A Formal Approach to Prove Compatibility in Transformation Networks

The increasing complexity of software and cyberphysical systems is handled by dividing the description of the system under construction into different models or views, each with an appropriate abstraction for the needs of specific roles. Since all such models describe the same system, they usually share an overlap of information, which can lead to inconsistencies if overlapping information is not modified uniformly in all models. A well-researched approach to make these overlaps explicit and resolve inconsistencies are incremental, bidirectional model transformations. They specify the constraints between two metamodels and the restoration of consistency between their instances. Relating more than two metamodels can be achieved by combining bidirectional transformations to a network. However, such a network may contain cycles of transformations, whose consistency constraints can be contradictory if they are not aligned with each other and thus cannot be fulfilled at the same time. Such transformations are considered incompatible. In this article, we provide a formal definition of consistency and compatibility of transformations and propose an inductive approach to prove compatibility of a given network of transformations. We prove correctness of the approach based on these formal definitions. Furthermore, we present an operationalization of the approach at the example of QVT-R. It detects contradictions between relations by transforming them into first-order logic formulae and evaluating them with an SMT solver. The approach operates conservatively, i.e., it is not able to prove compatibility in all cases, but it identifies transformations as compatible only if they actually are. We applied the approach to different evaluation networks and found that it operates conservatively and is able to properly prove compatibility in 80% of the cases, indicating its practical applicability. Its limitations especially arise from restricted capabilities of the used SMT solver, but not from conceptual shortcomings. Our approach enables multiple domain experts to define transformations independently and to check their compatibility when combining them to a network, relieving them from the necessity to align the transformations with each other a priori and to ensure compatibility manuall

Translating alloy apecifications to UML class diagrams annotated with OCL

Proceedings of the 9th International Conference on Software Engineering and Formal MethodsModel-Driven Engineering (MDE) is a Software Engineering approach based on model transformations at different abstraction levels. It prescribes the development of software by successively transforming models from abstract (specifications) to more concrete ones (code). Alloy is an increasingly popular lightweight formal specification language that supports automatic verification. Unfortunately, its widespread industrial adoption is hampered by the lack of an ecosystem of MDE tools, namely code generators. This paper presents a model transformation between Alloy and UML Class Diagrams annotated with OCL. The proposed transformation enables current UML-based tools to also be applied to Alloy specifications, thus unleashing its potential for MDE

Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

Discovering Model Transformation Pre-conditions using Automatically Generated Test Models

International audienceSpecifying a model transformation is challenging as it must be able to give a meaningful output for any input model in a possibly infinite modeling domain. Transformation preconditions constrain the input domain by rejecting input models that are not meant to be transformed by a model transformation. This paper presents a systematic approach to discover such preconditions when it is hard for a human developer to foresee complex graphs of objects that are not meant to be transformed. The approach is based on systematically generating a finite number of test models using our tool, PRAMANA to first cover the input domain based on input domain partitioning. Tracing a transformation's execution reveals why some preconditions are missing. Using a benchmark transformation from simplified UML class diagram models to RDBMS models we discover new preconditions that were not initially specified

Articulating design-time uncertainty with DRUIDE

Les modélisateurs rencontrent souvent des incertitudes sur la manière de concevoir un modèle logiciel particulier. Les recherches existantes ont montré comment les modélisateurs peuvent travailler en présence de ce type d' ''incertitude au moment de la conception''. Cependant, le processus par lequel les développeurs en viennent à exprimer leurs incertitudes reste flou. Dans cette thèse, nous prenons des pas pour combler cette lacune en proposant de créer un langage de modélisation d'incertitude et une approche pour articuler l'incertitude au moment de la conception. Nous illustrons notre proposition sur un exemple et l'évaluons non seulement sur deux scénarios d'ingénierie logicielle, mais aussi sur une étude de cas réel basée sur les incertitudes causées par la pandémie COVID-19. Nous menons également un questionnaire post-étude avec les chercheurs qui ont participé à l'étude de cas. Afin de prouver la faisabilité de notre approche, nous fournissons deux outils et les discutons. Enfin, nous soulignons les avantages et discutons des limites de notre travail actuel.Modellers often encounter uncertainty about how to design a particular software model. Existing research has shown how modellers can work in the presence of this type of ''design-time uncertainty''. However, the process by which developers come to elicit and express their uncertainties remains unclear. In this thesis, we take steps to address this gap by proposing to create an uncertainty modelling language and an approach for articulating design-time uncertainty. We illustrate our proposal on a worked example and evaluate it not only on two software engineering scenarios, but also on a real case study based on uncertainties caused by the COVID-19 pandemic. We also conduct a post-study questionnaire with the researchers who participated in the case study. In order to prove the feasibility of our approach, we provide two tool supports and discuss them. Finally, we highlight the benefits and discuss the limitations of our current work

Towards Transformation Rule Composition

Many model transformation problems require different intermediate transformation steps. For example, platform-specific models (PSM) are often generated from platform-independent models (PIM) by chains of model transformations. This requires the presence of several intermediate meta-models between those of the PIM and the PSM. Thus, most of the effort is needed to define a transformation mechanism for each intermediate step. The solution proposed in this paper is to investigate whether it is possible to generate a single transformation from a chain of transformations, solely involving the initial PIM and final PSM meta-models. The presented work focuses on the composition of transformations at the rule level. We apply the automatic procedure for composing rules in the context of the evolution of the Enterprise Java Beans (EJB) language, transforming UML models into EJB 2.0 models and then to EJB 3.0 models

A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2