Automated Verification of Model Transformations in the Automotive Industry
description
Transcript of Automated Verification of Model Transformations in the Automotive Industry
![Page 1: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/1.jpg)
AUTOMATED VERIFICATION OF MODEL TRANSFORMATIONS IN THE AUTOMOTIVE INDUSTRY
GEHAN M. K. SELIM, FABIAN BÜTTNER, JAMES R. CORDY, JUERGEN DINGEL, SHIGE WANG
![Page 2: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/2.jpg)
2
AGENDA- Motivation
- Objective
- The Model Transformation Problem
- The Verification Methodology
- Case Study: Automatically Verifying the GM-2-AUTOSAR Transformation
- Results
- Verifying the 18 OCL Constraints- Performance of the Verification Approach
- Discussion
- Strengths of the Verification Approach- Weaknesses of the Verification Approach
- Conclusion & Future Work
![Page 3: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/3.jpg)
3
MOTIVATION
- MDD
- Model Transformations
- Verification
Are those concepts practical to use in
industry ?
![Page 4: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/4.jpg)
4
MOTIVATION- Industrial experiences in adopting MDD…
- T. Cottenier, A. Van Den Berg, T. Elrad “The Motorola WEAVR: Model Weaving in a Large Industrial Context” AOSD 2007.
- P. Mohagheghi, V. Dehlen “Where is the Proof?-A Review of Experiences from Applying MDE in Industry” ECMDA-FA 2008.
- Few studies on industrial model transformations…- A. Daghsen, K. Chaaban, S. Saudrais, P. Leserf “Applying Holistic
Distributed Scheduling to AUTOSAR Methodology” ERTSS 2010.- H. Giese, S. Hildebrandt, S. Neumann “Model Synchronization at Work:
Keeping SysML and AUTOSAR Models Consistent” Graph Transformations & Model-Driven Engineering 2010.
- G.Selim, S. Wang, J. Cordy, J. Dingel “Model Transformations for Migrating Legacy Models: An Industrial Case Study” ECMFA 2012
- Verifying industrial model transformations ??
![Page 5: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/5.jpg)
5
OBJECTIVE
What?• Validate an industrial model
transformation [1]
How?• Using an automated verification
prototype [2]
Why?
• Report on the practicality of using automated verification in industry
• Discuss any issues that need to be addressed for the industry to readily adopt such prototypes
[1] G. Selim, S. Wang, J. Cordy, J. Dingel "Model Transformations for Migrating Legacy Models: An Industrial Case Study", ECMFA 2012[2] F. Büttner, M. Egea, J. Cabot, M. Gogolla “Verication of ATL Transformations Using Transformation Models and Model Finders”, ICFEM 2012
![Page 6: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/6.jpg)
6
THE MODEL TRANSFORMATION PROBLEM
GM Models GM-2-AUTOSAR Transformation AUTOSAR models
[1] G. Selim, S. Wang, J. Cordy, J. Dingel "Model Transformations for Migrating Legacy Models: An Industrial Case Study", ECMFA 2012
GM
M
etamodel
AU
TO
SA
RM
etamodel
![Page 7: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/7.jpg)
7
THE VERIFICATION METHODOLOGY
Transformation Model:
- Elements representing : T,
- OCL Constraint sets: SEM, PRE, POST
tarsrc MMMM ,
transform
ATL Transformation T
Source Metamodel
Target Metamodel
Transformation Model (OCL)
srcMM
tarMM
[1] F. Büttner, M. Egea, J. Cabot, M. Gogolla “Verication of ATL Transformations Using Transformation Models and Model Finders”, ICFEM 2012
![Page 8: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/8.jpg)
8
THE VERIFICATION METHODOLOGY
Transformation Model:
- Elements representing : T,
- OCL Constraint sets: SEM, PRE, POST
tarsrc MMMM ,
Transformation Model (OCL)
[1] F. Büttner, M. Egea, J. Cabot, M. Gogolla “Verication of ATL Transformations Using Transformation Models and Model Finders”, ICFEM 2012
transform
ATL Transformation T
Source Metamodel
Target Metamodel
srcMM
tarMM
![Page 9: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/9.jpg)
9
THE VERIFICATION METHODOLOGY
For each property , the following must be unsatisfiable:iPost
What• Check partial correctness of transformation
model w.r.t. properties (OCL Constraints)
How
• Check if there is a counter example in a specific scope (i.e. maximum number of objects per class)
• Use satisfiability checkers or Model finders, e.g., USE Validator [1][2]
[1] M. Kuhlmann, L. Hamann, M. Gogolla “Extensive Validation of OCL Models by Integrating SAT Solving into USE” TOOLS 2011[2] The USE Validator. available online, http://sourceforge.net/projects/useocl/les/Plugins/ModelValidator/
![Page 10: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/10.jpg)
10
THE VERIFICATION METHODOLOGY
Run the prototype to generate the USE specification & the search configuration
Added the constraints to the USE specification & negate constraint in search configuration
Ran the tool once for each of the postconditions
Relational Logic
Propositional Logic
Ecore + OCLATL + Ecore
+ OCL
![Page 11: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/11.jpg)
11
CASE STUDY: AUTOMATICALLY VERIFYING THE GM-2-AUTOSAR TRANSFORMATION
Old Implementation
• 2 ATL Matched Rules• 9 Functional Helpers• 6 Attribute Helpers
New Implementation
• 3 Matched Rules• 2 Lazy Rules
![Page 12: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/12.jpg)
12
CASE STUDY: AUTOMATICALLY VERIFYING THE GM-2-AUTOSAR TRANSFORMATION
18 OCL PostconditionsTarget Invariants
6 Multiplicity Invariants
1 Security Invariants
Transformation Contracts9 Uniqueness Contracts
2 Pattern Contracts
Autom
atically G
enerated by the P
rototype
Manually
Form
ulated
OCL Preconditions … ?
![Page 13: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/13.jpg)
13
CASE STUDY: AUTOMATICALLY VERIFYING THE GM-2-AUTOSAR TRANSFORMATION
Context CompositionType inv CompositionType_co:self.componentsize>=1
![Page 14: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/14.jpg)
14
RESULTS: VERIFYING THE 18 OCL CONSTRAINTS- 2 Multiplicity Invariants of the 18 constraints are violated
- CompositionType_component- SwcToEcuMapping_component
![Page 15: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/15.jpg)
15
RESULTS: VERIFYING THE 18 OCL CONSTRAINTS
CompositionType_component
![Page 16: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/16.jpg)
16
RESULTS: PERFORMANCE OF THE VERIFICATION APPROACH- Standard laptop (2.50 GHz, 16GB of memory)
- Ran the verification prototype:
- once for each constraint - for scopes up to 12
- For each scope & constraint, 2 numbers were generated:
- Translation Time: Time taken to translate the relational logic representation of the transformation into propositional logic.
- Constraint Solving Time: Time taken by SAT solver to solve the propositional representation of the transformation.
![Page 17: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/17.jpg)
17
RESULTS: PERFORMANCE OF THE VERIFICATION APPROACH
![Page 18: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/18.jpg)
18
DISCUSSION: STRENGTHS OF THE VERIFICATION APPROACH
Full Automation
• Translation from ATL & constrained metamodels to constrained Ecore model & then to relational logic
• Verification of industrial transformation models up to a scope of 12 !
Verifying a Substantial Subset of ATL
• Except for Imperative blocks, recursive lazy rules, & recursive queries
• 83/131 transformations in ATL Zoo are in this fragment…24 of the remaining 48 transformations can be expressed declaratively…too!
![Page 19: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/19.jpg)
19
DISCUSSION: WEAKNESSES OF THE VERIFICATION APPROACH
Correctness of
ATL-2-Relational-Logic Translation
• Testing & Inspection• BUT cannot formally
prove correctness No formal semantics for ATL & OCL
Bound Search Approach
• Scope too small to verify the transformation ?
• Maximum scope to use is transformation-dependent
![Page 20: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/20.jpg)
20
CONCLUSION & FUTURE WORK- Demonstrated using an automated verification prototype
[1] to verify industrial transformation [2]
- Result: The used prototype uncovered 2 bugs !
- Performance: Verifying the transformation up to a scope of 12 was possible !
Application of automated verification to a case study was successful & practical to
use in an industrial context
[1] F. Büttner, M. Egea, J. Cabot, M. Gogolla “Verication of ATL Transformations Using Transformation Models and Model Finders”, ICFEM 2012[2] G. Selim, S. Wang, J. Cordy, J. Dingel "Model Transformations for Migrating Legacy Models: An Industrial Case Study", ECMFA 2012
![Page 21: Automated Verification of Model Transformations in the Automotive Industry](https://reader035.fdocuments.in/reader035/viewer/2022070418/56815787550346895dc51ce3/html5/thumbnails/21.jpg)
21
CONCLUSION & FUTURE WORK
More In
dustrial
transfo
rmatio
ns
in case
study
Use Incremental SAT Solvers
Pruning of the
transformation
model