Time Properties Dedicated Transformation from UML-MARTE Activity to Time Petri Net

Critical Real-Time Embedded Systems (RTES) have strong requirement regarding system's reliability. UML and its pro- file MARTE are standardized modeling language that are getting widely accepted by industrial designers to cope with the development of complex RTES. Relying on Model-Driven Engineering (MDE), critical time properties' verification in UML-MARTE model at early phases of the system lifecycle becomes possible. However, many challenges still exist. A key challenge is to eliminate the gap between UML semi- formal semantics and fully formal executable semantics us- ing model transformation. The model transformation must ensure on the one hand the consistency between high-level user dedicated models and lower-level verification dedicated ones, and on the other hand that the subsequent verification is not too expensive and can be applied to real size industrial models. This paper presents an approach to translate UML- MARTE Activity Diagrams to Time Petri Net (TPN) with the aim of verifying efficiently time properties. This work is under the framework of the UML-MARTE Model Checker which is dedicated to verifying time properties (synchroniza- tion, schedulability, boundedness, WCET, etc.) in RTES. This contribution focuses on how to define the TPN formal semantics to avoid the core problem of state space explosion in model checking. The proposed method is validated using a representative case study. Experimental results are given that demonstrate the method's performance

Разработка программного обеспечения: проектирование с использованием UML диаграмм и сетей Петри на примере АСУ ТП водонапорной станции

Methods and techniques of software design as one of the important stages of software development are described in the paper. The method of software design with using of UML with Petri nets for analyzing of dynamic properties of set UML diagrams is described. Authors offer improved method of using of integration of UML diagrams and Petri nets. The offered method was used for designing of software of automated process control system (APCS) of pumping station: designing of use case, class, object diagrams and sequences diagram that was transformed to Petri net with help of formal rules. Some incorrect states that occurred after pumps enabling/disabling by operator were identified by analysis of Petri net. Reachability tree of the system was gotten by analysis of the Petri net (the value of the tree is about 106 of nodes). Testing of offered system was showed on example of APCS of pump station.Рассматриваются и анализируются некоторые из известных способов и методик разработки программного обеспечения (ПО), в частности этапа проектирования, как одного из важнейших. Описывается методика, в которой используются UML диаграммы для моделирования свойств и динамики работы системы, а также сети Петри для анализа динамических свойств спроектированных поведенческих диаграмм. Приводится усовершенствованная методика взаимного использования UML диаграмм и сетей Петри. Предлагаемая методика демонстрируется на примере системы АСУ ТП насосной станции, а именно, проектирования диаграммы прецедентов, диаграмма классов и диаграмма объектов, а также диаграмма деятельности, преобразование которой реализуется по формальным правилам. При анализе сети Петри, транслированной из диаграммы деятельности, были выявлены некорректные состояния, в которых оказывалась система при включении и выключении насосов оператором. После устранения данной ситуации, ошибок в динамике работы системы не осталось. В результате анализа получено представление о размере дерева достижимости системы, составляющее величину порядка 106

Formalization and Verification of Hierarchical Use of Interaction Overview Diagrams Using Timing Diagrams

Thanks to its graphical notation and simplicity, Unified Modeling Language (UML) is a de facto standard and a widespread language used in both industry and academia, despite the fact that its semantics is still informal. The Interaction Overview Diagram (IOD) is introduced in UML2; it allows the specification of the behavior in the hierarchical way. This paper is a contribution towards a formal dynamic semantics of UML2. We start by formalizing the Hierarchical use of IOD. Afterward, we complete the mapping of IOD, Sequence Diagrams and Timing Diagrams into Hierarchical Colored Petri Nets (HCPNs) using the Timed colored Petri Nets (timed CP-net). Our approach helps designers to get benefits from abstraction as well as refinement at more than two levels of hierarchy which reduces verification complexity.Comment: 8 pages, 6 figure

On Detecting Concurrency Defects Automatically at the Design Level

We describe an automated approach for detecting concurrency defects from design diagrams of a software, in particular, sequence diagrams. From a given sequence diagram, we automatically infer a formal, parallel specification that generalizes the communication behavior that is designed informally and incompletely in the diagram. We model-check the parallel specification against generic concurrency defect patterns. No additional specification of the software is needed. We present several case-studies to evaluate our approach. The results show that our approach is technically feasible, and effective in detecting nasty concurrency defects at the design level

Property driven verification framework: application to real time property for UML MARTE software design

Les techniques formelles de la famille « vérification de modèles » (« model checking ») se heurtent au problème de l’explosion combinatoire. Ceci limite les perspectives d’exploitation dans des projets industriels. Ce problème est provoqué par la combinatoire dans la construction de l’espace des états possibles durant l’exécution des systèmes modélisés. Le nombre d’états pour des modèles de systèmes industriels réalistes dépasse régulièrement les capacités des ressources disponibles en calcul et stockage. Cette thèse défend l’idée qu’il est possible de réduire cette combinatoire en spécialisant les outils pour des familles de propriétés. Elle propose puis valide expérimentalement un ensemble de méthodes pour le développement de ce type d’outils en suivant une approche guidée par les propriétés appliquée au contexte temps réel. Il s’agit donc de construire des outils d’analyse performants pour des propriétés temps réel qui soient exploitables pour des modèles industriels de taille réaliste. Les langages considérés sont, d’une part UML étendu par le profil MARTE pour la modélisation par les utilisateurs, et d’autre part les réseaux de Petri temporisés comme support pour la vérification. Les propositions sont validées sur un cas d’étude industriel réaliste issu du monde avionique : l’étude de la latence et la fraicheur des données dans un système de gestion des alarmes exploitant les technologies d’Avionique Modulaire Intégrée. Ces propositions ont été mise en oeuvre comme une boite à outils qui intègre les cinq contributions suivantes: la définition de la sémantique d’exécution spécifiques aux propriétés temps réel pour les modèles d’architecture et de comportement spécifiés en UML/MARTE; la spécification des exigences temps réel en s’appuyant sur un ensemble de patrons de vérification atomiques dédiés aux propriété temps réel; une méthode itérative d’analyse à base d’observateurs pour des réseaux de Petri temporisés; des techniques de réduction de l’espace d’états spécifiques aux propriétés temps réel pour des Réseaux de Petri temporisés; une approche pour l’analyse des erreurs détectées par « vérification des modèles » en s’appuyant sur des idées inspirées de la « fouille de données » (« data mining »). ABSTRACT : Automatic formal verification such as model checking faces the combinatorial explosion issue. This limits its application in indus- trial projects. This issue is caused by the explosion of the number of states during system’s execution , as it may easily exceed the amount of available computing or storage resources. This thesis designs and experiments a set of methods for the development of scalable verification based on the property-driven approach. We propose efficient approaches based on model checking to verify real-time requirements expressed in large scale UML-MARTE real-time system designs. We rely on the UML and its profile MARTE as the end-user modeling language, and on the Time Petri Net (TPN) as the verification language. The main contribution of this thesis is the design and implementation of a property-driven verification prototype toolset dedicated to real-time properties verification for UML-MARTE real-time software designs. We validate this toolset using an avionic use case and its user requirements. The whole prototype toolset includes five contributions: definition of real-time property specific execution semantics for UML-MARTE architecture and behavior models; specification of real- time requirements relying on a set of verification dedicated atomic real- time property patterns; real-time property specific observer-based model checking approach in TPN; real-time property specific state space reduction approach for TPN; and fault localization approach in model checking

FLACOS’08 Workshop proceedings

The 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’08) is held in Malta. The aim of the workshop is to bring together researchers and practitioners working on language-based solutions to contract-oriented software development. The workshop is partially funded by the Nordunet3 project “COSoDIS” (Contract-Oriented Software Development for Internet Services) and it attracted 25 participants. The program consists of 4 regular papers and 10 invited participant presentations

Model Driven Communication Protocol Engineering and Simulation based Performance Analysis using UML 2.0

The automated functional and performance analysis of communication systems specified with some Formal Description Technique has long been the goal of telecommunication engineers. In the past SDL and Petri nets have been the most popular FDTs for the purpose. With the growth in popularity of UML the most obvious question to ask is whether one can translate one or more UML diagrams describing a system to a performance model. Until the advent of UML 2.0, that has been an impossible task since the semantics were not clear. Even though the UML semantics are still not clear for the purpose, with UML 2.0 now released and using ITU recommendation Z.109, we describe in this dissertation a methodology and tool called proSPEX (protocol Software Performance Engineering using XMI), for the design and performance analysis of communication protocols specified with UML. Our first consideration in the development of our methodology was to identify the roles of UML 2.0 diagrams in the performance modelling process. In addition, questions regarding the specification of non-functional duration contraints, or temporal aspects, were considered. We developed a semantic time model with which a lack of means of specifying communication delay and processing times in the language are addressed. Environmental characteristics such as channel bandwidth and buffer space can be specified and realistic assumptions are made regarding time and signal transfer. With proSPEX we aimed to integrate a commercial UML 2.0 model editing tool and a discrete-event simulation library. Such an approach has been advocated as being necessary in order to develop a closer integration of performance engineering with formal design and implementation methodologies. In order to realize the integration we firstly identified a suitable simulation library and then extended the library with features required to represent high-level SDL abstractions, such as extended finite state machines (EFSM) and signal addressing. In implementing proSPEX we filtered the XML output of our editor and used text templates for code generation. The filtering of the XML output and the need to extend our simulation library with EFSM abstractions was found to be significant implementation challenges. Lastly, in order to to illustrate the utility of proSPEX we conducted a performance analysis case-study in which the efficient short remote operations (ESRO) protocol is used in a wireless e-commerce scenario

Towards the Formal Verification of Model Transformations: An Application to Kermeta

Model-Driven Engineering (MDE) is becoming a popular engineering methodology for developing large-scale software applications, using models and transformations as primary principles. MDE is now being successfully applied to domain-specific languages (DSLs), which target a narrow subject domain like process management, telecommunication, product lines, smartphone applications among others, providing experts high-level and intuitive notations very close to their problem domain. More recently, MDE has been applied to safety-critical applications, where failure may have dramatic consequences, either in terms of economic, ecologic or human losses. These recent application domains call for more robust and more practical approaches for ensuring the correctness of models and model transformations. Testing is the most common technique used in MDE for ensuring the correctness of model transformations, a recurrent, yet unsolved problem in MDE. But testing suffers from the so-called coverage problem, which is unacceptable when safety is at stake. Rather, exhaustive coverage is required in this application domain, which means that transformation designers need to use formal analysis methods and tools to meet this requirement. Unfortunately, two factors seem to limit the use of such methods in an engineer’s daily life. First, a methodological factor, because MDE engineers rarely possess the effective knowledge for deploying formal analysis techniques in their daily life developments. Second, a practical factor, because DSLs do not necessarily have a formal explicit semantics, which is a necessary enabler for exhaustive analysis. In this thesis, we contribute to the problem of formal analysis of model transformations regarding each perspective. On the conceptual side, we propose a methodological framework for engineering verified model transformations based on current best practices. For that purpose, we identify three important dimensions: (i) the transformation being built; (ii) the properties of interest ensuring the transformation’s correctness; and finally, (iii) the verification technique that allows proving these properties with minimal effort. Finding which techniques are better suited for which kind of properties is the concern of the Computer-Aided Verification community. Consequently in this thesis, we focus on studying the relationship between transformations and properties. Our methodological framework introduces two novel notions. A transformation intent gathers all transformations sharing the same purpose, abstracting from the way the transformation is expressed. A property class captures under the same denomination all properties sharing the same form, abstracting away from their underlying property languages. The framework consists of mapping each intent with its characteristic set of property classes, meaning that for proving the correctness of a particular transformation obeying this intent, one has to prove properties of these specific classes. We illustrate the use and utility of our framework through the detailed description of five common intents in MDE, and their application to a case study drawn from the automative software domain, consisting of a chain of more than thirty transformations. On a more practical side, we study the problem of verifying DSLs whose behaviour is expressed with Kermeta. Kermeta is an object-oriented transformation framework aligned with Object Management Group standard specification MOF (Meta-Object Facility). It can be used for defining metamodels and models, as well as their behaviour. Kermeta lacks a formal semantics: we first specify such a semantics, and then choose an appropriate verification domain for handling the analysis one is interested in. Since the semantics is defined at the level of Kermeta’s transformation language itself, our work presents two interesting features: first, any DSL whose behaviour is defined using Kermeta (more precisely, any transformation defined with Kermeta) enjoys a de facto formal underground for free; second, it is easier to define appropriate abstractions for targeting specific analysis for this full-fledged semantics than defining specific semantics for each possible kind of analysis. To illustrate this point, we have selected Maude, a powerful rewriting system based on algebraic specifications equipped with model-checking and theorem-proving capabilities. Maude was chosen because its underlying formalism is close to the mathematical tools we use for specifying the formal semantics, reducing the implementation gap and consequently limiting the possible implementation mistakes. We validate our approach by illustrating behavioural properties of small, yet representative DSLs from the literature

Role-based Adaptation of Business Reference Models to Application Models: An Enterprise Modeling Methodology for Software Construction

Large software systems are in need of a construction plan to determine and define every concept and element used in order to not end up in complex, unusable, and cost-intensive systems. Different modeling languages, like UML, support the development of these construction plans and visualize them for the system’s stakeholders. Reference models are a specific kind of construction plan, used as templates for information systems and already capture business domain knowledge for reuse and tailoring. By adaptation, reference models are tailored to enterprise-specific application models, which can be used for software construction and maintenance. However, current adaptation methods suffer from the limitations of pure object-oriented development (e.g., identity issues, large inheritance trees, and inflexibility). In this thesis, the usage of roles as the sole adaptation mechanism is proposed to solve these challenges. With the help of conceptual roles, it is possible to create rich model variations and adaptations from existing (industry standard) reference models, and it is simpler to react to model evolution and changing business logic. Adaptations can be specified with more precision by maintaining or even increasing the model’s expressiveness. As a consequence, the role-enriched final application model can be used to describe software systems in more detail, with different perspectives, and, if available, can be implemented with a role supporting programming language. However, even without this step, the application model itself will provide valuable insights into the overall construction plan of a software system by the combination of structure and behavior and a clear separation of relatively stable domain knowledge from its use case specific adaptation