Model Driven Engineering Languages and Systems

Software is a designed artifact. In other design disciplines, such as building architecture, there is a well-established tradition of design studies which inform not only the discipline itself but also tool design, processes, and collaborative work. This talk considers software from such a ’design studies’ perspective. The talk will present a series of observations from empirical studies of expert software designers, and will draw on examples from actual professional practice. It will consider what experts’ mental imagery, software visualisations, and sketches suggest about software design thinking. It will discuss which representations designers use when allowed to choose freely, how designers’ informal representations relate to the formal representations from their discipline, how the character of their informal representations facilitates design discussions, and why many of the functions afforded by their sketching are not well supported by existing CAD systems. It will consider what the observations and sketches reveal about requirements for an idea-capture tool that supports collaborative design. The talk will also discuss some of the deliberate practices experts use to promote innovation. Finally, it will open discussion on the tensions between observed software design practices and received methodology in software engineering.

Verifying that a software system has certain non-functional properties is a primary concern in many engineering fields. Although several model-driven approaches exist to predict quality attributes from system models, they still lack the proper level of automation envisioned by Model Driven Software Development. When a potential issue concerning non-functional properties is discovered, the identification of a solution is still entirely up to the engineer and to his/her experience. This paper presents QVT-Rational, our multi-modeling solution to automate the detection-solution loop. We leverage and extend existing model transformation techniques with constructs to elicit the space of the alternative solutions and to bind quality properties to them. Our framework is highly customizable, it supports the definition of non-functional requirements and provides an engine to automatically explore the solution space. We evaluate our approach by applying it to two well-known software engineering problems — Object-Relational Mapping and components allocation — and by showing how several solutions that satisfy given performance requirements can be automatically identified.

Numerous systems, especially component-based systems, are based on a multi-phase development process where an ontological hierarchy is established. Solutions based on modeling / metamodeling can be used for such systems, but all of them are afflicted with different drawbacks. The main problem is that elements representing both CLAsses and oBJECTs (clabjects), which are needed to specify an ontological hierarchy, are not supported by standard metamodeling frameworks. This paper presents the combination of two approaches, namely deep instantiation and model-to-metamodel transformations. The resulting approach combines the clean and compact specification of deep instantiation with the easy applicability of model-to-metamodel transformations in an automated way. Along with this a set of generic operators to specify these transformations is identified.

The increasing adoption of Model-Driven Engineering in industrial contexts highlights scalability as a critical limitation of several MDE tools. Most of the current model-to-model transformation engines have been designed for one-shot translation of input models to output models, and present efficiency issues when applied to very large models. In this paper, we study the application of a lazy-evaluation approach to model transformations. We present a lazy execution algorithm for ATL, and we empirically evaluate a prototype implementation. With it, the elements of the target model are generated only when (and if) they are accessed, enabling also transformations that generate infinite target models. We achieve our goal on a significant subset of ATL by extending the ATL compiler.

In software engineering practice, measurements may reduce development costs by improving processes and products at early stages. In model driven approaches, measurements can be conducted right from the start of a project. For UML models, a collection of metrics has been empirically validated, however, these need to be precisely defined in order to be useful. Definition of UML metrics in OCL offers a high degree of precision and portability, but due to shortcomings of this language this approach is not widespread. We propose the SQUAM framework, a tool–supported methodology to develop OCL specifications, which incorporates best practices in software development, such as libraries, testing and documentation. As a proof of concept we have developed 26 metrics for UML class diagrams in the academic context. This demonstrated the high effectiveness of our approach: quick learning, high satisfaction of developers, low imposed complexity and potential time reduction through reuse.

Among model comprehension tools, model slicers are tools that extract a subset from a model, for a specific purpose. Model slicers are tools that let modelers rapidly gather relevant knowledge from large models. However, existing slicers are dedicated to one modeling language. This is an issue when we observe that new domain specific modeling languages (DSMLs), for which we want slicing abilities, are created almost on a daily basis. This paper proposes the Kompren language to model and generate model slicers for any DSL (

e.g.

software development and building architecture) and for different purposes (

e.g.

monitoring and model comprehension). Kompren’s abilities for model slicers construction is based on case studies from various domains.

Applying Model-Driven Engineering (MDE) in industrial-scale systems requires managing complex models which may be very large. These models must be persisted in a scalable way that allows their manipulation by client applications without fully loading them.

In this paper we propose Morsa, an approach that provides scalable access to large models through load on demand; model persistence is supported by a NoSQL database. We discuss some load on demand algorithms and database design alternatives. A prototype that integrates transparently with EMF is presented and its evaluation demonstrates that it is capable of fully loading large models with a limited amount of memory. Moreover, a benchmark has been executed, exhibiting better performance than the EMF XMI file-based persistence and the most representative model repository, CDO.

In the context of an industrial project we are implementing the software of a casino slot machine. This software has a significant amount of cross-cutting concerns that depend on, and interact with each other, as well as with the modular concerns. We therefore wish to express our design using an appropriate Aspect-Oriented Modeling methodology and notation. We evaluated two of the most mature methodologies: Theme/UML and WEAVR, to establish their suitability. Remarkably, neither of these allow us to express any of the dependencies and interactions to our satisfaction. In both cases, half of the interaction types cannot be expressed at all while the other half need to be expressed using a work around that hides the intention of the design. As a result, we consider both methodologies and notations unsuitable for expressing the dependencies and interactions present in the slot machine domain. In this paper we describe our evaluation experience.

Systematic and rigorous robustness testing is very critical for embedded systems, as for example communication and control systems. Robustness testing aims at testing the behavior of a system in the presence of faulty situations in its operating environment (e.g., sensors and actuators). In such situations, the system should gracefully degrade its performance instead of abruptly stopping execution. To systematically perform robustness testing, one option is to resort to model-based robustness testing (MBRT), based for example on UML/MARTE models. However, to successfully apply MBRT in industrial contexts, new technology needs to be developed to scale to the complexity of real industrial systems. In this paper, we report on our experience of performing MBRT on video conferencing systems developed by Cisco Systems, Norway. We discuss how we developed and integrated various techniques and tools to achieve a fully automated MBRT that is able to detect previously uncaught software faults in those systems. We provide an overview of how we achieved scalable modeling of robustness behavior using aspect-oriented modeling, test case generation using search algorithms, and environment emulation for test case execution. Our experience and lessons learned identify challenges and open research questions for the industrial application of MBRT.

Aspect-Oriented Modelling

techniques allow a modeller to describe within a single aspect model all model elements that define the structural and/or behavioural properties of a concern. When applied to a base model, the model weaver ensures that the entire aspect is reflected in the woven model. While this is essential for centralized systems, it is not the case when model elements of a concern are scattered over nodes in a distributed system. We propose an extension to our

Reusable Aspect Models

that allows the modeller to augment an aspect model of a concern that can crosscut the nodes of a distributed system with

distribution role definitions

. A

distributed system configuration file

specifies the different node types of the distributed system, and which roles of a distributed aspect are assigned to which nodes. The weaver makes sure that every role of a distributed aspect is assigned to at least one node in the system to ensure consistent aspect use. The weaver then generates for each node a final application model that only contains the model elements pertaining to the distribution roles the node plays.

We present a precise style for the modelling of business processes based on the UML activity diagrams and two controlled experiments to compare this style with a lighter variant. The comparison has been performed with respect to the comprehensibility of business processes and the effort to comprehend them. The first experiment has been conducted at the Free University of Bolzano-Bozen, while the second experiment (i.e., a differentiated replication) at the University of Genova. The participants to the first experiment were Master students and so more experienced than the participants to the replication, who were Bachelor students. The results indicate that: (a) all the participants achieved a significantly better comprehension level with the precise style; (b) the used style did not have any significant impact on the effort; and (c) more experienced participants benefited more from the precise style.

Checking consistency between an object diagram (OD) and a class diagram (CD) is an important analysis problem. However, several variations in the semantics of CDs and ODs, as used in different contexts and for different purposes, create a challenge for analysis tools. To address this challenge in this paper we investigate

semantically configurable model analysis

. We formalize the variability in the language’s semantics using a feature model: each configuration that the model permits induces a different semantics. Moreover, we develop a parametrized analysis that can be instantiated to comply with every legal configuration of the feature model. Thus, the analysis is semantically configured and its results change according to the semantics induced by the selected feature configuration. The ideas are implemented using a parametrized transformation to Alloy. The work can be viewed as a case study example for a formal and automated approach to handling semantic variability in modeling languages.

In this paper we present an experiment and two replications aimed at comparing the support provided by ER and UML class diagrams during comprehension activities by focusing on the single building blocks of the two notations. This kind of analysis can be used to identify weakness in a notation and/or justify the need of preferring ER or UML for data modeling. The results reveal that UML class diagrams are generally more comprehensible than ER diagrams, even if the former has some weaknesses related to three building blocks, i.e., multi-value attribute, composite attribute, and weak entity. These findings suggest that a UML class diagram extension should be considered to overcome these weaknesses and improve the comprehensibility of the notation.

With the evolving capabilities of devices, mobile applications are emerging towards complex reactive systems. To handle this complexity and shorten development time by increased reuse, we propose an engineering approach based on UML activities, which are used like building blocks to construct applications. Libraries of such building blocks make Android-specific features available. Tool support provides automatic formal analysis for soundness and automatic implementation. Furthermore, the approach is easily extensible, since new features can be provided by new building blocks, without changing the tools or notation. We demonstrate the method by a voice messaging application.

The two core concepts of model-driven engineering are models and model transformations. Domain-Specific Modelling has become accepted as a powerful means of providing domain experts and end users with the ability to create and manipulate models within the systems that they use. In this paper we argue that there are domains for which it is appropriate to also provide domain experts with the ability to modify and develop model transformations. One such domain is that of quantity surveying, and specifically the taking-off of quantities from a building design. We describe a language for expressing transformations between building models and bills of quantities, and its implementation within an automated quantity take-off tool, reflecting on the commonalities and differences between this language and a general-purpose model transformation language/tool.

In recent years, numerical simulation has attracted increasing interest within industry and among academics. Paradoxically, the development and maintenance of high performance scientific computing software has become more complex due to the diversification of hardware architectures and their related programming languages and libraries.

In this paper, we share our experience in using model-driven development for numerical simulation software. Our approach called MDE4HPC proposes to tackle development complexity by using a domain specific modeling language to describe abstract views of the software. We present and analyse the results obtained with its implementation when deriving this abstract model to target Arcane, a development framework for 2D and 3D numerical simulation software.

Model-driven development (MDD) has seen wide application in research, but still has limitations in real world industrial projects. One project which applies such MDD principles is about developing the software of a feature phone. While advantages seem to outweigh any disadvantages in theory, several problems arise when applying the model-driven methodology in practice. Problems when adopting this approach are shown as well as a practical solution to utilize one of the main advantages of MDD—portability. Issues that originate from using a tool which supports a model-driven approach are presented. A conclusion sums up the personal experiences made when applying MDD in a real world project.

Building complex real-time embedded systems requires assembly of heterogeneous components, possibly using various computation and communication models. A great challenge is to be able to design such systems using models where these heterogeneity characteristics are described precisely to assist the next step of the development including implementation or analysis. Although the new MARTE standard provides the core concepts to model real-time components using various communication paradigms, we state in this paper that MARTE extensions have still to be made and we propose to extract common features from several component based approaches in order to support finer compositions of heterogeneous sub-systems.

With model-based development becoming an increasingly common development methodology in embedded systems engineering, models have become an important asset of the the software development process. Therefore, techniques for the automatic detection of clones in those models have been developed to improve their maintainability. As these approaches currently only consider syntactic clones, the detection of clones is limited to syntactically equivalent copies. Using the concept of normal forms, these approaches can be extended to also cover semantic clones with identical behavior but different structure. The submission presents a generalized concept of clones for Simulink models, describes a pattern-based normal-form approach, and discusses results of the application of an implementation of this approach.

As a dynamic representation of the running system, a runtime model provides a model-based interface to monitor and control the system. A key issue for runtime models is to maintain their causal connections with the running system. That means when the systems change, the models should change accordingly, and vice versa. However, for the abstract runtime models that are heterogeneous to their target systems, it is challenging to maintain such causal connections. This paper presents a model-transformation-based approach to maintaining causal connections for abstract runtime models. We define a new instant and incremental transformation semantics for the QVT-Relational language, according to the requirements of runtime models, and develop the transformation algorithm following this semantics. We implement this approach on the mediniQVT transformation engine, and apply it to provide the runtime model for an intelligent office system named SmartLab.

Model–driven development of large-scale software systems is highly likely to produce models that describe the systems from many diverse perspectives using a variety of modeling languages. Checking and maintaining consistency of information captured in such multi-modeling environments is known to be challenging. In this paper we describe an approach to systematically synchronize multi–models. The approach specifically addresses the problem of synchronizing business processes and domain models in a Service-oriented Architecture development environment. In the approach, the human effort required to synchronize independently developed models is supplemented with significant automated support. This process is used to identify concept divergences, that is, a concept in one model which cannot be matched with concepts in the other model. We automate the propagation of divergence resolution decisions across the conflicting models. We illustrate the approach using models developed for a Car Crash Crisis Management System (CCCMS), a case study problem used to assess Aspect–oriented Modeling approaches.

A bidirectional transformation (BX) keeps a pair of interrelated models synchronized. Symmetric BXs are those for which neither model in the pair fully determines the other. We build two algebraic frameworks for symmetric BXs, with one correctly implementing the other, and both being delta-based generalizations of known state-based frameworks. We identify two new algebraic laws-weak undoability and weak invertibility, which capture important semantics of BX and are useful for both state- and delta-based settings. Our approach also provides a flexible tool architecture adaptable to different user’s needs.

The requirement for higher security and dependability of systems is continuously increasing even in domains not traditionally deeply involved in such issues. Yet, evolution of embedded systems towards devices connected via Internet, wireless communication or other interfaces requires a reconsideration of secure and trusted embedded systems engineering processes. In this paper, we propose an approach that associates model driven engineering (MDE) and formal validation to build security and dependability (S&D) patterns for trusted RCES applications. The contribution of this work is twofold. On the one hand, we use model-based techniques to capture a set of artifacts to encode S&D patterns. On the other hand, we introduce a set of artifacts for the formal validation of these patterns in order to guarantee their correctness. The formal validation in turn follows the the MDE process and thus links concrete validation results to the S&D requirements identified at higher levels of abstraction.

Accurate estimation of Software Code Size is important for developing cost-efficient embedded systems. The Code Size affects the amount of system resources needed, like ROM and RAM memory, and processing capacity. In our previous work, we have estimated the Code Size based on CFP (COSMIC Function Points) within 15% accuracy, with the purpose of deciding how much ROM memory to fit into products with high cost pressure. Our manual CFP measurement process would require 2,5 man years to estimate the ROM size required in a typical car. In this paper, we want to investigate how the manual effort involved in estimation of Code Size can be minimized. We define a UML Profile capturing all information needed for estimation of Code Size, and develop a tool for automated estimation of Code Size based on CFP. A case study will show how UML models save manual effort in a realistic case.

With the emergence of Internet of Things (IoT), many things which typically used to be isolated or operated in small local networks, will be interconnected through the Internet. One main challenge to tackle in IoT is efficient management of communication between things, since things can be very different in terms of available resources, size and communication protocols. Current Internet-enabled devices are typically powerful enough to rely on common operating systems, standard network protocols and middlewares. In IoT many devices will be too constrained to rely on such resource-consuming infrastructures; they run ad-hoc proprietary protocols. The contribution of this paper is a model- based approach for the efficient provisioning and management of the communication between heterogeneous resource-constrained devices. It includes a DSML which compiles to a set of interoperable communication libraries providing an abstract communication layer that can integrate both powerful and resource-constrained devices. The approach is implemented in an IDE for the development resource-constrained Things.

The abstract syntax of a graphical modeling language is typically defined with a metamodel while its concrete syntax (diagram) is informally defined with text and figures. Recently, the Object Management Group (OMG) released a beta specification, called Diagram Definition (DD), to formally define both the interchange syntax and the graphical syntax of diagrams. In this paper, we validate DD by using it to define a subset of the UML class diagram. Specifically, we define the interchange syntax with a MOF-based metamodel and the graphical syntax with a QVT mapping to a graphics metamodel. We then run an experiment where we interchange and render an example diagram. We highlight various design decisions and discuss challenges of using DD in practice. Finally, we conclude that DD is a sound approach for formally defining diagrams that is expected to facilitate the interchange and the consistent rendering of diagrams between tools.

In class diagrams, so-called multiplicities are integer ranges attached to association ends. They constrain the number of instances of the associated class that an instance may be linked to, or in an alternative reading, the number of links to instances of the associated class. In complex diagrams with several chains of associations between two classes (arising e.g. in configuration management) it may happen that the lower or upper bound of a range can never be attained because of restrictions imposed by a parallel chain.

In this paper we investigate how multiplicities behave when chaining associations together, and we characterise situations where intervals can be tightened due to information from other chains. Detecting and eliminating such redundancies provides valuable feedback to the user, as redundancies may hint at some underlying misconception.

Creating animated computer generated faces which can withstand scrutiny on the large screen is a daunting task. How does the face move? How does it reflect light? What information is relevant? How can it be captured and then transformed to convincingly breathe life into a digital human or fantastic creature? The talk will give examples of new technologies and methodologies developed to achieve this in blockbuster films including “Avatar” and will point the way to the next generation of computer generated characters by showing the increasing importance of computational simulation and discovering and modeling what is really going on underneath the skin.

Validating and transforming models are essential steps in model-driven engineering. These tasks are often implemented as operations in general purpose programming languages or task-specific model management languages. Just like other software artefacts, these tasks must be tested to reduce the risk of defects. Testing model management tasks requires testers to select and manage the relevant combinations of input models, tasks and expected outputs. This is complicated by the fact that many technologies may be used in the same system, each with their own integration challenges. In addition, advanced test oracles are required: tests may need to compare entire models or directory trees.

To tackle these issues, we propose creating an integrated unit testing framework for model management operations. We have developed the EUnit unit testing framework to validate our approach. EUnit tests specify how models and tasks are to be combined, while staying decoupled from the specific technologies used.

In UML-RT, capsules communicate via protocols which connect capsule ports. Protocol State Machines (PSMs) allow the description of the legal message sequences of a port and are potentially very useful for the modular development and verification of systems. However, it is unclear how exactly conformance of a capsule to its PSMs should be defined and how this can be checked automatically. In this paper, we provide a definition of protocol conformance and show how software model checking can be used to check protocol conformance automatically. We describe the design and implementation of a tool that checks the conformance of a capsule with Java action code with respect to the PSMs of all its ports. The results of the validation of the tool on three case studies are summarized.

Software Product Line (SPL) engineering is a popular approach for the systematic reuse of software artifacts across a large number of similar products. Unfortunately, testing each product of an SPL separately is often unfeasible. Consequently, SPL engineering is in conflict with standards like ISO 26262, which require each installed software configuration of safety-critical SPLs to be tested using a model-based approach with well-defined coverage criteria.

In this paper we address this dilemma and present a new SPL test suite generation algorithm that uses model-based testing techniques to derive a small test suite from one variable 150% test model of the SPL such that a given coverage criterion is satisfied for the test model of every product. Furthermore, our algorithm simplifies the subsequent selection of a small, representative set of products (w.r.t. the given coverage criterion) on which the generated test suite can be executed.

The UML standard specifies well-formedness rules as constraints on UML models. To be correct, refactoring of a model must take these constraints into account and check that they are still satisfied after a refactoring has been performed — if not, the refactoring must be refused. With constraint-based refactoring,

constraint checking

is replaced by

constraint solving

, lifting the role of constraints from permitting or denying a tentative refactoring to computing additional model changes required for the refactoring to be executable. Thus, to the degree that the semantics of a modelling language is specified using constraints, refactorings based on these constraints are guaranteed to be meaning preserving. To enable the reuse of pre-existing constraints for refactoring, we present a mapping from well-formedness rules as provided by the UML standard to constraint rules as required by constraint-based refactoring. Using these mappings, models can be refactored at no extra cost; if refactorings fail, the lack of meaning preservation points us to how the constraint-based semantic specifications of the modelling language can be improved.

Although a responsibility driven approach in object oriented analysis and design methodologies is promising, the assignment of the identified responsibilities to classes (simply, class responsibility assignment: CRA) is a crucial issue to achieve design of higher quality. The GRASP by Larman is a guideline for CRA and is being put into practice. However, since it is described in an informal way using a natural language, its successful usage greatly relies on designers’ skills. This paper proposes a technique to represent GRASP formally and to automate appropriate CRA based on them. Our computerized tool automatically detects inappropriate CRA and suggests alternatives of appropriate CRAs to designers so that they can improve a CRA based on the suggested alternatives. We made preliminary experiments to show the usefulness of our tool.

Models should represent the essential aspects of a system and leave out the inessential details. In this paper we propose an automatic approach to determine whether a model indeed focuses on the essential aspects. We define a new metric, structural essence, that quantifies the fraction of essential elements in a model. Our approach targets structural models, such as the prevalent UML class diagrams. It is inspired by the idea of algorithmic essence – the amount of repetitive constructs in a program – and the duality between behavior and structure. We present a framework for computing the essence of a structural model based on a transformation of that model into a “distilled model” and on an existing graph algorithm operating on that distilled model. We discuss the meaning of our concept of structural essence based on a set of example models. We hope that our notion of structural essence will spark discussions on the purpose and the essence of models.

Today, energy consumption is one of the major challenges for optimisation of future software applications and ICT infrastructures. To develop software w.r.t. its energy consumption, testing is an essential activity, since testing allows quality assurance and thus, energy consumption reduction during the software’s development. Although first approaches measuring and predicting software’s energy consumption for its execution on a specific hardware platform exist, no model-based testing approach has been developed, yet. In this paper we present our vision of a model-based energy testing approach that uses a combination of abstract interpretation and run-time profiling to predict the energy consumption of software applications and to derive energy consumption test cases.

Syntactic difference between models is a wide research area with applications in tools for model evolution, model synchronization and version control. On the other hand, semantic difference between models is rarely discussed. We point out to main use cases of semantic difference between models, and then propose a framework for defining well-formed difference operators on model semantics as adjoints of model combinators such as conjunction, disjunction and structural composition. The framework is defined by properties other then constructively. We instantiate the framework for two rather different modeling languages: feature models and automata specifications. We believe that the algebraic theory of semantic difference will allow to define practical model differencing tools in the future.

Utility functions can be used to monitor requirements of a dynamically adaptive system (DAS). More specifically, a utility function maps monitoring information to a scalar value proportional to how well a requirement is satisfied. Utility functions may be manually elicited by requirements engineers, or indirectly inferred through statistical regression techniques. This paper presents a goal-based requirements model-driven approach for automatically deriving state-, metric-, and fuzzy logic-based utility functions for

RELAX

ed goal models. State- and fuzzy logic-based utility functions are responsible for detecting requirements violations, and metric-based utility functions are used to detect conditions conducive to a requirements violation. We demonstrate the proposed approach by applying it to the goal model of an intelligent vehicle system (IVS) and use the derived utility functions to monitor the IVS under different environmental conditions at run time.

Models are at the heart of the emerging

Model-driven Engineering

(

MDE

) approach in which software is developed by repeated transformations of models. Intensive efforts in the modeling community in the past two decades have produced an impressive variety of tool support for models. Nonetheless, models are still not widely used throughout the software evolution life cycle and, in many cases, they are neglected in later stages of software development. To make models more useful, one needs a powerful model-level IDE that supports a wide range of object modeling tasks. Such IDEs must have a consistent formal foundation.

This paper introduces

F-OML

, a language intended as an expressive, executable formal basis for model-level IDEs. F-OML supports a wide variety of model-level activities, such as

extending

UML diagrams, defining

design patterns

,

reasoning

about UML diagrams,

testing

UML diagrams, specification of

Domain Specific Modeling Languages

, and

meta-modeling

. F-OML is a semantic layer on top of an elegant logic programming language of

guarded path expressions

, called

PathLP

. We believe that a combination of current object technology with F-OML as an underlying language can lay the basis for a powerful model-level IDE.

We present a formal calculus for operational QVT. The calculus is implemented in the interactive theorem prover KIV and allows to prove properties of QVT transformations for arbitrary meta models.

Additionally we present a framework for provably correct Java code generation. The framework uses a meta model for a Java abstract syntax tree as the target of QVT transformations. This meta model is mapped to a formal Java semantics in KIV. This makes it possible to formally prove with the QVT calculus that a transformation always generates a Java model (i.e. a program) that is type correct and has certain semantical properties. The Java model can be used to generate source code by a model-to-text transformation or byte code directly.

Mechanical product engineering is a research and industrial activity which studies the design of complex mechanical systems. The process, which involves the collaboration of various experts using domain-specific software, raises syntactic and semantic interoperability issues which are not addressed by existing software solutions or their underlying concepts. This article proposes a flexible model-based software architecture that allows for a federation of experts to define and collaborate in innovative design processes. The presented generic approach is backed and validated by its implementation on an academic usecase.

Model-based system engineering (MBSE) is regarded as an effective way of developing systems. We are now applying the model-based approach to IT system development/integration (SI) because we urgently need to reduce the cost of SI. However, there are various challenges imposed when applying MBSE to SI. One of these is that reducing the cost to update models is more significant than that in other MBSE domains such as embedded systems. We adopted SysML to handle these issues and extended it to modeling IT systems. We present the details on this SysML extension and how it overcame these issues. We are developing an in-house SI-support tool called "CASSI", which evaluates the non-functional requirements; performance and availability of the IT system’s models written in that extended manner and helps these models to be reused. This paper also includes industrial case studies of CASSI, and its effectiveness is discussed.

We are in the business of delivering software intensive business systems using model-driven techniques. Developing suitable code generators is an important step in model-based development of purpose-specific business applications. Hence, it becomes critical to ensure that code generator development doesn’t become a bottleneck for the project delivery. After establishing a sophisticated technology infrastructure to facilitate quick and easy adaptation of model-based code generators, we experimented with agile methodology. In this paper, we discuss why pure agile methodology does not work for model-driven software development. We propose a modification to the agile methodology in the form of meta-sprints as a golden mean between agile method and traditional plan-driven method. Early experience with the proposed development method is shared along with the lessons learnt.

Model-based development focuses on creating and manipulating domain models. We present the

formula

language and its tool environment for specifying, documenting, and analyzing models.

We present CD2Alloy, a novel, powerful translation of UML class diagrams (CDs) to Alloy. Unlike existing translations, which are based on a shallow embedding strategy, and are thus limited to checking consistency and generating conforming object models of a single CD, and support a limited set of CD language features, CD2Alloy uses a deeper embedding strategy. Rather than mapping each CD construct to a semantically equivalent Alloy construct, CD2Alloy defines (some) CD constructs as new concepts within Alloy. This enables solving several analysis problems that involve more than one CD and could not be solved by earlier works, and supporting an extended list of CD language features. The ideas are implemented in a prototype Eclipse plug-in. The work advances the state-of-the-art in CD analysis, and can also be viewed as an interesting case study for the different possible translations of one modeling language to another, their strengths and weaknesses.

A primary goal of Model Driven Engineering (MDE) is to reduce the cost and effort of developing complex software systems using techniques for transforming abstract views of software to concrete implementations. The rich set of tools that have been developed, especially the growing maturity of model transformation technologies, opens the possibility of applying MDE technologies to transformation-based problems in other domains.

In this paper, we present our experience with using MDE technologies to build and evolve compiler infrastructures in the optimizing compiler domain. We illustrate, through our two ongoing research compiler projects for C and a functional language, the challenging aspects of optimizing compiler research and show how mature MDE technologies can be used to address them. We also identify some of the pitfalls that arise from unrealistic expectations of what can be accomplished using MDE and discuss how they can lead to unsuccessful and frustrating application of MDE technologies.

As model transformations have become an integral part of the automated software engineering lifecycle, reuse, modularisation, and composition of model transformations becomes important. One way to compose model transformations is to compose modules of transformation rules, and execute the composition as one transformation (internal composition). This kind of composition can provide fine-grained semantics, as it is part of the transformation language. This paper aims to generalise two internal composition mechanisms for rule-based transformation languages, module import and rule inheritance, by providing executable semantics for the composition mechanisms within a virtual machine. The generality of the virtual machine is demonstrated for different rule-based transformation languages by compiling those languages to, and executing them on this virtual machine. We will discuss how ATL and graph transformations can be mapped to modules and rules inside the virtual machine.

Feature models and associated feature diagrams allow modeling and visualizing the constraints leading to the valid products of a product line. In terms of their expressiveness, feature diagrams are equivalent to propositional formulas which makes them theoretically expensive to process and analyze. For example, satisfying propositional formulas, which translates into finding a valid product for a given feature model, is an NP-hard problem, which has no fast, optimal solution. This theoretical complexity could prevent the use of powerful analysis techniques to assist in the development and testing of product lines. However, we have found that satisfying realistic feature models is quick. Thus, we show that combinatorial interaction testing of product lines is feasible in practice. Based on this, we investigate covering array generation time and results for realistic feature models and find where the algorithms can be improved.

Metamodeling

is foundational to many modeling frameworks, and so it is important to formalize and reason about it. Ideally, correctness proofs and test-case generation on the metamodeling framework should be automatic. However, it has yet to be shown that extensive automated reasoning on metamodeling frameworks can be achieved. In this paper we present one approach to this problem: Metamodeling frameworks are specified modularly using

algebraic data types

and

constraint logic programming

(CLP). Proofs and test-case generation are encoded as CLP satisfiability problems and automatically solved.

Triple graph grammars (TGGs) have been used successfully to analyze correctness and completeness of bidirectional model transformations, but a corresponding formal approach to model synchronization has been missing. This paper closes this gap by providing a formal synchronization framework with bidirectional update propagation operations. They are generated from a TGG, which specifies the language of all consistently integrated source and target models.

As a main result, we show that the generated synchronization framework is correct and complete, provided that forward and backward propagation operations are deterministic. Correctness essentially means that the propagation operations preserve consistency. Moreover, we analyze the conditions under which the operations are inverse to each other. All constructions and results are motivated and explained by a small running example using concrete visual syntax and abstract syntax notation based on typed attributed graphs.

The cost to repair a requirements-based defect in software-based systems increases substantially with each successive phase of the software lifecycle in which the error is allowed to propagate. While tools exist to facilitate early detection of design flaws, such tools do not detect flaws in system requirements, thus allowing such flaws to propagate into system design and implementation. This paper describes an experience report using a toolchain that supports a novel combination of structural and behavioral analysis of UML state diagrams that is not currently available in commercial UML modeling tools. With the toolchain, models can be incrementally and systematically improved through syntax-based analysis, type checking, and detection of latent behavioral system properties, including feature interactions. This paper demonstrates use of the toolchain on an industry-provided model of onboard electronics for an automotive application.

VSL and Alf are two OMG standards providing a textual notation for complex mathematical expressions and detailed activities respectively. Since these two notations have been designed by separate communities (real-time embedded for VSL and software engineering for Alf), they differ in syntax and semantics. Nevertheless, they clearly exhibit intersections in their form and use cases. The purpose of this article is to demonstrate that an alignment effort between the two languages would be beneficial for both users and tool providers. We show that most of the syntactic constructs introduced in VSL are related to general-purpose concerns (i.e., they are not specific to the real-time domain), most of them being covered by Alf. In this paper, we first identify the subset of VSL which is valuable for the real-time domain, and then propose a way of extending Alf with this subset.

Development of model-based Electric/Electronic (E/E) architecture in the automotive industry poses a high demand on the data management of models. The collaborative modeling work involves stakeholders dispersed across various locations and departments, while the models themselves are often extremely large-scaled. In this paper, we present our approach addressing the model data management issue for both asynchronous and synchronous modeling. Compared to asynchronous modeling, which is based on the lock/commit mechanism for cross-department collaboration, synchronous modeling is targeted to assist quick and efficient interaction among small groups of members. We use the delta model for versioning in the database as well as for the synchronous modeling functionality. Furthermore, other versatile uses of the delta model such as the cumulative delta model and the reverse delta model are also introduced.