FORTEST: Formal methods and testing

Formal methods have traditionally been used for specification and development of software. However there are potential benefits for the testing stage as well. The panel session associated with this paper explores the usefulness or otherwise of formal methods in various contexts for improving software testing. A number of different possibilities for the use of formal methods are explored and questions raised. The contributors are all members of the UK FORTEST Network on formal methods and testing. Although the authors generally believe that formal methods are useful in aiding the testing process, this paper is intended to provoke discussion. Dissenters are encouraged to put their views to the panel or individually to the authors

Runtime observable and adaptable UML state machines: [email protected] approach

n embedded system is a self-contained system that incorporateselements of control logic and real-world interaction. UML State Ma-chines constitute a powerful formalism to model the behaviour ofthese types of systems. In current industrial environments, the soft-ware of these embedded systems have to cope with the increasingcomplexity and robustness requirements at runtime. One way tomanage these requirements is having the software component’sbehaviour model available at runtime ([email protected]). Thus,it is possible to enhance the safety of the software component byenabling verification and adaptation at runtime. In this paper, wepresent a model-driven approach to generate software components(namely, RESCO framework), which are able both to provide theirinternal information in model terms at runtime and adapt their be-haviour automatically when an error or an unexpected situation isdetected. The aforementioned runtime introspection and adaptationabilities are added automatically to the software component and itdoes not require the developer make any extra effort. The solutionhas been tested in the design and implementation of an industrialBurner controller. Results indicate that the software components ge-nerated by the presented solution provides introspection at runtime.Thanks to this introspection ability at runtime, the software com-ponents are able to adapt automatically from their normal-modebehaviour to a safe-mode behaviour which was defined to be usedin erroneous or unexpected situations at runtime. Therefore, it ispossible to enhance the safety of the systems consisting of thesesoftware components

Towards the Correctness of Software Behavior in UML: A Model Checking Approach Based on Slicing

Embedded systems are systems which have ongoing interactions with their environments, accepting requests and producing responses. Such systems are increasingly used in applications where failure is unacceptable: traffic control systems, avionics, automobiles, etc. Correct and highly dependable construction of such systems is particularly important and challenging. A very promising and increasingly attractive method for achieving this goal is using the approach of formal verification. A formal verification method consists of three major components: a model for describing the behavior of the system, a specification language to embody correctness requirements, and an analysis method to verify the behavior against the correctness requirements. This Ph.D. addresses the correctness of the behavioral design of embedded systems, using model checking as the verification technology. More precisely, we present an UML-based verification method that checks whether the conditions on the evolution of the embedded system are met by the model. Unfortunately, model checking is limited to medium size systems because of its high space requirements. To overcome this problem, this Ph.D. suggests the integration of the slicing (reduction) technique

Fujaba days 2009 : proceedings of the 7th international Fujaba days, Eindhoven University of Technology, the Netherlands, November 16-17, 2009

Fujaba is an Open Source UML CASE tool project started at the software engineering group of Paderborn University in 1997. In 2002 Fujaba has been redesigned and became the Fujaba Tool Suite with a plug-in architecture allowing developers to add functionality easily while retaining full control over their contributions. Multiple Application Domains Fujaba followed the model-driven development philosophy right from its beginning in 1997. At the early days, Fujaba had a special focus on code generation from UML diagrams resulting in a visual programming language with a special emphasis on object structure manipulating rules. Today, at least six rather independent tool versions are under development in Paderborn, Kassel, and Darmstadt for supporting (1) reengineering, (2) embedded real-time systems, (3) education, (4) specification of distributed control systems, (5) integration with the ECLIPSE platform, and (6) MOF-based integration of system (re-) engineering tools. International Community According to our knowledge, quite a number of research groups have also chosen Fujaba as a platform for UML and MDA related research activities. In addition, quite a number of Fujaba users send requests for more functionality and extensions. Therefore, the 7th International Fujaba Days aimed at bringing together Fujaba developers and Fujaba users from all over the world to present their ideas and projects and to discuss them with each other and with the Fujaba core development team

Runtime observable and adaptable UML state machine-based software components generation and verification: [email protected] approach

Cyber-Physical Systems (CPSs) are embedded computing systems in which computation interacts closely with the physical world through sensors and actuators. CPSs are used to control context aware systems. These types of systems are complex systems that will have different configurations and their control strategy can be configured depending the environmental data and current situation of the context. Therefore, in current industrial environments, the software of embedded and Cyber-Physical systems have to cope with increasing complexity, uncertain scenarios and safe requirements at runtime. The UML State Machine is a powerful formalism to model the logical behaviour of these types of systems, and in Model Driven Engineering (MDE) we can generate code automatically from these models. MDE aims to overcome the complexity of software construction by allowing developers to work at the high-level models of software systems instead of low-level codes. However, determining and evaluating the runtime behaviour and performance of models of CPSs using commercial MDE tools is a challenging task. Such tools provide little support to observe at model-level the execution of the code generated from the model, and to collect the runtime information necessary to, for example, check whether defined safe properties are met or not. One solution to address these requirements is having the software components information in model terms at runtime ([email protected]). Work on [email protected] seeks to extend the applicability of models produced in MDE approaches to the runtime environment. Having the model at runtime is the first step towards the runtime verification. Runtime verification can be performed using the information of model elements (current state, event, next state,etc.) This thesis aims at advancing the current practice on generating automatically Unified Modeling Language - State Machine (UML-SM) based software components that are able to provide their internal information in model terms at runtime. Regarding automation, we propose a tool supported methodology to automatically generate these software components. As for runtime monitoring, verification and adaptation, we propose an externalized runtime module that is able to monitor and verify the correctness of the software components based on their internal status in model terms at component and system level. In addition, if an error is detected, the runtime adaptation module is activated and the safe adaptation process starts in the involved software components. All things considered, the overall safe level of the software components and CPSs is enhanced.Sistema Ziber-Fisikoak, konputazio sistema txertatuez osatuta daude. Konputazio sistema txertatu hauek, mundu birtuala mundu fisikoarekin uztartzeko gaitasuna eskaintzen dute. Sistema ziberfisikoak orokorrean sistema konplexuak izan ohi dira eta inguruan gertazen denaren araberako konfigurazio desberdinak izan ohi dituzte. Gaur egungo industria ingurunetan, sistema hauek daramaten kontroleko softwarea asko handitu da eta beren konplexutasunak ere gorakada handia izan du: aurrez ezagunak ez diren baldintza eta inguruetan lan egin beharra dute askotan, denbora errealeko eskakizunak eta segurtasun eskakizunak ere beteaz. UML State Machine formalismoa, goian aipaturiko sistema mota horien portaera logikoa modelizatzeko erabiltzen den formalismo indartsu bat da. Formalismo honen baitan eta Model Driven Engineering (MDE) enfokea jarraituaz, sistema modelatzeko erabilitako grafikoetatik sisteman txertatua izango den kodea automatikoki sor genezake. MDEk softwarea sortzeko orduan izan genezakeen konplexutasuna gainditu nahi du, garatzailei software-sistemen goi-mailako ereduetan lan egiteko aukera emanez. Hala ere, MDE-an oinarrituriko tresna komertzialak erabiliaz, zaila izaten da berauen bidez sorturiko kodearen errendimendua eta portaera sistema exekuzioan dagoenean ebaluatzea. Tresna horiek laguntza gutxi eskaintzen dute modelotatik sortutako kodea exekutatzen ari denean sisteman zer gertatzen ari denaren informazioa modeloaren terminoetan jasotzeko. Beraz, exekuzio denboran, oso zaila izaten da sistemaren portaera egokia den edo ez aztertzea modelo mailako informazio hori erabiliaz. Eskakizun horiek kudeatzeko modu bat, software modeloaren informazioa denbora errealean izatea da ([email protected] enfokea). [email protected] enfokearen helburu nagusietako bat, MDE enfokearekin garapen fasean sortutako modeloak exekuzio denboran (runtime-en) erabilgarri izatean datza. Exekuzio denboran egiaztapen edo testing-a egin ahal izateko lehen urratsa, testeatu nahi den software horren modeloa exekuzio denboran eskuragarri izatea da. Honela, exekuzio denborako egiaztapen edo berifikazioak softwarea modelatzeko erabili ditugun elementu berberak erabiliaz egin daitke (egungo egoera, gertaera, hurrengo egoera, eta abar). Tesi honen helburutako bat UML-State Machine modeloetan oinarritutako eta exekuzio denboran beren barne egoeraren informazioa modeloko elementu bidez probestu ahalko duten software osagaiak modu automatikoan sortzea da. Automatizazioari dagokionez, lehenik eta behin, software-osagai horiek automatikoki sortzen dituzten tresnak eskaintzen dituen metodologia proposatzen dugu. Bigarrenik, UMLSM oinarritutako software osagaiak automatikoki sortuko dituen herraminta bera proposatzen dugu. Exekuzio denboran eguneraketen jarraipenari, egiaztatzeari eta egokitzeari dagokionez, barne egoera UML-SM modelo terminoetan eskaintzen duten software osagaiak egiaztatzeko eta egokitzeko gai den kanpo exekuzio modulo bat proposatzen dugu. Honela, errore bat detektatzen bada, exekuzio garaian egokitze modulua aktibatuko da egokitzapen prozesu segurua martxan jarriaz. Honek, dagokion software osagaiari abixua bidaliko dio egokitzapena egin dezan. Gauza guztiak kontuan hartuta, software osagaien eta CPSen segurtasun maila orokorra hobetua izango da.Los sistemas cyber-físicos (CPSs) son sistemas de computación embebidos en los que la computación interactúa estrechamente con el mundo físico a través de sensores y actuadores. Los CPS se utilizan para controlar sistemas que proveen conocimiento del contexto. Este tipo de sistemas son sistemas complejos que suelen tener diferentes configuraciones y su estrategia de control puede configurarse en función de los datos del entorno y de la situación actual del contexto. Por lo tanto, en los entornos industriales actuales, el software de los sistemas embebidos tiene que hacer frente a la creciente complejidad, los escenarios inciertos y los requisitos de seguridad en tiempo de ejecución. Las máquinas de estado UML son un formalismo muy utilizado en industria para modelar el comportamiento lógico de este tipo de sistemas, y siguiendo el enfoque Model Driven Engineering (MDE) podemos generar código automáticamente a partir de estos modelos. El objetivo de MDE es superar la complejidad de la construcción de software permitiendo a los desarrolladores trabajar en los modelos de alto nivel de los sistemas de software en lugar de tener que codificar el control mediante lenguajes de programación de bajo nivel. Sin embargo, determinar y evaluar el comportamiento y el rendimiento en tiempo de ejecución de estos modelos generados mediante herramientas comerciales de MDE es una tarea difícil. Estas herramientas proporcionan poco apoyo para observar a nivel de modelo la ejecución del código generado a partir del modelo. Por lo tanto, no son muy adecuadas para poder recopilar la información de tiempo de ejecución necesaria para, por ejemplo, comprobar si se cumplen o no las restricciones definidas. Un enfoque para gestionar estos requisitos, es tener la información de los componentes de software en términos de modelo en tiempo de ejecución ([email protected]). El trabajo en [email protected] busca ampliar la aplicabilidad de los modelos producidos en fase de desarrollo mediante el enfoque MDE al entorno de tiempo de ejecución. Tener el modelo en tiempo de ejecución es el primer paso para poder llevar a cabo la verificación en tiempo de ejecución. Así, esta verificación se podrá realizar utilizando la información de los elementos del modelo (estado actual, evento, siguiente estado, etc.). El objetivo de esta tesis es avanzar en la práctica actual de generar automáticamente componentes software basados en Unified Modeling Language - State Machine (UML-SM) que sean capaces de proporcionar información interna en términos de modelos en tiempo de ejecución. En cuanto a la automatización, en primer lugar, proponemos una metodología soportada por herramientas para generar automáticamente estos componentes de software. En segundo lugar, proponemos un marco de trabajo de generación de componentes de software basado en UML-SM. En cuanto a la monitorización, verificación y adaptación en tiempo de ejecución, proponemos un módulo de tiempo de ejecución externalizado que es capaz de monitorizar y verificar la validez de los componentes del software en función de su estado interno en términos de modelo. Además, si se detecta un error, se activa el módulo de adaptación en tiempo de ejecución y se inicia el proceso de adaptación seguro en el componente de software correspondiente. Teniendo en cuenta todo esto, el nivel de seguridad global de los componentes del software y de los CPS se ve mejorado

Fujaba days 2009 : proceedings of the 7th international Fujaba days, Eindhoven University of Technology, the Netherlands, November 16-17, 2009

Fujaba is an Open Source UML CASE tool project started at the software engineering group of Paderborn University in 1997. In 2002 Fujaba has been redesigned and became the Fujaba Tool Suite with a plug-in architecture allowing developers to add functionality easily while retaining full control over their contributions. Multiple Application Domains Fujaba followed the model-driven development philosophy right from its beginning in 1997. At the early days, Fujaba had a special focus on code generation from UML diagrams resulting in a visual programming language with a special emphasis on object structure manipulating rules. Today, at least six rather independent tool versions are under development in Paderborn, Kassel, and Darmstadt for supporting (1) reengineering, (2) embedded real-time systems, (3) education, (4) specification of distributed control systems, (5) integration with the ECLIPSE platform, and (6) MOF-based integration of system (re-) engineering tools. International Community According to our knowledge, quite a number of research groups have also chosen Fujaba as a platform for UML and MDA related research activities. In addition, quite a number of Fujaba users send requests for more functionality and extensions. Therefore, the 7th International Fujaba Days aimed at bringing together Fujaba developers and Fujaba users from all over the world to present their ideas and projects and to discuss them with each other and with the Fujaba core development team

Software framework for the development of context-aware reconfigurable systems

In this project we propose a new software framework for the development of context-aware and secure controlling software of distributed reconfigurable systems. Context-awareness is a key feature allowing the adaptation of systems behaviour according to the changing environment. We introduce a new definition of the term “context” for reconfigurable systems then we define a new context modelling and reasoning approach. Afterwards, we define a meta-model of context-aware reconfigurable applications that paves the way to the proposed framework. The proposed framework has a three-layer architecture: reconfiguration, context control, and services layer, where each layer has its well-defined role. We define also a new secure conversation protocol between distributed trustless parts based on the blockchain technology as well as the elliptic curve cryptography. To get better correctness and deployment guarantees of applications models in early development stages, we propose a new UML profile called GR-UML to add new semantics allowing the modelling of probabilistic scenarios running under memory and energy constraints, then we propose a methodology using transformations between the GR-UML, the GR-TNCES Petri nets formalism, and the IEC 61499 function blocks. A software tool implementing the methodology concepts is developed. To show the suitability of the mentioned contributions two case studies (baggage handling system and microgrids) are considered.In diesem Projekt schlagen wir ein Framework für die Entwicklung von kontextbewussten, sicheren Anwendungen von verteilten rekonfigurierbaren Systemen vor. Kontextbewusstheit ist eine Schlüsseleigenschaft, die die Anpassung des Systemverhaltens an die sich ändernde Umgebung ermöglicht. Wir führen eine Definition des Begriffs ``Kontext" für rekonfigurierbare Systeme ein und definieren dann einen Kontextmodellierungs- und Reasoning-Ansatz. Danach definieren wir ein Metamodell für kontextbewusste rekonfigurierbare Anwendungen, das den Weg zum vorgeschlagenen Framework ebnet. Das Framework hat eine dreischichtige Architektur: Rekonfigurations-, Kontextkontroll- und Dienste-Schicht, wobei jede Schicht ihre wohldefinierte Rolle hat. Wir definieren auch ein sicheres Konversationsprotokoll zwischen verteilten Teilen, das auf der Blockchain-Technologie sowie der elliptischen Kurven-Kryptographie basiert. Um bessere Korrektheits- und Einsatzgarantien für Anwendungsmodelle zu erhalten, schlagen wir ein UML-Profil namens GR-UML vor, um Semantik umzufassen, die die Modellierung probabilistischer Szenarien unter Speicher- und Energiebeschränkungen ermöglicht. Dann schlagen wir eine Methodik vor, die Transformationen zwischen GR-UML, dem GR-TNCES-Petrinetz-Formalismus und den IEC 61499-Funktionsblöcken verwendet. Es wird ein Software entwickelt, das die Konzepte der Methodik implementiert. Um die Eignung der genannten Beiträge zu zeigen, werden zwei Fallstudien betrachtet