A Technique for Automatic Validation of Model Transformations Levi Lúcio and Bruno Barroca Universidade Nova de Lisboa.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Model Transformation Verification: some theory and some practice Levi Lúcio MSDL Lab / NECSIS project McGill University.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
Technology of Test Case Generation Levi Lúcio University of Geneva Marko Samer Vienna University of Technology.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.
Copyright © Cengage Learning. All rights reserved.
Discrete Mathematics Lecture 5 Alexander Bukharovich New York University.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
Complexity 11-1 Complexity Andrei Bulatov Space Complexity.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Module 13 Studying the internal structure of REC, the set of solvable problems –Complexity theory overview –Automata theory preview Motivating Problem.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.
On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
An Information Theory based Modeling of DSMLs Zekai Demirezen 1, Barrett Bryant 1, Murat M. Tanik 2 1 Department of Computer and Information Sciences,
Logic Programming Based Model Transformations An overview of related work.
Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Verification of Translation Model Transformations Levi Lúcio †, Bentley James Oakes, and Hans Vangheluwe †,‡ † School of Computer Science, McGill University,
Verification of Model Transformations for Real Verifying Model Transformations for Real Levi Lúcio work done jointly with: Bentley James Oakes, McGill.
1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.
Introduction Algorithms and Conventions The design and analysis of algorithms is the core subject matter of Computer Science. Given a problem, we want.
Some Probability Theory and Computational models A short overview.
Logic. Mathematical logic is a subfield of mathematics exploring the applications of formal logic to mathematics. Topically, mathematical logic bears.
Levi Lúcio School of Computer Science McGill University Canada (with Joachim Denil, Sadaf Mustafiz, Hans Vangheluwe, Bart Meyers, Maris Jukss and Raphael.
Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.
University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.
Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.
Reasoning about programs March CSE 403, Winter 2011, Brun.
Semantics In Text: Chapter 3.
Ch. 13 Ch. 131 jcmt CSE 3302 Programming Languages CSE3302 Programming Languages (notes?) Dr. Carter Tiernan.
DSL Composition for Model- Based Test Generation (or Adding Testability to a DSL by using DSL Composition) Bruno Barroca, Vasco Amaral and Luís Pedro Levi.
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
1 Turing’s Thesis. 2 Turing’s thesis: Any computation carried out by mechanical means can be performed by a Turing Machine (1930)
1 Finite Model Theory Lecture 1: Overview and Background.
All-Path Reachability Logic Andrei Stefanescu 1, Stefan Ciobaca 2, Radu Mereuta 1,2, Brandon Moore 1, Traian Serbanuta 3, Grigore Rosu 1 1 University of.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
1 Propositional Logic Limits The expressive power of propositional logic is limited. The assumption is that everything can be expressed by simple facts.
Logical Agents Chapter 7. Outline Knowledge-based agents Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules and theorem.
Donghyun (David) Kim Department of Mathematics and Computer Science North Carolina Central University 1 Chapter 4 Decidability Some slides are in courtesy.
Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS.
Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.
Logical Agents. Outline Knowledge-based agents Logic in general - models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability.
DSM-TP 2016 Verification of Model Transformations and DSLs in Industry Levi Lúcio Joint work with: Bentley James Oakes, Cláudio Gomes, Salman Rahman and.
CSCI 2670 Introduction to Theory of Computing
Graph-Based Operational Semantics
PDAs Accept Context-Free Languages
Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.
Lecture 5 Floyd-Hoare Style Verification
Formal Methods in software development
Semantics In Text: Chapter 3.
Formal Methods in software development
Finite-Trace Linear Temporal Logic: Coinductive Completeness
Predicate Transformers
Axiomatic Semantics Will consider axiomatic semantics (A.S.) of IMP:
Proofs of Correctness: An Introduction to Axiomatic Verification
Search techniques.
Compiler Construction
Presentation transcript:

A Technique for Automatic Validation of Model Transformations Levi Lúcio and Bruno Barroca Universidade Nova de Lisboa

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 2

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 3

DSLTrans – Motivation Started out as a visual transformation language for semantics by translation Developed into a complete transformation language, with interesting properties 4

DSLTrans – Running Example “… to flatten a chain of command (…) into two independent sets of male and female officers. (…) command relations are kept… Source Metamodel Target Metamodel 5

DSLTrans – Running Example Source Metamodel Target Metamodel 6

DSLTrans Transformations A DSLTrans tranformation is defined as a list of Layers, each Layer holding a set of transformations Layers are executed sequentially The Input Model is immutable (outplace transformation language) Layer 1 Layer 2 7 Eclipse plugin at:

DSLTrans in Action – Layer 1 Match Models/ElementsApply Models/Elements 8

DSLTrans in Action – Layer 1 9

DSLTrans in Action – Layer 2 10

DSLTrans in Action – Layer 2 Match ModelApply Model Match Elements Apply Elements Indirect Match Links Apply Links Backward Links 11

DSLTrans in Action – Layer 2 12

DSLTrans in Action – Layer 2 13

DSLTrans in Action – Layer 2 14

DSLTrans in Action – Layer 2 15

DSLTrans’ Theory 1 DSLTrans is turing incomplete: no loops or recursivity allowed Set theoretical, graph based formalization Termination: Theorem: every model transformation terminates Confluence: Theorem: every model transformation is confluent 16 1 Barroca, Lucio, Amaral, Felix, Sousa “DSLTrans – A Turing Incomplete Transformation Language”. Proceedings of SLE 2010

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 17

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 18

How do we verify a transformation? ‘if a certain pattern of elements and their relations exists in the source model, then another pattern of elements and their relations necessarily exists in the produced target model’ What properties can we verify in DSLTrans transformations? 19

How do we verify a transformation? For all instances of a transformation… our contribution! How? Using exhaustive techniques (similar to model checking / theorem proving) for building the symbolic execution space of a transformation and proving the properties on that space. 20

How do we verify a transformation? ‘Any model which includes a police station that has both a male and female chief officers will be transformed into a model where the male chief officer will exist in the male set and the female chief officer will exist in the female set’ 21

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 22

Presentation Overview Context: DSLTrans transformation language How do we verify a transformation? Building a proof Results and future work 23

Building the set of Symbolic Executions for a Transformation

Building the set of Symbolic Executions for a Transformation Because in DSLTrans two transformation rules may match the same model element, we need more resolution in states to distinguish more symbolic executions… 25 Collapse

Building the set of Symbolic Executions for a Transformation

Proving Properties True property False property Non Provable 27

Proving Properties – True Property ‘For all paths belonging to the transformation’s state space, if the property’s match model is found in a given state, then a subsequent state in that path is model of the property.’ ? 28

Proving Properties – True Property 29 Collapse

Proving Properties – True Property ‘For all paths belonging to the transformation’s state space, if the property’s match model is found in a given state, then a subsequent state in that path is model of the property.’ Match model is found! State is model of the property! 30

Proving Properties – False Property ‘There exists a path belonging to the transformation’s state space where the property’s match model is found in a given state, but no subsequent state in that path is model of the property.’ Match model is found! Counterexample! Final state is not model of the property! ? 31

Proving Properties – Non Provable ‘The match model of the property can never be found in any state of the construction of the symbolic executions of the transformation.’ Can’t find the match model of the property in any state! 32

Presentation Overview Context: DSLTrans transformation language Intuition: what properties can we verify? Building a proof Results and future work 33

Presentation Overview Context: DSLTrans transformation language Intuition: what properties can we verify? Building a proof Results and future work 34

Theoretical Results Set theoretical, graph based formalization Finiteness (theorem) The state space for any transformation is finite Preliminary experimental validation 35

Related Work Rensink et al (2004) Model Checking Graph Transformations: A Comparison of Two Approaches Mens at al (2006) “A taxonomy of model transformation” Anastasakis at al (2007) “Analysis of Model Transformations via Alloy” Narayanan et al (2008) “Verifying Model Transformations by Structural Correspondence” Asztalos et al (2009) ”Towards Automated, Formal Verification of Model Transformations” 36 The literature on verifying transformations is preliminary and quite recent…

Future Work Validation of the verification technique – is the symbolic execution space complete? Build a complete prototype for automatic proofs; Evaluate the usefulness of our properties on larger case study transformations; Can this verification approach be applied to other transformation languages? 37

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.