Safouan Taha

Temporal Constraint Support for OCL

The Object Constraint Language is widely used to express precise and unambiguous constraints on models and object oriented programs. However, the notion of temporal constraints, controlling the system behavior over time, has not been natively supported. Such temporal constraints are necessary to model reactive and real-time systems. Although there are works addressing temporal extensions of OCL, they only bring syntactic extensions without any concrete implementation conforming to the OCL standard. On top of that, all of them are based on temporal logics that require particular skills to be used in practice.

Extending the Standard Execution Model of UML for Real-Time Systems

The ongoing OMG standard on the “Semantics of a Foundational Subset for Executable UML Models” identifies a subset of UML (called fUML, for Foundational UML), for which it defines a general-purpose execution model. This execution model therefore captures an executable semantics for fUML, providing an unambiguous basis for various kinds of model-based exploitations (model transformation, code generation, analysis, simulation, debugging etc.). This kind of facility is of great interest for the domain of real time systems, where analysis of system behavior is very sensible. One may therefore wonder if the general-purpose execution model of fUML can be used to reflect execution semantics concerns of real-time systems (e.g., concurrency, synchronization, and scheduling.). It would practically mean that it is possible to leverage on this precise semantic foundation (and all the work that its definition implied) to capture the precise execution semantics of real-time systems. In this paper, we show that this approach is not directly feasible, because of the way concurrency and asynchronous communications are actually handled in the fUML execution model. However, we show that introducing support for these aspects is technically feasible and reasonable in terms of effort and we propose lightweight modifications of the Execution model to illustrate our purpose.

An Open Framework for Detailed Hardware Modeling

When interfacing hardware and software design flows, it is a common practice to specify abstracted and understandable models in order to communicate design intends and to study interdependencies affecting design decisions. Modeling languages, such as UML, help to create architectural specifications amenable for reuse, complexity managing, and system refinements. This paper presents a set of extensions to UML that ensure description and conception of hardware through different views and detail levels. At the same time, the proposed extensions offer annotations to analyze and simulate the main extra-functional characteristics of embedded systems, namely, performance, power consumption and memory usage. This work is part of the upcoming OMGs standard for modeling and analysis of real-time and embedded systems (MARTE).

Measuring test properties coverage for evaluating UML/OCL model-based tests

We propose in the paper a test property specification language, dedicated to UML/OCL models. This language is intended to express temporal properties on the executions of the system, that one wants to test. It is based on patterns, specifying the behaviours one wants to exhibit/avoid, and scopes, defining the piece of execution trace on which a given pattern applies. Each property is a combination of a scope and a pattern, providing a means for a validation engineer to easily express temporal properties on a system, without using complex formal notations. Properties have the semantics of an event-based transition system whose coverage can be measured so as to evaluate the relevance of a given test suite. These principles aim at being used in the context of a research project, in which the security properties are expressed on an industrial case study of a smart card operating system. This approach makes it possible to assist the Common Criteria evaluation of the testing phase, that requires evidences of the extensiveness of the testing phase of a security product.

A Compositional Automata-Based Semantics for Property Patterns

Dwyer et al. define a language to specify dynamic properties based on predefined patterns and scopes. To define a property, the user has to choose a pattern and a scope among a limited number of them. Dwyer et al. define the semantics of these properties by translating each composition of a pattern and a scope into usual temporal logics (LTL, CTL, etc.). First, this translational semantics is not compositional and thus not easily extensible to other patterns/scopes. Second, it is not always faithful to the natural semantics of the informal definitions. In this paper, we propose a compositional automata-based approach defining the semantics of each pattern and each scope by an automaton. Then, we propose a composition operation in such a way that the property semantics is defined by composing the automata. Hence, the semantics is compositional and easily extensible as we show it by handling many extensions to the Dwyer et al.s language. We compare our compositional semantics with the Dwyer et al.s translational semantics by checking whether our automata are equivalent to the Buchi automata of the LTL expressions given by Dwyer et al. In some cases, our semantics reveals a lack of homogeneity within Dwyer et al.s semantics.

Specification of temporal properties with OCL

The Object Constraint Language (OCL) is widely used to express static constraints on models and object-oriented systems. However, the notion of dynamic constraints, controlling the system behavior over time, has not been natively supported. Such dynamic constraints are necessary to handle temporal and real-time properties of systems.In this paper, we first add a temporal layer to the OCL language, based syntactically on Dwyer et al.s specification patterns. We enrich it with formal scenario-based semantics and integrate it into the current Eclipse OCL plug-in. Second, we translate, with a compositional approach, OCL temporal properties into finite-state automata and we connect our framework to automatic test generators. This way, we create a bridge linking model driven engineering and usual formal methods.

Test Generation and Evaluation from High-Level Properties for Common Criteria Evaluations -- The TASCCC Testing Tool

In this paper, we present a model-based testing tool resulting from a research project, named TASCCC. This tool is a complete tool chain dedicated to property-based testing in UML/OCL, that integrates various technologies inside a dedicated Eclipse plug-in. The test properties are expressed in a dedicated language based on property patterns. These properties are then used for two purposes. First, they can be employed to evaluate the relevance of a test suite according to specific coverage criteria. Second, it is possible to generate test scenarios that will illustrate or exercise the property. These test scenarios are then unfolded and animated on the Smartestings Certify It model animator, that is used to filter out infeasible sequences. This tool has been used in industrial partnership, aiming at providing an assistance for Common Criteria evaluations, especially by providing test generation reports used to show the link between the test cases and the Common Criteria artefacts.

Unifying HW Analysis and SoC Design Flows by Bridging Two Key Standards: UML and IP-XACT

In order to save time and improve efficiency, all SoC development processes are separated into many parallel flows. These flows should keep a strong communication to avoid redundancy and incoherency. We distinguish two main trends. One aims at designing and implementing hardware when the other focuses on its functional description that may serve to software architecturing, analysis and allocation. Even if both are newly using UML, no connections have been made to synchronize them. The goal of this work is then to bridge permanently the gap between those two hardware design trends by unifying their corresponding modelbased standards: UML and IP-XACT.

An Entirely Model-Based Framework for Hardware Design and Simulation

For a long time, the code generation from domain-specific and/or model-based languages to implementation ones remained manual and error-prone. The use of modeling was required in the early stages of development to ease the design and communicate intents, but because of the manual implementation, there were no traceability and no formal link with the final code. Model-Driven Development (MDD) was unable to win its audience.

Formal verification of automotive embedded software

The ever-increasing complexity of automotive embedded systems and the need for safe advanced driver assistance systems (ADAS) represent a great challenge for car manufacturers. Furthermore, we expect that in the near future, authorities require a software certification in order to get convinced that ADAS are safe enough. Theoretical research and experience show that when using conventional design approaches it is impossible to guarantee high confidence to those systems. The way taken by some industries (e.g. aerospace, railway, nuclear) was by partially using formal verification techniques. In this paper, we first present a background of the formal verification techniques and how they can contribute to achieve the requirements of some safety standards. Next, we share our experience with the application of those techniques that seem to be mature enough to be used in an industrial context: Static analysis based on Abstract Interpretation, SMT-based software Model checking and Deductive proof. Finally, we make a detailed analysis about our experiments and propose an approach introducing formal methods into the development of automotive embedded software.