Lightweight Verification of Executable Models Elena Planas Jordi Cabot Cristina Gómez Universitat Oberta de Catalunya (Spain) École des Mines de Nantes – INRIA (France) Universitat Politècnica de Catalunya (Spain) 30th International Conference on Conceptual Modeling November 3rd, 2011 - Brussels, Belgium
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Lightweight Verification of Executable
ModelsElena Planas
Jordi CabotCristina Gómez
Universitat Oberta de Catalunya (Spain)École des Mines de Nantes – INRIA (France)Universitat Politècnica de Catalunya (Spain)
30th International Conference on Conceptual ModelingNovember 3rd, 2011 - Brussels, Belgium
What is an Executable Model?
1/19
What is an Executable Model?
is a model described in sufficient detail so that it can be (semi)automatically implemented/executed in the production environment
1/19
Hight level Model Software system
MDD: Model-Driven Development approach
In MDD the quality of the final system implementation depends on the quality of the initial specification
The existence of methods to verify the correctness of executable models is becoming crucial
2/19
Propose a verification method for Executable Models
our goal
Lightweight (efficient) verification method Feedback suggesting possible corrections
Action-based operations
method features
focus
property Strong Executability (SE)
3/19
An operation is Strongly Executable if it is always successfully executed, that is, the operation’s execution generates a state consistent with all structural integrity constraints
activity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*]) { Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); }}
BEHA
VIOU
RAL
MOD
EL
After executing newProduct, several constraints may become violated!
Not strongly
executable
4/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
To determine if an operation is Strongly Executable we propose a three-step
verification method
5/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
6/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
An execution pathis a consecutive sequence of
actions that may be followed during the execution of an
operation
6/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
An execution pathis a consecutive sequence of
actions that may be followed during the execution of an
operation
6/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
An execution pathactivity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*])
{ Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); }}
An execution pathactivity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*])
{ Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); }}
An execution pathactivity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*])
{ Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); }}
Our method provides feedbackto help designers identifying
and repairing the detected errors
13/19
INPU
TO
UTP
UT
Computing execution paths
Analyzing PVAs
Discarding PVAs
Our method provides feedback
activity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*]) {
if (not Product.allInstances()exists(p|p.code=_code)) { Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); CanBeSubstitutedBy.createLink(p1=>_substitutedProducts[i],p2=>self); } } }}
activity newProduct (in _code: String, in _price: Real, in _substitutedProducts: Products[0..*]) {
if (not Product.allInstances()exists(p|p.code=_code)) { Product p = new Product(); p.code = _code; p.price = _price; for (i in 1.._substitutedProductssize()) CanBeSubstitutedBy.createLink(p1=>self,p2=>_substitutedProducts[i]); CanBeSubstitutedBy.createLink(p1=>_substitutedProducts[i],p2=>self); } } }}