Verification of Translation Model Transformations Levi Lúcio †, Bentley James Oakes, and Hans Vangheluwe †,‡ † School of Computer Science, McGill University,

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Model Transformation Verification: some theory and some practice Levi Lúcio MSDL Lab / NECSIS project McGill University.
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
A Technique for Automatic Validation of Model Transformations Levi Lúcio and Bruno Barroca Universidade Nova de Lisboa.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
Higher-Order Transformation Eugene SyrianiandHans Vangheluwe.
Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.
Introduction Complex Engineered Systems
ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Predicate Transformers
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages
McGill University School of Computer Science Ph.D. Candidate in the Modelling, Simulation and Design Lab MPM’09 Explicit Transformation Modelling Thomas.
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Operational Semantics.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.
Describing Syntax and Semantics
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.
Design and Analysis of Algorithms
An Information Theory based Modeling of DSMLs Zekai Demirezen 1, Barrett Bryant 1, Murat M. Tanik 2 1 Department of Computer and Information Sciences,
CMPS 3223 Theory of Computation Automata, Computability, & Complexity by Elaine Rich ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Slides provided.
Verification of Model Transformations for Real Verifying Model Transformations for Real Levi Lúcio work done jointly with: Bentley James Oakes, McGill.
Studying Model Transformation Chains for Model Driven Engineering Levi Lúcio, McGill University.
Testing Theory cont. Introduction Categories of Metrics Review of several OO metrics Format of Presentation CEN 5076 Class 6 – 10/10.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.
Introduction Algorithms and Conventions The design and analysis of algorithms is the core subject matter of Computer Science. Given a problem, we want.
1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
1 Levi Lúcio © A Test Selection Language for CO-OPN Specifications Levi Lúcio, Luis Pedro and Didier Buchs University of Geneva.
Levi Lúcio School of Computer Science McGill University Canada (with Joachim Denil, Sadaf Mustafiz, Hans Vangheluwe, Bart Meyers, Maris Jukss and Raphael.
Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
CS 363 Comparative Programming Languages Semantics.
MASE : Modeling & Analysis in Software Engineering School of Computing Queen’s University Kingston, Ontario, Canada Juergen Dingel CAMPAM, April 29, 2012.
3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.
ISBN Chapter 3 Describing Semantics.
Chapter 3 Part II Describing Syntax and Semantics.
Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.
Semantics In Text: Chapter 3.
1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
CompSci 102 Discrete Math for Computer Science March 13, 2012 Prof. Rodger Slides modified from Rosen.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.
DSM-TP 2016 Verification of Model Transformations and DSLs in Industry Levi Lúcio Joint work with: Bentley James Oakes, Cláudio Gomes, Salman Rahman and.
The Development Process of Web Applications
Formal Methods in Software Engineering 1
Model Checking for an Executable Subset of UML
Programming Languages 2nd edition Tucker and Noonan
Automated Analysis and Code Generation for Domain-Specific Models
Programming Languages 2nd edition Tucker and Noonan
Presentation transcript:

Verification of Translation Model Transformations Levi Lúcio †, Bentley James Oakes, and Hans Vangheluwe †,‡ † School of Computer Science, McGill University, Montreal, Canada ‡ Department of Mathematics and Computer Science, University of Antwerp, Belgium March 2, 2015

Verification of Translation Model Transformations Problem Statement We want to prove pre- post- condition structural, properties of a translation model transformation, for all its executions. The infinite amount of transformation executions implies the proof needs to be done on a finite abstraction of the transformation’s executions. 2

Verification of Translation Model Transformations Problem Statement How can we build this abstraction mechanically and use it to prove properties? Does the technique scale? 3

Verification of Translation Model Transformations VCS to AUTOSAR Transformation [1] 4 VCS Metamodel (obfuscated fragment) AUTOSAR Metamodel (fragment) [1] G. Selim, S. Wang, J. R. Cordy, J. Dingel. “Model Transformations for Migrating Legacy Models: An Industrial Case Study”. ECMFA 2012, Lyngby, Denmark (LNCS)

Verification of Translation Model Transformations Migrating Legacy Models from VCS to AUTOSAR in DSLTrans [2] Layer 1 Layer 2 Layer 3 [2] DSLTrans: A Turing Incomplete Transformation Language, B. Barroca, L. Lúcio, V. Amaral R. Félix, V. Sousa. Proceedings of SLE 2010, Eindhoven, Netherlands, 2010.

Verification of Translation Model Transformations DSLTrans Rule Detail

Verification of Translation Model Transformations Requirements [3] for the migration transformation from General Motors 7 [3] G. Selim, S. Wang, J. R. Cordy, J. Dingel. “Model Transformations for Migrating Legacy Models: An Industrial Case Study”. ECMFA 2012, Lyngby, Denmark (LNCS)

Verification of Translation Model Transformations Example property [4] 8 P1: “If a PhysicalNode is connected to a Service through the provided association (in the input), then the corresponding CompositionType will be connected to a PPortPrototype (in the output).” [4] G. Selim, L. Lúcio, J. R. Cordy, J. Dingel and B. Oakes. ” Specification and Verification of Graph-Based Model Transformation Properties” ICGT 2014, York, UK. (LNCS)

Verification of Translation Model Transformations Path Condition Generation of DSLTrans Model Transformations [5,6] [5] L. Lúcio, B. Barroca, V. Amaral “A Technique for the Verification of Model Transformations” Proceedings of MoDELS, [6] A Technique for Symbolically Verifying Properties of Graph-Based Model Transformations, L. Lúcio, B. Oakes and H. Vangheluwe. Technical Report SOCS-TR , McGill University, Process Layer 1 Process Layer 2 Process Layer 3 Unfeasible Control Path …… Path Conditions

Verification of Translation Model Transformations Case 1: Rule has no Dependencies 10

Verification of Translation Model Transformations Case 2: Rule’s Dependencies are not Satisfied by the Path Condition 11

Verification of Translation Model Transformations Case 3: Totally- and Partially- Satisfied Dependencies 12

Verification of Translation Model Transformations 13 Case 3: Totally- and Partially- Satisfied Dependencies

Verification of Translation Model Transformations Case 3: Totally- and Partially- Satisfied Dependencies 14

Verification of Translation Model Transformations 15

Verification of Translation Model Transformations Proving Properties A property is does not hold for a path condition pc whenever its pre-condition is found on pc, but its post-condition is not. Otherwise we say the property holds for pc. A property is holds for a transformation whenever it holds for all of the transformation’s path conditions. 16

Verification of Translation Model Transformations Properties of Property Proving [7] Validity Theorem: the result of proving a property for all path conditions generated for a transformation or an all executions of that transformation is the same Completeness Theorem: properties of a transformation can be shown to either hold for all transformation executions, or not hold for at least one transformation execution 17 [7] L. Lúcio, B. Oakes, H. Vangheluwe “A Technique for Symbolically Verifying Properties of Graph-Based Model Transformations”. Technical Report SOCS-TR , McGill University, 2014.

Verification of Translation Model Transformations Implementation 18 Principle: Development of the tool should be model-driven (as much as as possible) First class citizens: Metamodels Models (Higher-Order) Model Transformations “Eat your own dog food!”

Verification of Translation Model Transformations Tooling and developers 19 igraph / Himesis Levi Lucio McGill U. Bentley Oakes McGill U. Gehan Selim Queen’s U. Cláudio Gomes Antwerp U. T-Core

Verification of Translation Model Transformations Tool Architecture 20

Verification of Translation Model Transformations Model-Driven Development: Challenges 21 Challenges Insufficient higher-order model transformation technology (AToM3) models are not built for memory-intensive applications Transformations and code have to be developed together in an interleaved fashion

Verification of Translation Model Transformations Model-Driven Development: Advantages 22 Advantages (Surprisingly) speed! Adapted to the domain Models simplify the usage of complex data types

Verification of Translation Model Transformations Model-Driven Development: Ambivalent 23 Ambivalent Right level of abstraction through the usage of metamodels and model transformations Visual edition and debugging of metamodels, models and model transformations

Verification of Translation Model Transformations Case Studies Case study 1: GM To Autosar Partial migration transformation from the proprietary VCS architecture language for automotive hardware and software deployment into AUTOSAR. Small subset of the complete metamodel, for experimentation. Case study 2: UML-RT To Kiltera Give semantics to UML-RT in terms of the CSP-like language Kiltera, for simulation. Functional half the UML-RT metamodel is transformed. Case study 3: mbeddr to C Give semantics to specifications in the mbeddr language as C code, for execution. Complete subset of the mbeddr metamodel required for the transformation of connectors between mbeddr components into C function calls. To prove the property: “for every invocation of a function on an instance of a component by an instance of a another component, via a connector, the correct C function generated by the transformation is called”. 24

Verification of Translation Model Transformations Case study 1: GM To Autosar 25 Number of rules: 8 Number of layers: 4 Symbolic execution time: 0.6 s Number of path conditions: 3 Property proving times: 0.02 s on average

Verification of Translation Model Transformations Case study 2: UML-RT to Kiltera 26 Number of rules: 17 Number of layers: 7 Symbolic execution time: 80 s Number of path conditions: 330 Property proving times: tens of seconds Required implementation of the symbolic execution of conditions on object attributes!

Verification of Translation Model Transformations Demo 27 If a Listen object is created, it must have at least one ListenBranch object. A Listen object represents a Listener process that awaits input on one or more channels. If we have a Listen object, then we are awaiting input on at least one channel (ListenBranch).

Verification of Translation Model Transformations UML-RT to Kiltera: rules vs path conditions 28

Verification of Translation Model Transformations UML-RT to Kiltera: rules vs time 29

Verification of Translation Model Transformations UML-RT to Kiltera: rules vs space 30

Verification of Translation Model Transformations Case study 3: mbeddr to C 31 Number of rules: 49 Number of layers: 7 Symbolic execution time: 1264 s (23 rules) Number of path conditions: ? Property proving times: ?

Verification of Translation Model Transformations mbeddr to C: rules vs path conditions 32

Verification of Translation Model Transformations mbeddr to C: rules vs time 33

Verification of Translation Model Transformations mbeddr to C: rules vs space 34

Verification of Translation Model Transformations Challenges Scalability of the tool Memory is the current limitation What is the best solution for trading speed for memory? Theory Right abstraction level to explain soundness and completeness Including NACs in the theory 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.