12 research outputs found
A Deductive Approach for Fault Localization in ATL Model Transformations
International audienceIn model-driven engineering, correct model transformation is essential for reliably producing the artifacts that drive software development. While the correctness of a model transformation can be specified and checked via contracts, debugging unverified contracts imposes a heavy cognitive load on transformation developers. To improve this situation, we present an automatic fault localization approach, based on natural deduction, for the ATL model transformation language. We start by designing sound natural deduction rules for the ATL language. Then, we propose an automated proof strategy that applies the designed deduction rules on the postconditions of the model transformation to generate sub-goals: successfully proving the sub-goals implies the satisfaction of the postconditions. When a sub-goal is not verified, we present the user with sliced ATL model transformation and predicates deduced from the postcondition as debugging clues. We provide an automated tool that implements this process. We evaluate its practical applicability using mutation analysis, and identify its limitations
On verifying ATL transformations using 'off-the-shelf' SMT solvers
International audienceMDE is a software development process where models constitute pivotal elements of the software to be built. If models are well-specified, transformations can be employed for various purposes, e.g., to produce final code. However, transformations are only meaningful when they are 'correct': they must produce valid models from valid input models. A valid model has conformance to its meta-model and fulfils its constraints, usually written in OCL. In this paper, we propose a novel methodology to perform automatic, unbounded verification of ATL transformations. Its main component is a novel first-order semantics for ATL transformations, based on the interpretation of the corresponding rules and their execution semantics as first-order predicates. Although, our semantics is not complete, it does cover a significant subset of the ATL language. Using this semantics, transformation correctness can be automatically verified with respect to non-trivial OCL pre- and postconditions by using SMT solvers, e.g. Z3 and Yices
Incremental Deductive Verification for Relational Model Transformations
International audienceIn contract-based development of model transformations, continuous deductive verification may help the transformation developer in early bug detection. However, because of the execution performance of current verification systems, re-verifying from scratch after a change has been made would introduce impractical delays. We address this problem by proposing an incremental verification approach for the ATL model-transformation language. Our approach is based on decomposing each OCL contract into sub-goals, and caching the sub-goal verification results. At each change we exploit the semantics of relational model transformation to determine whether a cached verification result may be impacted. Consequently, less postconditions/sub-goals need to be re-verified. When a change forces the re-verification of a postcondition, we use the cached verification results of sub-goals to construct a simplified version of the postcondition to verify. We prove the soundness of our approach and show its effectiveness by mutation analysis. Our case study presents an approximate 50% reuse of verification results for postconditions, and 70% reuse of verification results for sub-goals. The user perceives about 56% reduction of verification time for postconditions, and 51% for sub-goals
Evaluating well-formedness constraints on incomplete models
In modern modeling tools used for model-driven development, the validation of several well-formedness constraints is continuously been carried out by exploiting advanced graph query engines to highlight conceptual design flaws. However, while models are still under development, they are frequently partial and incomplete. Validating constraints on incomplete, partial models may identify a large number of irrelevant problems. By switching off the validation of these constraints, one may fail to reveal problematic cases which are difficult to correct when the model becomes sufficiently detailed. Here, we propose a novel validation technique for evaluating well-formedness constraints on incomplete, partial models with may and must semantics, e.g. a constraint without a valid match is satisfiable if there is a completion of the partial model that may satisfy it. To this end, we map the problem of constraint evaluation over partial models into regular graph pattern matching over complete models by semantically equivalent rewrites of graph queries
Certifying a Rule-Based Model Transformation Engine for Proof Preservation
International audienceExecutable engines for relational model-transformation languages evolve continuously because of language extension, performance improvement and bug fixes. While new versions generally change the engine semantics, end-users expect to get backward-compatibility guarantees, so that existing transformations do not need to be adapted at every engine update.The CoqTL model-transformation language allows users to define model transformations, theorems on their behavior and machine-checked proofs of these theorems in Coq. Backward-compatibility for CoqTL involves also the preservation of these proofs. However, proof preservation is challenging, as proofs are easily broken even by small refactorings of the code they verify.In this paper we present the solution we designed for the evolution of CoqTL, and by extension, of rule-based transformation engines. We provide a deep specification of the transformation engine, including a set of theorems that must hold against the engine implementation. Then, at each milestone in the engine development, we certify the new version of the engine against this specification, by providing proofs of the impacted theorems. The certification formally guarantees end-users that all the proofs they write using the provided theorems will be preserved through engine updates. We illustrate the structure of the deep specification theorems, we produce a machine-checked certification of three versions of CoqTL against it, and we show examples of user theorems that leverage this specification and are thus preserved through the updates
Un entorno de pruebas de mutaciĂłn en Eclipse
Una
técnica
para
medir
la
efectividad
de
un
conjunto
de
casos
de
prueba
y
ayudar
a
mejorarlo
son
las
pruebas
de
mutaciĂłn.
En
las
pruebas
de
este
tipo,
se
insertan
fallos
en
un
programa
para
obtener
distintas
versiones
errĂłneas
del
mismo.
Al
error
introducido
en
el
programa
se
le
denomina
mutaciĂłn
y
a
las
nuevas
versiones
del
programa
inicial
se
les
llama
mutantes,
y
se
utilizan
para
comprobar
si,
dado
un
conjunto
de
casos
de
prueba,
Ă©ste
es
capaz
de
detectar
los
fallos
introducidos
en
cada
mutante.
En
caso
de
no
detectarlos,
el
desarrollador
debe
proporcionar
nuevos
casos
de
prueba
que
detecten
los
mutantes
creados,
mejorando
de
este
modo
la
calidad
del
conjunto
de
casos
de
prueba
inicial.
El
objetivo
de
este
Trabajo
de
Fin
de
Grado
es
construir
una
herramienta
de
mutaciĂłn
que
genere
de
forma
automática
mutantes
de
un
programa
escrito
en
el
lenguaje
ATL
(Atlas
Transformation
Language),
para
posteriormente
poder
medir
la
eficacia
del
conjunto
de
casos
de
prueba
diseñado
para
probar
el
programa.
ATL
es
un
lenguaje
de
programaciĂłn
para
definir
transformaciones
de
modelos,
que
son
un
tipo
de
programa
software
cuyos
argumentos
de
entrada
y
salida
son
modelos.
Se
utilizan
dentro
del
paradigma
de
Desarrollo
Dirigido
por
Modelos,
que
es
un
método
de
desarrollo
de
software
en
el
que
los
datos
que
se
manejan
son
modelos.
Las
mutaciones
que
se
generan
y
describen
en
el
presente
trabajo
están
orientadas
a
este
tipo
de
software.Mutation
testing
is
a
technique
to
measure
the
efficacy
of
a
set
of
test
cases
and
help
to
improve
it.
On
this
kind
of
testing,
faults
are
injected
into
a
program
to
get
faulty
versions
of
it.
Errors
introduced
in
the
program
are
called
mutations
and
the
new
versions
of
the
original
program
are
called
mutants,
and
they
are
used
to
check
whether,
given
a
set
of
test
cases,
this
is
able
to
detect
the
faults
introduced
in
each
mutant.
If
they
are
not
detected,
the
developer
must
provide
new
test
cases
that
detect
the
created
mutants,
thus
improving
the
overall
quality
of
the
initial
test
set.
The
objective
of
this
Bachelor’s
Project
is
to
build
a
mutation
tool
to
generate
automatically
mutants
of
a
program
written
with
the
ATL
language
(Atlas
Transformation
Language),
and
measure
the
efficacy
of
a
set
of
test
cases
designed
for
testing
the
program.
ATL
is
a
programming
language
to
implement
model
transformations,
which
are
programs
whose
input
and
output
arguments
are
models.
They
are
used
in
the
context
of
Model
Driven
Development,
which
is
a
software
development
method
where
the
manipulated
data
are
models.
The
mutations
generated
and
described
on
this
work
are
oriented
to
this
kind
of
software
CoqTL: A Coq DSL for Rule-Based Model Transformation
International audienc
Verification of ATL Transformations Using Transformation Models and Model Finders Verification of ATL Transformations Using Transformation Models and Model Finders
Abstract. In model-driven engineering, models constitute pivotal elements of the software to be built. If models are specified well, transformations can be employed for different purposes, e.g., to produce final code. However, it is important that models produced by a transformation from valid input models are valid, too, where validity refers to the metamodel constraints, often written in OCL. Transformation models are a way to describe this Hoare-style notion of partial correctness of model transformations using only metamodels and constraints. In this paper, we provide an automatic translation of declarative, rule-based ATL transformations into such transformation models, providing an intuitive and versatile encoding of ATL into OCL that can be used for the analysis of various properties of transformations. We furthermore show how existing model verifiers (satisfiability checkers) for OCL-annotated metamodels can be applied for the verification of the translated ATL transformations, providing evidence for the effectiveness of our approach in practice