An invariant-based method for the analysis of declarative model-to-model transformations

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-540-87875-9_3Proceedings of 11th International Conference, MoDELS 2008, Toulouse, France, September 28 - October 3, 2008In this paper we propose a method to derive OCL invariants from declarative specifications of model-to-model transformations. In particular we consider two of the most prominent approaches for specifying such transformations: Triple Graph Grammars and QVT. Once the specification is expressed in the form of invariants, the transformation developer can use such description to verify properties of the original transformation (e.g. whether it defines a total, surjective or injective function), and to validate the transformation by the automatic generation of valid pairs of source and target models.Work supported by the Spanish Ministry of Education and Science, projects MOSAIC (TSI2005-08225-C07-06), MODUWEB (TIN2006-09678) and TIN2005-06053, and an UOC-IN3 research gran

Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verify the safety property under consideration. To avoid this, invariants can be used to dramatically prune the search space. Indeed, the problem is to guess such appropriate invariants. In this paper, we present a fully declarative and symbolic approach to the mechanization of backward reachability of infinite state systems manipulating arrays by Satisfiability Modulo Theories solving. Theories are used to specify the topology and the data manipulated by the system. We identify sufficient conditions on the theories to ensure the termination of backward reachability and we show the completeness of a method for invariant synthesis (obtained as the dual of backward reachability), again, under suitable hypotheses on the theories. We also present a pragmatic approach to interleave invariant synthesis and backward reachability so that a fix-point for the set of backward reachable states is more easily obtained. Finally, we discuss heuristics that allow us to derive an implementation of the techniques in the model checker MCMT, showing remarkable speed-ups on a significant set of safety problems extracted from a variety of sources.Comment: Accepted for publication in Logical Methods in Computer Scienc

Comparing transformation languages for the implementation of certified model transformations

Precise specifications are needed for verifying and certifying the correct behavior of critical systems. However, traditional proofreading and test based verification techniques are usually not exhaustive and as systems become more complex, their coverage is less and less adequate. Use of models allows early verification, validation and automated building of "correct by construction" systems. Our work targets formal specification and verification of model transformations. In a previous paper we tackled the problem of writing formal speci- fications for model transformations independently to the implementation technique. In this paper we investigate the implementation phase of these specifications as model transforma- tions using traditional MDE techniques and the difficulties encountered while generating the verification materials