Model-Driven Engineering and Software Development

The state of the art in model-driven software engineering is a combination of structural modeling and conventional programming to supply the operational behavior of the system. This fact leads to the so-called code generation dilemma when model and hand-written code evolve independently during the software development process. In this paper we present an approach of integrating two OMG standards to overcome this problem: A tight integration of UML used for structural modeling and the Action Language for Foundational UML (ALF) for behavioral modeling using a textual surface notation leads to a full-blown model-driven process which allows for the generation of fully executable source code. Supplying hand-written code fragments in the target language is no longer necessary.

Cyber-Physical Systems (CPSs) are built upon discrete software and hardware components, as well as continuous physical components. Such heterogeneous systems involve numerous domains with competencies and expertise that go far beyond traditional software engineering: systems engineering. In this paper, we explore a model-based approach for systems engineering that advocates the composition of several heterogeneous artifacts (called views) into a sound and consistent system model. A model combination Language is proposed for this purpose. Thus, rather than trying to build the universal language able to capture all possible aspects of systems, the proposed language proposes to relate small subsets of languages in order to offer specific analysis capabilities while keeping a global consistency between all joined models. We demonstrate the interest of our approach through an industrial process based on Capella, which provides (among others) a large support for functional analysis from requirements to components deployment. Even though Capella is already quite expressive, it lacks support for schedulability analysis. AADL is also a language dedicated to system analysis. If it is backed with advanced schedulability tools, it lacks support for functional analysis. Thus, instead of proposing ways to add missing aspects in either Capella or AADL, we rather extract a relevant subset of both languages to build a view adequate for conducting schedulability analysis of Capella functional models. Finally, our combination language is generic enough to extract pertinent subsets of languages and combine them to build views for different experts. It also helps maintaining a global consistency between different modeling views.

Models are used mainly to communicate among humans the most relevant aspects of the item being modelled. Moreover, for achieving impact in modern complex applications, modelling languages and tools must support some level of composition. Furthermore, executable models are the foundations of model-driven development; therefore, it is crucial that we study the understandability of executable behaviour models, especially from the perspective of modular composition. We examine the match between the delicate semantics of executable models for applications such as reactive- and real-time systems and developers’ usually simple conception. Performing a series of experiments with UML statecharts and logic-labelled finite-state machines (LLFSMs), we explore understandability of event-driven vs. logic-labelled state machines as well as the architectural options for modular composition. We find that expertise in model manipulation is essential, and that clarification of the semantics of LLFSMs is necessary for them to remain formally verifiable and suitable for robotic and embedded systems.

Using DSMLs, the domain experts can express their models in a language that is relevant to the problem area. However, it also adds the complexity of interoperability between these languages, specially for application areas that encompass multiple domains. One such application area, Cyber Threat Analysis (CTA), is at the intersection of various domains that can evolve independently: system modeling, attacker modeling and threat description. In this paper, we present an approach to address CTA interoperability issues based on role modeling. The proposed language provides a mechanism to define shared semantics between DSMLs relative to the CTA. The concept of a role is central to our approach, presented as Role4All framework. These roles allow us to federate different DSMLs to generate an attacker’s viewpoint. Our approach is illustrated using a case study on the development of an attacker’s viewpoint based on the federation of multiple domain models. Interoperability between the domain models is crucial to apply dedicated algorithms and interpretations on the attacker’s viewpoint. We used this attacker viewpoint to simulate attacks on a system for security analysis.

The complexity of heterogeneous Multi-Processor Systems-on-Chip stretches the limits of software development solutions based on sequential languages such as C/C++. While these are still the most widely used languages in practice, model-based solutions appear to be an efficient alternative. However, the optimized compilation of models for multi-processor systems still presents many open research problems. Among others, static data-flow analyses for models require the adaptation of traditional algorithms used in program analysis (iterative and worklist algorithms). These algorithms operate on Control-Flow Graphs with a unique start node (i.e., a node without predecessors) and assume that every basic block is reachable from this start node.

In this paper, we present a novel combination of the well-known iterative and worklist algorithms that examines a Control-Flow Graph where basic blocks can be reached by paths that originate from different start states. We apply this solution to functional views of signal and image processing models denoted with UML Activity and SysML Block diagrams. We demonstrate its effectiveness on interval analysis and show that significant reductions in the number of visits of the models’ control-flow graphs can be achieved.

We describe the text-emission templating capabilities of Umple (Umple-TL) and compare this Umple feature to other technologies for text generation. Umple, which is written in itself, combines modeling synergistically with programming in languages like Java and C++. Umple-TL further builds on these synergies. With the use of Umple-TL, we eliminated dependencies on third-party libraries for text emission. We demonstrate how Umple-TL attains benefits such as smaller and faster executables, target-language independence and IDE independence. We compare Umple-TL and other text emission tools in order to show how Umple-TL can overcome many of the challenges a tool can face. The word ‘template’ in this paper refers to patterns for the generation of output, and not to generic types, another common use of the term.

Correct data analysis depends on good quality data, and that means having data in a form that can be consistently queried, profiled and managed, easily and repeatedly. The healthcare sector, in particular the growing field of personalised medicine, has some of the most complex and diverse datasets. However, they are mostly heterogeneous datasets, and not always easy to merge into a form that is useful for the data scientists and researchers that are attempting to carry out data analysis. This paper describes key factors needed to automate the process of integrating such datasets, it is based upon experience working with standards-compliant metadata registries in precision medicine.

Language workbenches are used to define languages using appropriate meta-languages. Meta-languages are also just languages and can, therefore, be defined using themselves. The process is called bootstrapping and is often difficult to achieve.

This paper compares four different bootstrapping solutions. The EMF environment and the Meta-Programming System (MPS) use a compiled bootstrapping for their own definition. The platforms LanguageLab and DMLA are using interpreted bootstrapping. This paper compares these kinds of bootstrapping and relates them to the definition of instantiation. Besides the structural aspects of the bootstraps, the dynamism is also elaborated. It is shown how the bootstrap is related to the execution environment. Finally, the level of changeability is also discussed. It is shown that all approaches are quite similar and provide very flexible environments.

Embedded systems are commonly built upon heterogeneous digital and analog integrated circuits, including sensors and actuators. Model-driven approaches for designing software and hardware are generally limited to the digital parts of systems. In the present paper, we adopt a global view on the extensions made to an integrated modeling and simulation tool, TTool. In this tool, the verification and virtual prototyping of embedded systems is described at different abstraction levels and extended in order to handle analog/mixed-signal systems. An extensive case study spans these levels and illustrates the usefulness of our approach.

In model-driven software development (MDSD) projects, frequently domain experts and developers work together on the same model. However, they have quite different preferences concerning tools for working with a model. While developers require a powerful integrated development environment (IDE), domain experts are overwhelmed by the amount of functionality of an IDE and its confusing user interface. They prefer a simple editor, often provided as a web application, which does not require a local installation. Currently, both stakeholders typically agree on a common tool, which is frustrating for at least one of them. The Language Server Protocol (LSP) is a standard that aims to include language smarts into simple editors without turning them into IDEs. Originally, it has been designed for programming languages. In the present paper, we will give evidence based on a case study and a corresponding SWOT analysis that it is even more beneficial for a textual domain-specific language (DSL) as it is often used in MDSD. We will focus on the language workbench Xtext which supports the LSP. In particular, we will investigate how the LSP can be used to integrate a DSL into different development tools (editors and IDEs). Supplementing the SWOT analysis, we have also evaluated the practical relevance of the LSP.

Scenario-Based Programming (SBP) is an approach to modeling and running complex, event-based, system behavior by composing narrower views of overall behavior. In this paper we introduce significant extensions to the strict interfaces by which scenarios in existing SBP frameworks specify what the system must, may, or must not do, and to the mechanisms that execute these scenarios: (i) we allow events with a multitude of variables and parameters; each event can become an entire model, and each event selection can be the selection of a major section of the new state of the system and the environment; (ii) we extend the basic request/block SBP interfaces with a rich set of composable constraints and functions, which can describe desired and undesired variable assignments, where each constraint may relate to all variables or to just a subset thereof; (iii) we introduce a central, application-agnostic mechanism for adding optimization to standard event selection; and (iv) we relate our method to Null-Space Behavior (NSB)—a successful compositional approach in control theory. We demonstrate these language-independent concepts through several use cases that are implemented in a variety of languages and solvers.

When the two disciplines, software product line engineering (SPLE) and model-driven software engineering (MDSE), come together multi-variant model transformations (MVMTs) are almost indispensable tool support.

Variability annotations are boolean expressions used in annotative SPL engineering (SPLE) for expressing in which products model elements are visible. Developing the SPL in a model-driven way requires various model representations, e.g., Java models for generating the source code. Although model transformations are the key essence of MDSE and can be used to generate these representations from already existing (model) artifacts, they suffer from not being able to handle the variability annotations automatically. Thus, the developer is forced to annotate target models manually contradicting the goal of both disciplines, MDSE and SPLE, to increase productivity. Recently, approaches have been proposed to solve the problem using, e.g., traces, to propagate annotations without changing the transformation itself. In this paper we utilize a generic framework allowing to evaluate whether the target model of arbitrary (reuse-based) MVMTs was annotated correctly. In particular, for two different product lines we illuminate the transformation of UML class diagrams to Java models from which we finally can generate source code. On the one hand, we examine the quality of different post-processing annotation propagation strategies, on the other hand, the scalability of the framework itself.

The complexity in automotive systems engineering is increasing over the last decade. Autonomous driving and new comfort functions are some reasons for this growing complexity. With the introduction of multi-core processors in automotive system architectures, the shift from sequential to parallel thinking is more and more important in the different development phases. Based on the EAST-ADL, we present an approach to support the design process for distributed systems by using partitioning as an additional viewpoint on the architecture level. Therefore, we developed an extension to the EAST-ADL for partitioning and show automatic partitioning analysis on different architecture abstractions. These derived partitions can support system designers during the design process of functional architectures, by having a first insight how independent the functional components are structured from a data dependency viewpoint. This gives hints for the allocation of functions to hardware in later stages of the development process.

Program evolution may reveal bad design decisions, misunderstandings, erroneous code, or erroneous specifications, because problems made early in the design of a system may not be discovered until much later in the life-time of the system. Non-trivial changes of old code may be necessary. Flexibility in making such changes is essential, especially in a distributed setting where the system components are updated independently. In this setting re-verification is challenging. We consider flexibility with respect to what changes can be made as well as what can be efficiently reverified.

In this paper we propose a flexible framework for modeling and evolution of distributed systems. It supports unrestricted modifications in such systems, both in code and specifications, and with support of verification and re-verification. We consider on the setting of concurrent and object-oriented distributed programs, and introduce a core high-level modeling language supporting active objects. We allow multiple inheritance because it gives added flexibility during evolution, allowing a wider class of software changes. To avoid undesired effects of multiple inheritance, we apply a healthy binding strategy. We prove that the framework supports Modification Independence and Hierarchy Independence, which requires healthy binding. We demonstrate that our framework can deal with verification of software changes that are not possible in comparable frameworks.

Multi-view environments for software development allow different views of a software system to be defined to cover the requirements of different stakeholders. One way of ensuring consistency of overlapping information often contained in such views is to project them “on demand” from a Single Underlying Model (SUM). However, there are several ways to construct and adapt such SUMs. This paper presents four archetypal approaches and analyses their advantages and disadvantages based on several new criteria. In addition, guidelines are presented for selecting a suitable SUM construction approach for a specific project.

Internet of Things (IoT) devices are advanced embedded systems within a Cyber-Physical System (CPS) that require to be monitored and controlled. Such necessities are becoming increasingly common due to the advent of the Industry 4.0 among other smart deployments. A recurring issue in this field is that existing and new projects are reinventing the wheel by starting the development and deployment of IoT devices from scratch. To overcome such loss of efficiency in development, we propose to use Software Product Line (SPL) and Model-Based Engineering (MBE) since they seem promising in the literature in order to accelerate and ease the development software while reducing bugs and errors, and hence, costs. Additionally, a personalized solution is needed since not all Industrial CPSs (ICPSs) are composed by the same devices or use the same IoT communication protocols. Thus, we realized that a Domain Specific Language (DSL) along with a standard, will allow the user to graphically model the ICPS for this to be monitored and controlled. Therefore, this work presents TRILATERAL, a SPL Model Based tool that uses a Domain Specific Language (DSL) to allow users to graphically model ICPSs with a IEC 61850 based metamodel, a standard originally designed for electrical substations but that has also been used in other domains. TRILATERAL automatically generates an artifact in order to create a middleware between the ICPS and the monitoring system to monitor and control all the devices within the ICPS. This tool is designed, implemented and finally, validated with a real use case (catenary-free tram) where different lessons have been learned.