Abstract image of a woman sitting on books and studying on a laptop

Lightweight Static Verification of [UML] Executable Models (An overview)

Download as PPTX, PDF
Elena Planas, profile picture
Elena Planas

The document discusses developing lightweight static verification methods for checking correctness properties of executable UML models. An executable model is a model with detailed behavioral specifications that can be systematically implemented or executed. Such models are used in model-driven development to iteratively test and update models in a development environment before code generation and deployment. Verification of executable models is important to improve quality and catch errors early. The goal is to develop static verification methods that do not require model execution or full formalization but can still provide useful feedback during the development process.

Technology
1 of 55
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Lightweight Static Verification of [UML] Executable Models Elena Planas SET Seminar TU/Eindhoven - 03/10/2012
Introducing me PhD student * at Technical University of Catalonia (Spain) * under the supervision of Dr. Jordi Cabot and Dra. Cristina Gómez Currently working at Open University of Catalonia (Spain) Visiting researcher at TU/e (during 3 months) Topics of interest: – Software development paradigms: MDD, MDA – Conceptual modelling – UML, OCL, … – Quality of software models – V&V
Context MD* MDE MDD MDA
Motivation Boehm’s curve • Most errors in software development are introdu- ced during the first steps. • The later an error is removed, the more expensive the fix is.
Motivation Boehm’s curve MDD In MDD, the quality of the models directly impact on the • Most errors in software quality of the development are introdu- final system ced during the first steps. derived from them • The later an error is removed, the more expensive the fix is.
Motivation Boehm’s curve MDD In MDD, the Need for useful quality of the methods and models directly tools to check impact on the • Most errors in software the correctness quality of the development are introdu- final system of models ced during the first steps. derived from them • The later an error is removed, the more expensive the fix is.
Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
Verification methods classification Regarding the mode how the analysis is done - + Regarding the level of formalization they use
Verification methods classification Regarding the mode how the analysis is done Dynamic methods Static methods - + Regarding the level of formalization they use
Verification methods classification Regarding the mode how the analysis is done Dynamic methods Static methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use
Verification methods classification Regarding the mode how the analysis is done Dynamic Model methods Testing Checking Static Inspections Our verification Abstract methods Interpretation Reviews methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use
Verification methods classification Regarding the mode how the analysis is done Dynamic Model methods Testing Checking Static Inspections Our verification Abstract methods Interpretation Reviews methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use  Static analysis  no execution of the model  Do not need to translate the model into a mathematical formalization  They provide quick and useful feedback  They can be integrated in the development process  They are only able to perform a partial analysis
Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment.
An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment. Use of executable models in MDD Software engineers iteratively execute, test and update the models The models are V&V in a development/test Software engineers environment create fully executable models The models are deployed Code generation in a production Model interpretation environment
An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment. Use of executable models in MDD Software engineers iteratively execute, test and update the models The models are V&V in a development/test Software engineers environment create fully executable models The models are deployed Code generation in a production Model interpretation environment (1)  level of abstraction   productivity (2) platform independent models   costs (3) early verification   quality
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined RestaurantBranch Menu Course address: String * Offers * name: String * IsComposedOf 3..* description: String phone: String[0..2] price: Real category: CourseCategory {incomplete} <<enumeration>> CourseCategory SpecialMenu Starter discount: Real MainCourse Dessert context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML activity addMenu (in _name: String, in _price: Real, in _courses:Course[3..*]) { if (!Menu.allInstances()->exists(m|m.name=_name) ) { Menu m = new Menu(); m.name = _name; m.price = _price; for ( i in 1.._courses->size() ) { IsComposedOf.createlink(m=>menu,course=>_courses[i]); } } }
An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML activity addMenu (in _name: String, in _price: Real, in _courses:Course[3..*]) { if (!Menu.allInstances()->exists(m|m.name=_name) ) { Menu m = new Menu(); m.name = _name; m.price = _price; for ( i in 1.._courses->size() ) { IsComposedOf.createlink(m=>menu,course=>_courses[i]); } } }
Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
Property #1. Non-Redundancy
Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation.
Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory Feedback: There is no no need of clearing the values of the attributes of an object that is going to be removed. activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.destroy(); }
Property #2. Executability
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation.
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real Feedback: You must {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { ensure there are less if ( _discount>=10 ) { than 3 special menus SpecialMenu classify self to SpecialMenu; in the system. self.discount = _discount; discount: Real } }
Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 and SpecialMenu.allInstances()->size()<3 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
Property #3. Completeness
Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations.
Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: name: * IsComposedOf 3..* String, in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); }
Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: name: * IsComposedOf 3..* String, in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); } Feedback: Actions to destroy courses or to create menus are not specified.
Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: String, name: * IsComposedOf 3..* in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); } activity addMenu () { activity deleteCourse() { Menu m = new Menu(); self.destroy(); … } }
Summary Lightweight static methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability Completeness
Summary UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability Completeness
Summary UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved.
Summary Limitations: partial models, partial analysis… UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved.
Summary Limitations: partial models, partial analysis… UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved. …more work has to be done!
Method
DSLs Other behavioral UML specifications executable models ATL M2M Transformations GT Rules Method
Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Method
Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Lightweight static methods Model Event-B Checking Constraint Programming Method
Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Lightweight static methods Model Event-B Checking Constraint Programming Method
Thanks for your attention! Elena Planas

More Related Content

PDF
Higher Order Testing
Donovan Mulder
 
PPTX
Software Testing
CHANDAN CHATURVEDI
 
PPT
SOFTWARE TESTING
Rahul Kumar([email protected] / 732-4147420)
 
PPTX
Practical Testing Definition for Mobile Devices
Johan Hoberg
 
PPTX
Object Oriented Testing(OOT) presentation slides
Punjab University
 
PDF
Requirements validation techniques (rv ts) practiced in industry studies of...
JayabalanRajalakshmi
 
PPTX
Software testing
MrsRBoomadeviIT
 
PPSX
Role of BA in Testing
Veneet-BA
 
Higher Order Testing
Donovan Mulder
 
Software Testing
CHANDAN CHATURVEDI
 
SOFTWARE TESTING
Rahul Kumar([email protected] / 732-4147420)
 
Practical Testing Definition for Mobile Devices
Johan Hoberg
 
Object Oriented Testing(OOT) presentation slides
Punjab University
 
Requirements validation techniques (rv ts) practiced in industry studies of...
JayabalanRajalakshmi
 
Software testing
MrsRBoomadeviIT
 
Role of BA in Testing
Veneet-BA
 

What's hot (13)

PPTX
Testing Throughout the Software Life Cycle - Section 2
International Personal Finance Plc
 
PPT
Requirements analysis lecture
Makerere University
 
PDF
@#$@#$@#$"""@#$@#$"""
nikhilawareness
 
PPT
Testing
nazeer pasha
 
PDF
Glossary of Testing Terms and Concepts
mqamarhayat
 
PPTX
Fundamentals of Testing Section 1/6
International Personal Finance Plc
 
PPTX
Software Testing and Quality Assurance unit1
Bhagyashree Dhakulkar
 
PPT
Test Techniques
nazeer pasha
 
PPTX
software Processes
Seif Shaame
 
PDF
Testing Throughout the Software Life Cycle (2013)
Jana Gierloff
 
PDF
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
PDF
Testing tools
SETU Software Systems Pvt. Ltd
 
DOC
Testing terms & definitions
Sachin MK
 
Testing Throughout the Software Life Cycle - Section 2
International Personal Finance Plc
 
Requirements analysis lecture
Makerere University
 
@#$@#$@#$"""@#$@#$"""
nikhilawareness
 
Testing
nazeer pasha
 
Glossary of Testing Terms and Concepts
mqamarhayat
 
Fundamentals of Testing Section 1/6
International Personal Finance Plc
 
Software Testing and Quality Assurance unit1
Bhagyashree Dhakulkar
 
Test Techniques
nazeer pasha
 
software Processes
Seif Shaame
 
Testing Throughout the Software Life Cycle (2013)
Jana Gierloff
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
Testing tools
SETU Software Systems Pvt. Ltd
 
Testing terms & definitions
Sachin MK
 
Ad

Similar to Lightweight Static Verification of [UML] Executable Models (An overview) (20)

PDF
Test Process Maturity Measurement and Related Measurements
STAG Software Private Limited
 
PPTX
verification and validation
Dinesh Pasi
 
PPT
Softwaretesting
Shahid Alam
 
PPTX
Lecture 08 (SQE, Testing, PM, RM, ME).pptx
SirRafiLectures
 
PDF
Verification Learning & Development Plan
Johan Hoberg
 
PPTX
Timing Tool Test Effectiveness for WCET Analysis Tools
Mike Towers
 
PPTX
Static analysis and reliability testing (CS 5032 2012)
Ian Sommerville
 
PPTX
Software Risk and Quality management.pptx
HassanBangash9
 
PDF
Process improvement & service oriented software engineering
Sweta Kumari Barnwal
 
PPTX
Software testing and analysis
360logica Software Testing Services (A Saksoft Company)
 
PDF
Killing the Myth: Agile & CMMI
Tomasz Wykowski, CST
 
PPTX
Product metrics
Amey Phutane
 
PPTX
Quality in Software Testing
360logica Software Testing Services (A Saksoft Company)
 
PPTX
CS5032 L11 validation and reliability testing 2013
Ian Sommerville
 
PPT
22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
Deepgaichor1
 
PDF
QualityAssurance.pdf
kumari36
 
PPT
Software process improvement.ppt
ImXaib
 
PPT
Software_Verification_and_Validation.ppt
Saba651353
 
PPTX
SoftwareTesting Processes and Methodologies.pptx
RajeshValluru4
 
PPT
Software testing for beginners
ssuser622d45
 
Test Process Maturity Measurement and Related Measurements
STAG Software Private Limited
 
verification and validation
Dinesh Pasi
 
Softwaretesting
Shahid Alam
 
Lecture 08 (SQE, Testing, PM, RM, ME).pptx
SirRafiLectures
 
Verification Learning & Development Plan
Johan Hoberg
 
Timing Tool Test Effectiveness for WCET Analysis Tools
Mike Towers
 
Static analysis and reliability testing (CS 5032 2012)
Ian Sommerville
 
Software Risk and Quality management.pptx
HassanBangash9
 
Process improvement & service oriented software engineering
Sweta Kumari Barnwal
 
Software testing and analysis
360logica Software Testing Services (A Saksoft Company)
 
Killing the Myth: Agile & CMMI
Tomasz Wykowski, CST
 
Product metrics
Amey Phutane
 
Quality in Software Testing
360logica Software Testing Services (A Saksoft Company)
 
CS5032 L11 validation and reliability testing 2013
Ian Sommerville
 
22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
Deepgaichor1
 
QualityAssurance.pdf
kumari36
 
Software process improvement.ppt
ImXaib
 
Software_Verification_and_Validation.ppt
Saba651353
 
SoftwareTesting Processes and Methodologies.pptx
RajeshValluru4
 
Software testing for beginners
ssuser622d45
 
Ad

More from Elena Planas (7)

PPTX
Model-Driven Analytics for Open Data APIs
Elena Planas
 
PPTX
PhD Thesis defense: Lightweight and Static verification of UML Executable Models
Elena Planas
 
PPS
Lightweight Verification of Executable Models
Elena Planas
 
PPS
Two Basic Correctness Properties for ATL Transformations: Executability and C...
Elena Planas
 
PPS
Executability Analysis of Graph Transformation Rules (VL/HCC 2011)
Elena Planas
 
PPS
A Framework for Verifying UML Behavioral Models (CAiSE Doctoral Consortium 2009)
Elena Planas
 
PPS
Verifying Action Semantics Specifications in UML Behavioral Models (CAiSE 2009)
Elena Planas
 
Model-Driven Analytics for Open Data APIs
Elena Planas
 
PhD Thesis defense: Lightweight and Static verification of UML Executable Models
Elena Planas
 
Lightweight Verification of Executable Models
Elena Planas
 
Two Basic Correctness Properties for ATL Transformations: Executability and C...
Elena Planas
 
Executability Analysis of Graph Transformation Rules (VL/HCC 2011)
Elena Planas
 
A Framework for Verifying UML Behavioral Models (CAiSE Doctoral Consortium 2009)
Elena Planas
 
Verifying Action Semantics Specifications in UML Behavioral Models (CAiSE 2009)
Elena Planas
 

Recently uploaded (20)

PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 

Lightweight Static Verification of [UML] Executable Models (An overview)

  • 1. Lightweight Static Verification of [UML] Executable Models Elena Planas SET Seminar TU/Eindhoven - 03/10/2012
  • 2. Introducing me PhD student * at Technical University of Catalonia (Spain) * under the supervision of Dr. Jordi Cabot and Dra. Cristina Gómez Currently working at Open University of Catalonia (Spain) Visiting researcher at TU/e (during 3 months) Topics of interest: – Software development paradigms: MDD, MDA – Conceptual modelling – UML, OCL, … – Quality of software models – V&V
  • 3. Context MD* MDE MDD MDA
  • 4. Motivation Boehm’s curve • Most errors in software development are introdu- ced during the first steps. • The later an error is removed, the more expensive the fix is.
  • 5. Motivation Boehm’s curve MDD In MDD, the quality of the models directly impact on the • Most errors in software quality of the development are introdu- final system ced during the first steps. derived from them • The later an error is removed, the more expensive the fix is.
  • 6. Motivation Boehm’s curve MDD In MDD, the Need for useful quality of the methods and models directly tools to check impact on the • Most errors in software the correctness quality of the development are introdu- final system of models ced during the first steps. derived from them • The later an error is removed, the more expensive the fix is.
  • 7. Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
  • 8. Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
  • 9. Verification methods classification Regarding the mode how the analysis is done - + Regarding the level of formalization they use
  • 10. Verification methods classification Regarding the mode how the analysis is done Dynamic methods Static methods - + Regarding the level of formalization they use
  • 11. Verification methods classification Regarding the mode how the analysis is done Dynamic methods Static methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use
  • 12. Verification methods classification Regarding the mode how the analysis is done Dynamic Model methods Testing Checking Static Inspections Our verification Abstract methods Interpretation Reviews methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use
  • 13. Verification methods classification Regarding the mode how the analysis is done Dynamic Model methods Testing Checking Static Inspections Our verification Abstract methods Interpretation Reviews methods - Non-formal Lightweight Formal + methods methods methods Regarding the level of formalization they use  Static analysis  no execution of the model  Do not need to translate the model into a mathematical formalization  They provide quick and useful feedback  They can be integrated in the development process  They are only able to perform a partial analysis
  • 14. Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
  • 15. An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment.
  • 16. An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment. Use of executable models in MDD Software engineers iteratively execute, test and update the models The models are V&V in a development/test Software engineers environment create fully executable models The models are deployed Code generation in a production Model interpretation environment
  • 17. An executable model is a model with a behavioral specification sufficiently detailed so it can be systematically implemented/executed in the production environment. Use of executable models in MDD Software engineers iteratively execute, test and update the models The models are V&V in a development/test Software engineers environment create fully executable models The models are deployed Code generation in a production Model interpretation environment (1)  level of abstraction   productivity (2) platform independent models   costs (3) early verification   quality
  • 18. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages
  • 19. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
  • 20. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
  • 21. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined RestaurantBranch Menu Course address: String * Offers * name: String * IsComposedOf 3..* description: String phone: String[0..2] price: Real category: CourseCategory {incomplete} <<enumeration>> CourseCategory SpecialMenu Starter discount: Real MainCourse Dessert context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3
  • 22. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined
  • 23. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML
  • 24. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML activity addMenu (in _name: String, in _price: Real, in _courses:Course[3..*]) { if (!Menu.allInstances()->exists(m|m.name=_name) ) { Menu m = new Menu(); m.name = _name; m.price = _price; for ( i in 1.._courses->size() ) { IsComposedOf.createlink(m=>menu,course=>_courses[i]); } } }
  • 25. An executable models is a be specified ina behavioral may model with several specification detailed enough so that it can be systematically languages Structural Model Detailed Behavioral Model UML UML Class Diagram + UML Behavioral Diagram executable model integrity constraints precisely defined Using Alf action language (OMG). Alf is a clear, precise yet abstract textual language to specify executable models in the context of UML activity addMenu (in _name: String, in _price: Real, in _courses:Course[3..*]) { if (!Menu.allInstances()->exists(m|m.name=_name) ) { Menu m = new Menu(); m.name = _name; m.price = _price; for ( i in 1.._courses->size() ) { IsComposedOf.createlink(m=>menu,course=>_courses[i]); } } }
  • 26. Our goal is… To develop a set of lightweight static verification methods for checking several correctness properties of [UML] executable models
  • 28. Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation.
  • 29. Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
  • 30. Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
  • 31. Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory Feedback: There is no no need of clearing the values of the attributes of an object that is going to be removed. activity removeCourse () { self.description = null; self.category = null; self.destroy(); }
  • 32. Property #1. Non-Redundancy An action in operation is redundant if its effect on the system state is subsumed by the effect of later actions in the same operation. Course description: String category: CourseCategory activity removeCourse () { self.destroy(); }
  • 34. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation.
  • 35. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
  • 36. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
  • 37. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
  • 38. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real Feedback: You must {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { ensure there are less if ( _discount>=10 ) { than 3 special menus SpecialMenu classify self to SpecialMenu; in the system. self.discount = _discount; discount: Real } }
  • 39. Property #2. Executability The executability of an operation is its ability to be executed without breaking the integrity constraints defined in the structural model. Two levels of correctness: An operation is weakly executable An operation is strongly executable when there is a chance that a user may when it is always successfully executed. successfully execute the operation. Menu context SpecialMenu inv validDiscount: self.discount >=10 context SpecialMenu inv atMost3SpecialMenus: SpecialMenu.allInstances()->size()<=3 name: String price: Real {incomplete} activity classifyAsSpecialmenu (in _discount:Real) { if ( _discount>=10 and SpecialMenu.allInstances()->size()<3 ) { SpecialMenu classify self to SpecialMenu; self.discount = _discount; discount: Real } }
  • 41. Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations.
  • 42. Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: name: * IsComposedOf 3..* String, in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); }
  • 43. Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: name: * IsComposedOf 3..* String, in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); } Feedback: Actions to destroy courses or to create menus are not specified.
  • 44. Property #3. Completeness A set of operations is complete if all possible changes (inserts/updates/deletes…) on all parts of the system state can be performed through the execution of those operations. Menu Course activity addCourse (in _description: String, name: * IsComposedOf 3..* in _category: CourseCategory) { description: String Course c = new Course(); String category: CourseCategory price: Real c.description = _description; c.category = _category; } <<enumeration>> CourseCategory SpecialMenu Starter activity deleteMenu() { discount: MainCourse Real Dessert self.destroy(); } activity addMenu () { activity deleteCourse() { Menu m = new Menu(); self.destroy(); … } }
  • 45. Summary Lightweight static methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability Completeness
  • 46. Summary UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability Completeness
  • 47. Summary UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved.
  • 48. Summary Limitations: partial models, partial analysis… UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved.
  • 49. Summary Limitations: partial models, partial analysis… UML Executable Models Lightweight static M2M transformations (ATL, GTR) methods to verify several correctness EXECUTABLE properties MODEL Non- redundancy FEEDBACK Executability The feedback (which is Completeness expressed in the same language the model) points out how the error may be resolved. …more work has to be done!
  • 51. DSLs Other behavioral UML specifications executable models ATL M2M Transformations GT Rules Method
  • 52. Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Method
  • 53. Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Lightweight static methods Model Event-B Checking Constraint Programming Method
  • 54. Consistency DSLs Safety Other Deadlock-free behavioral UML specifications executable models Non- redundancy Livelock-free ATL M2M Transformations Executability Completeness GT Rules Lightweight static methods Model Event-B Checking Constraint Programming Method
  • 55. Thanks for your attention! Elena Planas