Towards Approximate Model Transformations

As the size and complexity of models grow, there is a need to count on novel mechanisms and tools for transforming them. This is required, e.g., when model transformations need to provide target models without having access to the complete source models or in really short time—as it happens, e.g., with streaming models—or with very large models for which the transformation algorithms become too slow to be of practical use if the complete population of a model is investigated. In this paper we introduce Approximate Model Transformations, which aim at producing target models that are accurate enough to provide meaningful and useful results in an efficient way, but without having to be fully correct. So to speak, this kind of transformations treats accuracy for execution performance. In particular, we redefine the traditional OCL operators used to query models (e.g., allInstances, select, collect, etc.) by adopting sampling techniques and analyse the accuracy of approximate model transformations results.Universidad de Málaga, Campus de Excelencia Internacional Andalucía Tech. European Commission under the ICT Policy Support Programme (grant no. 317859). Research Project TIN2011-23795

The relevance of model-driven engineering thirty years from now

International audienceAlthough model-driven engineering (MDE) is now an established approach for developing complex software systems, it has not been universally adopted by the software industry. In order to better understand the reasons for this, as well as to identify future opportunities for MDE, we carried out a week-long design thinking experiment with 15 MDE experts. Participants were facilitated to identify the biggest problems with current MDE technologies, to identify grand challenges for society in the near future, and to identify ways that MDE could help to address these challenges. The outcome is a reflection of the current strengths of MDE, an outlook of the most pressing challenges for society at large over the next three decades, and an analysis of key future MDE research opportunities

PTL: A Model Transformation Language based on Logic Programming

In this paper we present a model transformation language based on logic programming. The language, called PTL (Prolog based Transformation Language), can be considered as a hybrid language in which ATL (Atlas Transformation Language)-style rules are combined with logic rules for defining transformations. ATL-style rules are used to define mappings from source models to target models while logic rules are used as helpers. The implementation of PTL is based on the encoding of the ATL-style rules by Prolog rules. Thus, PTL makes use of Prolog as a transformation engine. We have provided a declarative semantics to PTL and proved the semantics equivalent to the encoded program. We have studied an encoding of OCL (Object Constraint Language) with Prolog goals in order to map ATL to PTL. Thus a subset of PTL can be considered equivalent to a subset of ATL. The proposed language can be also used for model validation, that is, for checking constraints on models and transformations. We have equipped our language with debugging and tracing capabilities which help developers to detect programming errors in PTL rules. Additionally, we have developed an Eclipse plugin for editing PTL programs, as well as for debugging, tracing and validation. Finally, we have evaluated the language with several transformation examples as well as tested the performance with large models

Assessing and improving quality of QVTo model transformations

We investigate quality improvement in QVT operational mappings (QVTo) model transformations, one of the languages defined in the OMG standard on model-to-model transformations. Two research questions are addressed. First, how can we assess quality of QVTo model transformations? Second, how can we develop higher-quality QVTo transformations? To address the first question, we utilize a bottom–up approach, starting with a broad exploratory study including QVTo expert interviews, a review of existing material, and introspection. We then formalize QVTo transformation quality into a QVTo quality model. The quality model is validated through a survey of a broader group of QVTo developers. We find that although many quality properties recognized as important for QVTo do have counterparts in general purpose languages, a number of them are specific to QVTo or model transformation languages. To address the second research question, we leverage the quality model to identify developer support tooling for QVTo. We then implemented and evaluated one of the tools, namely a code test coverage tool. In designing the tool, code coverage criteria for QVTo model transformations are also identified. The primary contributions of this paper are a QVTo quality model relevant to QVTo practitioners and an open-source code coverage tool already usable by QVTo transformation developers. Secondary contributions are a bottom–up approach to building a quality model, a validation approach leveraging developer perceptions to evaluate quality properties, code test coverage criteria for QVTo, and numerous directions for future research and tooling related to QVTo quality

Lenguajes formales y derivación automática de código de pruebas a partir de modelos de software con restricciones OCL

Qué testear es un tema siempre vigente. Con tal propósito, y en caso de querer derivar casos de prueba automáticamente desde un modelo de software, no contamos con la precisión necesaria en los mismos para generar los tests acordes a nuestros intereses. Lenguajes formales como OCL permiten enriquecer cualquier modelo mediante información adicional o restricciones sobre sus elementos; entonces, la derivación de código y casos de prueba a partir de un modelo enriquecido con restricciones y especificaciones en este lenguaje permitirá contar con un soporte mucho más robusto de nuestro sistema. Tras el análisis de varias herramientas de generación automática de código a partir de modelos de software, se llegó a la conclusión de que casi ninguna de ellas incluye la traducción de restricciones en el modelo escritas en un lenguaje formal. Es por ello que la tesina consistió en un análisis de varios lenguajes formales de especificación (o modelado), especialmente de los lenguajes UML/OCL y Alloy. A partir de ello se desarrolló una herramienta para Eclipse, que permite, a partir de una especificación de un modelo UML poseyendo restricciones OCL, la generación automática de código Java, incluyendo las clases del modelo junto con sus respectivos Casos de Prueba, regulados por OCL. Paralelamente se genera de forma automática una especificación Alloy que permite el análisis formal estático del modelo.Facultad de Informátic

Lenguajes formales y derivación automática de código de pruebas a partir de modelos de software con restricciones OCL

Qué testear es un tema siempre vigente. Con tal propósito, y en caso de querer derivar casos de prueba automáticamente desde un modelo de software, no contamos con la precisión necesaria en los mismos para generar los tests acordes a nuestros intereses. Lenguajes formales como OCL permiten enriquecer cualquier modelo mediante información adicional o restricciones sobre sus elementos; entonces, la derivación de código y casos de prueba a partir de un modelo enriquecido con restricciones y especificaciones en este lenguaje permitirá contar con un soporte mucho más robusto de nuestro sistema. Tras el análisis de varias herramientas de generación automática de código a partir de modelos de software, se llegó a la conclusión de que casi ninguna de ellas incluye la traducción de restricciones en el modelo escritas en un lenguaje formal. Es por ello que la tesina consistió en un análisis de varios lenguajes formales de especificación (o modelado), especialmente de los lenguajes UML/OCL y Alloy. A partir de ello se desarrolló una herramienta para Eclipse, que permite, a partir de una especificación de un modelo UML poseyendo restricciones OCL, la generación automática de código Java, incluyendo las clases del modelo junto con sus respectivos Casos de Prueba, regulados por OCL. Paralelamente se genera de forma automática una especificación Alloy que permite el análisis formal estático del modelo.Facultad de Informátic

Lenguajes formales y derivación automática de código de pruebas a partir de modelos de software con restricciones OCL

Qué testear es un tema siempre vigente. Con tal propósito, y en caso de querer derivar casos de prueba automáticamente desde un modelo de software, no contamos con la precisión necesaria en los mismos para generar los tests acordes a nuestros intereses. Lenguajes formales como OCL permiten enriquecer cualquier modelo mediante información adicional o restricciones sobre sus elementos; entonces, la derivación de código y casos de prueba a partir de un modelo enriquecido con restricciones y especificaciones en este lenguaje permitirá contar con un soporte mucho más robusto de nuestro sistema. Tras el análisis de varias herramientas de generación automática de código a partir de modelos de software, se llegó a la conclusión de que casi ninguna de ellas incluye la traducción de restricciones en el modelo escritas en un lenguaje formal. Es por ello que la tesina consistió en un análisis de varios lenguajes formales de especificación (o modelado), especialmente de los lenguajes UML/OCL y Alloy. A partir de ello se desarrolló una herramienta para Eclipse, que permite, a partir de una especificación de un modelo UML poseyendo restricciones OCL, la generación automática de código Java, incluyendo las clases del modelo junto con sus respectivos Casos de Prueba, regulados por OCL. Paralelamente se genera de forma automática una especificación Alloy que permite el análisis formal estático del modelo.Facultad de Informátic

Towards the Formal Verification of Model Transformations: An Application to Kermeta

Model-Driven Engineering (MDE) is becoming a popular engineering methodology for developing large-scale software applications, using models and transformations as primary principles. MDE is now being successfully applied to domain-specific languages (DSLs), which target a narrow subject domain like process management, telecommunication, product lines, smartphone applications among others, providing experts high-level and intuitive notations very close to their problem domain. More recently, MDE has been applied to safety-critical applications, where failure may have dramatic consequences, either in terms of economic, ecologic or human losses. These recent application domains call for more robust and more practical approaches for ensuring the correctness of models and model transformations. Testing is the most common technique used in MDE for ensuring the correctness of model transformations, a recurrent, yet unsolved problem in MDE. But testing suffers from the so-called coverage problem, which is unacceptable when safety is at stake. Rather, exhaustive coverage is required in this application domain, which means that transformation designers need to use formal analysis methods and tools to meet this requirement. Unfortunately, two factors seem to limit the use of such methods in an engineer’s daily life. First, a methodological factor, because MDE engineers rarely possess the effective knowledge for deploying formal analysis techniques in their daily life developments. Second, a practical factor, because DSLs do not necessarily have a formal explicit semantics, which is a necessary enabler for exhaustive analysis. In this thesis, we contribute to the problem of formal analysis of model transformations regarding each perspective. On the conceptual side, we propose a methodological framework for engineering verified model transformations based on current best practices. For that purpose, we identify three important dimensions: (i) the transformation being built; (ii) the properties of interest ensuring the transformation’s correctness; and finally, (iii) the verification technique that allows proving these properties with minimal effort. Finding which techniques are better suited for which kind of properties is the concern of the Computer-Aided Verification community. Consequently in this thesis, we focus on studying the relationship between transformations and properties. Our methodological framework introduces two novel notions. A transformation intent gathers all transformations sharing the same purpose, abstracting from the way the transformation is expressed. A property class captures under the same denomination all properties sharing the same form, abstracting away from their underlying property languages. The framework consists of mapping each intent with its characteristic set of property classes, meaning that for proving the correctness of a particular transformation obeying this intent, one has to prove properties of these specific classes. We illustrate the use and utility of our framework through the detailed description of five common intents in MDE, and their application to a case study drawn from the automative software domain, consisting of a chain of more than thirty transformations. On a more practical side, we study the problem of verifying DSLs whose behaviour is expressed with Kermeta. Kermeta is an object-oriented transformation framework aligned with Object Management Group standard specification MOF (Meta-Object Facility). It can be used for defining metamodels and models, as well as their behaviour. Kermeta lacks a formal semantics: we first specify such a semantics, and then choose an appropriate verification domain for handling the analysis one is interested in. Since the semantics is defined at the level of Kermeta’s transformation language itself, our work presents two interesting features: first, any DSL whose behaviour is defined using Kermeta (more precisely, any transformation defined with Kermeta) enjoys a de facto formal underground for free; second, it is easier to define appropriate abstractions for targeting specific analysis for this full-fledged semantics than defining specific semantics for each possible kind of analysis. To illustrate this point, we have selected Maude, a powerful rewriting system based on algebraic specifications equipped with model-checking and theorem-proving capabilities. Maude was chosen because its underlying formalism is close to the mathematical tools we use for specifying the formal semantics, reducing the implementation gap and consequently limiting the possible implementation mistakes. We validate our approach by illustrating behavioural properties of small, yet representative DSLs from the literature