research-article

Weak Alphabet Merging of Partial Behavior Models

Authors:
Dario Fischbein

Imperial College London

Imperial College London
View Profile

,
Nicolas D’Ippolito

Imperial College London

Imperial College London
View Profile

,
Greg Brunet

University of Toronto

University of Toronto
View Profile

,
Marsha Chechik

University of Toronto

University of Toronto
View Profile

,
Sebastian Uchitel

Imperial College London and University of Buenos Aires

Imperial College London and University of Buenos Aires
View Profile

ACM Transactions on Software Engineering and Methodology Volume 21 Issue 2Article No.: 9pp 1–47https://doi.org/10.1145/2089116.2089119

Published:01 March 2012Publication History

ACM Transactions on Software Engineering and Methodology

Abstract

Constructing comprehensive operational models of intended system behavior is a complex and costly task, which can be mitigated by the construction of partial behavior models, providing early feedback and subsequently elaborating them iteratively. However, how should partial behavior models with different viewpoints covering different aspects of behavior be composed? How should partial models of component instances of the same type be put together? In this article, we propose model merging of modal transition systems (MTSs) as a solution to these questions. MTS models are a natural extension of labelled transition systems that support explicit modeling of what is currently unknown about system behavior. We formally define model merging based on weak alphabet refinement, which guarantees property preservation, and show that merging consistent models is a process that should result in a minimal common weak alphabet refinement (MCR). In this article, we provide theoretical results and algorithms that support such a process. Finally, because in practice MTS merging is likely to be combined with other operations over MTSs such as parallel composition, we also study the algebraic properties of merging and apply these, together with the algorithms that support MTS merging, in a case study.

References

Abadi, M. and Lamport, L. 1991. The existence of refinement mappings. Theor. Comput. Sci. 82, 2, 253--284. Google ScholarDigital Library
Ball, T., Levin, V., and Xie, F. 2004. Automatic creation of environment models via training. In Proceedings of 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04). Lecture Notes in Computer Science, vol. 2988, Springer, Berlin, 93--107.Google Scholar
Boem, B. and Turner, R. 2004. Balancing agility and discipline: A Guide for the Perplexed. Pearson Education. Google ScholarDigital Library
Brunet, G. 2006. A characterization of merging partial behavioral models. M.S. thesis, University of Toronto.Google Scholar
Bruns, G. and Godefroid, P. 1999. Model checking partial state spaces with 3-valued temporal logics. In Proceedings of 11th International Conference on Computer-Aided Verification (CAV’99). Lecture Notes in Computer Science, vol. 1633, Springer, Berlin, 274--287. Google ScholarDigital Library
Bruns, G. and Godefroid, P. 2000. Generalized model checking: Reasoning about partial state spaces. In Proceedings of 11th International Conference on Concurrency Theory (CONCUR’00). Lecture Notes in Computer Science, vol. 1877, Springer, 168--182. Google ScholarDigital Library
Calder, M. and Magill, E. H., (eds.). 2000. Feature Interactions in Telecommunications and Software Systems VI. IOS Press. Google ScholarDigital Library
Chechik, M., Devereux, B., Easterbrook, S., and Gurfinkel, A. 2003. Multi-valued symbolic model-checking. ACM Trans. Soft. Eng. Methodol. 12, 4, 1--38. Google ScholarDigital Library
Clarke, E. and Wing, J. 1996. Formal methods: State of the art and future directions. ACM Comput. Surv. 28, 4, 626--643. Google ScholarDigital Library
Clarke, E., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press, Cambridge, MA. Google ScholarDigital Library
Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2001. Progress on the state explosion problem in model checking. In Informatics. 10 Years Back. 10 Years Ahead, R. Wilhelm, Ed., Lecture Notes in Computer Science, vol. 2000, Springer, Berlin, 176--194. Google ScholarDigital Library
Crews. 1999. Cooperative requirements engineering with scenarios. http://Sunsite.Informatik.RWTH-Aachen.DE/CREWS. Google ScholarDigital Library
Cunningham, J. and Finkelstein, A. 1986. Formal requirements specification: The FOREST project. In Proceedings of 3rd International Workshop on Software Specification and Design. IEEE Computer Society Press, 186--192.Google Scholar
Dams, D. 1996. Abstract interpretation and partition refinement for model checking. Ph.D. dissertation, Eindhoven University of Technology, The Netherlands.Google Scholar
Dams, D., Gerth, R., and Grumberg, O. 1997. Abstract interpretation of reactive systems. ACM Trans. Program. Lang. Sys. 2, 19, 253--291. Google ScholarDigital Library
Diaz-Redondo, R., Pazos-Arias, J., and Fernandez-Vilas, A. 2002. Reusing verification information of incomplete specifications. In Proceedings of the 5th Workshop on Component-Based Software Engineering.Google Scholar
D’Ippolito, N., Fishbein, D., Chechik, M., and Uchitel, S. 2008. MTSA: The modal transition system analyzer. In Proceedings of International Conference on Automated Software Engineering (ASE’08). 475--476. Google ScholarDigital Library
Dupont, P., Lambeau, B., Damas, C., and van Lamsweerde, A. 2008. The QSM algorithm and its application to software behavior model induction. J. Appl. Artif. Intell. 22, 1--2, 77--115. Google ScholarDigital Library
Dwyer, M. B., Avrunin, G. S., and Corbett, J. C. 1998. Property specification patterns for finite-state verification. In Proceedings of 2nd Workshop on Formal Methods in Software Practice. Google ScholarDigital Library
Easterbrook, S. and Chechik, M. 2001. A framework for multi-valued reasoning over inconsistent viewpoints. In Proceedings of International Conference on Software Engineering (ICSE’01). IEEE Los Alamitos, CA. 411--420. Google ScholarDigital Library
Fischbein, D. and Uchitel, S. 2008. On correct and complete merging of partial behavior models. In Proceedings of SIGSOFT Conference on Foundations of Software Engineering (FSE’08). 297--307. Google ScholarDigital Library
Fischbein, D., Uchitel, S., and Braberman, V. A. 2006. A foundation for behavioral conformance in software product line architectures. In Proceedings of ISSTA’06 Workshop on Role of Software Architecture for Testing and Analysis (ROSATEA’06). 39--48. Google ScholarDigital Library
Fitting, M. 1991. Many-valued modal logics. Fundamenta Inf. 15, 3--4, 335--350. Google ScholarDigital Library
Giannakopoulou, D. and Magee, J. 2003. Fluent model checking for event-based systems. In Proceedings of the 9th joint meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’03). ACM, New York, 257--266. Google ScholarDigital Library
Godefroid, P., Huth, M., and Jagadeesan, R. 2001. Abstraction-based model checking using modal transition systems. In Proceedings of 12th International Conference on Concurrency Theory (CONCUR’01), K. Larsen and M. Nielsen, Eds., Lecture Notes in Computer Science, vol. 2154, Springer, Berlin, 426--440. Google ScholarDigital Library
Godefroid, P. and Jagadeesan, R. 2003. On the expressiveness of 3-valued models. In Proceedings of 4th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’03). Lecture Notes in Computer Science, vol. 2575, Springer, Berlin, 206--222. Google ScholarDigital Library
Godefroid, P. and Pitterman, N. 2009. LTL generalized model checking revisited. In Proceedings of the 10th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’09). Lecture Notes in Computer Science, vol. 5403, Springer, Berlin, 89--104. Google ScholarDigital Library
Gunter, C. 1992. The mixed powerdomain. Theor. Comput. Sci. 103, 2, 311--334. Google ScholarDigital Library
Gurfinkel, A. and Chechik, M. 2005. How thorough is thorough enough. In Proceedings of 13th Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME’05). Lecture Notes in Computer Science, vol. 3725, Springer, Berlin, 65--80. Google ScholarDigital Library
Gurfinkel, A., Wei, O., and Chechik, M. 2006. Systematic construction of abstractions for model-checking. In Proceedings of 7th International Conference on Verification, Model-Checking, and Abstract Interpretation (VMCAI’06). Lecture Notes in Computer Science, vol. 3855. Springer, Berlin, 381--397. Google ScholarDigital Library
Harel, D., Kugler, H., and Pnueli, A. 2005. Synthesis revisited: Generating statechart models from scenario-based requirements. In Formal Methods in Software and Systems Modeling, 309--324.Google Scholar
Hennessy, M. and Milner, R. 1985. Algebraic Laws for Nondeterminism and Concurrency. Journal of ACM 32, 1, 137--161. Google ScholarDigital Library
Hoare, C. 1985. Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs, NJ. Google ScholarDigital Library
Horwitz, S., Prins, J., and Reps, T. 1989. Integrating noninterfering versions of programs. ACM Trans. Program. Lang. Syst. 11, 3, 345--387. Google ScholarDigital Library
Hunter, A. and Nuseibeh, B. 1998. Managing inconsistent specifications: Reasoning, analysis and action. ACM Trans. Softw. Eng. Methodol. 7, 4, 335--367. Google ScholarDigital Library
Hussain, A. and Huth, M. 2004. On model checking multiple hybrid views. In Proceedings of 1st International Symposium on Leveraging Applications of Formal Methods. 235--242.Google Scholar
Huth, M., Jagadeesan, R., and Schmidt, D. A. 2001. Modal transition systems: A foundation for three-valued program analysis. In Proceedings of 10th European Symposium on Programming (ESOP’01). Lecture Notes in Computer Science, vol. 2028. Springer, Berlin, 155--169. Google ScholarDigital Library
Huth, M., Jagadeesan, R., and Schmidt, D. 2002. A domain equation for refinement of partial systems. Math. Structures Comput. Sci. 14, 4. Google ScholarDigital Library
Hüttel, H. and Larsen, K. G. 1989. The use of static constructs in a modal process logic. In Proceedings of Symposium on Logical Foundations of Computer Science (Logic at Botik’89). Lecture Notes in Computer Science, vol. 363. 163--180. Google ScholarDigital Library
IEEE. 1994. IEEE recommended practice for software requirements specifications standard 830. Tech. Standard 830.Google Scholar
ITU-T. 1993. ITU-T recommendation Z.120: message sequence chart (MSC).Google Scholar
Jacobson, I. 2004. Object-Oriented Software Engineering: A Use Case Driven Approach. Addison Wesley, Redwood City, CA. Google ScholarDigital Library
Kazhamiakin, R., Pistore, M., and Roveri, M. 2004. Formal verification of requirements using SPIN: A case study on web services. In Proceedings of International Conference on Software Engineering and Formal Methods (SEFM’04). 406--415. Google ScholarDigital Library
Kleene, S. C. 1952. Introduction to Metamathematics. Van Nostrand, New York.Google Scholar
Keller, R. 1976. Formal verification of parallel programs. Comm. ACM 19, 7, 371--384. Google ScholarDigital Library
Kramer, J., Magee, J., and Sloman, M. 1983. CONIC: An integrated approach to distributed computer control systems. IEE Proc. 130, 1, 1--10.Google ScholarCross Ref
Krueger, I., Grosu, R., Scholz, P., and Broy, M. 1999. From MSCs to statecharts. In Distributed and Parallel Embedded Systems, F. J. Rammig, Ed. Kluwer, Amsterdam. Google ScholarDigital Library
Larsen, K. and Thomsen, B. 1988. A modal process logic. In Proceedings of 3rd Annual Symposium on Logic in Computer Science (LICS’88). IEEE, Los Alamitos, CA. 203--210.Google Scholar
Larsen, K. and Xinxin, L. 1990. Equation solving using modal transition systems. In Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science (LICS’90). IEEE, Los Alamitos, CA, 108--117.Google Scholar
Larsen, K. G., Steffen, B., and Weise, C. 1995. A constraint oriented proof methodology based on modal transition systems. In Proceedings of Tools and Algorithms for Construction and Analysis of Systems (TACAS’95). Lecture Notes in Computer Science, vol. 1019, Springer, Berlin, 13--28. Google ScholarDigital Library
Larsen, K., Steffen, B., and Weise, C. 1996. The methodology of modal constraints. In Formal Systems Specification. Lecture Notes in Computer Science, vol. 1169, Springer, Berlin, 405--435. Google ScholarDigital Library
Letier, E., Kramer, J., Magee, J., and Uchitel, S. 2008. Deriving event-based transition systems from goal-oriented requirements models. Autom. Softw. Eng. 15, 2, 175--206. Google ScholarDigital Library
Magee, J. and Kramer, J. 1999. Concurrency - State Models and Java Programs. Wiley, New York. Google ScholarDigital Library
Milner, R. 1989. Communication and Concurrency. Prentice-Hall, New York. Google ScholarDigital Library
Nejati, S. and Chechik, M. 2005. Let’s agree to disagree. In Proceedings of 20th IEEE International Conference on Automated Software Engineering (ASE’05). IEEE, Los Alamitos, CA. 287--290. Google ScholarDigital Library
Nejati, S. and Chechik, M. 2008. Behavioral model fusion: Experiences from two telecommunication case studies. In Proceedings of ICSE’08 Workshop on Modeling in Software Engineering (MiSE’08). Google ScholarDigital Library
Nejati, S., Sabetzadeh, M., Chechik, M., Easterbrook, S., and Zave, P. 2007. Matching and merging of statecharts specifications. In Proceedings of the 29th International Conference on Software Engineering (ICSE’07). 54--64. Google ScholarDigital Library
Nejati, S., Chechik, M., Sabetzadeh, M., Uchitel, S., and Zave, P. 2008. Towards compositional synthesis of evolving systems. In Proceedings of the SIGSOFT Conference on Foundations of Software Engineering (FSE’08). 285--296. Google ScholarDigital Library
Pnueli, A. 1977. The temporal logic of programs. In Proceedings of 18th Annual Symposium on the Foundations of Computer Science. 46--57. Google ScholarDigital Library
Sabetzadeh, M. and Easterbrook, S. 2003. Analysis of inconsistency in graph-based viewpoints: A category-theoretic approach. In Proceedings of 18th IEEE International Conference on Automated Software Engineering (ASE’03). IEEE, Los Alamitos, CA. 12--21.Google Scholar
Shoham, S. and Grumberg, O. 2004. Monotonic abstraction-refinement for CTL. In Proceedings of 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04). Lecture Notes in Computer Science, vol. 2988, Springer, Berlin, 546--560.Google Scholar
Sibay, G., Uchitel, S., and Braberman, V. 2008. Existential live sequence charts revisited. In Proceedings of the 30th International Conference on Software Engineering (ICSE’08). ACM, New York, 41--50. Google ScholarDigital Library
Uchitel, S. and Chechik, M. 2004. Merging partial behavioral models. In Proceedings of 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, New York, 43--52. Google ScholarDigital Library
Uchitel, S., Kramer, J., and Magee, J. 2003a. Behavior model elaboration using partial labelled transition systems. In Proceedings of the 9th joint meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’03). ACM, New York, 19--27. Google ScholarDigital Library
Uchitel, S., Kramer, J., and Magee, J. 2003b. Synthesis of behavioral models from scenarios. IEEE Trans. Soft. Eng. 29, 2, 99--115. Google ScholarDigital Library
Uchitel, S., Kramer, J., and Magee, J. 2004. Incremental elaboration of scenario-based specifications and behavior models using implied scenarios. ACM Trans. Soft. Eng. Methodol. 13, 1, 37--85. Google ScholarDigital Library
Uchitel, S., Broy, M., Krueger, I. H., and Whittle, J. 2005. Guest editorial: Special section on interaction and state-based modeling. IEEE Trans. Softw. Eng. 31, 12, 997--998. Google ScholarDigital Library
Uchitel, S., Brunet, G., and Chechik, M. 2007. Behavior model synthesis from properties and scenarios. In Proceedings of International Conference on Software Engineering (ICSE’07). 34--43. Google ScholarDigital Library
Uchitel, S., Brunet, G., and Chechik, M. 2009. Synthesis of partial behavior models from properties and scenarios. IEEE Trans. Soft. Eng. 3, 35, 384--406. Google ScholarDigital Library
van Lamsweerde, A. 2004. Goal-oriented requirements enginering: A roundtrip from research to practice. In Proceedings of the 12th IEEE International Conference on Requirements Engineering. IEEE, Los Alamitos, CA. 4--7. Google ScholarDigital Library
van Lamsweerde, A. and Letier, E. 2000. Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Soft. Eng. 26, 10, 978--1005. Google ScholarDigital Library
van Ommering, R., van der Linden, F., Kramer, J., and Magee, J. 2000. The Koala component model for consumer electronics software. IEEE Computer 33, 3, 78--85. Google ScholarDigital Library
Wei, O., Gurfinkel, A., and Chechik, M. 2009. Mixed transition systems revisited. In Proceedings of 10th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’09). Lecture Notes in Computer Science, vol. 5403, 349--365. Google ScholarDigital Library
Xing, Z. and Stroulia, E. 2005. UMLDiff: An algorithm for object-oriented design differencing. In Proceedings of 20th IEEE International Conference on Automated Software Engineering (ASE’05). IEEE, Los Alamitos, CA. 54--65. Google ScholarDigital Library

Index Terms

Weak Alphabet Merging of Partial Behavior Models

Recommendations

On correct and complete strong merging of partial behaviour models
SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

Modal Transition Systems (MTS) have been shown to be useful to reason about system behaviour in the context of partial information and to support incremental elaboration of behaviour models. A particularly useful notion in the context of software and ...
Read More
Merging partial behavioural models

Constructing comprehensive operational models of intended system behaviour is a complex and costly task. Consequently, practitioners have adopted techniques that support incremental elaboration of partial behaviour descriptions. A noteworthy example is ...
Read More
Synthesizing Modal Transition Systems from Triggered Scenarios

Synthesis of operational behavior models from scenario-based specifications has been extensively studied. The focus has been mainly on either existential or universal interpretations. One noteworthy exception is Live Sequence Charts (LSCs), which ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

ACM Transactions on Software Engineering and Methodology Volume 21, Issue 2
March 2012
232 pages
ISSN:1049-331X
EISSN:1557-7392
DOI:10.1145/2089116
Issue’s Table of Contents

Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 March 2012
- Accepted: 1 August 2010
- Revised: 1 May 2010
- Received: 1 May 2006
Published in tosem Volume 21, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
MTS
merge
partial behavior models
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 20
  Total Citations
  View Citations
- 491
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Weak Alphabet Merging of Partial Behavior Models

ACM Transactions on Software Engineering and Methodology

Abstract

References

Cited By

Index Terms

Recommendations

On correct and complete strong merging of partial behaviour models

Merging partial behavioural models

Synthesizing Modal Transition Systems from Triggered Scenarios

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Weak Alphabet Merging of Partial Behavior Models

ACM Transactions on Software Engineering and Methodology

Abstract

References

Cited By

Index Terms

Recommendations

On correct and complete strong merging of partial behaviour models

Merging partial behavioural models

Synthesizing Modal Transition Systems from Triggered Scenarios

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media