A Framework for Verifying UML Behavioral Models (CAiSE Doctoral Consortium 2009)
-
Upload
elena-planas -
Category
Technology
-
view
424 -
download
0
Transcript of A Framework for Verifying UML Behavioral Models (CAiSE Doctoral Consortium 2009)
Doctoral ConsortiumCAiSE’09
10th June 2009 Amsterdam
A Framework forVerifying UML Behavioral Models
Elena [email protected]
Open University of Catalonia
A Framework for Verifying UML Behavioral Models
• Introduction
• Thesis Proposal
• Related Work
• Conclusions
Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam
Index
1
Life cycle of software
IntroductionIntroductionThesis Proposal
Related WorkConclusions
> ContextContext> Motivation
specification design implementation testing
CodeModel Driven
Development
before
UML Model
Structural model
Behavioral model
now
thesis proposal
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 2
Code
Code Generation
UML Behavioral
Model
We need define UML model in sufficient detail and precision
subset of UML Actionssubset of UML Actions CreateObject DestroyObject AddStructuralFeature CreateLink DestroyLink ReclassifyObject CallOperation
UML Structured ActionsUML Structured Actions if… then… else… endif while... do… endwhile do… while… enddo
Action SemanticsAction = fundamental unit of behavior specification
Basis for defining the behavior in a fine granularity
> Context> MotivationMotivation
IntroductionIntroductionThesis Proposal
Related WorkConclusions
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 3
Example
> Context> MotivationMotivation
IntroductionIntroductionThesis Proposal
Related WorkConclusions
Person
name : String email : String
Department
name : String
WorksIn1*
context Person::addPerson addPerson (n:String, e:String) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e);}
context Person::changeAddresschangeAddress(a:String) { AddStructuralFeature(self,address,a);}
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 4
Example
> Context> MotivationMotivation
IntroductionIntroductionThesis Proposal
Related WorkConclusions
Person
name : String email : String
Department
name : String
WorksIn1*
context Person::addPerson addPerson (n:String, e:String) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e);}
context Person::changeAddresschangeAddress(a:String) { AddStructuralFeature(self,address,a);}
NOT SYNTACTICALLY CORRECT
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 4
Example
> Context> MotivationMotivation
IntroductionIntroductionThesis Proposal
Related WorkConclusions
Person
name : String email : String
Department
name : String
WorksIn1*
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 4
context Person::changeAddresschangeAddress(a:String) { AddStructuralFeature(self,adress,a);}
NOT EXECUTABLE
context Person::addPerson addPerson (n:String, e:String) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e);}
Example
> Context> MotivationMotivation
IntroductionIntroductionThesis Proposal
Related WorkConclusions
Person
name : String email : String
Department
name : String
WorksIn1*
NOT COMPLETE
context Person::addPerson addPerson (n:String, e:String) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e);}
context Person::changeAddresschangeAddress(a:String) { AddStructuralFeature(self,adress,a);}
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 4
Provide a verification framework to help the designers to verify the correctness of their behavioral models (based in Actions)
Goal
Action-basedbehavior
specificationSyntactic
Correctness Completeness Redundancy
input
STATIC MODEL VERIFIER feedback
translationWeak
Executability
MODEL CHECKING
ACTION SEMANTICS VERIFICATION FRAMEWORK
Executability
> GoalsGoals> Framework description> Important issues
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 5
Sub-Goals
Identify and describe correctness properties: - Syntactic correctness - Executability - Completeness - Redundancy
1
Action-basedbehavior
specificationSyntactic
Correctness Completeness Redundancy
input
STATIC MODEL VERIFIER feedback
translationWeak
Executability
MODEL CHECKING
ACTION SEMANTICS VERIFICATION FRAMEWORK
> GoalsGoals> Framework description> Important issues
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 6
Sub-Goals
Develop a static (do not require simulation of the model) model verifier composed by a set of efficient techniques to verify the previous properties
2
Action-basedbehavior
specificationSyntactic
Correctness Completeness Redundancy
input
STATIC MODEL VERIFIER feedback
translationWeak
Executability
MODEL CHECKING
ACTION SEMANTICS VERIFICATION FRAMEWORK
> GoalsGoals> Framework description> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 7
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Sub-Goals
Integrate the previous static techniques with other existing verification approaches (Model Checking)
3
Action-basedbehavior
specificationSyntactic
Correctness Completeness Redundancy
input
STATIC MODEL VERIFIER feedback
translationWeak
Executability
MODEL CHECKING
ACTION SEMANTICS VERIFICATION FRAMEWORK
Executability
> GoalsGoals> Framework description> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 8
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Sub-Goals
Provide useful feedback to the designer4
Action-basedbehavior
specificationSyntactic
Correctness Completeness Redundancy
input
STATIC MODEL VERIFIER feedback
translationWeak
Executability
MODEL CHECKING
ACTION SEMANTICS VERIFICATION FRAMEWORK
> GoalsGoals> Framework description> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 9
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Input
UML Class DiagramUML Class Diagram
OperationsActivity DiagramsInteraction DiagramsState Machines
Behavioral Behavioral Specification Specification
(Action Semantics)(Action Semantics)
> Goals> Framework description: InputFramework description: Input> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 10
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Verification techniques used
> Goals> Framework description: Techniques Framework description: Techniques > Important issues
Static techniquesStatic techniquesStatic analysis
Output: Corrective feedback
First correctness analysis
Model CheckingModel CheckingTranslation:
State Explosion Problem
LTL properties
Output: Error trace
More detailed analysis
UML Model
MClanguage
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 11
specification design implementation testing
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Syntactic Correctness
A behavioral specification described using actions is syntactically correct when all the actions included in it satisfy the WFR
WFR (Well Formedness Rule) = Constraint that restrict the possible set of valid UML models.
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 12
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Syntactic Correctness: Example
WFR: The classifier cannot be abstract
context CreateObject inv: not (self.classifier.isAbstract = #true)
obj2 := CreateObject(ConcreteClass);
AbstractClass
ConcreteClass
obj1 := CreateObject(AbstractClass);
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 13
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Executability
A behavioral specification described using actions is executable when there is a chance that a user may successfully execute it
Weak Executability at least one sucessful execution of the behaviorStrong Executability all successful executions of the behavior
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 14
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Executability: Example
Person
name : String email : String
Department
name : String
WorksIn1*
context Person::addPerson addPerson (n:String, e:String) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e);}
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 15
notexecutable
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
FEEDBACK: Add a CreateLink
Executability: Example
Person
name : String email : String
Department
name : String
WorksIn1*
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 15
context Person::addPerson addPerson (n:String, e:String, d:Department) { p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e); CreateLink(WorksIn, person, self, department, d);}
executable
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
FEEDBACK: Add a CreateLink
Completeness
A set of behavioral specifications described using actions is complete when all possible changes (inserts/updates/deletes) on all parts of the system state can be performed throught the execution of this set of behaviors
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 16
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Completeness: ExamplePerson
name : String email : String
Department
name : String
WorksIn1*
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 17
not completecontext Person::addPerson addPerson (n:String, e:String, d:Department) {
p: Person; p := CreateObject(Person); AddStructuralFeature(p,name,n); AddStructuralFeature(p,email,e); CreateLink(WorksIn, person, self, department, d);}
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
FEEDBACK: Add actions to create/destroy departments…
Redundancy
An action (or set of actions) in an behavioral specification is redundant if its effect on the system state is subsumed by the effect of later actions in the same behavioral specification
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 18
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Redundancy: Example
> Goals> Framework description: PropertiesFramework description: Properties> Important issues
context Person::changeNamechangeName(name1:String, name2:String) { AddStructuralFeature(self,name,name1); AddStructuralFeature(self,name,name2); }
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 19
Redundancy: The second update overwrites the first one
redundant action
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
FEEDBACK: Remove the first update
Important issues
> Goals> Framework description: Properties> Important issuesImportant issues
scope Action based UML behavioral specifications
extension Aplicable to BPM diagrams
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 20
limitations Our static verification do not check conditions
IntroductionThesis ProposalThesis Proposal
Related WorkConclusions
Related work
UML Model
Behavioral model
Most of related works:
• Use Model Checking techniques
• Ignore the actions included
• Verify LTL properties
• Not meaningful feedback
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 21
IntroductionThesis ProposalRelated WorkRelated Work
Conclusions
Conclusions
Framework for the verification of the correctnes of
UML behavioral models
Extensible to other kinds of behavioral specifications
Focused on Actions
Valuable feedback
▪
▪
▪
▪
A Framework for Verifying UML Behavioral Models Doctoral Consortium CAiSE’09 – 10th June 2009, Amsterdam 22
IntroductionThesis Proposal
Related WorkConclusionsConclusions
Doctoral ConsortiumCAiSE’09
10th June 2009Amsterdam
Thanks for your attention!
Elena [email protected]
A Framewrok for Verifying UML Behavioral Models