PUBS-99-G90-001 Motivation Objective Inconsistent specification “Shell” sw only Complex, diverse and unsupported tools Complex languages/math Lack of trained.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Language Specification using Metamodelling Joachim Fischer Humboldt University Berlin LAB Workshop Geneva
A Formal Descriptive Semantics of UML Lijun Shan Dept of Computer Science National University of Defense Technology, Changsha, China Hong Zhu Department.
Intermediate Code Generation
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
SEG4110 – Advanced Software Design and Reengineering TOPIC D Metamodelling.
Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 6 Advanced Data Modeling.
BIS Database Systems School of Management, Business Information Systems, Assumption University A.Thanop Somprasong Chapter # 6 Advanced Data Modeling.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 8 The Enhanced Entity- Relationship (EER) Model.
Chapter 14 (Web): Object-Oriented Data Modeling
McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Understanding Entity Relationship Diagrams.
CS189A/172 - Winter 2008 Lecture 7: Software Specification, Architecture Specification.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
Describing Syntax and Semantics
Chapter 14: Object-Oriented Data Modeling
Course Revision Contents  Compilers  Compilers Vs Interpreters  Structure of Compiler  Compilation Phases  Compiler Construction Tools  A Simple.
Consistency Checking of RM-ODP Specifications Kenneth Baclawski Mieczyslaw Kokar Jeffrey Smith Jerzy Letkowski.
Understanding Advanced UML Concepts Gerd Wagner
A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.
IFIP WG2.1 meeting, 京都市, Sep Refinement and Transformations in Specware A progress report Alessandro Coglio, Kestrel Institute Stephen Westfold,
What is MOF? The Meta Object Facility (MOF) specification provides a set of CORBA interfaces that can be used to define and manipulate a set of interoperable.
METACASE. WHAT THIS PRESENTATION IS ABOUT  What’s META MODELING?  What’s METACASE?  METAEDIT+ 5.1 EVALUTION PROGRAM  Diagram and its kinds.
1 Devon M. Simmonds Metadata & The UML Metamodel SLIDES include some from tvarious sources including: (1)
Validated Model Transformation Tihamér Levendovszky Budapest University of Technology and Economics Department of Automation and Applied Informatics Applied.
UML Formalization: A Position Paper Kenneth BaclawskiNortheastern University Scott DeLoachAFIT Mieczyslaw KokarNortheastern University Jeffrey SmithNortheastern.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 4 - Domain Classes.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
A language to describe software texture in abstract design models and implementation.
1 Relational Databases and SQL. Learning Objectives Understand techniques to model complex accounting phenomena in an E-R diagram Develop E-R diagrams.
Systems Analysis and Design in a Changing World, 3rd Edition
CS 363 Comparative Programming Languages Semantics.
CS3773 Software Engineering Lecture 04 UML Class Diagram.
CHAPTER 13 (ONLINE): OBJECT-ORIENTED DATA MODELING © 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 Modern Database Management 11 th Edition.
Unit-1 Introduction Prepared by: Prof. Harish I Rathod
1 © Prentice Hall, 2002 Chapter 14: Object-Oriented Data Modeling Modern Database Management 6 th Edition Jeffrey A. Hoffer, Mary B. Prescott, Fred R.
© 2009 Pearson Education, Inc. Publishing as Prentice Hall 1 Chapter 15: Object-Oriented Data Modeling Modern Database Management 9 h Edition Jeffrey A.
© 2011 Pearson Education, Inc. Publishing as Prentice Hall 1 Chapter 13 (Online): Object-Oriented Data Modeling Modern Database Management 10 th Edition.
Unified Modeling Language © 2002 by Dietrich and Urban1 ADVANCED DATABASE CONCEPTS Unified Modeling Language Susan D. Urban and Suzanne W. Dietrich Department.
Using Meta-Model-Driven Views to Address Scalability in i* Models Jane You Department of Computer Science University of Toronto.
Week III  Recap from Last Week Review Classes Review Domain Model for EU-Bid & EU-Lease Aggregation Example (Reservation) Attribute Properties.
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.
Chapter 3 Part II Describing Syntax and Semantics.
Ch- 8. Class Diagrams Class diagrams are the most common diagram found in modeling object- oriented systems. Class diagrams are important not only for.
® A Proposed UML Profile For EXPRESS David Price Seattle ISO STEP Meeting October 2004.
1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.
Object-Oriented Parsing and Transformation Kenneth Baclawski Northeastern University Scott A. DeLoach Air Force Institute of Technology Mieczyslaw Kokar.
1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Class Diagrams. Terms and Concepts A class diagram is a diagram that shows a set of classes, interfaces, and collaborations and their relationships.
Object-Oriented Software Engineering Practical Software Development using UML and Java Modelling with Classes.
Faithful mapping of model classes to mathematical structures Ádám Darvas ETH Zürich Switzerland Peter Müller Microsoft Research Redmond, WA, USA SAVCBS.
Interpreting the Object Constraint Presented by: Ed Kausmeyer.
Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.
AUTOMATIC GENERATION OF MODEL TRAVERSALS FROM METAMODEL DEFINITIONS Authors: Tomaž Lukman, Marjan Mernik, Zekai Demirezen, Barrett Bryant, Jeff Gray ACM.
XML Schema – XSLT Week 8 Web site:
1 Model Driven Health Tools Design and Implementation of CDA Templates Dave Carlson Contractor to CHIO
Introduction to UML and Rational Rose UML - Unified Modeling Language Rational Rose 98 - a GUI tool to systematically develop software through the following.
1 UML Formalization and Transformation Dissertation Defense Jeffrey E. Smith Committee: Dr. M. Kokar (Advisor), Dr. K. Baclawski, Dr. T. Cullinane, Dr.
ER Diagrams ● Many different notations are available ● From wikipedia:wikipedia: Entity-relationship modelwikipedia: Entity-relationship model ● How do.
UNIT-IV Designing Classes – Access Layer ‐ Object Storage ‐ Object Interoperability.
The Enhanced Entity- Relationship (EER) Model
Chapter 8 Analysis & Modeling
Logical architecture refinement
Lec 3: Object-Oriented Data Modeling
Object-Oriented Knowledge Representation
Analysis models and design models
Software Architecture & Design
Presentation transcript:

PUBS-99-G Motivation Objective Inconsistent specification “Shell” sw only Complex, diverse and unsupported tools Complex languages/math Lack of trained engineers Unproven scalability Provably correct software Code generation Code refinement Theorem proving Spec/SW composition Uniform graphical user interface Modern SE methodologies (OO, state, etc) Reverse engineering Common large-scale development paradigm ­ Formalize common CASE spec language (UML), ­ Automate transformation from UML to formal representation Computer-aided formally-developed spec/sw CASE-based spec/sw DisadvantagesAdvantagesDisadvantagesAdvantages Verification of translation correctness left to tool developers or programmers CASE tools don’t enforce syntax/semantics CASE tools can only do partial translation to a programming language UML is semi-formal and inconsistent Develop provably correct UML to formal language translator with respect to UML intended meaning Ensure that the class of metamodels of a theory, obtained as a translation of any UML diagram, is a subclass of models of the theory of the UML metamodel –for each translation: UML metamodel theory  theory representing UML diagram Bridge Between CASE and Formal Development Paradigms Process UML Graphical Domain (Application in UML form) UML Semantics (UML Semantics Guide contents) Gen (ME) 4.Map to UML metamodel UML Formal Domain (Application in Slang form) UML Formal Semantics (UML semantics in Slang form) 3.Find morphisms GT (MME) 1.Formalization of UML Theorem 1:  D  ME in D  GT(Gen(ME)) Theorem 2:  D  ME in D  M: GT(Gen(ME))| D  TR(ME) Corollary 2.1:  D  ME M: colimit(GT(Gen(D)))  TR(D) Translation Example - UML Graphical Domain TR (ME) 2.Automatic translation to Slang student_collection 1..1 {frozen} student 1..1 level 1..1 Presentation pres_ID : String Lecture Course Student ID : Integer {ordered} * M is a Morphism; GT is Ground Truth Core MetaModel Generalization Discriminator : Name GeneralizableElement isRoot : Boolean isLeaf : Boolean isAbstract : Boolean Attribute initialValue : Expr Class Classifier Association AssociationEnd isOrdered : Boolean aggregation : AggregationKind mulitplicity : Multiplicity changeable : ChangeableKind Instance Namespace type 1 * classifier 1..* * type 1 specification * associationEnd participant * * {ordered} 2 connection 1 specialization generalization * * subtype 1 supertype 1 ModelElement Name : Name ownedElement namespace * 0.1 Object UML Diagram Intermediate Structure (REI Model) Slang StructureProgramming LanguageParse Tree Intermediate StructureIntermediate CodeExecutable Code UML DiagramExport FormatParse Tree Intermediate StructureO-SlangParse Tree O-Slang StructureSlangParse Tree Slang StructureProgramming LanguageParse Tree Intermediate StructureIntermediate CodeExecutable Code parse dump translate code generate optimize generate symbol table translate symbol table Transformation Pipeline Simplified Transformation Pipeline One-Step Transformation Correctness Theorem Refinement Q = {model elements of diagram D}, B = {attributes in D}, S = {association in D} P = {metamodel elements}, A = {meta-attributes}, R = {meta-associations}, C = {consistency constraints on P, A & R}  : Q  P  : B  A  Q  BaseElements,  : S  R  Q 2 P A R spec op diagram colimit({  (q) | q  Q} | D)  colimit({  (  (q)) | q  Q} | D)  (Q) Q B S spec op diagram       Let D be a UML diagram with respect to the Core Metamodel CM, t hen: Theorem 1: The triple GT = ( , ,  ) is a formalism of CM in Slang Theorem 2: There exists a verification morphism from GT to TR(D) Corollary 2.1: There exists a verification morphism from colimit ({  (q) | q  Q} | D) to colimit ({  (  (q)) | q  Q} | D) UML Graphical DomainUML Semantics UML Formal DomainUML Formal Semantics TR = GT= TR(D)  GT  Formal Verification of UML Diagrams Jeffrey Smith: Sanders and Northeastern University Mieczyslaw Kokar: Northeastern University, College of Engineering Ken Baclawski: Northeastern University, College of Computer Science UML to Formal Spec Translation Rules Model Element - Spec Rule - Every Model Element in UML, specified in the UML Semantics Guide, translates to a spec containing a sort, both having the same name as the ModelElement. Specification Constraint to Op/Axiom Rule - For each specification constraint, add an associated op in the spec corresponding to the UML object that contains this specification constraint. Specify the constraint in an axiom associated with the op. UML Diagram to Colimit of Specs Rule - For each UML diagram, specify each metamodel element, as defined in the previous rules, and build the entire diagram, in a bottom-up fashion, using colimits. Constraints are specified at each level of the construction. Generalization - Generalization Instance Spec Rule - Translate each generalizable element of a generalization to a separate instance of a generalizable element spec, filling in each of the generalizable element constraints as ops, axioms and theorems of each generalizable element spec. Translate each generalization to a separate instance of a generalization spec, identifying which of the two generalizable element instances represent the subtype and supertype ``is-a" relationship. Form a colimit of the generalizable element subtype and supertype instances with an instance of the GENERALIZABLE ELEMENT- GENERALIZATION-COLIMIT spec (in the UML Formal Semantics), filling in the constraints associated with the generalizable element and generalization relations as ops and axioms. Association - Association Instance Spec Rule - Translate each association end of an association to a separate instance of an association end spec, filling in each of the association end constraints as ops, axioms and theorems of the association end spec. Translate the association to a separate instance of the association spec, identifying the classifiers associated with each association end as the source and target of the association. Form a diagram, that links the source ASSOCIATIONEND spec with its ASSOCIATION spec, into an instance of the ASSOC-SOURCE diagram, filling in the specs and sorts of the association end and association names with their instantiated values. Similarly, form a diagram, that links the target ASSOCIATIONEND spec with its ASSOCIATION spec, into an instance of the ASSOC-TARGET diagram. Next, form a diagram that combines these two diagrams with diagrams that will link the source and target CLASSIFIER specs with the source and target association ends, respectively. This is done by forming a colimit of these association ends, classifiers and association specs into an instance of the ASSOCIATION-CLASSIFIER- COLIMIT spec, filling in the constraints associated with association end, classifier and association relations, as ops and axioms. Aggregation - Aggregation Instance Rule - Treat aggregation as an association, labeling the association end corresponding to the aggregate end (the side with the hollow or filled in diamond) with the type of aggregation, according to the UML Semantics Guide. Class, Instance and Object Formalization Rules - Translate each class to an instance of a class spec, implementing the specialization of the inherited name constraint from the ModelElement metamodel element and the isRoot, isLeaf and isAbstract constraints from the Classifier metamodel element. Translate each instance to an instance of an INSTANCE spec, implementing the specialization of the inherited name constraint from the ModelElement metamodel element. Translate each object to an instance of an OBJECT spec, implementing the specialization of the inherited name constraint from the Instance metamodel element (which, in turn, was inherited from the ModelElement metamodel element). Attribute Rule - Translate each attribute to an instance of a ATTRIBUTE spec, implementing its specific initialValue constraint and the inherited name constraint from the ModelElement metamodel element. Form a diagram, that links the CLASS spec with its ATTRIBUTE spec, into an instance of the ATTRIBUTE- TYPE diagram (in the UML Formal Semantics), filling in the specs and sorts of the Class and Attribute names with their instantiated values.

PUBS-99-G spec LECTURE is sort Lecture op name: Lecture -> String axiom fa(a: Lecture) name(a) = "Lecture" theorem Lecture-name is fa(a: Lecture, b: Lecture) (name(a) = "Lecture" & name(b) = "Lecture") op isLeaf: Lecture -> Boolean axiom fa(a: Lecture) isLeaf(a) = true theorem Lecture-isLeaf is fa(a: Lecture, b: Lecture) (isLeaf(a) = true & isLeaf(b) = true) op isRoot: Lecture -> Boolean axiom fa(a: Lecture) isRoot(a) = false theorem Lecture-isRoot is fa(a: Lecture, b: Lecture) (isRoot(a) = false & isRoot(b) = false) op isAbstract: Lecture -> Boolean axiom fa(a: Lecture) isAbstract(a) = false theorem Lecture-isAbstract is fa(a: Lecture, b: Lecture) (isAbstract(a) = false & isAbstract(b) = false) end-spec spec COURSE is sort Course op name: Course -> String axiom fa(a: Course) name(a) = "Course" theorem Course-name is fa(a: Course, b: Course) (name(a) = "Course" & name(b) = "Course") op isLeaf: Course -> Boolean axiom fa(a: Course) isLeaf(a) = true theorem Course-isLeaf is fa(a: Course, b: Course) (isLeaf(a) = true & isLeaf(b) = true) op isRoot: Course -> Boolean axiom fa(a: Course) isRoot(a) = true theorem Course-isRoot is fa(a: Course, b: Course) (isRoot(a) = true & isRoot(b) = true) op isAbstract: Course -> Boolean axiom fa(a: Course) isAbstract(a) = false theorem Course-isAbstract is fa(a: Course, b: Course) (isAbstract(a) = false & isAbstract(b) = false) end-spec spec PRESENTATION is sort Presentation op name: Presentation -> String axiom fa(a: Presentation) name(a) = "Presentation" theorem Presentation-name is fa(a: Presentation, b: Presentation) (name(a) = "Presentation" & name(b) = "Presentation") op isLeaf: Presentation -> Boolean axiom fa(a: Presentation) isLeaf(a) = false theorem Presentation-isLeaf is fa(a: Presentation, b: Presentation) (isLeaf(a) = false & isLeaf(b) = false) op isRoot: Presentation -> Boolean axiom fa(a: Presentation) isRoot(a) = true theorem Presentation-isRoot is fa(a: Presentation, b: Presentation) (isRoot(a) = true & isRoot(b) = true) op isAbstract: Presentation -> Boolean axiom fa(a: Presentation) isAbstract(a) = true theorem Presentation-isAbstract is fa(a: Presentation, b: Presentation) (isAbstract(a) = true & isAbstract(b) = true) end-spec spec STUDENT is sort Student op name: Student -> String axiom fa(a: Student) name(a) = "Student" theorem Student-name is fa(a: Student, b: Student) (name(a) = "Student" & name(b) = "Student") op isLeaf: Student -> Boolean axiom fa(a: Student) isLeaf(a) = true theorem Student-isLeaf is fa(a: Student, b: Student) (isLeaf(a) = true & isLeaf(b) = true) op isRoot: Student -> Boolean axiom fa(a: Student) isRoot(a) = true theorem Student-isRoot is fa(a: Student, b: Student) (isRoot(a) = true & isRoot(b) = true) op isAbstract: Student -> Boolean axiom fa(a: Student) isAbstract(a) = false theorem Student-isAbstract is fa(a: Student, b: Student) (isAbstract(a) = false & isAbstract(b) = false) end-spec spec PRES_ID-ATTRIBUTE is sort pres_ID-attribute op name: pres_ID-attribute -> String axiom fa(a: pres_ID-attribute) name(a) = "pres_ID" theorem pres_ID-name is fa(a: pres_ID-attribute, b: pres_ID-attribute) (name(a) = "pres_ID" & name(b) = "pres_ID") op pres_ID: pres_ID-attribute -> String axiom fa(a: pres_ID-attribute) pres_ID(a) = "" theorem pres_ID-initialValue is fa(a: pres_ID-attribute, b: pres_ID-attribute) (pres_ID(a) = "" & pres_ID(b) = "") end-spec diagram PRES_ID-ATTRIBUTE is nodes T1: TRIV, T2: TRIV, PAIR, PRESENTATION, PRES_ID-ATTRIBUTE arcs T1 -> PRESENTATION: {e -> Presentation}, T1 -> PAIR: {e -> Left}, T1 -> PAIR: {e -> Right}, T1 -> PRES_ID-ATTRIBUTE: {e -> pres_ID-attribute} end-diagram spec ID-ATTRIBUTE is sort ID-attribute op name: ID-attribute -> String axiom fa(a: ID-attribute) name(a) = "ID" theorem ID-name is fa(a: ID-attribute, b: ID-attribute) (name(a) = "ID" & name(b) = "ID") op ID: ID-attribute -> Integer axiom fa(a: ID-attribute) ID(a) = "" theorem ID-initialValue is fa(a: ID-attribute, b: ID-attribute) (pres_ID(a) = "" & pres_ID(b) = "") end-spec diagram ID-ATTRIBUTE is nodes T1: TRIV, T2: TRIV, PAIR, STUDENT, ID-ATTRIBUTE arcs T1 -> STUDENT: {e -> Student}, T1 -> PAIR: {e -> Left}, T1 -> PAIR: {e -> Right}, T1 -> ID-ATTRIBUTE: {e -> ID-attribute} end-diagram spec LECTURE-AE-STUDENT is sort Lecture-AE-Student op name: Lecture-AE-Student -> String axiom fa(a: Lecture-AE-Student) name(a) = "student_collection" theorem Lecture-AE-Student-name is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (name(a) = "student_collection" & name(b) = "student_collection") op multiplicity: Lecture-AE-Student -> Nat, Nat axiom fa(a: Lecture-AE-Student) multiplicity(a) = (1,1) theorem Lecture-AE-Student-multiplicity is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (multiplicity(a) = (1,1) & multiplicity(b) = (1,1)) op isNavigable: Lecture-AE-Student -> Boolean axiom fa(a: Lecture-AE-Student) isNavigable(a) = true theorem Lecture-AE-Student-isNavigable is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (isNavigable(a) = true & isNavigable(b) = true) op aggregate: Lecture-AE-Student -> String axiom fa(a: Lecture-AE-Student) aggregate(a) = "aggregate" theorem Lecture-AE-Student-aggregate is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (aggregate(a) = "aggregate" & aggregate(b) = "aggregate") op changeable: Lecture-AE-Student -> String axiom fa(a: Lecture-AE-Student) changeable(a) = "none" theorem Lecture-AE-Student-changeable is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (changeable(a) = "none" & changeable(b) = "none") op isOrdered: Lecture-AE-Student -> Boolean axiom fa(a: Lecture-AE-Student) isOrdered(a) = false theorem Lecture-AE-Student-isOrdered is fa(a: Lecture-AE-Student, b: Lecture-AE-Student) (isOrdered(a) = false & isOrdered(b) = false) end-spec spec STUDENT-AE-LECTURE is sort Student-AE-Lecture op name: Student-AE-Lecture -> String axiom fa(a: Student-AE-Lecture) name(a) = "student" theorem Student-AE-Lecture-name is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (name(a) = "student" & name(b) = "student") op multiplicity: Student-AE-Lecture -> Nat, Nat axiom fa(a: Student-AE-Lecture) multiplicity(a) = (0,*) theorem Student-AE-Lecture-multiplicity is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (multiplicity(a) = (0,*) & multiplicity(b) = (0,*)) op isNavigable: Student-AE-Lecture -> Boolean axiom fa(a: Student-AE-Lecture) isNavigable(a) = true theorem Student-AE-Lecture-isNavigable is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (isNavigable(a) = true & isNavigable(b) = true) op aggregate: Student-AE-Lecture -> String axiom fa(a: Student-AE-Lecture) aggregate(a) = "none" theorem Student-AE-Lecture-aggregate is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (aggregate(a) = "none" & aggregate(b) = "none") op changeable: Student-AE-Lecture -> String axiom fa(a: Student-AE-Lecture) changeable(a) = "none" theorem Student-AE-Lecture-changeable is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (changeable(a) = "none" & changeable(b) = "none") op isOrdered: Student-AE-Lecture -> Boolean axiom fa(a: Student-AE-Lecture) isOrdered(a) = true theorem Student-AE-Lecture-isOrdered is fa(a: Student-AE-Lecture, b: Student-AE-Lecture) (isOrdered(a) = true & isOrdered(b) = true) end-spec spec LECTURE-AE-COURSE is sort Lecture-AE-Course op name: Lecture-AE-Course -> String axiom fa(a: Lecture-AE-Course) name(a) = "level" theorem Lecture-AE-Course-name is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (name(a) = "level" & name(b) = "level") op multiplicity: Lecture-AE-Course -> Nat, Nat axiom fa(a: Lecture-AE-Course) multiplicity(a) = (1,1) theorem Lecture-AE-Course-multiplicity is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (multiplicity(a) = (1,1) & multiplicity(b) = (1,1)) op isNavigable: Lecture-AE-Course -> Boolean axiom fa(a: Lecture-AE-Course) isNavigable(a) = true theorem Lecture-AE-Course-isNavigable is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (isNavigable(a) = true & isNavigable(b) = true) op aggregate: Lecture-AE-Course -> String axiom fa(a: Lecture-AE-Course) aggregate(a) = "none" theorem Lecture-AE-Course-aggregate is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (aggregate(a) = "none" & aggregate(b) = "none") op changeable: Lecture-AE-Course -> String axiom fa(a: Lecture-AE-Course) changeable(a) = "none" theorem Lecture-AE-Course-changeable is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (changeable(a) = "none" & changeable(b) = "none") op isOrdered: Lecture-AE-Course -> Boolean axiom fa(a: Lecture-AE-Course) isOrdered(a) = false theorem Lecture-AE-Course-isOrdered is fa(a: Lecture-AE-Course, b: Lecture-AE-Course) (isOrdered(a) = false & isOrdered(b) = false) end-spec spec COURSE-AE-LECTURE is sort Course-AE-Lecture op name: Course-AE-Lecture -> String axiom fa(a: Course-AE-Lecture) name(a) = "" theorem Course-AE-Lecture-name is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (name(a) = "" & name(b) = "") op multiplicity: Course-AE-Lecture -> Nat, Nat axiom fa(a: Course-AE-Lecture) multiplicity(a) = (1,1) theorem Course-AE-Lecture-multiplicity is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (multiplicity(a) = (1,1) & multiplicity(b) = (1,1)) op isNavigable: Course-AE-Lecture -> Boolean axiom fa(a: Course-AE-Lecture) isNavigable(a) = true theorem Course-AE-Lecture-isNavigable is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (isNavigable(a) = true & isNavigable(b) = true) op aggregate: Course-AE-Lecture -> String axiom fa(a: Course-AE-Lecture) aggregate(a) = "none" theorem Course-AE-Lecture-aggregate is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (aggregate(a) = "none" & aggregate(b) = "none") op changeable: Course-AE-Lecture -> String axiom fa(a: Course-AE-Lecture)changeable(a) = "frozen" theorem Course-AE-Lecture-changeable is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (changeable(a) = "frozen" & changeable(b) = "frozen") op isOrdered: Course-AE-Lecture -> Boolean axiom fa(a: Course-AE-Lecture) isOrdered(a) = false theorem Course-AE-Lecture-isOrdered is fa(a: Course-AE-Lecture, b: Course-AE-Lecture) (isOrdered(a) = false & isOrdered(b) = false) end-spec spec LECTURE-STUDENT-AGGREGATION is sort Lecture-Student-Aggregation, Lecture, Student op name: Lecture-Student-Aggregation -> String axiom fa(a: Lecture-Student-Aggregation) name(a) = "Lecture-Student-Aggregation" theorem Lecture-Student-Aggregation-name is fa(a: Lecture-Student-Aggregation, b: Lecture-Student-Aggregation) (name(a) = "Lecture-Student-Aggregation" & name(b) = "Lecture-Student-Aggregation") op isLeaf: Lecture-Student-Aggregation -> Boolean axiom fa(a: Lecture-Student-Aggregation) isLeaf(a) = true theorem Lecture-Student-Aggregation-isLeaf is fa(a: Lecture-Student-Aggregation, b: Lecture-Student-Aggregation) (isLeaf(a) = true & isLeaf(b) = true) op isRoot: Lecture-Student-Aggregation -> Boolean axiom fa(a: Lecture-Student-Aggregation) isRoot(a) = true theorem Lecture-Student-Aggregation-isRoot is fa(a: Lecture-Student-Aggregation, b: Lecture-Student-Aggregation) (isRoot(a) = true & isRoot(b) = true) op isAbstract: Lecture-Student-Aggregation -> Boolean axiom fa(a: Lecture-Student-Aggregation) isAbstract(a) = true theorem Lecture-Student-Aggregation-isAbstract is fa(a: Lecture-Student-Aggregation, b: Lecture-Student-Aggregation) (isAbstract(a) = true & isAbstract(b) = true) op make-association: Lecture, Student -> Lecture-Student-Aggregation op first: Lecture-Student-Aggregation -> Lecture op second: Lecture-Student-Aggregation -> Student axiom first(make-association(d, e)) = d axiom second(make-association(d, e)) = e constructors {make-association} construct Lecture-Student-Aggregation theorem p = make-association(first(p), second(p)) end-spec diagram LECTURE-STUDENT-ASSOC-SOURCE is nodes T1: TRIV, T2: TRIV, PAIR, LECTURE-STUDENT-AGGREGATION, LECTURE-AE-STUDENT arcs T1 -> LECTURE-STUDENT-AGGREGATION: {e -> Lecture-Student-Aggregation}, T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T2 -> LECTURE-AE-STUDENT: {e -> Lecture-AE-Student} end-diagram diagram LECTURE-STUDENT-ASSOC-TARGET is nodes T1: TRIV, T2: TRIV, PAIR, LECTURE-STUDENT-AGGREGATION, STUDENT-AE-LECTURE arcs T1 -> LECTURE-STUDENT-AGGREGATION: {e -> Lecture-Student-Aggregation}, T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T2 -> STUDENT-AE-LECTURE: {e -> Student-AE-Lecture} end-diagram spec LECTURE-STUDENT-AGGREGATION-COLIMIT is import colimit of diagram nodes T1: TRIV, T2: TRIV, T3: TRIV, T4: TRIV, T5: TRIV, T6: TRIV, T7: TRIV, T8: TRIV, P1: PAIR, P2: PAIR, P3: PAIR, P4: PAIR, LECTURE, STUDENT, LECTURE-AE-STUDENT, STUDENT-AE-LECTURE, LECTURE-STUDENT-AGGREGATION arcs T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T1 -> LECTURE: {e -> Lecture}, T2 -> LECTURE-AE-STUDENT: {e -> Lecture-AE-Student}, T3 -> P2: {e -> Right}, T4 -> P2: {e -> Left}, T3 -> LECTURE-AE-STUDENT: {e -> Lecture-AE-Student}, T4 -> LECTURE-STUDENT-AGGREGATION: {e -> Lecture-Student-Aggregation}, T5 -> P3: {e -> Right}, T6 -> P3: {e -> Left}, T5 -> LECTURE-STUDENT-AGGREGATION: {e -> Lecture-Student-Aggregation}, T6 -> STUDENT-AE-LECTURE: {e -> Student-AE-Lecture}, T7 -> P4: {e -> Right}, T8 -> P4: {e -> Left}, T7 -> STUDENT-AE-LECTURE: {e -> Student-AE-Lecture}, T8 -> STUDENT: {e -> Student} end-diagram axiom OCL1 is fa(a: Lecture-AE-Student, b:Student-AE-Lecture) name(a) = name(b) => a = b axiom OCL2 is fa(a: Lecture-AE-Student, b:Student-AE-Lecture) ((aggregate(a) = "aggregate") or (aggregate(a) = "composite") => (aggregate(b) = "none") or ((aggregate(b) = "aggregate") or (aggregate(b) = "composite") => (aggregate(a) = "none")) axiom OCL3 is fa(a: Lecture-Student-Aggregation) Lecture = first(a) & Student = second(a) axiom OCL4 is fa(a: Lecture, b:Student) name(a) = name(b) => a = b end-spec spec LECTURE-COURSE-ASSOCIATION is sort Lecture-Course-Association, Lecture, Course op name: Lecture-Course-Association -> String axiom fa(a: Lecture-Course-Association) name(a) = "Lecture-Course-Association" theorem Lecture-Course-Association-name is fa(a: Lecture-Course-Association, b: Lecture-Course-Association) (name(a) = "Lecture-Course-Association" & name(b) = "Lecture-Course-Association") op isLeaf: Lecture-Course-Association -> Boolean axiom fa(a: Lecture-Course-Association) isLeaf(a) = true theorem Lecture-Course-Association-isLeaf is fa(a: Lecture-Course-Association, b: Lecture-Course-Association) (isLeaf(a) = true & isLeaf(b) = true) op isRoot: Lecture-Course-Association -> Boolean axiom fa(a: Lecture-Course-Association) isRoot(a) = true theorem Lecture-Course-Association-isRoot is fa(a: Lecture-Course-Association, b: Lecture-Course-Association) (isRoot(a) = true & isRoot(b) = true) op isAbstract: Lecture-Course-Association -> Boolean axiom fa(a: Lecture-Course-Association) isAbstract(a) = true theorem Lecture-Course-Association-isAbstract is fa(a: Lecture-Course-Association, b: Lecture-Course-Association) (isAbstract(a) = true & isAbstract(b) = true) op make-association: Lecture, Course -> Lecture-Course-Association op first: Lecture-Course-Association -> Lecture op second: Lecture-Course-Association -> Course axiom first(make-association(d, e)) = d axiom second(make-association(d, e)) = e constructors {make-association} construct Lecture-Course-Association theorem p = make-association(first(p), second(p)) end-spec diagram LECTURE-COURSE-ASSOC-SOURCE is nodes T1: TRIV, T2: TRIV, PAIR, LECTURE-COURSE-ASSOCIATION, LECTURE-AE-COURSE arcs T1 -> LECTURE-COURSE-ASSOCIATION: {e -> Lecture-Course-Association}, T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T2 -> LECTURE-AE-COURSE: {e -> Lecture-AE-Course} end-diagram diagram LECTURE-COURSE-ASSOC-TARGET is nodes T1: TRIV, T2: TRIV, PAIR, LECTURE-COURSE-ASSOCIATION, COURSE-AE-LECTURE arcs T1 -> LECTURE-COURSE-ASSOCIATION: {e -> Lecture-Course-Association}, T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T2 -> COURSE-AE-LECTURE: {e -> Course-AE-Lecture} end-diagram spec LECTURE-COURSE-ASSOCIATION-COLIMIT is import colimit of diagram nodes T1: TRIV, T2: TRIV, T3: TRIV, T4: TRIV, T5: TRIV, T6: TRIV, T7: TRIV, T8: TRIV, P1: PAIR, P2: PAIR, P3: PAIR, P4: PAIR, LECTURE, COURSE, LECTURE-AE-COURSE, COURSE-AE-LECTURE, LECTURE-COURSE-ASSOCIATION arcs T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T1 -> LECTURE: {e -> Lecture}, T2 -> LECTURE-AE-COURSE: {e -> Lecture-AE-Course}, T3 -> P2: {e -> Right}, T4 -> P2: {e -> Left}, T3 -> LECTURE-AE-COURSE: {e -> Lecture-AE-Course}, T4 -> LECTURE-COURSE-ASSOCIATION: {e -> Lecture-Course-Association}, T5 -> P3: {e -> Right}, T6 -> P3: {e -> Left}, T5 -> LECTURE-COURSE-ASSOCIATION: {e -> Lecture-Course-Association}, T6 -> COURSE-AE-LECTURE: {e -> Course-AE-Lecture}, T7 -> P4: {e -> Right}, T8 -> P4: {e -> Left}, T7 -> COURSE-AE-LECTURE: {e -> Course-AE-Lecture}, T8 -> COURSE: {e -> Course} end-diagram axiom OCL1 is fa(a: Lecture-AE-Course, b:Course-AE-Lecture) name(a) = name(b) => a = b axiom OCL2 is fa(a: Lecture-AE-Course, b:Course-AE-Lecture) ((aggregate(a) = "aggregate") or (aggregate(a) = "composite") => (aggregate(b) = "none") or ((aggregate(b) = "aggregate") or (aggregate(b) = "composite") => (aggregate(a) = "none")) axiom OCL3 is fa(a: Lecture-Course-Association) Lecture = first(a) & Course = second(a) axiom OCL4 is fa(a: Lecture, b:Course) name(a) = name(b) => a = b end-spec spec PRESENTATION-LECTURE-GENERALIZATION is sorts Presentation-Lecture-Generalization, Lecture op name: Presentation-Lecture-Generalization -> String axiom fa(a: Presentation-Lecture-Generalization) name(a) = "Presentation-Lecture-Generalization" theorem Presentation-Lecture-Generalization-name is fa(a: Presentation-Lecture-Generalization, b: Presentation-Lecture-Generalization) (name(a) = "Presentation-Lecture-Generalization" & name(b) = "Presentation-Lecture-Generalization") op discriminator: Presentation-Lecture-Generalization -> String axiom fa(a: Presentation-Lecture-Generalization) discriminator(a) = "") theorem Presentation-Lecture-Generalization-discriminator is fa(a: Presentation-Lecture-Generalization, b: Presentation-Lecture-Generalization) (discriminator(a) = "" & discriminator(b) = "") op isa: Lecture -> Presentation-Lecture-Generalization axiom fa(a: Lecture) isa(a) = Presentation-Lecture-Generalization) theorem Presentation-Lecture-Generalization-isa is fa(a: Lecture, b: Lecture) (isa(a) = Presentation-Lecture-Generalization & isa(b) = Presentation-Lecture-Generalization) op no-isa: Presentation-Lecture-Generalization -> String axiom fa(a: Presentation-Lecture-Generalization) no-isa(a) = "Presentation" theorem Presentation-Lecture-Generalization-no-isa is fa(a: Presentation-Lecture-Generalization, b: Presentation-Lecture-Generalization) (no-isa(a) = "Presentation" & no-isa(b) = "Presentation") end-spec spec PRESENTATION-LECTURE-GENERALIZATION-COLIMIT is import colimit of diagram nodes T1: TRIV, T2: TRIV, T3: TRIV, T4: TRIV, P1: PAIR, P2: PAIR, PRESENTATION, LECTURE, PRESENTATION-LECTURE-GENERALIZATION arcs T1 -> P1: {e -> Left}, T1 -> LECTURE: {e -> Lecture}, T2 -> P1: {e -> Right}, T2 -> PRESENTATION-LECTURE-GENERALIZATION: {e -> Lecture}, T3 -> P2: {e -> Left}, T3 -> PRESENTATION-LECTURE-GENERALIZATION: {e -> Presentation-Lecture-Generalization}, T4 -> P2: {e -> Right}, T4 -> PRESENTATION: {e -> Presentation} end-diagram axiom OCL5 is fa(a: Presentation, b:Presentation-Lecture-Generalization) isRoot(a) = no-isa(b) => "" axiom OCL6 is fa(a: Presentation) isLeaf(a) = false axiom OCL7 is fa(a: Presentation, b:Presentation-Lecture-Generalization) name(a) = no-isa(b) end-spec Translation Example - UML Formal Domain % Part 1 specs - each of the meta-classes in the Core Metamodel ---- spec PAIR is sorts Pair, Left, Right op make-pair: Left, Right -> Pair op left: Pair -> Left op right: Pair -> Right axiom (equal (left (make-pair d e)) d) axiom (equal (right(make-pair d e)) e) constructors {make-pair} construct Pair theorem (equal p (make-pair (left p) (right p))) axiom unique is (and (and (fa (a: Left) (ex (b: Right p: Pair) (and (equal (Left p) a) (equal (Right p) b)))) (implies (fa (a: Left b1: Right b2: Right p1: Pair p2: Pair) (and (and (and (equal (Left p1) a) (equal (Left p2) a)) (equal (Right p1) b1)) (equal (Right p2) b2))) (and (equal p1 p2) (equal b1 b2)))) (and (fa (a: Right) (ex (a: Left p: Pair) (and (equal (Left p) a) (equal (Right p) b)))) (implies (fa (a1: Left a2: Left p1: Pair p2: Pair b: Right) (and (and (and (equal (Left p1) a1) (equal (Left p2) a2)) (equal (Right p1) b1)) (equal (Right p2) b2))) (and (equal p1 p2) (equal a1 a2))))) end-spec spec MODELELEMENT is sort ModelElement op name : ModelElement -> String axiom name is (fa (a: ModelElement b: ModelElement) (equal (name a) (name b))) end-spec spec ATTRIBUTE is sorts Attribute, Expr op name : Attribute -> String axiom name is (fa (a: Attribute b: Attribute) (equal (name a) (name b))) op initialValue : Attribute -> Expr axiom initialValue is (fa (a: Attribute b: Attribute) (equal (initialValue a) (initialValue b))) end-spec spec INSTANCE is sort Instance op name : Instance -> String axiom name is (fa (a: Instance b: Instance) (equal (name a) (name b))) end-spec spec OBJECT is sort Object op name : Object -> String axiom name is (fa (a: Object b: Object) (equal (name a) (name b))) end-spec spec GENERALIZATION is sorts Generalization, Specialization op name : Generalization -> String axiom name is (fa (a: Generalization b: Generalization) (equal (name a) (name b))) op discriminator : Generalization -> String axiom discriminator is (fa (a: Generalization b: Generalization) (equal (discriminator a) (discriminator b))) op isa : Specialization -> Generalization axiom isa is (fa (a: Specialization b: Specialization) (equal (isa a) (isa b))) op no-isa : Generalization -> String axiom no-isa is (fa (a: Generalization b: Generalization) (equal (no-isa a) (no-isa b))) end-spec spec NAMESPACE is sort Namespace op name : Namespace -> String axiom name is (fa (a: Namespace b: Namespace) (equal (name a) (name b))) end-spec spec GENERALIZABLEELEMENT is sort GeneralizableElement op name : GeneralizableElement -> String axiom name is (fa (a: GeneralizableElement b: GeneralizableElement) (equal (name a) (name b))) op isRoot : GeneralizableElement -> Boolean axiom isRoot is (fa (a: GeneralizableElement b: GeneralizableElement) (equal (isRoot a) (isRoot b))) op isLeaf : GeneralizableElement -> Boolean axiom isLeaf is (fa (a: GeneralizableElement b: GeneralizableElement) (equal (isLeaf a) (isLeaf b))) op isAbstract : GeneralizableElement -> Boolean axiom isAbstract is (fa (a: GeneralizableElement b: GeneralizableElement) (equal (isAbstract a) (isAbstract b))) end-spec spec CLASSIFIER is sort Classifier op name : Classifier -> String axiom name is (fa (a: Classifier b: Classifier) (equal (name a) (name b))) op isRoot : Classifier -> Boolean axiom isRoot is (fa (a: Classifier b: Classifier) (equal (isRoot a) (isRoot b))) op isLeaf : Classifier -> Boolean axiom isLeaf is (fa (a: Classifier b: Classifier) (equal (isLeaf a) (isLeaf b))) op isAbstract : Classifier -> Boolean axiom isAbstract is (fa (a: Classifier b: Classifier) (equal (isAbstract a) (isAbstract b))) end-spec spec CLASS is sort Class op name : Class -> String axiom name is (fa (a: Class b: Class) (equal (name a) (name b))) op isRoot : Class -> Boolean axiom isRoot is (fa (a: Class b: Class) (equal (isRoot a) (isRoot b))) op isLeaf : Class -> Boolean axiom isLeaf is (fa (a: Class b: Class) (equal (isLeaf a) (isLeaf b))) op isAbstract : Class -> Boolean axiom isAbstract is (fa (a: Class b: Class) (equal (isAbstract a) (isAbstract b))) end-spec spec ASSOCIATION is sort Association, Source, Target op name : Association -> String axiom name is (fa (a: Association b: Association) (equal (name a) (name b))) op isRoot : Association -> Boolean axiom isRoot is (fa (a: Association b: Association) (equal (isRoot a) (isRoot b))) op isLeaf : Association -> Boolean axiom isLeaf is (fa (a: Association b: Association) (equal (isLeaf a) (isLeaf b))) op isAbstract : Association -> Boolean axiom isAbstract is (fa (a: Association b: Association) (equal (isAbstract a) (isAbstract b))) op make-association: Source, Target -> Association op first: Association -> Source op second: Association -> Target axiom (equal (first (make-association d e)) d) axiom (equal (second(make-association d e)) e) constructors {make-association} construct Association theorem (equal p (make-association (first p) (second p))) end-spec spec ASSOCIATIONEND is sorts AssociationEnd op isNavigable: AssociationEnd -> Boolean axiom isNavigable is (fa (a: AssociationEnd b: AssociationEnd) (equal (isNavigable a) (isNavigable b))) op isOrdered: AssociationEnd -> Boolean axiom isOrdered is (fa (a: AssociationEnd b: AssociationEnd) (equal (isOrdered a) (isOrdered b))) op name: AssociationEnd -> String axiom name is (fa (a: AssociationEnd b: AssociationEnd) (equal (name a) (name b))) op aggregate: AssociationEnd -> String axiom aggregate is (fa (a: AssociationEnd b: AssociationEnd) (equal (aggregate a) (aggregate b))) op multiplicity: AssociationEnd -> Nat, Nat axiom multiplicity is (fa (a: AssociationEnd b: AssociationEnd) (equal (multiplicity a) (multiplicity b))) op changeable: AssociationEnd -> String axiom changeable is (fa (a: AssociationEnd b: AssociationEnd) (equal (changeable a) (changeable b))) end-spec % Part 2 diagrams - diagrams that implement each link between pairs of meta-classes - diagram ASSOCIATION-END-TYPE is nodes T1:TRIV, T2:TRIV, PAIR, ASSOCIATIONEND, CLASSIFIER arcs T1 -> ASSOCIATIONEND: {e -> AssociationEnd}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> CLASSIFIER{e -> Classifier} end-diagram diagram SPEC-PARTICIPANT is nodes T1:TRIV, T2:TRIV, PAIR, ASSOCIATIONEND, CLASSIFIER arcs T1 -> ASSOCIATIONEND: {e -> AssociationEnd}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> CLASSIFIER: {e -> Classifier} end-diagram diagram GEN-SUBTYPE is nodes T1:TRIV, T2:TRIV, PAIR, GENERALIZABLEELEMENT, GENERALIZATION arcs T1 -> GENERALIZABLEELEMENT: {e -> GeneralizableElement}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> GENERALIZATION: {e -> Specialization} end-diagram diagram GEN-SUPERTYPE is nodes T1:TRIV, T2:TRIV, PAIR, GENERALIZABLEELEMENT, GENERALIZATION arcs T1 -> GENERALIZABLEELEMENT: {e -> GeneralizableElement}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> GENERALIZATION: {e -> Generalization} end-diagram diagram OWNED-EL-NAMESPACE is nodes T1:TRIV, T2:TRIV, PAIR, MODELELEMENT, NAMESPACE arcs T1 -> MODELELEMENT: {e -> ModelElement}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> NAMESPACE: {e -> Namespace} end-diagram diagram ASSOC-SOURCE is nodes T1:TRIV, T2:TRIV, PAIR, ASSOCIATION, ASSOCIATIONEND arcs T1 -> ASSOCIATION: {e -> Source}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> ASSOCIATIONEND: {e -> AssociationEnd} end-diagram diagram ASSOC-TARGET is nodes T1:TRIV, T2:TRIV, PAIR, ASSOCIATION, ASSOCIATIONEND arcs T1 -> ASSOCIATION: {e -> Target}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> ASSOCIATIONEND: {e -> AssociationEnd} end-diagram diagram INSTANCE-CLASSIFIER is nodes T1:TRIV, T2:TRIV, PAIR, INSTANCE, CLASSIFIER arcs T1 -> INSTANCE: {e -> Instance}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> CLASSIFIER: {e -> Classifier} end-diagram diagram ATTRIBUTE-TYPE is nodes T1:TRIV, T2:TRIV, PAIR, CLASS, ATTRIBUTE arcs T1 -> CLASS: {e -> Class}, T1 -> PAIR: {e -> Left}, T2 -> PAIR: {e -> Right}, T2 -> ATTRIBUTE: {e -> Attribute} end-diagram % Part 3 constraints - colimit specs necessary to describe the OCL constraints - spec ASSOCIATION-CLASSIFIER-COLIMIT is import colimit of diagram nodes T1: TRIV, T2: TRIV, T3: TRIV, T4: TRIV, T5: TRIV, T6: TRIV, T7: TRIV, T8: TRIV, P1: PAIR, P2: PAIR, P3: PAIR, P4: PAIR, C1: CLASSIFIER, C2: CLASSIFIER, AE1: ASSOCIATIONEND, AE2: ASSOCIATIONEND, ASSOCIATION arcs T1 -> P1: {e -> Right}, T2 -> P1: {e -> Left}, T1 -> C1: {e -> Classifier}, T2 -> AE1: {e -> AssociationEnd}, T3 -> P2: {e -> Right}, T4 -> P2: {e -> Left}, T3 -> AE1: {e -> AssociationEnd}, T4 -> ASSOCIATION: {e -> Association}, T5 -> P3: {e -> Right}, T6 -> P3: {e -> Left}, T5 -> ASSOCIATION: {e -> Association}, T6 -> AE2: {e -> AssociationEnd}, T7 -> P4: {e -> Right}, T8 -> P4: {e -> Left}, T7 -> AE2: {e -> AssociationEnd}, T8 -> C2: {e -> Classifier} end-diagram % The AssociationEnds must have a unique name within the association axiom OCL1 is (fa(a: AE1.AssociationEnd b: AE2.AssociationEnd) (implies (equal (AE1.name a) (AE2.name b)) (equal AE1.a AE2.b))) % At most one AssociationEnd may be an aggregate or a composite axiom OCL2 is (fa(a: AE1.AssociationEnd b: AE2.AssociationEnd) (or (implies (or (equal (AE1.aggregate AE1.a) "aggregate") (equal (AE1.aggregate AE1.a) "composite")) (equal (AE2.aggregate AE2.b) "none")) (implies (or (equal (AE2.aggregate AE2.b) "aggregate") (equal (AE2.aggregate AE2.b) "composite")) (equal (AE1.aggregate AE1.a) "none")))) % The connected Classifiers of the AssociationEnds should be included % in the Namespace of the association axiom OCL3 is (fa(a: Association) (and (equal C1.Classifier (first a)) (equal C2.Classifier (second a)))) % No opposite AssociationEnds may have the same name within the Classifier axiom OCL4 is (fa(a: C1.Classifier b: C2.Classifier) (implies (equal (C1.name a) (C2.name b)) (equal C1.a C2.b))) end-spec spec GENERALIZABLEELEMENT-GENERALIZATION-COLIMIT is import colimit of diagram nodes T1: TRIV, T2: TRIV, T3: TRIV, T4: TRIV, P1: PAIR, P2: PAIR, GESUB:GENERALIZABLEELEMENT, GESUPER:GENERALIZABLEELEMENT, GENERALIZATION arcs T1 -> P1: {e -> Right}, T1 -> GESUB: {e -> GeneralizableElement}, T2 -> P1: {e -> Left}, T2 -> GENERALIZATION: {e -> Specialization}, T3 -> P2: {e -> Right}, T3 -> GENERALIZATION: {e -> Generalization}, T4 -> P2: {e -> Left}, T4 -> GESUPER: {e -> GeneralizableElement} end-diagram % A root cannot have any Generalizations axiom OCL5 is (fa(a: GESUPER.GeneralizableElement b: Generalization) (implies (GESUPER.isRoot a) (equal (no-isa b.Generalization) ""))) % No GeneralizableElement can have a supertype Generalization to an % element which is a leaf axiom OCL6 is (fa(a: GeneralizableElement) (equal (GESUPER.isLeaf GESUPER.a) false)) % The supertype must be included in the Namespace of the Generalization axiom OCL7 is (fa(a: GESUPER.GeneralizableElement b: Generalization) (equal (GESUPER.name GESUPER.a) b.Generalization)) end-spec Translation Example - UML Formal Semantics

PUBS-99-G Portion of Specware’s Parse and Type/Theorem Checking Example of Browsing Rose/UML Objects Sample Debug Screen of Lecture UML Diagram Transformation Software GUI

PUBS-99-G Specware Graphical View of the Object-Instance-Generalization Specification Future Work Expand on the set of meta-tools - future expansions include: –Translation of OCL constraints into a form consistent with math foundation – A metamodel analyzer that identifies metamodel elements, meta-attributes, meta-generalizations and meta-associations and helps with the identification of morphisms between these meta- elements and specific UML Formal Domain output – More of UML than existing core metamodel –Translation from a wider set of CASE tools – Extension of the UML Formal Domain to the level of Specware programming language primitives, supporting the potential of direct UML translation to any source code provided by Specware – Use of a wider set of theorem provers than currently built into Specware – Expansion of a CASE tool’s forward and reverse engineering functionality by including the UML Formal Domain as an intermediate representation to support richer and more complete code generation Include reflective OCL constraints by either basing formalization on naïve set theory or building reflectivity into Specware Contribute to future revisions of UML by streamlining redundant functionality and helping to improve the form and content of new revisions Creation of semantics for commonly used rule based systems and translation of the UML form of these rules (and associated actions) to verifiably compose large business and military AI Systems Develop the relationship between other theory based models, e.g. the one developed by Hartrum and Deloach,and the UML Formal Semantics constructed in this research Summary Formalize UML - UML contributions Viable UML to Formal Methods translation Automation of human intensive processes Formal Methods SystemsCASE Tools Formal Verification of UML Diagrams Jeffrey Smith: Sanders and Northeastern University Mieczyslaw Kokar: Northeastern University, College of Engineering Ken Baclawski: Northeastern University, College of Computer Science UML Sample Execution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.