Skip to main content

Über dieses Buch

This book constitutes the refereed papers of the proceedings of the 8th International Conference on System Analysis and Modeling, SAM 2014, held in Valencia, Spain, in September 2014. The 18 full papers and the 3 short papers presented together with 2 keynotes were carefully reviewed and selected from 71 submissions. The contributions are organized in topical sections named: reuse; availability, safety and optimization; sequences and interactions; testing; metrics, constraints and repositories; and SDL and V&V.




BVR – Better Variability Results

We present BVR (Base Variability Resolution models), a language developed to fulfill the industrial needs in the safety domain for variability modeling. We show how the industrial needs are in fact quite general and that general mechanisms can be used to satisfy them. BVR is built on the OMG Revised Submission of CVL (Common Variability Language), but is simplified and enhanced relative to that language.
Øystein Haugen, Ommund Øgård

MID: A MetaCASE Tool for a Better Reuse of Visual Notations

Modeling tools facilitate the development process from modeling to coding. Such tools can be designed using a Model-Driven approach in metamodeling environments called MetaCASE tools. However, current MetaCASE tools still require, in most cases, manual programming to build full tool support for the modeling language. In this paper, we want to specify, using models, diagram editors with a high graphical expressiveness without any need for manual intervention. The second axis is dedicated to the reuse of this specification in other contexts. The redundancy in a diagram editor specification raises the problem of inconsistency during the evolution or the update of this specification. We propose then MID, a tool based on a set of metamodels supporting the easy specification of modeling editors with reusable components.
Amine El Kouhen, Abdelouahed Gherbi, Cédric Dumoulin, Pierre Boulet, Sébastien Gérard

An Empirical Study on the Anticipation of the Result of Copying and Pasting among UML Editors

Copy and paste is a function that is very popular in software programming. In software modeling, when a person performs a copy and paste, she/he expects that the copy will be similar to the original. The similarity refers to a selection of what properties and references from the original element have to be copied. This problem seems difficult because this feature is not addressed in scientific literature, is rarely available in — de-facto standard — editors of UML class diagram or functions differently from one editor to another. In this article, we will show that a significant part of the solution depends on the metrics used. We propose three families of metrics that produce various copy and paste behaviors. We adopted an empirical approach to assess their ergonomic qualities. We asked 67 people to predict results of a series of copy-pasting experiments. We observed two populations, one influenced by the visual representation and the other by semantics.
Daniel Liabeuf, Xavier Le Pallec, José Rouillard

Availability, Safety and Optimization

Toward a UCM-Based Approach for Recovering System Availability Requirements from Execution Traces

Software maintenance accounts for a significant proportion of the cost of the software life cycle. Software engineers must spend a considerable amount of time understanding the software system functional attributes and non-functional (e.g., availability, security, etc.) aspects prior to performing a maintenance task. In this paper, we propose a dynamic analysis approach to recover availability requirements from system execution traces. Availability requirements are described and visualized using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard, extended with availability annotations. Our UCM-based approach allows for capturing availability requirements at higher levels of abstraction from low-level execution traces. The resulting availability UCM models can then be analyzed to reveal system availability shortcomings. In order to illustrate and demonstrate the feasibility of the proposed approach, we apply it to a case study of a network implementing the HSRP (Hot Standby Router Protocol) redundancy protocol.
Jameleddine Hassine, Abdelwahab Hamou-Lhadj

Architecture Framework for Software Safety

Currently, an increasing number of systems are controlled by software and rely on the correct operation of software. In this context, a safety-critical system is defined as a system in which malfunctioning software could result in death, injury or damage to environment. To mitigate these serious risks, the architecture of safety-critical systems needs to be carefully designed and analyzed. A common practice for modeling software architecture is the adoption of software architecture viewpoints to model the architecture for particular stakeholders and concerns. Existing architecture viewpoints tend to be general purpose and do not explicitly focus on safety concerns in particular. To provide a complementary and dedicated support for designing safety critical systems, we propose an architecture framework for software safety. The architecture framework is based on a metamodel that has been developed after a thorough domain analysis. The framework includes three coherent viewpoints, each of which addressing an important concern. The application of the viewpoints is illustrated for an industrial case of safety-critical avionics control computer system.
Havva Gülay Gürbüz, Nagehan Pala Er, Bedir Tekinerdogan

Search-Based Model Optimization Using Model Transformations

Design-Space Exploration (DSE) and optimization look for a suitable and optimal candidate solution to a problem, with respect to a set of quality criteria, by searching through a space of possible solution designs. Search-Based Optimization (SBO) is a well-known technique for design-space exploration and optimization. Model-Driven Engineering (MDE) offers many benefits for creating a general approach to SBO, through a suitable problem representation. In MDE, model transformation is the preferred technique to manipulate models. The challenge thus lies in adapting model transformations to perform SBO tasks. In this paper, we demonstrate that multiple SBO techniques are easily incorporated into MDE. Through a non-trivial example of electrical circuit generation, we show how this approach can be applied, how it enables simple switching between different SBO approaches, and integrates domain knowledge, all within the modeling paradigm.
Joachim Denil, Maris Jukss, Clark Verbrugge, Hans Vangheluwe

Sequences and Interactions

Associativity between Weak and Strict Sequencing

In this paper, we consider workflows (called collaborations) involving several system components (or roles) where different components may independently start their participation in the collaboration, or terminate their participation. We consider a global workflow that is composed out of several sub-collaborations which should be executed in a specified order. For sequential execution, strict and weak sequencing have been defined. With strict sequencing all actions of the first sub-collaboration must be completed before the second sub-activity may start. Weak sequencing was introduced for sequencing distributed activities, in particular sequence diagrams, and implies only local sequencing at each system component, but no global sequencing rule. We define the semantics of a collaboration in terms of the partial order among its internal actions, and we also use partial orders to define the semantics of strict and weak sequencing of sub-collaborations. Then we concentrate on the associativity between weak and strict sequencing. Based on the given definitions, it is shown that such associativity is satisfied in most situations, however, its validity depends on certain conditions about the participation of the different system components in the sequenced sub-collaborations and on the question whether they play an initiating or terminating role in these activities. The lack of associativity may lead to ambiguities when the dynamic behavior of complex workflows is developed and specified. These difficulties can be avoided by conventions for priorities between weak or strict sequencing, and/or some appropriate bracketing structure in the workflow notation.
Gregor v. Bochmann

Efficient Representation of Timed UML 2 Interactions

UML 2 interactions describe system behavior over time in a declarative way. The standard approach to defining their formal semantics enumerates traces of events; other representation formats, like Büchi automata or prime event structures, have been suggested, too. We describe another, more succinct format, interaction structures, which is based on asymmetric event structures. It simplifies the integration of real time, and complex operators like alt and break, and leads to an efficient semantic representation of interactions. We provide the formalism, and a prototypical implementation highlighting the benefits of our approach.
Alexander Knapp, Harald Störrle

Integrating Graph Transformations and Modal Sequence Diagrams for Specifying Structurally Dynamic Reactive Systems

Software-intensive systems, for example service robot systems in industry, often consist of multiple reactive components that interact with each other and the environment. Often, the behavior depends on structural properties and relationships among the system and environment components, and reactions of the components in turn may change this structure. Modal Sequence Diagrams (MSDs) are an intuitive and precise formalism for specifying the interaction behavior among reactive components. However, they are not sufficient for specifying structural dynamics. Graph transformation rules (GTRs) provide a powerful approach for specifying structural dynamics. We describe an approach for integrating GTRs with MSDs such that requirements and assumptions on structural changes of system resp. environment objects can be specified. We prototypically implemented this approach by integrating ModGraph with ScenarioTools. This allows us not only to specify MSDs and GTRs in Eclipse, but also to simulate the specified behavior via play-out.
Sabine Winetzhammer, Joel Greenyer, Matthias Tichy


A Systematic Approach to Automatically Derive Test Cases from Use Cases Specified in Restricted Natural Languages

In many domains, such as avionics, oil and gas, and maritime, a common practice is to derive and execute test cases manually from requirements, where both requirements and test cases are specified in natural language (NL) by domain experts. The manual execution of test cases is largely dependent on the domain experts who wrote the test cases. The process of manual writing of requirements and test cases introduces ambiguity in their description and, in addition, test cases may not be effective since they may not be derived by systematically applying coverage criteria. In this paper, we report on a systematic approach to support automatic derivation of manually executable test cases from use cases. Both use cases and test cases are specified in restricted NLs along with carefully-defined templates implemented in a tool. We evaluate our approach with four case studies (in total having 30 use cases and 579 steps from flows of events), two of which are industrial case studies from the oil/gas and avionics domains. Results show that our tool was able to correctly process all the case studies and systematically (by following carefully-defined structure coverage criteria) generate 30 TCSs and 389 test cases. Moreover, our approach allows defining different test coverage criteria on requirements other than the one already implemented in our tool.
Man Zhang, Tao Yue, Shaukat Ali, Huihui Zhang, Ji Wu

Acceptance Test Optimization

Test case generation and execution may be time and effort consuming. At a given testing phase, test case execution can be optimized by avoiding the consideration of test cases that have already been exercised in a previous phase. For instance, one can avoid test case redundancy between integration testing and acceptance testing. Characterizing this redundancy is not straightforward since some integration test cases are applied on an incomplete system with test stubs emulating system components and therefore cannot be substituted to acceptance test cases. In this paper, we propose an approach that maps acceptance test cases to integration test cases and eliminates test cases that have already been exercised on the system during the integration testing phase.
Mohamed Mussa, Ferhat Khendek

Verifying Hypermedia Applications by Using an MDE Approach

Authoring tools for editing hypermedia documents should be able to describe temporal and spatial relationships among objects, and user interactions as well. These tools can also support modifications in the document structure during the exhibition time. In all these situations, hypermedia document correctness should be guaranteed. In this paper, we describe an approach supporting the formal verification of documents in the Nested Context Language (NCL) and Synchronized Multimedia Integration Language (SMIL) standards. Using usual authoring tools, NCL and SMIL models are generated and, though an MDE design environment, transformed into formal verification models to be used following a method proposed in this paper and supported by an appropriate tool. A designer-oriented interface allows an easy and understandable description of properties to be checked and of required observers for more complex properties. The results of the verification are also presented in a comprehensive way for designers (as counterexamples) or executed step-by-step in a common displaying tool. Our approach allows designers to deal with the validation of their documents, built in a rigorous and consistent way, without prior knowledge of verification models and tools.
Delcino Picinin Júnior, Cristian Koliver, Celso A. S. Santos, Jean-Marie Farines

Revisiting Model-Driven Engineering for Run-Time Verification of Business Processes

Run-time verification has been widely advocated in the last decade as a key technique to check whether the execution of a business process and its interactions with partner services comply with the application requirements. Despite the substantial research performed in this area, there are very few approaches that leverage model-driven engineering (MDE) methodologies and integrate them in the development process of applications based on business process descriptions. In this position paper we describe our vision and present the research roadmap for adopting MDE techniques in the context of run-time verification of business processes, based on our early experience with a public service partner in the domain of eGovernment. We maintain that within this context, the adoption of MDE would contribute in three ways: 1) expressing, at a logical level, complex properties to be checked at run time using a domain-specific language; 2) transforming such properties in a format that can leverage state-of-the-art, industrial-strength tools in order to check these properties; 3) integrating such property checker in run-time verification engines, specific to a target run-time platform, without user’s intervention.
Wei Dou, Domenico Bianculli, Lionel Briand

Model-Based Testing: An Approach with SDL/RTDS and DIVERSITY

The objective of the PragmaList Lab, a joint laboratory between PragmaDev and CEA LIST, is to integrate the test generation tool DIVERSITY in the SDL modeling environment Real Time Developer Studio (RTDS). The resulting environment aims to extend RTDS with a Model-Based Testing approach. After briefly describing the characteristics of RTDS and DIVERSITY, this paper presents the work done to integrate these two environments. Then, it highlights the main principles of DIVERSITY based on symbolic execution, which enables the generation of test cases in TTCN-3 format. The paper then presents the existing coverage criteria in the integrated generation of test cases. It concludes with the open strategy of the PragmaList approach to work together with industrial actors based on the definition and integration of new specific coverage criteria consistent with their validation constraints.
Julien Deltour, Alain Faivre, Emmanuel Gaudin, Arnault Lapitre

Metrics, Constraints and Repositories

On Bringing Object-Oriented Software Metrics into the Model-Based World – Verifying ISO 26262 Compliance in Simulink

For ensuring functional safety of electrical/electronic systems, it is necessary to exclude malfunctions from hardware and software as well as from the interaction of both. In today’s passenger vehicles, more and more safety critical functionalities are implemented in software. Thus, its importance for functional safety increases. The dominating safety standard for the automotive domain (ISO 26262) considers the software part and defines requirements for safety critical software. However, applying and fulfilling the standard is a major problem in industry. In this context, the paper presents a novel metric-based approach to evaluate dataflow-oriented software architectures used in many model-driven processes regarding the fulfillment of requirements defined by ISO 26262 (in particular part 6). The core idea is to derive metrics for model-based software from already existing, well-performing metrics elaborated for other programming paradigms. To link metrics to requirements fulfillment of ISO 26262, we briefly sketch the factor-criteria-metrics paradigm for this problem. Technically, this paper presents a generic meta-model for dataflow systems, which is used to define the metrics. We implemented this meta-model and the metrics as a prototype for Matlab Simulink. As examples, two models of a 400 kW full Drive-by-Wire experimental vehicle with all-wheel-steering, all-wheel-drive, and electro-mechanical brakes are analyzed using this prototype.
Lukas Mäurer, Tanja Hebecker, Torben Stolte, Michael Lipaczewski, Uwe Möhrstädt, Frank Ortmeier

Insights on the Use of OCL in Diverse Industrial Applications

The Object Constraint Language (OCL) is a widely accepted language, standardized by OMG, for specifying constraints at various meta levels (e.g., meta-models and models). Despite its wide acceptance, there is a lack of understanding about terminology and purposes for which OCL can be used. In this paper, we aim to reduce this gap and provide guidance for applying OCL in practical contexts and we report our experience of applying OCL for different industrial projects in diverse domains: Communications and Control, Oil and Gas production, Energy Equipment and Services, and Recycling. Based on our experience, first, we unify the commonly used terminology in the literature for applying OCL in different ways for addressing diverse industrial problems. Second, we report the key results of the industrial application of OCL. Finally, we provide guidance to researchers and practitioners for choosing an appropriate meta level and purpose for their specific industrial problem at hand.
Shaukat Ali, Tao Yue, Muhammad Zohaib Iqbal, Rajwinder Kaur Panesar-Walawege

Model-Based Mining of Source Code Repositories

The Mining Software Repositories (MSR) field analyzes the rich data available in source code repositories (SCR) to uncover interesting and actionable information about software system evolution. Major obstacles in MSR are the heterogeneity of software projects and the amount of data that is processed. Model-driven software engineering (MDSE) can deal with heterogeneity by abstraction as its core strength, but only recent efforts in adopting NoSQL-databases for persisting and processing very large models made MDSE a feasible approach for MSR. This paper is a work in progress report on srcrepo: a model-based MSR system. Srcrepo uses the NoSQL-based EMF-model persistence layer EMF-Fragments and Eclipse’s MoDisco reverse engineering framework to create EMF-models of whole SCRs that comprise all code of all revisions at an abstract syntax tree (AST) level. An OCL-like language is used as an accessible way to finally gather information such as software metrics from these SCR models.
Markus Scheidgen, Joachim Fischer

SDL and V&V

Towards an Extensible Modeling and Validation Framework for SDL-UML

The Specification and Description Language (SDL) has been a domain specific language that is well-established in the telecommunication sector for many years, but only a small set of SDL tools is available. In contrast, a wide range of different kinds of tools can be used for various purposes, such as model transformation, for the Unified Modeling Language (UML). The UML profile for SDL (SDL-UML) makes it possible to specify SDL compliant models in terms of a UML model. In this paper, the extensible SDL-UML Modeling and Validation (SU-MoVal) framework, which supports the specification and validation of models that are compliant to Z.109, is presented. As an additional feature, the SU-MoVal framework also provides an editor for the specification of a textual notation that is mapped to corresponding SDL-UML elements.
Alexander Kraas

SDL Implementations for Wireless Sensor Networks – Incorporation of PragmaDev’s RTDS into the Deterministic Protocol Stack BiPS

Predictable behavior of wireless sensor networks calls for deterministic protocols for network-wide synchronization and collision-free frame transmissions. Furthermore, the execution of these protocols requires tight scheduling under real-time constraints. In previous work, we have devised a framework called BiPS (Black-burst-Integrated Protocol Stack), which provides these functionalities. To achieve the required real-time behavior, BiPS has been implemented manually on bare hardware.
Higher-layer functionalities such as routing protocols or sensor applications are far less time-critical. Therefore, we strive for applying model-driven development, using SDL as abstract modeling language, and commercial tool environments to automatically generate implementations. In this paper, we present how we incorporate implementations generated with PragmaDev’s Real-time Developer Studio (RTDS) into BiPS. Therefore, we have modified and extended the RTDS transition scheduler, and have placed it under the control of the BiPS scheduler. Furthermore, based on RTDS concepts, we have implemented an SDL environment that can access BiPS functionality, e.g., protocols of the MAC layer or hardware devices. In experiments on a wireless sensor node, we have demonstrated that our integration is fully operational and has advantages regarding efficiency and predictability.
Tobias Braun, Dennis Christmann, Reinhard Gotzhein, Alexander Mater

Formal Technical Process Specification and Verification for Automated Production Systems

The complexity of automated production systems increases constantly due to growing functional requirements and engineering discipline integration. Early design steps include the cross-discipline specification of the system’s technical process, while later steps have to ensure compatibility with the specification. Current specification techniques are able to describe and analyze certain properties on the specification level, however verification of the implementation with respect to the specification is a costly task. To overcome this situation we propose a formal modeling technique, which enables automatic verification of the implementation. We demonstrate the approach on a lab-sized automated production system and finally discuss its advantages and disadvantages.
Georg Hackenberg, Alarico Campetelli, Christoph Legat, Jakob Mund, Sabine Teufl, Birgit Vogel-Heuser

Prototyping SDL Extensions

Semaphores, process priorities, and real-time tasks are examples of SDL extensions which integrate concepts of real-time operating systems into SDL. Providing tool support for such extensions, requires time and effort to manually adapt existing modeling and analysis tools. We present an approach based on language extension which reduces the effort to obtain a text editor for modeling and a runtime efficient next-event simulator for model analysis. The approach allows to prototype extensions, i.e., evaluate their design and suitability by test and simulation. We discuss an application of our approach to a subset of SDL. In addition, we take the concept of semaphores from SDL-RT and bring it to the SDL subset by defining it as an extension. The approach is implemented only in parts yet, thus we present work in progress. We discuss working prototypes for the text editor and the simulator.
Andreas Blunk, Joachim Fischer


Weitere Informationen

Premium Partner