Coping with Semantic Variation Points in Domain-Specific Modeling Languages

International audienceEven if they exhibit differences, many Domain-Specific Modeling Languages (DSMLs) share elements from their concepts, notations and semantics. StateCharts is a well known family of DSMLs that share many concepts but exhibit notational differences and many execution semantics variants (called Semantic Variation Points – SVPs –). For instance, when two conflicting transitions in a state machine are enabled by the same event occurrence, which transition is fired depends on the language variant (Harel original StateCharts, UML, Rhapsody, etc.) supported by the execution tool. Tools usually provide only one implementation of SVPs. It complicates communication both between tools and end-users, and hinders the co-existence of multiple variants. More generally, Language Workbenches dedicated to the specification and implementation of eXecutable Domain-Specific Modeling Languages (xDSMLs) often do not offer the tools and facilities to manage these SVPs, making it a time-consuming and troublesome activity. In this paper, we describe a modularized approach to the operational execution semantics of xDSMLs and show how it allows us to manage SVPs. We illustrate this proposal on StateCharts

Heterogeneous Model Composition in ModHel'X: the Power Window Case Study

This paper describes an heterogeneous model of a power window which is available on the ReMoDD repository. This model uses timed finite state machines for modeling the controller of the power window, synchronous data flows for modeling the mechanical part of the window, and discrete events for modeling the communications between the components on the car's bus. An important aspect of this model is the specification of the semantic adaptation between the heterogeneous parts of the model. This semantic adaptation is made for data, control, and time. The semantic adaptation of control and time relies on the TESL library which is an implementation of the model of time used in the ModHel'X platform. The model can be run using a simulation scenario with a graphical display of the outputs. The semantic adaptation can be disabled in order to show how it affects the behavior of the model. The demo can also be run with a graphical interface and a user in the loop

Reifying Concurrency for Executable Metamodeling

International audienceCurrent metamodeling techniques can be used to specify the syntax and semantics of domain specific modeling languages (DSMLs). However, there is currently very little support for explicitly specifying concurrency semantics using metamodels. Often, such semantics are provided through implicit concurrency models embedded in the underlying execution environment supported by the language workbench used to implement the DSMLs. The lack of an explicit concurrency model has several drawbacks: it not only prevents from developing a complete understanding of the behavioral semantics, it also prevents development of effective concurrency-aware analysis techniques, and effective techniques for producing semantic variants in the cases where the semantic base has variation points. This work reifies concurrency as a metamodeling facility, leveraging formalization work from the concurrency theory and models of computation (MoC) community. The essential contribution of this paper is a proposed language workbench for binding domain-specific concepts and models of computation through an explicit event structure at the metamodel level. We illustrate these novel metamodeling facilities for designing two variants of a concurrent and timed final state machine, and provide other experiments to validate the scope of our approach

Syntax and Semantics of the Clock Constraint Specification Language (CCSL)

The UML Profile for Modeling and Analysis of Real-Time and Embedded (MARTE) systems has recently been adopted by the OMG. Its Time Model extends the informal and simplistic Simple Time package proposed by UML2 and offers a broad range of capabilities required to model real-time systems. The MARTE OMG specification introduces a Time Structure inspired from Time models of the concurrency theory and proposes a new clock constraint specification language (CCSL) to specify, within the context of UML, logical and chronometric time constraints. This report specifies the syntax and a formal semantics of a subset of CCSL, called kernel CCSL. This semantics is to be the reference semantics of CCSL

Syntax and Semantics of the Clock Constraint Specification Language (CCSL)

The UML Profile for Modeling and Analysis of Real-Time and Embedded (MARTE) systems has recently been adopted by the OMG. Its Time Model extends the informal and simplistic Simple Time package proposed by UML2 and offers a broad range of capabilities required to model real-time systems. The MARTE OMG specification introduces a Time Structure inspired from Time models of the concurrency theory and proposes a new clock constraint specification language (CCSL) to specify, within the context of UML, logical and chronometric time constraints. This report specifies the syntax and a formal semantics of a subset of CCSL, called kernel CCSL. This semantics is to be the reference semantics of CCSL

A formal framework for heterogeneous systems semantics

Cyber physical systems are usually complex systems which are often critical, meaning their failure can have significant negative impacts on human lives. A key point in their development is the verification and validation (V & V) activities which are used to assess their correctness towards user requirements and the associated specifications. This process aims at avoiding failure cases, thus preventing any incident or accident. In order to conduct these V & V steps on such complex systems, separations of concerns of various nature are used. In that purpose, the system is modeled using heterogeneous models that have to be combined together. The nature of these separations of concerns can be as follows: horizontal, which corresponds to a structural decomposition of the system; vertical, which corresponds to the different steps leading from the abstract specification to the concrete implementation; and transversal, which consists in gathering together the parts that are thematically identical (function, performance, security, safety...). These parts are usually expressed using domain specific modeling languages, while the V & V activities are historically conducted using testing and proofreading, and more and more often, using formal methods, which is advocated in our approach. In all these cases, the V & V activities must take into account these separations in order to provide confidence in the global system from the confidence of its sub-parts bound to the separation in question. In other words, to ensure the correctness of the system, a behavioral semantics is needed which has to rely on the ad-hoc semantics of the subsystems. In order to define it, these semantics must be successfully combined in a single formalism. This thesis stems from the GEMOC project a workbench that allows the definition of various languages along with their coordination properties, and target the formal modeling of the GEMOC core through the association of trace semantics to each preoccupation and the expression of constraints between them to encode the correct behavior of the system. This thesis follows several other works conducted under the TOPCASED, OPEES, QuarteFt, P and GEMOC projects, and provides four contributions in that global context: the first one proposes a methodology to give an operational semantics to executable models illustrated through two case studies: Petri nets and models of processes. The second one proposes a formal context on which refinement can be expressed to tackle vertical separation. The third one gives a denotational semantics to CCSL which is the language that is currently used in the GEMOC projects to express behavioural properties between events from one or several models, possibly heterogeneous. Finally, the fourth one proposes an investigation on how to extend CCSL with the notion of refinement we proposed. All these contribution are mechanized in the Agda proof assistant, and thus have been modeled and proven in a formal manner

Weaving Concurrency in eXecutable Domain-Specific Modeling Languages

International audienceThe emergence of modern concurrent systems (e.g., Cyber-Physical Systems or the Internet of Things) and highly-parallel platforms (e.g., many-core, GPGPU pipelines, and distributed platforms) calls for Domain-Specific Modeling Languages (DSMLs) where concurrency is of paramount importance. Such DSMLs are intended to propose constructs with rich concurrency semantics, which allow system designers to precisely define and analyze system behaviors. However , specifying and implementing the execution semantics of such DSMLs can be a difficult, costly and error-prone task. Most of the time the concurrency model remains implicit and ad-hoc, embedded in the underlying execution environment. The lack of an explicit concurrency model prevents: the precise definition, the variation and the complete understanding of the semantics of the DSML, the effective usage of concurrency-aware analysis techniques, and the exploitation of the concurrency model during the system refinement (e.g., during its allocation on a specific platform). In this paper, we introduce a concurrent executable metamodeling approach, which supports a modular definition of the execution semantics , including the concurrency model, the semantic rules, and a well-defined and expressive communication protocol between them. Our approach comes with a dedicated metalanguage to specify the communication protocol, and with an execution environment to simulate executable models. We illustrate and validate our approach with an implementation of fUML, and discuss the modularity and applicability of our approach

Formal Foundations for the Generation of Heterogeneous Executable Specifications in SystemC from UML/MARTE Models

Medical genetic

A Tool-Supported Approach for Concurrent Execution of Heterogeneous Models

International audienceIn the software and systems modeling community, research on domain-specific modeling languages (DSMLs) is focused on providing technologies for developing languages and tools that allow domain experts to develop system solutions efficiently. Unfortunately, the current lack of support for explicitly relating concepts expressed in different DSMLs makes it very difficult for software and system engineers to reason about information spread across models describing different system aspects [4]. As a particular challenge, we investigate in this paper relationships between, possibly heterogeneous, behavioral models to support their concurrent execution. This is achieved by following a modular executable metamodeling approach for behavioral semantics understanding, reuse, variability and composability [5]. This approach supports an explicit model of concurrency (MoCC) [6] and domain-specific actions (DSA) [10] with a well-defined protocol between them (incl., mapping, feedback and callback) reified through explicit domain-specific events (DSE) [12]. The protocol is then used to infer a relevant behavioral language interface for specifying coordination patterns to be applied on conforming executable models [17]. All the tooling of the approach is gathered in the GEMOC studio, and outlined in the next section. Currently, the approach is experienced on a systems engineering language provided by Thales, named Capella 7. The goal and current state of the case study are exposed in this paper. 7 Cf. https://www.polarsys.org/capella

Tool Paper: A Lightweight Formal Encoding of a Constraint Language for DSMLs

International audienceDomain Specific Modeling Languages (dsmls) plays a key role in the development of Safety Critical Systems to model system requirements and implementation. They often need to integrate property and query sub-languages. As a standardized modeling language, ocl can play a key role in their definition as they can rely both on its concepts and textual syntax which are well known in the Model Driven Engineering community. For example, most dsmls are defined using mof for their abstract syntax and ocl for their static semantics as a metamodeling dsml. OCLinEcore in the Eclipse platform is an example of such a metamodeling dsml integrating ocl as a language component in order to benefit from its property and query facilities. dsmls for Safety Critical Systems usually provide formal model verification activities for checking models completeness or consistency, and implementation correctness with respect to requirements. This contribution describes a framework to ease the definition of such formal verification tools by relying on a common translation from a subset of ocl to the Why3 verification toolset. This subset was selected to ease efficient automated verification. This framework is illustrated using a block specification language for data flow languages where a subset of ocl is used as a component language