Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.

Published byRoger Hodges Modified over 9 years ago

Similar presentations

Presentation on theme: "University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes."— Presentation transcript:

1 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes Leitner 3, Wilhelm Schäfer 1, and Robert Wagner 1 3rd Workshop on Model Design and Validation: Perspectives on Integrating MDA and V&V Genoa, Italy 1 Software Engineering Group University of Paderborn [hg|wilhelm|wagner]@uni-paderborn.de 2 Faculty IV - Electrical Engineering and Computer Science Technical University of Berlin glesner@cs.tu-berlin.de 3 Department for Computer and Information Science University of Konstanz leitner@uni-konstanz.de

2 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 2Towards Verified Model Transformations Motivation  Model-Driven Software Engineering  increases software quality  reduces development costs  Verified model transformations MDE Model Analysis Model Code (Model) Are the transformations correct?

3 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 3Towards Verified Model Transformations Case Study

4 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 4Towards Verified Model Transformations Example switch2round=true / interlock:=false straight unlocked switching round round round unlocked switching straight straight round_sensor=true / interlock:=true; round_cylinder:=false / round_cylinder:=true switch2straight=true / interlock:=false; / straight_cylinder:=true straight_sensor=true / interlock:=true; straight_cylinder:=false Automaton Is the transformation correct? 1 2 3 6 4 5 VAR state : INT := 1; END_VAR; CASE state OF 1: / * straight */ IF switch2round=true THEN interlock:=false; state:=2; /* straight unlocked */ END_IF; 2: /* straight unlocked */ round_cylinder:=true; state:=3; /* switching round */ … END_CASE PLC-Code Are the models semantically equivalent?

5 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 5Towards Verified Model Transformations [Karsai et al., “Towards verifying model transformations”, Electronic Notes in Theoretical Computer Science, 2006] Related Work Target Model Source Model Transformation Checker to be verified ok ¬ok Source Model Target Model Transformation Model Checking P ok ¬ok Model Checking P’ ok ¬ok Transformation P’=T(P) [Varró et al., “Automated formal verification of model transformations”, Proceedings of CSDUML Workshop 2003] ≠ Rule Developer User

6 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 6Towards Verified Model Transformations Model Transformations Specification Verification Execution

7 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 7Towards Verified Model Transformations Triple Graph Grammars [Sch94] [Sch94] A. Schürr, "Specification of Graph Translators with Triple Graph Grammars", in: G. Tinhofer (ed.), Springer Verlag, 1994; Lecture Notes in Computer Science, Vol. 903, 151-163. s:Statec:Case :CorrNode ++ b:CaseBlock a:Automaton :CorrNode Triple Graph Grammar Rule l:Label ++ Automata Domain PLC-Code Domain Correspondence Domain LHS RHS ++ value=map(s.name) ++

8 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 8Towards Verified Model Transformations Rule Execution : State name=„straight“ : State name=“straight unlocked“ : Automaton : CorrNode : CaseBlock : Transition guard=“…” : Case : CorrNode : Label value=“1” : CorrNode : IfBlock : CorrNode : Case : Label value=“2” :Automaton:CaseBlock :CorrNode ++ Rule 1 (Axiom) ++ :State:Case :CorrNode ++ :Label ++ :CaseBlock ++ :Automaton :CorrNode Rule 2 :Transition:IfBlock :CorrNode ++ :Case :State :CorrNode Rule 3 :Case :State :CorrNode

9 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 9Towards Verified Model Transformations Verification Approach - Overview I/O-Automaton PLC-Code Isabelle/HOL interactive theorem prover for second-order logic

10 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 10Towards Verified Model Transformations Verification Approach - Overview Formalize metamodels as abstract data types - use records, lists and other primitive data types Formalize metamodels as abstract data types - use records, lists and other primitive data types Formalize metamodels as abstract data types - use records, lists and other primitive data types Formalize metamodels as abstract data types - use records, lists and other primitive data types

11 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 11Towards Verified Model Transformations Verification Approach - Overview Formalize metamodels as abstract data types - use records, lists and other primitive data types Formalize metamodels as abstract data types - use records, lists and other primitive data types Define the operational semantics as a recursive function over the formalized metamodels (abstract data types)

12 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 12Towards Verified Model Transformations Verification Approach - Overview Define modifiers analogously to the modifications specified by triple graph grammar rules - adding states, transitions, actions,… - adding case block, if-statements, assignment expressions, … Define modifiers analogously to the modifications specified by triple graph grammar rules - adding states, transitions, actions,… - adding case block, if-statements, assignment expressions, … :State:Case :CorrNode :Label :CaseBlock :Automaton :CorrNode

13 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 13Towards Verified Model Transformations Verification of Transformation  Axiom: Empty Automaton and empty PLC-Program are equivalent  Induction Step: Simultaneous evolution of the models preserves semantic equivalence  Result: For any model M n and corresponding program code P n = trans(M n ) produced by the triple graph grammar holds M n ≈ P n M‘ M P‘ P ≈ ≈ modifier pairs M0M0 P0P0 ≈ MnMn PnPn ≈ Mn:Mn:

14 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 14Towards Verified Model Transformations Conclusion & Future Work  Conclusion  first step towards verification of transformations  has been verified in Isabelle/HOL for simple transformations (approx. 1500 lopc)  verified transformation results in semantically equivalent source and target models for any given source model  Future Work  prove more complex transformations  include automatic checking of correspondence nodes as preconditions  automatic derivation of the formalization for the theorem prover  combine interactive theorem proving with automated verification techniques

15 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 15Towards Verified Model Transformations Programmable Logic Controller Read Input Statement Write Output Programmable Logic Controller (PLC)

16 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 16Towards Verified Model Transformations :Automaton:CaseBlock :CorrNode ++ Axiom ++ :State:Case :CorrNode ++ :Label ++ :CaseBlock ++ :Automaton :CorrNode Rule 1

17 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 17Towards Verified Model Transformations :Transition:IfBlock :CorrNode ++ :Case :State :CorrNode Rule 2 :Case :State :CorrNode

18 University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Robert Wagner - 18Towards Verified Model Transformations Semantics  Reactive Systems  non-terminating behavior and reaction to stimulus provided by the environment  Here  I/O-Automata  PLC-Program  Operational Semantics for I/O-Automaton and PLC-Program

Download ppt "University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
Verification of Graph Transformation Systems Arman Sheikholeslami

Verification of Graph Transformation Systems Arman Sheikholeslami
A Technique for Automatic Validation of Model Transformations Levi Lúcio and Bruno Barroca Universidade Nova de Lisboa.

A Technique for Automatic Validation of Model Transformations Levi Lúcio and Bruno Barroca Universidade Nova de Lisboa.
Higher-Order Transformation Eugene SyrianiandHans Vangheluwe.

Higher-Order Transformation Eugene SyrianiandHans Vangheluwe.
AUTOMATIC GENERATION OF CODE OPTIMIZERS FROM FORMAL SPECIFICATIONS Vineeth Kumar Paleri Regional Engineering College, calicut Kerala, India. (Currently,

AUTOMATIC GENERATION OF CODE OPTIMIZERS FROM FORMAL SPECIFICATIONS Vineeth Kumar Paleri Regional Engineering College, calicut Kerala, India. (Currently,
Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.

Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.
Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.
VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.

VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
McGill University School of Computer Science Ph.D. Candidate in the Modelling, Simulation and Design Lab MPM’09 Explicit Transformation Modelling Thomas.

McGill University School of Computer Science Ph.D. Candidate in the Modelling, Simulation and Design Lab MPM’09 Explicit Transformation Modelling Thomas.

Similar presentations

Ads by Google