The protocol is then used to infer a relevant behavioral language interface for specifying coordination patterns to be applied on conforming executable models [17]. All the tooling of the approach is gathered in the GEMOC studio, and outlined in the next section. Currently, the approach is experienced on a systems engineering language provided by Thales, named Capella 7. The goal and current state of the case study are exposed in this paper. 7 Cf. https://www.polarsys.org/capella

WIP on a Coordination Language to Automate the Generation of Co-Simulations

International audienc

Early validation of satellite COTS-on-board computing systems

International audienceThe competitive market of nano and micro satellites opens perspectives for use of COTS (Com-mercial Off-The-Shelf) electronic components. Current modular electronics design for embedded On-Board Computing systems (OBC) is being challenged by the integration of flexible Systems on Chip (SoC). The deployment of generic avionics and user/payload functionalities on these components is becoming increasingly complex, while Quality of Service must remain compliant with demanding requirements. It is therefore most important to estimate/evaluate those properties as early as possible, regarding a given ap-plication's deployment on a given COTS-based architecture. Model Based System Engineering (MBSE), while a leading practice in architecture description, may still require further study on its use for early evaluation , especially regarding analysis of emerging behaviors and qualitative model-based mapping of ap-plicative functions onto architectural platform. In this paper, we present methods to enhance MBSE design, helping the designer in evaluating candidate mappings and design choices by providing concrete quality measures. We focus on two aspects that were identified as critical in the ATIPPIC IRT project: first, the cost and conflicts in data communications in on-board and peripheral interconnects, which has a bottleneck impact on mapping choices; second, the availability of functions in case of resource failures (from solar radiations), to validate fault-mitigation techniques and estimate the (un)availability of the OBC system. We illustrate the approach on a simplified satellite model, abstracted from a design conceived in the ATIPPIC IRT project

Towards Language-Oriented Modeling

In this habilitation à diriger des recherches (HDR), I review a decade of research work in the fields of Model-Driven Engineering (MDE) and Software Language Engineering (SLE). I propose contributions to support a language-oriented modeling, with the particular focus on enabling early validation & verification (V&V) of software-intensive systems. I first present foundational concepts and engineering facilities which help to capture the core domain knowledge into the various heterogeneous concerns of DSMLs (aka. metamodeling in the small), with a particular focus on executable DSMLs to automate the development of dynamic V&V tools. Then, I propose structural and behavioral DSML interfaces, and associated composition operators to reuse and integrate multiple DSMLs (aka. metamodeling in the large).In these research activities I explore various breakthroughs in terms of modularity and reusability of DSMLs. I also propose an original approach which bridges the gap between the concurrency theory and the algorithm theory, to integrate a formal concurrency model into the execution semantics of DSMLs. All the contributions have been implemented in software platforms — the language workbench Melange and the GEMOC studio – and experienced in real-world case studies to assess their validity. In this context, I also founded the GEMOC initiative, an attempt to federate the community on the grand challenge of the globalization of modeling languages

Facilités de typage pour l'ingénierie des langages

Le nombre et la complexité toujours croissants des préoccupations prises en compte dans les systèmes logiciels complexes (e.g., sécurité, IHM, scalabilité, préoccupations du domaine d'application) poussent les concepteurs de tels systèmes à séparer ces préoccupations afin de les traiter de manière indépendante. L'ingénierie dirigée par les modèles (IDM) prône la séparation des préoccupations au sein de langages de modélisation dédiés. Les langages de modélisation dédiés permettent de capitaliser le savoir et le savoir-faire associés à une préoccupation au travers des constructions du langage et des outils associés. Cependant la définition et l'outillage d'un langage dédié demande un effort de développement important pour un public par définition réduit. Nous proposons dans cette thèse une relation liant les modèles et une interface de modèle permettant de faciliter la mise en place de facilités de typage pour la définition et l'outillage d'un langage dédié. Cette interface expose les éléments de modèle et les transformations de modèles associés à un langage de modélisation dédié. Nous représentons une telle interface par un type de modèles supportant des relations de sous-typage et d'héritage. Dans ce but nous définissons : une relation de typage entre les modèles et les langages de modélisation dédiés permettant de considérer les modèles comme des entités de première classe ; des relations de sous-typage entre langages de modélisation dédiés permettant la réutilisation de la syntaxe abstraite et des transformations de modèles.The ever growing number and complexity of concerns in software intensive systems (e.g., safety, HMI, scalability, business domain concerns, etc.) leads designers of such systems to separate these concerns to deal with them independently. Model-Driven Engineering (MDE) advocates the separation of concerns in Domain-Specific Modeling Languages (DSMLs). DSMLs are used to capitalize the knowledge and know-how associated with a concern through the language constructs and its associated tools. However, both definition and tooling of a DSML require a significant development effort for a limited audience. In this thesis, we propose a relationship between models and model interfaces in order to ease the design of typing facilities for the definition and tooling of a DSML. This interface exposes the model elements and model transformations associated with a DSML. We represent such an interface by a model type supporting subtyping and inheritance relationships. For this purpose we define : a typing relationship between models and DSMLs allowing to consider models as first-class entities; subtyping relationships between DSMLs enabling the reuse of abstract syntax and model transformations.RENNES1-Bibl. électronique (352382106) / SudocSudocFranceF

Towards the Formal Verification of Model Transformations: An Application to Kermeta

Model-Driven Engineering (MDE) is becoming a popular engineering methodology for developing large-scale software applications, using models and transformations as primary principles. MDE is now being successfully applied to domain-specific languages (DSLs), which target a narrow subject domain like process management, telecommunication, product lines, smartphone applications among others, providing experts high-level and intuitive notations very close to their problem domain. More recently, MDE has been applied to safety-critical applications, where failure may have dramatic consequences, either in terms of economic, ecologic or human losses. These recent application domains call for more robust and more practical approaches for ensuring the correctness of models and model transformations. Testing is the most common technique used in MDE for ensuring the correctness of model transformations, a recurrent, yet unsolved problem in MDE. But testing suffers from the so-called coverage problem, which is unacceptable when safety is at stake. Rather, exhaustive coverage is required in this application domain, which means that transformation designers need to use formal analysis methods and tools to meet this requirement. Unfortunately, two factors seem to limit the use of such methods in an engineer’s daily life. First, a methodological factor, because MDE engineers rarely possess the effective knowledge for deploying formal analysis techniques in their daily life developments. Second, a practical factor, because DSLs do not necessarily have a formal explicit semantics, which is a necessary enabler for exhaustive analysis. In this thesis, we contribute to the problem of formal analysis of model transformations regarding each perspective. On the conceptual side, we propose a methodological framework for engineering verified model transformations based on current best practices. For that purpose, we identify three important dimensions: (i) the transformation being built; (ii) the properties of interest ensuring the transformation’s correctness; and finally, (iii) the verification technique that allows proving these properties with minimal effort. Finding which techniques are better suited for which kind of properties is the concern of the Computer-Aided Verification community. Consequently in this thesis, we focus on studying the relationship between transformations and properties. Our methodological framework introduces two novel notions. A transformation intent gathers all transformations sharing the same purpose, abstracting from the way the transformation is expressed. A property class captures under the same denomination all properties sharing the same form, abstracting away from their underlying property languages. The framework consists of mapping each intent with its characteristic set of property classes, meaning that for proving the correctness of a particular transformation obeying this intent, one has to prove properties of these specific classes. We illustrate the use and utility of our framework through the detailed description of five common intents in MDE, and their application to a case study drawn from the automative software domain, consisting of a chain of more than thirty transformations. On a more practical side, we study the problem of verifying DSLs whose behaviour is expressed with Kermeta. Kermeta is an object-oriented transformation framework aligned with Object Management Group standard specification MOF (Meta-Object Facility). It can be used for defining metamodels and models, as well as their behaviour. Kermeta lacks a formal semantics: we first specify such a semantics, and then choose an appropriate verification domain for handling the analysis one is interested in. Since the semantics is defined at the level of Kermeta’s transformation language itself, our work presents two interesting features: first, any DSL whose behaviour is defined using Kermeta (more precisely, any transformation defined with Kermeta) enjoys a de facto formal underground for free; second, it is easier to define appropriate abstractions for targeting specific analysis for this full-fledged semantics than defining specific semantics for each possible kind of analysis. To illustrate this point, we have selected Maude, a powerful rewriting system based on algebraic specifications equipped with model-checking and theorem-proving capabilities. Maude was chosen because its underlying formalism is close to the mathematical tools we use for specifying the formal semantics, reducing the implementation gap and consequently limiting the possible implementation mistakes. We validate our approach by illustrating behavioural properties of small, yet representative DSLs from the literature