310 likes | 462 Views
A Tridimensional Approach for Studying the Formal Verification of Model Transformations. Moussa Amrani , Levi Lucio, Gehan Selim, Benoît Combemale , Jürgen Dingel , Hans Vangheluwe , Yves Le Traon and James R. Cordy. Taxonomy Overview. Transformation. Property (kind).
E N D
A TridimensionalApproach for Studying the FormalVerification of Model Transformations Moussa Amrani, Levi Lucio, Gehan Selim, BenoîtCombemale, JürgenDingel, HansVangheluwe, Yves Le Traonand James R. Cordy
TaxonomyOverview Transformation Property (kind) Formal Verification (Fv) Technique
Transformation DefinitionWhatis a transformation? LanguageHow to express a transformation? ClassificationHow to categorise transformations? Property (kind) Formal Verification (Fv) Technique
WhatisModel Transformation (Mt)? Meta-metamodel conforms to TransformationLanguage conforms to conforms to Transformationspecification refers to refers to Targetmeta-model Source meta-model conforms to executes conforms to Source model(s) inputs outputs Targetmodel(s) Transformationexecution
MtDefinitions in the Literature • Transformations operate on multiple models; • Transformations obey to descriptions (a.k.a., specifications) Directly inspired from the Mdaapproach specific to systems; • Transformations subsume intentions • Shift from system-centric to general models; • Transformations are directed; • Transformations are automatic. • Transformations are a computation; [1] Object Management Group(2003) MDA Guide (version 1.0.1). Technical Report. [2] Kleppe, A.G.and Warmer, J. and Bast, W. (2003). Domain-specific Mda Explained – The Model-Driven Architecture: Practice and Promises. Addison-Wesley. [3] Tratt, L. (2005). Model Transformation And Tool Integration, SoSyM, 4(2), pp. 112–122. [4] Mens, T. and Van Gorp, P. (2006). A Taxonomy Of Model Transformation, Entcs152, pp. 125–142. [5] Syriani, E. (2011) A Multi-Paradigm Foundation for Model Transformation Language Engineering. Ph.D. dissertation, McGill University, (Canada). « the process of converting one model to another model of the same system » [1] « a model transformation is the automatic generation of a target model from a source model, according to a transformation definition» [2] « a program that mutates one model into another » [3] « the automatic generation of one or multiple target models from one or multiple source models, according to a transformation description » [4] « the automatic manipulation of a model with a specific intention » [5]
A BroaderDefinition for Mts • Dual nature • Transformations are computations; • Transformations manipulatemodels. • Cleardistinction between • the specificationlevel (refers to src. / tgt. metamodels); • the executionlevel (inputs / outputs src. / tgt. models) • Intentionat the core «the automatic manipulation, conform to a description, of (a) source model(s) to produce (a) target model(s) according to a specific intention »
Transformation DefinitionWhatis a transformation? LanguageHow to express a transformation? ClassificationHow to categorise transformations? Property (kind) Formal Verification (Fv) Technique
Classification • Czarnecki & Helsen(2006) • Hierarchical classification of Mts; • Mostlydedicated to Gbts. • Mens & Van Gorp (2006) HeterogeneityAre the source & targetmodels the same? endogeneous / exogeneous Abstraction levelDo we change it? horizontal / vertical Src. ConservationDo wekeep the original source model? in-place / out-place ArityHow manymodels are involved? one / multiple [1] Czarnecki, K.and Helsen, S. (2006). Feature-Based Survey of Model Transformation Approaches. IBM Systems , 45(3), pp. 621–645. [2]Mens, T. and Van Gorp, P. (2006). A Taxonomy Of Model Transformation, Entcs, Lncs 152, pp. 125–142.
Variations on DslSemantics • Write a transformation for expressing the semanticsof myDsl • Check the semantics’ correctness Translational Semantics Semantic Domain Dsl metamodel Behavioural Semantics • Out-place; • Exogeneous; • Vertical; • 1:1 • In-place; • Endogeneous; • Horizontal; • 1:1
Towards a semantical classification • Previous classifications are syntactical • Classify the transformation’sform; • Sensitive to the chosenapproach for expressing transformations • However, properties are semantics-related • Independent of the style; but rather • Dependent of the transformation’sintention; • Semantical Classification • Relates properties of interestwithtransformation’s intention • The propertiesformulation depends on the approach
Conclusion • A broder definitionfor the transformation concept • Intention at the core • SeveralTransformation Languagesparadigms • Influence on the Fvtechniques • Need of a more semanticalclassification • Next part partially relates intention withproperties
Transformation Language – RelatedProperty Transformation – RelatedProperty Property (kind) Formal Verification (Fv) Technique Termination Determinism Typing
Termination [1] Plump, D. (1998) Termination of Graph Rewriting is Undecidable. FundamentaInformaticæ, 33(2), pp. 201–209. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by PetriNets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [6]Spoto, F., Hill, P. M., Payet, E. (2006). Path-Length Analysis of Object-Oriented Programs. In International Workshop on Emerging Applications of Abstract Interpretation. [7]Berdine, J., Cook, B., Di Stefano, D., O’Hearn, P. W. (2006). “Automatic Termination Proofs for Programs with Shape-Shifting Heaps. In Computer-Aided Verification (Cav), Lncs4144, pp. 386–400. [8]Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305.
Determinism [1] Plump, D. (2005). Confluence of Graph Transformation Revisited. In Processes, Terms and Cycles: Steps on the Road to Infinity, vol. 3838, pp. 280–308 [2] Heckel, R., Küster, J. M., Taentzer, G. (2002). Confluence of Typed Attributed Graph Transformation Systems. In Icgt, pp. 161–176. [3]Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [4] Lambers, L., Ehrig, H., Orejas, F. (2006). Efficient Detection of Conflicts in Graph-based Model Transformation. In Entcs152, pp. 97–109. [5] Biermann, E. (2011). Local Confluence Analysis of Consistent EMF Transformations. In EcEasst38, pp. 68–84. [6] Grønmo, R., Runde, R., Møller-Pedersen, B. (2011). Confluence of Aspects For Sequence Diagrams. SOSYM, pp. 1–36, Sep. 2011. [7]Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305.
Transformation Property (kind) Language – RelatedProperty Transformation – RelatedProperty Formal Verification (Fv) Technique On the source / target model(s) On the model’ssyntax relations On the model’ssemantic relations
Model Syntax Relations The fact that certain relations exist between the elements of the source (meta)models and their counterparts in the target (meta)models implies a correct transformation [1] D. Akehurst, S. Kent, and O. Patrascoiu, “A Relational Approach to Defining and Implementing Transformations in Metamodels,” SOSYM, vol. 2(4), pp. 215–239, 2003. [2] A. Narayanan and G. Karsai, “Verifying Model Transformation By Structural Correspondence,” ECEASST, vol. 10, pp. 15–29, 2008. [3] A. Schürrand F. Klar, “15 Years of Triple Graph Grammars,” in ICGT, 2008, pp. 411–425. [4] L. Lúcio, B. Barroca, and V. Amaral, “A Technique for Automatic Validation of Model Transformations,” in MODELS, 2010.
Model Semantics Relations If certain relations can be established between the semantic domains of the source and target (meta)models, then the transformation is correct [1] A. Narayanan and G. Karsai, “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200, April 2008. [2] D. Varro ́ and A. Pataricza, “Automated Formal Verification of Model Transformations,” in CSDUML, 2003, pp. 63–78. [3] B.Becker, D.Beyer, H.Giese, F.Kleinand D.Schilling, “Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,” in ICSE, 2006. [4] J.Padberg,M.Gajewsky andC.Ermel,“Refinement versus Verification: Compatibility of Net Invariants and Stepwise Development of High-Level Petri Nets,” TechnischeUniversita ̈t Berlin, Tech. Rep., 1997. [5] T.Massoni,R.Gheyi,andP.Borba,“Formal Refactoring for UMLClass Diagrams,” in BSSE, 2005, pp. 152–167.
Model Semantics Relations If certain relations can be established between the semantic domains of the source and target (meta)models, then the transformation is correct
Model Semantics Relations • Bisimulation / simulation [1] • Preservation of temporal logic formulas [2] • (in particular) preservation of safety properties [3,4] • Preservation of structural semantics [5] [1] A. Narayanan and G. Karsai, “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200, April 2008. [2] D. Varro ́ and A. Pataricza, “Automated Formal Verification of Model Transformations,” in CSDUML, 2003, pp. 63–78. [3] B.Becker, D.Beyer, H.Giese, F.Kleinand D.Schilling, “Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,” in ICSE, 2006. [4] J.Padberg,M.Gajewsky andC.Ermel,“Refinement versus Verification: Compatibility of Net Invariants and Stepwise Development of High-Level Petri Nets,” TechnischeUniversita ̈t Berlin, Tech. Rep., 1997. [5] T.Massoni,R.Gheyi,andP.Borba,“Formal Refactoring for UMLClass Diagrams,” in BSSE, 2005, pp. 152–167.
Transformation Property (kind) Type I:Transformation Independent / Input Independent Type II:Transformation Dependent / Input Independent Type II:Transformation Dependent / Input Dependent Formal Verification (Fv) Technique
Verification Techniques [1] Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by Petri Nets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [6] Lúcio, L., Barroca, B., Amaral, V. (2010). A Technique for Automatic Validation of Model Transformations, In MoDELS, pp. . [7] Rensink, A., Schmidt, A., Varro, D. (2004). Model Checking Graph Transformations: A Comparison of Two Approaches, ICGT. [8] B. Becker, D. Beyer, H. Giese, F. Klein, and D. Schilling, (2006). Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,ICSE. [9] M. Asztalos, L. Lengyel, and T. Levendovszky(2010). Towards Automated, Formal Verification of Model Transformations, ICST. [10] R. F. Paige, P. J. Brooke, and J. S. Ostroff(2007).Metamodel-Based Model Conformance and Multi-View Consistency Checking, ACM TOSEM, 16(3), pp. 1–48. [11] A. Narayanan and G. Karsai (2008). Verifying Model Transformation By Structural Correspondence, ECEASST, vol. 10, pp. 15–29. [12] A. Narayanan and G. Karsai (2008) “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200. [13] J. de Lara and H. Vangheluwe, (2010). Automating the Transformation-Based Analysis of Visual Languages, FAC, vol. 22(3-4), pp. 297–326. [14] K. Anastasakis, B. Bordbar, and J. M. Kuster, (2007). Analysis of Model Transformations via Alloy, MoDeVVA,, pp. 47–56.
Verification Techniques: Type I [1] Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by Petri Nets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259.
Verification Techniques [1] Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by Petri Nets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [6] Lúcio, L., Barroca, B., Amaral, V. (2010). A Technique for Automatic Validation of Model Transformations, In MoDELS, pp. . [7] Rensink, A., Schmidt, A., Varro, D. (2004). Model Checking Graph Transformations: A Comparison of Two Approaches, ICGT. [8] B. Becker, D. Beyer, H. Giese, F. Klein, and D. Schilling, (2006). Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,ICSE. [9] M. Asztalos, L. Lengyel, and T. Levendovszky(2010). Towards Automated, Formal Verification of Model Transformations, ICST. [10] R. F. Paige, P. J. Brooke, and J. S. Ostroff(2007).Metamodel-Based Model Conformance and Multi-View Consistency Checking, ACM TOSEM, 16(3), pp. 1–48. [11] A. Narayanan and G. Karsai (2008). Verifying Model Transformation By Structural Correspondence, ECEASST, vol. 10, pp. 15–29. [12] A. Narayanan and G. Karsai (2008) “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200. [13] J. de Lara and H. Vangheluwe, (2010). Automating the Transformation-Based Analysis of Visual Languages, FAC, vol. 22(3-4), pp. 297–326. [14] K. Anastasakis, B. Bordbar, and J. M. Kuster, (2007). Analysis of Model Transformations via Alloy, MoDeVVA,, pp. 47–56.
Verification Techniques: Type II [6]L. L´ucio, B. Barroca, and V. Amaral(2010). A Technique for Automatic Validation of Model Transformations, MODELS. [7]A. Rensink, A` . Schmidt, and D. Varro´(2004). Model Checking Graph Transformations: A Comparison of Two Approaches, ICGT. [8] B. Becker, D. Beyer, H. Giese, F. Klein, and D. Schilling, (2006). Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,ICSE. [9] M. Asztalos, L. Lengyel, and T. Levendovszky(2010). Towards Automated, Formal Verification of Model Transformations, ICST. [10] R. F. Paige, P. J. Brooke, and J. S. Ostroff(2007).Metamodel-Based Model Conformance and Multi-View Consistency Checking,ACM TOSEM, vol. 16, no. 3, pp. 1–48,.
Verification Techniques [1] Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by Petri Nets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [6] Lúcio, L., Barroca, B., Amaral, V. (2010). A Technique for Automatic Validation of Model Transformations, In MoDELS, pp. . [7] Rensink, A., Schmidt, A., Varro, D. (2004). Model Checking Graph Transformations: A Comparison of Two Approaches, ICGT. [8] B. Becker, D. Beyer, H. Giese, F. Klein, and D. Schilling, (2006). Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,ICSE. [9] M. Asztalos, L. Lengyel, and T. Levendovszky(2010). Towards Automated, Formal Verification of Model Transformations, ICST. [10] R. F. Paige, P. J. Brooke, and J. S. Ostroff(2007).Metamodel-Based Model Conformance and Multi-View Consistency Checking, ACM TOSEM, 16(3), pp. 1–48. [11] A. Narayanan and G. Karsai (2008). Verifying Model Transformation By Structural Correspondence, ECEASST, vol. 10, pp. 15–29. [12] A. Narayanan and G. Karsai (2008) “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200. [13] J. de Lara and H. Vangheluwe, (2010). Automating the Transformation-Based Analysis of Visual Languages, FAC, vol. 22(3-4), pp. 297–326. [14] K. Anastasakis, B. Bordbar, and J. M. Kuster, (2007). Analysis of Model Transformations via Alloy, MoDeVVA,, pp. 47–56.
Verification Techniques: Type III [11]A. Narayanan and G. Karsai (2008). Verifying Model Transformation By Structural Correspondence, ECEASST, vol. 10, pp. 15–29. [12] A. Narayanan and G. Karsai (2008) “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200. [13] J. de Lara and H. Vangheluwe, (2010). Automating the Transformation-Based Analysis of Visual Languages, FAC, vol. 22(3-4), pp. 297–326. [14] K. Anastasakis, B. Bordbar, and J. M. K¨uster, (2007). Analysis of Model Transformations via Alloy,MODEVVA,, pp. 47–56.
Verification Techniques [1] Barroca, B., Lúcio, L., Amaral, V., Félix, R. and Sousa, V. (2010) DSLTrans: A Turing-Incomplete Transformation Language. In Conference on Software and Language Engineering (Sle), pp. 296–305. [2] Ehrig, H. & K., Taentzer, G., de Lara, J., Varró, D. and Varró-Gyapai, S. (2005). Termination Criteria for Model Transformation. In Fase, 2005. [3] Varró, D., Varró-Gyapai, S., Ehrig, H., Prange, U., Taentzer, G. (2006) TerminationAnalysis of Model Transformations by Petri Nets. In Icgt, Lncs4178, pp. 260–274. [4] Bruggink, H. S. (2008). Towards a Systematic Method for Proving Termination of Graph Transformation Systems. Entcs, 213(1). [5] Küster, J. M. (2006). Definition and Validation of Model Transformations. SoSyM, 5(3), pp. 233–259. [6] Lúcio, L., Barroca, B., Amaral, V. (2010). A Technique for Automatic Validation of Model Transformations, In MoDELS, pp. . [7] Rensink, A., Schmidt, A., Varro, D. (2004). Model Checking Graph Transformations: A Comparison of Two Approaches, ICGT. [8] B. Becker, D. Beyer, H. Giese, F. Klein, and D. Schilling, (2006). Symbolic Invariant Verification For Systems With Dynamic Structural Adaptation,ICSE. [9] M. Asztalos, L. Lengyel, and T. Levendovszky(2010). Towards Automated, Formal Verification of Model Transformations, ICST. [10] R. F. Paige, P. J. Brooke, and J. S. Ostroff(2007).Metamodel-Based Model Conformance and Multi-View Consistency Checking, ACM TOSEM, 16(3), pp. 1–48. [11] A. Narayanan and G. Karsai (2008). Verifying Model Transformation By Structural Correspondence, ECEASST, vol. 10, pp. 15–29. [12] A. Narayanan and G. Karsai (2008) “Towards Verifying Model Transformations,” ENTCS, vol. 211, pp. 191–200. [13] J. de Lara and H. Vangheluwe, (2010). Automating the Transformation-Based Analysis of Visual Languages, FAC, vol. 22(3-4), pp. 297–326. [14] K. Anastasakis, B. Bordbar, and J. M. Kuster, (2007). Analysis of Model Transformations via Alloy, MoDeVVA,, pp. 47–56.
Conclusion & Future Work Transformation Impact of the transformation’s intention on the properties of interest Impact of the transformation’sparadigm and form on the Fv technique used Property (kind) Formal Verification (Fv) Technique