Validation of Derived Features and Well-Formedness Constraints in DSLs
-
Upload
daniel-varro -
Category
Technology
-
view
132 -
download
0
description
Transcript of Validation of Derived Features and Well-Formedness Constraints in DSLs
Budapest University of Technology and EconomicsDepartment of Measurement and Information Systems
Validation of Derived Features and Well-Formedness Constraints in
DSLs
Oszkár Semeráth, Ákos Horváth, Dániel VarróBudapest University of Technology and Economics
MODELS 2013Miami Beach, Florida, US, October 3rd, 2013
Motivation
Models and Languages in Avionics Systems
Air Conditioning Management
Required Temperature
Cabine Temperature
Heater
UI Feedback
InOut
OutOut
Heater Controller
Terminator
In
In
Out
Out
In
Main ideas of MDE tools• early validation of system models • automatic generation of artifacts quality++ tools ++ development cost--
4
Ongoing ProjectGoal: Allocate SW components to ARINC653 compliant IMA platform
Functional Architecture
Platform description
Component database
Allocation
Integrated System Model
Ongoing ProjectGoal: Allocate SW components to ARINC653 compliant IMA platform
Technical Challenges:• Open source DSL tools (Eclipse) • Validation: Instance models + DSLs• Existing component databases• Traceability• Generate communication
architecture• Integration with MATLAB Simulink
Functional Architecture
Platform description
Component database
Allocation
Integrated System Model
Domain-Specific Languages
An Overview in George Orwell’s Style
EMF MetamodelsEReference(Aggregati
on)
EAttribute
EReference
Multiplicity
Enumeration
EClass
kind:LimbKind
Eclipse Modeling Framework (EMF):• De facto modeling standard for Eclipse based modeling tools• Design metamodel auto-generate interface, implementation, tree editor…• Examples: UML, AADL, SysML, BPMN, AUTOSAR
DSL Instance Models
DSL (Instance) Models: • Typed over domain metamodels• Type-conformant by construction• Graphical vs. Textual vs Abstract syntax
Snowball:Pig Jones:Man
Whisky:Drink
Manor:Farm
Napoleon:Pig
liveslives
drinkslives
9Metamodels with Derived FeaturesDerived
ReferenceDerived Attribute
Derived Features: • Values calculated from other elements• Defined declaratively as model queries (e.g. OCL, graph queries)• Tooling: handle as regular EMF elements
kind:LimbKind
Derived Reference as a Model Query
ModelQuery(A,B): • tuples of model elements A, B• satisfying the query condition• enumerate 1 / all instances• A,B can be input or output„Whatever goes upon four legs,
or has a wing, is a friend”
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
Derived Reference as a Model Query
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
pattern friend(A,C) = { knows (A, C); N == count find legs (C, _L); check (N = 4);} or
Derived Reference as a Model Query
knowsA:Animal C:Creature
L1:LimbL1:LimbL1:LimbL4:Limb
#(legs)=4
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
pattern friend(A,C) = { knows (A, C); N == count find legs (C, _L); check (N = 4);} or
Derived Reference as a Model Query
knowsA:Animal C:Creature
L1:LimbL1:LimbL1:LimbL4:Limb
#(legs)=4
knowsA:Animal C:Creature
W:Limb
wings
{ knows (A, C); wings (C, _W);}
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
Well-Formedness Constraints (Commandments)
„All animals are equal”
Well-Formedness Constraints (aka. Design Rules): • Capture structural consistency criteria• Defined declaratively as model queries (e.g. OCL, graph queries)
Ill-Formedness Constraint: • Query results highlight erroneous elements
„No animal shall drink alcohol”
„Whatever goes upon two legs is an enemy”
„No animal shall wear clothes”
Language-level Validation of Complex DSLs
Overview
DSL Tool (Eclipse)
SMT solver (Z3)
Overview: Generation of FOL predicates
Initial Model (Partial Snapshot)
DSL Specification
Metamodel
DerivedFeature
WF Constraints
Search Parameters
DSL-to-SMT mapping
EPR formulae
Axioms
Predicates
Generated Predicates for SMT solver
„All animals have four limbs”
„A creature is either an animal or a man”
Restricted by the metamodel
„A limb is either a wing, an arm or a leg”
„Whatever goes upon four legs, or has a wing, is a friend”
Definition of a derived feature
„All animals are equal”
„Whatever goes upon two legs is an enemy”
Well-formedness constraints
„No animal shall drink alcohol”
„No animal shall wear clothes”
Ill-formedness constraints
Initial Model / Partial Snapshot
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
Initial Model: Hint for the solver •Minimum required structure•Valid counter-examples should always contain it
DSL Tool (Eclipse)
SMT solver (Z3)
Overview: Validation+Back-annotation
Initial Model (Partial Snapshot)
DSL Specification
Metamodel
DerivedFeature
WF Constraints
Search Parameters
DSL-to-SMT mapping
SMT-to-DSL mapping
EPR formulae
Axioms
Predicates
Validation Result Model
Validation resultModel as
proof
Counter-example
Validation Result
Snowball:Pig :Hen
Boxer:Horse
L1:Limb
knowsknows
legslegs
L1:LimbL1:LimbL4:LimbL2:LimbL2:Limb L2:LimbW2:Limb
wings
drinksNapoleon:Pig
L1:LimbL2:Limb L1:LimbA2:Limb
Whisky:Drink
armslegs
Conceptual challenges
DSL validation workflow
Constraint approximations
Tooling challenges
Abstract initial models
Performance + Additional challenges
WF constraint to validate: •All animals are friends
DSL Validation Workflow
DSLtool
Metamodel
+ Derived features
Validation (Z3 SMT-solver)
Ambiguous?Incomplete?Inconsistent?
A Check DF
M Correct DF
„Whatever goes upon four legs, or has a wing, is a friend”
„Four legs good, two legs better”
Conceptualchallenges
DSL validationworkflow?
Constraintapproximations?
Tooling challenges
Abstract initialmodels?
Performance of validation?
DSL Validation Workflow
DSLtool
Metamodel
+ Derived features
+ WF constraints
Validation (Z3 SMT-solver)
Ambiguous?Incomplete?Inconsistent?
Inconsistent?Subsumption
A Check DF
M Correct DF
A Check WF
M CorrectWF
Valid DSL
„No animal shall drink alcohol to excess”
Conceptualchallenges
DSL validationworkflow?
Constraintapproximations?
Tooling challenges
Abstract initialmodels?
Performance of validation?
23
Constraint Approximations Gang = Friends of friends
Approximation (Length 2)
When to approximate?o Mapping to FOL is
• infeasible or • too complex to analyze
(effectively propositional?)o Transitive closureo Containment hierarchy
Conceptualchallenges
DSL validationworkflow?
Constraintapproximations?
Tooling challenges
Abstract initialmodels?
Performance of validation?
// C is a transitive friend of Apattern gang(A,C) = { find friend+(A,C);}
gang2(A,C) friend(A,C) F⇒ ∨ ∃ 1 : friend(A, F1) gang1(F∧ 1, C, A )gang1(A,C, F1) friend(A,C) F⇒ ∨ ∃ 2 ≠F1 : friend(A, F2) gang0(F∧ 2, C, F1, C, A)gang0(A,C, F1, F2) friend(A,C) F⇒ ∨ ∃ 3 ≠F2≠F1 : friend(A, F3) true∧
Abstract & Inconsistent Initial Models
C1:Creature C2:Creature
Manor:Farmlives
lives
lives
C3:Creature
Example 1: • Construct a farm with 3 creatures
EMF Tooling problem: • Abstract classes cannot be instantiated
SnowBall:Pig John:Man
Animal:Farmlives
lives
Napoleon:Pig
Example 2: • Manor Farm Animal Farm(John is no longer there)
EMF Tooling problem: • Elements without containers are inconsistent (John)
Conceptualchallenges
DSL validationworkflow?
Constraintapproximations?
Tooling challenges
Abstract initialmodels?
Performance of validation?
25
Additional Features
Mark relevant metamodel parts• Compact mapping• Speed up search during validation
Set Search Parameters• Maximum size of instance models• Approximation levels
Tooling• Visualization of abstract / inconsistent models• Full (back-annotated) analysis cycle• Z3 export/import into EMF models
Closing Remarks
27Application II: Test Context Generation
Testing framework
Context modelContext model
Scenario modelsScenario models
Testing strategy• Valid initial contexts• Combination of initial contexts• Violation of constraints• Extension of initial contexts
Testing strategy• Valid initial contexts• Combination of initial contexts• Violation of constraints• Extension of initial contexts
Test contextgeneratorTest contextgenerator
Test oracle generatorTest oracle generator
Test contexts (models)Test contexts (models)
Test oracle (automata)Test oracle (automata)
DSL Tool (Eclipse)
SMT solver (Z3)
Summary
Initial Model (Partial Snapshot)
DSL Specification
Metamodel
DerivedFeature
WF Constraints
Search Parameters
DSL-to-SMT mapping
SMT-to-DSL mapping
EPR formulae
Axioms
Predicates
Validation Result Model
Validation resultModel as
proof
Counter-example