on the correctness of model transformationscse814/lectures/modeltransformations.pdf[8] t. mens and...
TRANSCRIPT
![Page 1: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/1.jpg)
On the Correctness of Model
Transformations
Matthew Nizol
CSE 814, Fall 2014
Thursday, December 11, 2014
![Page 2: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/2.jpg)
Agenda
� Context: Model-driven development
� Background on verification techniques
� Presentation of each technique
� Comparison of techniques
![Page 3: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/3.jpg)
Context: What do we mean by “Model”?
� An abstraction of a software system
� Many types of models in software development:
UML vs. program codeVisual vs. textual
Ontology vs. XML schemaHigh- vs. low-level
Class diagram vs. state chartStatic vs. dynamic
Alloy spec vs. whiteboard sketchFormal vs. informal
ExamplesDimension
![Page 4: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/4.jpg)
Context: Model-driven Development
� Problem:
� Complex software hard to develop
� Related artifacts hard to keep synchronized
� Solution:
� Models increase the abstraction level of development
� Transformations formalize relationships between models
![Page 5: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/5.jpg)
Model Transformations
� Convert source model to target model
� Composed of transformation rules
� Rules may be imperative or declarative
� Example applications:
RefinementLanguage migration
OptimizationReverse engineering
RefactoringCode generation
EndogenousExogenous
![Page 6: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/6.jpg)
Transformation Properties
Confluence
Termination
Execution of the transformation
Correspondence
Preservation
Semantics
Type correctness
Well-formedness
Syntax
ExamplesCategory
![Page 7: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/7.jpg)
Verification Approaches
� Informal:
� Testing
� Inspection
� Formal:
� Model Checking
� Theorem Proving
� Graph-theoretic
![Page 8: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/8.jpg)
Verification Approaches
� Informal:
� Testing
� Inspection
� Formal:
� Model Checking
� Theorem Proving
� Graph-theoretic
SourceModel
Transformation Target
Direct Indirect
![Page 9: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/9.jpg)
Approach 1: Indirect, Model Checking
Figure adapted from Varro et al.
![Page 10: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/10.jpg)
Example: Source Model
![Page 11: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/11.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 12: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/12.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 13: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/13.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 14: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/14.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 15: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/15.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 16: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/16.jpg)
Example: Target Model (Petri Net)
Tool: pneditor.org
![Page 17: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/17.jpg)
Example: Source to NuSMV (Partial)MODULE sensor(resumemsg)
VAR
state : {imagecapture, processimage, computedist, waiting};
transition : {captured, clear, obstacle, closeobs, resume};
ASSIGN
init(state) := imagecapture;
next(state) :=
case
state = imagecapture & transition = captured : processimage;
…
state = waiting & transition = resume : imagecapture;
TRUE : state;
esac;
next(transition) :=
case
state = imagecapture : captured;
state = processimage : {clear, obstacle};
state = computedist : {clear, closeobs};
state = waiting & resumemsg : resume;
TRUE : transition;
esac;
![Page 18: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/18.jpg)
MODULE sensor(resumemsg)
VAR
state : {imagecapture, processimage, computedist, waiting};
transition : {captured, clear, obstacle, closeobs, resume};
ASSIGN
init(state) := imagecapture;
next(state) :=
case
state = imagecapture & transition = captured : processimage;
…
state = waiting & transition = resume : imagecapture;
TRUE : state;
esac;
next(transition) :=
case
state = imagecapture : captured;
state = processimage : {clear, obstacle};
state = computedist : {clear, closeobs};
state = waiting & resumemsg : resume;
TRUE : transition;
esac;
Example: Source to NuSMV (Partial)
Define states and transitions
![Page 19: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/19.jpg)
MODULE sensor(resumemsg)
VAR
state : {imagecapture, processimage, computedist, waiting};
transition : {captured, clear, obstacle, closeobs, resume};
ASSIGN
init(state) := imagecapture;
next(state) :=
case
state = imagecapture & transition = captured : processimage;
…
state = waiting & transition = resume : imagecapture;
TRUE : state;
esac;
next(transition) :=
case
state = imagecapture : captured;
state = processimage : {clear, obstacle};
state = computedist : {clear, closeobs};
state = waiting & resumemsg : resume;
TRUE : transition;
esac;
Example: Source to NuSMV (Partial)
Define initial state
![Page 20: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/20.jpg)
MODULE sensor(resumemsg)
VAR
state : {imagecapture, processimage, computedist, waiting};
transition : {captured, clear, obstacle, closeobs, resume};
ASSIGN
init(state) := imagecapture;
next(state) :=
case
state = imagecapture & transition = captured : processimage;
…
state = waiting & transition = resume : imagecapture;
TRUE : state;
esac;
next(transition) :=
case
state = imagecapture : captured;
state = processimage : {clear, obstacle};
state = computedist : {clear, closeobs};
state = waiting & resumemsg : resume;
TRUE : transition;
esac;
Example: Source to NuSMV (Partial)
Define next state given a
transition
![Page 21: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/21.jpg)
MODULE sensor(resumemsg)
VAR
state : {imagecapture, processimage, computedist, waiting};
transition : {captured, clear, obstacle, closeobs, resume};
ASSIGN
init(state) := imagecapture;
next(state) :=
case
state = imagecapture & transition = captured : processimage;
…
state = waiting & transition = resume : imagecapture;
TRUE : state;
esac;
next(transition) :=
case
state = imagecapture : captured;
state = processimage : {clear, obstacle};
state = computedist : {clear, closeobs};
state = waiting & resumemsg : resume;
TRUE : transition;
esac;
Example: Source to NuSMV (Partial)
Define legal transitions from a state
![Page 22: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/22.jpg)
Example: Some properties we can prove
Petri NetUML
G ((imgcap | procimg) ->
moving)
G ((s.state = imagecapture |
s.state = processimage) ->
a.state = moving)
G (turning -> waiting) G (a.state = turning ->
s.state = waiting)
G (closeobs -> F turning) G (s.state = closeobs ->
F a.state = turning)
![Page 23: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/23.jpg)
Approach 2: Direct, Deductive Reasoning
� A model transformation can be represented
as a series of rules in a control graph
� ADL (Assertion Description Language)
permits reasoning on such transformations
Rule 1
Rule 2
Rule 3
Rule 4
![Page 24: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/24.jpg)
Assertion Description Language (ADL)
� An ADL sentence is of the form:
<location> : <assertion>
� A location is relative to a node in the control
graph, e.g. before(rule 1) or after(rule 1)
� An assertion has the form:
<operator> <pattern>
![Page 25: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/25.jpg)
ADL Operators
The rule terminatesTerminates
P2 replaces every instance of P1ForEach P1 � P2
P2 replaces one instance of P1ForOne P1 � P2
If Pattern P1 is present, so is P2Any P1 � P2
Pattern P is in the modelExists P
Pattern P is not in the modelNone P
SemanticsOperator
![Page 26: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/26.jpg)
Example: Flattening a model
Example adapted from Asztalos et al.
![Page 27: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/27.jpg)
Example: Transformation rules
Rule 1 Rule 2 Rule 3
![Page 28: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/28.jpg)
Example: Property and Precondition
� If a path exists before deleting the composite
node, the path exists afterwards:
� Before(rule 3): None P1
� Before(rule 3): None P2
� Preconditions:
� Before(rule 1): Any P1 � LHS1
� Before(rule 1): Any P2 � LHS1
![Page 29: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/29.jpg)
Example: Proof
6
5
4
3
2
1
Modus Ponens with (3), (5)After(r2): None P2
Contrapositive of (4)Before(r2): None P2 �After(r2): None P2
Rule 2 only removes
composite edges
After(r2): Exists P2 �
Before(r2): Exists P2
(1), (2) + P2 is a subgraphof LHS1
After(r1): None P2
PreconditionBefore(r1): Any P2 � LHS1
Application of rule 1After(r1): None LHS1
JustificationDeduction
Note: Control graph is linear so Before(n) is equivalent to After(n)
![Page 30: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/30.jpg)
Discussion
Requires use of
ADL, graph
transformations
Everything a black
box
Generality
Persistent artifactTransient processTransformation
considered…
All source modelsSingle source modelVerification coverage
Direct, DeductiveIndirect, Model Chk
![Page 31: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/31.jpg)
Discussion
Unclear how
theoretical deduction rules can be efficiently
decided.
State explosion. Can
be alleviated during translation to tool.
Scalability
Manual proof required.Transformation to
tool formalism and of properties
Effort
Pattern-based properties
Language of chosen tool
Expressivity
Direct, DeductiveIndirect, Model Chk
![Page 32: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/32.jpg)
References
[1] L. Ab. Rahim and J. Whittle. A survey of approaches for verifying model transformations. Software & Systems Modeling, pages 1-26, 2013.
[2] K. Anastasakis, B. Bordbar, and J. M. Kuster. Analysis of model transformations via Alloy. In Proceedings of the 4th MoDeVVaworkshop, Model-Driven Engineering, Verification and Validation, pages 47-56, 2007.
[3] M. Asztalos, L. Lengyel, and T. Levendovszky. Towards automated, formal verification of model transformations. In Software Testing, Verification and Validation (ICST), 2010 ThirdInternational Conference on, pages 15-24, April 2010.
[4] E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. The MIT Press, 1999.
[5] H. Ehrig. Fundamentals of algebraic graph transformation, chapter General Introduction, pages 5-20. Springer Verlag, 2006.
![Page 33: On the Correctness of Model Transformationscse814/Lectures/modelTransformations.pdf[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer](https://reader033.vdocument.in/reader033/viewer/2022052102/603cbdb58d76c856c936f91e/html5/thumbnails/33.jpg)
References
[6] B. Hailpern and P. Tarr. Model-driven development: The good, the bad, and the ugly. IBM Syst. J., 45(3):451-461, July 2006.
[7] R. Heckel. Graph transformation in a nutshell. Electronic Notes in Theoretical Computer Science, 148(1):187-198, 2006. Proceedings of the School of SegraVis Research Training Network on Foundations of Visual Modelling Techniques (FoVMT 2004).
[8] T. Mens and P. V. Gorp. A taxonomy of model transformation. Electronic Notes in Theoretical Computer Science, 152(0):125-142, 2006. Proceedings of the International Workshop on Graph and Model Transformation (GraMoT 2005).
[9] T. Murata. Petri nets: Properties, analysis and applications. Proceedings of the IEEE, 77(4):541-580, Apr 1989.
[10] D. C. Schmidt. Guest editor's introduction: Model-driven engineering. Computer, 39(2):25-31, 2006.
[11] D. Varro and A. Pataricza. Automated formal verification of model transformations. In CSDUML 2003: Critical Systems Development inUML; Proceedings of the UML'03 Workshop, pages 63-78, September 2003.