Leveraging formal verification tools for DSML users: a process modeling case study

15 pagesIn the last decade, Model Driven Engineering (MDE) has been used to improve the development of safety critical systems by providing early Validation and Verification (V&V) tools for Domain Specific Modeling Languages (DSML). Verification of behavioral models is mainly addressed by translating domain specific models to formal verification dedicated languages in order to use the sophisticated associated tools such as model-checkers. This approach has been successfully applied in many different contexts, but it has a major draw- back: the user has to interact with the formal tools. In this paper, we present an illustrated approach that allows the designer to formally express the expected behavioral properties using a user oriented language -- a temporal extension of OCL --, that is automatically translated into the formal language; and then to get feedback from the assessment of these properties using its domain language without having to deal with the formal verification language nor with the under- lying translational semantics. This work is based on the metamodeling pattern for executable DSML that extends the DSML metamodel to integrate concerns related to execution and behavior

Time Properties Dedicated Transformation from UML-MARTE Activity to Time Petri Net

Critical Real-Time Embedded Systems (RTES) have strong requirement regarding system's reliability. UML and its pro- file MARTE are standardized modeling language that are getting widely accepted by industrial designers to cope with the development of complex RTES. Relying on Model-Driven Engineering (MDE), critical time properties' verification in UML-MARTE model at early phases of the system lifecycle becomes possible. However, many challenges still exist. A key challenge is to eliminate the gap between UML semi- formal semantics and fully formal executable semantics us- ing model transformation. The model transformation must ensure on the one hand the consistency between high-level user dedicated models and lower-level verification dedicated ones, and on the other hand that the subsequent verification is not too expensive and can be applied to real size industrial models. This paper presents an approach to translate UML- MARTE Activity Diagrams to Time Petri Net (TPN) with the aim of verifying efficiently time properties. This work is under the framework of the UML-MARTE Model Checker which is dedicated to verifying time properties (synchroniza- tion, schedulability, boundedness, WCET, etc.) in RTES. This contribution focuses on how to define the TPN formal semantics to avoid the core problem of state space explosion in model checking. The proposed method is validated using a representative case study. Experimental results are given that demonstrate the method's performance

A transformation-driven approach to automate feedback verification results

International audienceThe integration of formal verification methods in modeling activities is a key issue to ensure the correctness of complex system design models. In this purpose, the most common approach consists in defining a translational semantics mapping the abstract syntax of the designer dedicated Domain-Specific Modeling Language (DSML) to a formal verification dedicated semantic domain in order to reuse the available powerful verification technologies. Formal verification is thus usually achieved using model transformations. However, the verification results are available in the formal domain which significantly impairs their use by the system designer which is usually not an expert of the formal technologies. In this paper, we introduce a novel approach based on Higher-Order transformations that analyze and instrument the transformation that expresses the semantics in order to produce traceability data to automatize the back propagation of verification results to the DSML end-user

A Design Pattern to Build Executable DSMLs and associated V&V tools

International audienceModel executability is now a key concern in model-driven engineering, mainly to support early validation and verification (V&V). Some approaches allow to weave executability into metamodels, defining executable domain-specific modeling languages (DSMLs). Model validation can then be achieved by simulation and graphical animation through direct interpretation of the conforming models. Other approaches address model executability by model compilation, allowing to reuse the virtual machines or V\&V tools existing in the target domain. Nevertheless, systematic methods are currently not available to help the language designer in the definition of such an execution semantics and related tools. For instance, simulators are mostly hand-crafted in a tool specific manner for each DSML. In this paper, we propose to reify the elements commonly used to support state-based execution in a DSML. We infer a design pattern (called Executable DSML pattern) providing a general reusable solution for the expression of the executability concerns in DSMLs. It favors flexibility and improves reusability in the definition of semantics-based tools for DSMLs. We illustrate how this pattern can be applied to ease the development of V&V tools

A Framework to Formalise the MDE Foundations

International audienceDomain-Specific Language (DSL) are getting more and more popular and are being used in critical systems like aerospace and car industries. Methods for simulating and validating DSL models are now necessary in order to make the new software generation more reliable and less costly. Developing analysis tools for DSL requires the definition of models semantics. In this paper, we propose a framework to give a formal foundation of the Model-Driven Engineering (MDE) approach. We separate the usually common notions of models and modelling languages associating to each of them a different goal. In order to prove the consistency of our proposal we express a subset of EMOF, its static semantics and validate its meta-circularity

Essay on Semantics Definition in MDE. An Instrumented Approach for Model Verification

International audienceIn the context of MDE (Model-Driven Engineering), our objective is to define the semantics for a given DSL (Domain Specific Language) either to simulate its models or to check properties on them using model-checking techniques. In both cases, the purpose is to formalize the DSL semantics as it is known by the DSL designer but often in an informal way. After several experiments to define operational semantics on the one hand, and translational semantics on the other hand, we discuss both approaches and we specify in which cases these semantics seem to be judicious. As a second step, we introduce a pragmatic and instrumented approach to define a translational semantics and to validate it against a reference operational semantics expressed by the DSL designer. We apply this approach to the xSPEM process description language in order to verify process models

A Design Pattern for Executable DSML

Model executability is now a key concern in model-driven engineering, mainly to support early validation and verification (V&V). Some approaches have allowed to weave executability into metamodels, defining executable domain-specific modeling languages (DSML). Then, model validation may be achieved by direct interpretation of the conforming models. Other approaches address model executability by model compilation, allowing to reuse the virtual machines or V&V tools existing in the target domain. Nevertheless, systematic methods are not available to help the language designer in the definition of such an execution semantics and related support tools. For instance, simulators are mostly hand-crafted in a tool specific manner for each DSML. In this paper, we propose to reify the elements commonly used to support execution in a DSML. We infer a design pattern (called Executable DSML pattern) providing a general reusable solution for the expression of the executability concerns in DSML. It favors flexibility and improves reusability in the definition of semantics-based tools for DSML. We illustrate how this pattern can be applied to V&V and models at runtime, and give insights on the development of generic and generative tools for model animators

A Property-Driven Approach to Formal Verification of Process Models

Enterprise Information Systems, 9th International Conference, ICEIS 2007, Funchal, Madeira, June 12-16, 2007, Revised Selected PapersInternational audienceMore and more, models, through Domain Specific Languages (DSL), tend to be the solution to define complex systems. Expressing properties specific to these metamodels, and checking them, appear as an urgent need. Until now, the only complete industrial solutions that are available consider structural properties such as the ones that could be expressed in OCL. There are although some attempts on behavioural properties for DSL. This paper addresses a method to specify and then check temporal properties over models. The case study is SimplePDL, a process metamodel. We propose a way to use a temporal extension of OCL, TOCL, to express properties. We specify a models transformation to Petri Nets and LTL formulae for both the process model and its associated temporal properties. We check these properties using a model checker and enrich the model with the analysis results. This work is a first step towards a generic framework to specify and effectively check temporal properties over arbitrary models

SéMo'07 : premier atelier sur la Sémantique des Modèles

International audienceThis paper summarises the presentations and exchanges that took place in the SéMo'2007 workshop in March 2007 in Toulouse during the IDM conference. The main topic of the workshop was the semantics of models and meta-models in the purpose to confront the MDE users needs and the technologies used for specification and programming languages

topPROCESS : vers une ingénierie des procédés dirigée par les modèles

National audienceCet article présente topPROCESS, une approche proactive de pilotage des processus qui permet de mettre en place les bonnes pratiques, ITIL, CMMI... de manière pragmatique et opérationnelle sur une architecture modulaire. L'approche est globale, transverse et fait intervenir de manière collaborative les parties prenantes en concentrant les efforts sur les processus apportant de la valeur. topPROCESS a permis la conception et la modélisation des processus du projet Topcased dont l'objectif est d'offrir un environnement open-source pour le développement de systèmes critiques. L'ingénierie des modèles (IDM) a été utilisée pour le développement d'un éditeur de modèles de processus et la vérification de leur cohérence par rapport à des contraintes exprimées en terme de ressources, ordonnancement, temps..