Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

Articulating design-time uncertainty with DRUIDE

Les modélisateurs rencontrent souvent des incertitudes sur la manière de concevoir un modèle logiciel particulier. Les recherches existantes ont montré comment les modélisateurs peuvent travailler en présence de ce type d' ''incertitude au moment de la conception''. Cependant, le processus par lequel les développeurs en viennent à exprimer leurs incertitudes reste flou. Dans cette thèse, nous prenons des pas pour combler cette lacune en proposant de créer un langage de modélisation d'incertitude et une approche pour articuler l'incertitude au moment de la conception. Nous illustrons notre proposition sur un exemple et l'évaluons non seulement sur deux scénarios d'ingénierie logicielle, mais aussi sur une étude de cas réel basée sur les incertitudes causées par la pandémie COVID-19. Nous menons également un questionnaire post-étude avec les chercheurs qui ont participé à l'étude de cas. Afin de prouver la faisabilité de notre approche, nous fournissons deux outils et les discutons. Enfin, nous soulignons les avantages et discutons des limites de notre travail actuel.Modellers often encounter uncertainty about how to design a particular software model. Existing research has shown how modellers can work in the presence of this type of ''design-time uncertainty''. However, the process by which developers come to elicit and express their uncertainties remains unclear. In this thesis, we take steps to address this gap by proposing to create an uncertainty modelling language and an approach for articulating design-time uncertainty. We illustrate our proposal on a worked example and evaluate it not only on two software engineering scenarios, but also on a real case study based on uncertainties caused by the COVID-19 pandemic. We also conduct a post-study questionnaire with the researchers who participated in the case study. In order to prove the feasibility of our approach, we provide two tool supports and discuss them. Finally, we highlight the benefits and discuss the limitations of our current work

OCL Tools Report based on the IDE4OCL Feature Model

Previously we have developed the idea of an Integrated Development Environment for OCL (IDE4OCL). Based on the OCL community's feedback we have also designed and published an IDE4OCL feature model. Here we present a report on selected OCL tools developed by the authors and their teams. Each author gives an overview of their OCL tool, provides a top level architecture, and gives an evaluation of the tool features in a web framework. The framework can also be used by other potential OCL users and tool developers. For users it may serve as an aid to choose a suitable tool for their OCL use scenarios. For tool developers it provides a comparative view for further development of the OCL tools. Our plans are to maintain the collected data and extend this web framework by further OCL tools. Additionally, we would like to encourage sharing of OCL development resources

Toward composing variable structure models and their interfaces: a case of intensional coupling definitions

In this thesis, we investigate a combination of traditional component-based and variable structure modeling. The focus is on a structural consistent specification of couplings in modular, hierarchical models with a variable structure. For this, we exploitintensional definitions, as known from logic, and introduce a novel intensional coupling definition, which allows a concise yet expressive specification of complex communication and interaction patterns in static as well as variable structure models, without the need to worryabout structural consistency.In der Arbeit untersuchen wir ein Zusammenbringen von klassischer komponenten-basierter und variabler Strukturmodellierung. Der Fokus liegt dabei auf der Spezifikation von strukturkonsistenten Kopplungen in modular-hierarchischen Modellen mit einer variablen Struktur. Dafür nutzen wir intensionale Definitionen, wie sie aus der Logik bekannt sind, und führen ein neuartiges Konzept von intensionalen Kopplungen ein, welches kompakte gleichzeitig ausdrucksstarke Spezifikationen von komplexen Kommunikations- und Interaktionsmuster in statischen und variablen Strukturmodellen erlaubt

On Formalizing UML and OCL Features and Their Employment to Runtime Verification

Model-driven development (MDD) has been identified as a promising approach for developing software. By using abstract models of a system and by generating parts of the system out of these models, one tries to improve the efficiency of the overall development process and the quality of the resulting software. In the context of MDD the Unified Modeling Language (UML) and its related textual Object Constraint Language (OCL) have gained a high recognition. To be able to generate systems of high quality and to allow for interoperability between modeling tools, a well-defined semantics for these languages is required. This thesis summarizes published work in this context that employs an endogenous metamodeling approach to define the semantics of newer elements of the UML. While the covered elements are exhaustively used to define relations between elements of the metamodel of the UML, the UML specification leaves out a precise definition of their semantics. Our proposed approach uses models, not only to define the abstract syntax, but also to define the semantics of UML. By using UML and OCL for this, existing modeling tools can be used to validate the definition. The second part of this thesis covers work on the usage of UML and OCL models for runtime verification. It is shown how models can still be used at the end of a software development process, i. e., after an implementation has manually been added to generated parts, even though they are not used as central parts of the development process. This work also influenced the integration of protocol state machines into a modeling tool, which lead to publications about the runtime semantics of state machines and the capabilities to declaratively specify behavior using state machines

Model-Based Run-time Verification of Software Components by Integrating OCL into Treaty

Model Driven Development is used to improve software quality and efficiency by automatically transforming abstract and formal models into software implementations. This is particularly sensible if the model’s integrity can be proven formally and is preserved during the model’s transformation. A standard to specify software model integrity is the Object Constraint Language (OCL). Another topic of research is the dynamic development of software components, enabling software system composition at component run-time. As a consequence, the system’s verification must be realized during system run-time (and not during transformation or compile time). Many established verification techniques cannot be used for run-time verification. A method to enable model-based run-time verification will be developed during this work. How OCL constraints can be transformed into executable software artifacts and how they can be used in the component-based system Treaty will be the major task of this diploma thesis.Modellgetriebene Entwicklung dient der Verbesserung von Qualität und Effizienz in der Software-Entwicklung durch Automatisierung der notwendigen Transformationen von abstrakten bzw. formalen Modellen bis zur Implementierung. Dies ist insbesondere dann sinnvoll, wenn die Integrität der ursprünglichen Modelle formal bewiesen werden kann und durch die Transformation gewährleistet wird. Ein Standard zur Spezifikation der Integrität von Softwaremodellen ist die Object Constraint Language (OCL). Eine weitere Forschungsrichtung im Software-Engineering ist die Entwicklung von dynamischen Komponenten-Modellen, die die Komposition von Softwaresystemen im laufenden Betrieb ermöglichen. Dies bedeutet, dass die Systemverifikation im laufenden Betrieb realisiert werden muss. Die meisten der etablierten Verifikationstechniken sind dazu nicht geeignet. In der Diplomarbeit soll ausgehend von diesem Stand der Technik eine Methode zur modellbasierten Verifikation zur Laufzeit entwickelt werden. Insbesondere soll untersucht werden, wie OCL-Constraints zur Laufzeit in ausführbare Software-Artefakte übersetzt und in dem komponentenbasierten System Treaty verwendet werden können

From examples to knowledge in model-driven engineering : a holistic and pragmatic approach

Le Model-Driven Engineering (MDE) est une approche de développement logiciel qui propose d’élever le niveau d’abstraction des langages afin de déplacer l’effort de conception et de compréhension depuis le point de vue des programmeurs vers celui des décideurs du logiciel. Cependant, la manipulation de ces représentations abstraites, ou modèles, est devenue tellement complexe que les moyens traditionnels ne suffisent plus à automatiser les différentes tâches. De son côté, le Search-Based Software Engineering (SBSE) propose de reformuler l’automatisation des tâches du MDE comme des problèmes d’optimisation. Une fois reformulé, la résolution du problème sera effectuée par des algorithmes métaheuristiques. Face à la pléthore d’études sur le sujet, le pouvoir d’automatisation du SBSE n’est plus à démontrer. C’est en s’appuyant sur ce constat que la communauté du Example-Based MDE (EBMDE) a commencé à utiliser des exemples d’application pour alimenter la reformulation SBSE du problème d’apprentissage de tâche MDE. Dans ce contexte, la concordance de la sortie des solutions avec les exemples devient un baromètre efficace pour évaluer l’aptitude d’une solution à résoudre une tâche. Cette mesure a prouvé être un objectif sémantique de choix pour guider la recherche métaheuristique de solutions. Cependant, s’il est communément admis que la représentativité des exemples a un impact sur la généralisabilité des solutions, l'étude de cet impact souffre d’un manque de considération flagrant. Dans cette thèse, nous proposons une formulation globale du processus d'apprentissage dans un contexte MDE incluant une méthodologie complète pour caractériser et évaluer la relation qui existe entre la généralisabilité des solutions et deux propriétés importantes des exemples, leur taille et leur couverture. Nous effectuons l’analyse empirique de ces deux propriétés et nous proposons un plan détaillé pour une analyse plus approfondie du concept de représentativité, ou d’autres représentativités.Model-Driven Engineering (MDE) is a software development approach that proposes to raise the level of abstraction of languages in order to shift the design and understanding effort from a programmer point of view to the one of decision makers. However, the manipulation of these abstract representations, or models, has become so complex that traditional techniques are not enough to automate its inherent tasks. For its part, the Search-Based Software Engineering (SBSE) proposes to reformulate the automation of MDE tasks as optimization problems. Once reformulated, the problem will be solved by metaheuristic algorithms. With a plethora of studies on the subject, the power of automation of SBSE has been well established. Based on this observation, the Example-Based MDE community (EB-MDE) started using application examples to feed the reformulation into SBSE of the MDE task learning problem. In this context, the concordance of the output of the solutions with the examples becomes an effective barometer for evaluating the ability of a solution to solve a task. This measure has proved to be a semantic goal of choice to guide the metaheuristic search for solutions. However, while it is commonly accepted that the representativeness of the examples has an impact on the generalizability of the solutions, the study of this impact suffers from a flagrant lack of consideration. In this thesis, we propose a thorough formulation of the learning process in an MDE context including a complete methodology to characterize and evaluate the relation that exists between two important properties of the examples, their size and coverage, and the generalizability of the solutions. We perform an empirical analysis, and propose a detailed plan for further investigation of the concept of representativeness, or of other representativities

Formal Guarantees for Safety Critical Code Generation: the Case of Highly Variable Languages

Control and command softwares play a key role in safety-critical embedded systems used for human related activities such as transportation, healthcare or energy. Their impact on safety makes the assessment of their correctness the central point in their development activities. Such systems verification activities are usually conducted according to normative certification guidelines providing objectives to be reached in order to ensure development process reliability and thus prevent flaws. Verification activities usually relies on tests and proof reading of the software but recent versions of certification guidelines are taking into account the deployment of new development paradigms such as model-based development, and formal methods; or the use of tools in assistance of the development processes. Automatic code generators are used in most safety-critical embedded systems development in order to avoid human related software production errors and to ensure the respect of development quality standards. As these tools are supposed to replace humans in the software code production activities, errors in these tools may result in embedded software flaws. It is thus in turn mandatory to ensure the same level of correctness for the tool itself than for the expected produced code. Tools verification shall be done according to qualification guidelines. We advocate in our work the use of model-based development and formal methods for the development of these tools in order to reach a higher quality level. Critical control and command software are mostly designed using graphical dataflow languages. These languages are used to express complex systems relying on atomic operations embedded in blocks that are gathered in block libraries. Blocks may be sophisticated pieces of software with highly variable structure and semantics. This variability is dependent on the values of the block parameters and of the block's context of use. In our work, we focus on the formal specification and verification of such block based languages. We experimented various techniques in order to ensure a formal, sound, verifiable and usable specification for blocks. We developed a domain specific formal model-based language specifically tailored for the specification of structure and semantics of blocks. This specification language is inspired from software product line concepts in order to ensure a correct and scalable management of the blocks variability. We have applied this specification and verification approach on chosen block examples from common industrial use cases and we have validated it on tool prototypes. Blocks are the core elements of the input language of automatic code generators used for control and command systems development. We show how our blocks formal specification can be translated as code annotations in order to ease and automate the generated code verification. Code annotations are verified using specialised static code analysis tools. Relying on synchronous observers to express high level requirements at the input model level, we show how formal block specification can also be used for the translation of high level requirements as verifiable code annotations discharged using the same specialised tooling. We finally target the assistance of code generation tools qualification activities by arguing on the ability to automatically generate qualification data such as requirements, tests or simulation results for the verification and development of automatic code generators from the formal block specification