Volker Stolz

Refinement and verification in component-based model-driven design

Modern software development is complex as it has to deal with many different and yet related aspects of applications. In practical software engineering this is now handled by a UML-like modelling approach in which different aspects are modelled by different notations. Component-based and object-oriented design techniques are found effective in the support of separation of correctness concerns of different aspects. These techniques are practised in a model-driven development process in which models are constructed in each phase of the development. To ensure the correctness of the software system developed, all models constructed in each phase are verifiable. This requires that the modelling notations are formally defined and related in order to have tool support developed for the integration of sophisticated checkers, generators and transformations. This paper summarises our research on the method of Refinement of Component and Object Systems (rCOS) and illustrates it with experiences from the work on the Common Component Modelling Example (CoCoME). This gives evidence that the formal techniques developed in rCOS can be integrated into a model-driven development process and shows where it may be integrated in computer-aided software engineering (CASE) tools for adding formally supported checking, transformation and generation facilities.

rCOS: theory and tool for component-based model driven development

We present the roadmap of the development of the rCOS theory and its tool support for component-based model driven software development (CB-MDD). First the motivation for using CB-MDD, its needs for a theoretical foundation and tool support are discussed, followed by a discussion of the concepts, techniques and design decisions in the research of the theory and the development of the prototype tool. The concepts, techniques and decisions discussed here have been formalized and published. References to those publications are provided with explanations. Based on the initial experiences with a case study and the preliminary rCOS tool development, further development trajectory leading to further integration with transformation and analysis plug-ins is delineated.

Temporal Assertions with Parametrized Propositions

We extend our previous approach to run-time verification of a single finite path against a formula in next-free Linear-Time Logic (LTL) with free variables and quantification. We discuss the design space of quantification and introduce a binary operator that binds values based on the current state. The binding semantics of propositions containing quantified variables is a pure top-down evaluation. The alternating binding automaton corresponding to a formula is evaluated in a breadth-first manner, allowing us to detect refuted formulae during execution.

Towards a formal integrated model of collaborative healthcare workflows

Health information systems (HIS) are becoming increasingly integrated through network communication technologies. Collaborative healthcare workflows (CHWF) are inherently complex, involving interactions among human actors, and (legacy) digital and physical systems. They are mission safety critical, privacy sensitive, and open to changes of requirements and environments. The complexity makes the definition, understanding, analysis, management, and monitoring of CHWF a software engineering challenge. We propose an approach to formal modeling and analysis of CHWF. The main problems that the approach addresses are abstraction and separation of concerns through algebraic manipulation. We use the CSP process algebra for modeling and verifying the dynamic interaction behavior of processes, and discuss the relation between the dynamic model and the static model of healthcare cases and resources. We use UML models to visualize the systems behavior and structure, but definitions of the syntax and semantics of these graphical models and their relation to the CSP models are left for future work.

Temporal assertions with parametrised propositions

We extend our previous approach to runtime verification of a single finite path against a formula in Next-free Linear-Time Logic (LTL) with free variables and quantification. The existing approach is extended from event-based to set-based states, and the design-space of quantification is discussed. By introducing a binary operator that binds values based on the current state, we can dispense with the static analysis of a formula. The binding semantics of propositions containing quantified variables is simplified by a pure top-down evaluation. The alternating binding automaton corresponding to a formula is evaluated in a breadth-first manner, allowing us to instantly detect refuted formulae during execution.

QVT-based model transformation using XSLT

Model transformations are one of the key technologies in modelbased development. The graphical notation of relational QVT provides a concise, intuitive way to specify transformations. But this notation is not directly applicable for practitioners because of the lack of tool support. On the other hand, XSLT is a common and powerful language for XML transformations, but not suitable for directly programming transformations of semantically complex models due to its low level syntax. We combine the best of both techniques by using QVT graphical notation to specify a transformation as a set of QVT relations, and implementing each relation as an XSLT rule template. A prototype tool with a QVT graphical editor and an automatic XSLT program generator has been developed to support the approach.

Robustness testing for software components

Component-based development allows one to build software from existing components and promises to improve software reuse and reduce costs. For critical applications, the user of a component must ensure that it fits the requirements of the application. To achieve this, testing is a well-suited means when the source code of the components is not available. Robustness testing is a testing methodology to detect the vulnerabilities of a component under unexpected inputs or in a stressful environment. As components may fail differently in different states, we use a state machine based approach to robustness testing. First, a set of paths is generated to cover transitions of the state machine, and it is used by the test cases to bring the component into a specific control state. Second, method calls with invalid inputs are fed to the component in different states to test the robustness. By traversing the paths, the test cases cover more states and transitions compared to stateless API testing. We apply our approach to several components, including open source software, and compare our results with existing approaches.

Modelling with Relational Calculus of Object and Component Systems - rCOS

This chapter presents a formalization of functional and behavioural requirements, and a refinement of requirements to a design for CoCoME using the Relational Calculus of Object and Component Systems(rCOS). We give a model of requirements based on an abstraction of the use cases described in Chapter 3.2. Then the refinement calculus of rCOS is used to derive design models corresponding to the top level designs of Chapter 3.4. We demonstrate how rCOS supports modelling different views and their relationships of the system and the separation of concerns in the development.

rCOS: a formal model-driven engineering method for component-based software

Model-driven architecture (MDA) has become a main stream technology for software-intensive system design. The main engineering principle behind it is that the inherent complexity of software development can only be mastered by building, analyzing and manipulating system models. MDA also deals with system complexity by providing component-based design techniques, allowing independent component design, implementation and deployment, and then system integration and reconfiguration based on component interfaces. The model of a system in any stage is an integration of models of different viewpoints. Therefore, for a model-driven method to be applied effectively, it must provide a body of techniques and an integrated suite of tools for model construction, validation, and transformation. This requires a number of modeling notations for the specification of different concerns and viewpoints of the system. These notations should have formally defined syntaxes and a unified theory of semantics. The underlying theory of the method is needed to underpin the development of tools and correct use of tools in software development, as well as to formally verify and reason about properties of systems in mission-critical applications. The modeling notations, techniques, and tools must be designed so that they can be used seamlessly in supporting development activities and documentation of artifacts in software design processes. This article presents such a method, called the rCOS, focusing on the models of a system at different stages in a software development process, their semantic integration, and how they are constructed, analyzed, transformed, validated, and verified.

Specification and validation of behavioural protocols in the rCOS modeler

The rCOS modeler implements the requirements modelling phase of a model driven component-based software engineering process. Components are specified in rCOS, a relational calculus for Refinement of Component and Object Systems. As an aid to the software engineer, the modeler helps to separate the different concerns by creating different artifacts in the UML model: use cases define a scenario through a sequence diagram, and methods are given as guarded designs in rCOS. rCOS interface contracts are specified through state machines with modelling variables. Messages and transitions in the diagrams are labelled with method invocations. The modeler checks the consistency of those artifacts through the process algebra CSP and the model checker FDR2: a scenario must follow a contract, and an implementation must not deadlock when following the contract. We illustrate the translation and validation with a case study.