Xavier Crégut

Definition of an Executable SPEM 2.0

One major advantage of executable models is that once constructed, they can be run, checked, validated and improved in short incremental and iterative cycles. In the field of software process modeling, process models have not yet reached the level of precision that would allow their execution. Recently the OMG issued a new revision of its standard for software process modeling, namely SPEM2.0. However, even if executability was defined as a mandatory requirement in the RFP (request for proposal), the adopted specification does not fulfill it. This paper presents a critical analysis on the newly defined standard and addresses its lacks in terms of executability. An approach is proposed in order to extend the standard with a set of concepts and behavioural semantics that would allow SPEM2.0 process models to be checked through a mapping to Petri nets and monitored through a transformation into BPEL.

A Design Pattern to Build Executable DSMLs and Associated VaV Tools

Model executability is now a key concern in model-driven engineering, mainly to support early validation and verification (V&V). Some approaches allow to weave executability into metamodels, defining executable domain-specific modeling languages (DSMLs). Model validation can then be achieved by simulation and graphical animation through direct interpretation of the conforming models. Other approaches address model executability by model compilation, allowing to reuse the virtual machines or V&V tools existing in the target domain. Nevertheless, systematic methods are currently not available to help the language designer in the definition of such an execution semantics and related tools. For instance, simulators are mostly hand-crafted in a tool specific manner for each DSML. In this paper, we propose to reify the elements commonly used to support state-based execution in a DSML. We infer a design pattern (called Executable DSML pattern) providing a general reusable solution for the expression of the executability concerns in DSMLs. It favors flexibility and improves reusability in the definition of semantics-based tools for DSMLs. We illustrate how this pattern can be applied to ease the development of V&V tools.

Ladder Metamodeling and PLC Program Validation through Time Petri Nets

Ladder Diagram (LD) is the most used programming language for Programmable Logical Controllers (PLCs). A PLC is a special purpose industrial computer used to automate industrial processes. Bugs in LD programs are very costly and sometimes are even a threat to human safety. We propose a model driven approach for formal verification of LD programs through model-checking. We provide a metamodel for a subset of the LD language. We define a time Petri net (TPN) semantics for LD programs through an ATL model transformation. Finally, we automatically generate behavioral properties over the LD models as LTL formulae which are then checked over the generated TPN using the model-checkers available in the Tina toolkit. We focus on race condition detection.

Rhodes, a Process Component Centered Software Engineering Environment

Very little work has been done so far to make software processes really reusable. We believe that methodologogical knowledge can be described and reused through Process Components. In the last years, we elaborated RHODES, a Process-centered Software Engineering Environment that allows process users to describe and enact processes. In this paper, we present an extension of RHODES supporting complex components [12,16]. Fist we characterise process component quality and propose a meta-model that defines elementary and complex process components. Then we describe the main constituents of RHODES dealing with components: PBOOL+ language, component management tools, component base, execution kernel.

Formal specification and verification of task time constraints for real-time systems

Safety critical real-time systems (RTS) have stringent requirements related to the formal specification and verification of systems task-level time constraints. The most common methods used to assess properties in design models rely on the translation from user models to formal verification languages like Time Petri Net (TPN), and on the expression of required properties using Timed Linear Temporal Logic (LTL), Computation Tree Logic (CTL) and μ-calculus. However, these logics are mainly used to assess safety and liveness properties. Their capability for expressing timing properties is more limited and can lead to combinatorial state space explosion problems during model checking. In addition, the existing methods are mainly concerned with logical relations between the events without the consideration of time tolerance. This paper introduces a formal specification and verification method for assessing systems task-level time constraints, including synchronization, coincidence, exclusion, precedence, sub-occurrence and causality, in both finite and infinite time scope. We propose a translation method to formally specify task-level time constraints, and decompose time constraints by a set of event-level time property patterns. These time property patterns are quantitative and independent from both the design modeling language and the verification language. The observer-based model checking method relying on TPN is used to verify these time property patterns. This contribution analyses the methods computational complexity and performance for the various patterns. This task-level time constraints specification and verification method has been integrated in a time properties verification framework for UML-MARTE safety critical RTS.

Leveraging formal verification tools for DSML users: a process modeling case study

In the last decade, Model Driven Engineering (MDE) has been used to improve the development of safety critical systems by providing early Validation and Verification (VV and then to get feedback from the assessment of these properties using its domain language without having to deal with the formal verification language nor with the underlying translational semantics. This work is based on the metamodeling pattern for executable DSML that extends the DSML metamodel to integrate concerns related to execution and behavior.

A model-driven engineering approach to formal verification of PLC programs

This paper presents a model-driven engineering approach to model and verify PLC programs written in Ladder Diagram. PLC and plant are modeled in FIACRE language according to transformation models. A verification toolchain is built around FIACRE, in order to guarantee the satisfaction of generic and application-oriented properties. The potential of this approach and associated toolchain is tested on a PLC controlled pneumatic system. Transformation from Ladder Diagram to FIACRE models is described in details and verification of PLC alone or linked with a plant is discussed in the application context.

Model transformations with Tom

Model Driven Engineering (MDE) advocates the use of Model Transformations (MT) in order to automate repetitive development tasks. Many different model transformation languages have been proposed with a significant tool development cost as common language elements like expressions, statements, ... must be built from scratch for each new language development tools. The Tom language is a shallow extension of Java tailored to describe and implement transformations of tree based data-structures. A key feature of Tom allows to map any Java data-structure to tree based data abstractions that can then be accessed by powerful non-linear, associative, commutative pattern matching. In this paper, we present how this approach can be used in order to develop model transformations, in particular relying on Eclipse Modeling Framework (EMF) based metamodeling facilities. This allows to provide a transformation language at a low cost both for the development of its tools and the training of its users.

A Property-Driven Approach to Formal Verification of Process Models

More and more, models, through Domain Specific Languages (DSL), tend to be the solution to define complex systems. Expressing properties specific to these metamodels, and checking them, appear as an urgent need. Until now, the only complete industrial solutions that are available consider structural properties such as the ones that could be expressed in OCL. There are although some attempts on behavioural properties for DSL.

Weaving concurrency in executable domain-specific modeling languages

The emergence of modern concurrent systems (e.g., Cyber- Physical Systems or the Internet of Things) and highly- parallel platforms (e.g., many-core, GPGPU pipelines, and distributed platforms) calls for Domain-Specific Modeling Languages (DSMLs) where concurrency is of paramount im- portance. Such DSMLs are intended to propose constructs with rich concurrency semantics, which allow system design- ers to precisely define and analyze system behaviors. How- ever, specifying and implementing the execution semantics of such DSMLs can be a difficult, costly and error-prone task. Most of the time the concurrency model remains implicit and ad-hoc, embedded in the underlying execution environ- ment. The lack of an explicit concurrency model prevents: the precise definition, the variation and the complete under- standing of the semantics of the DSML, the effective usage of concurrency-aware analysis techniques, and the exploitation of the concurrency model during the system refinement (e.g., during its allocation on a specific platform). In this paper, we introduce a concurrent executable metamodeling approach, which supports a modular definition of the execution seman- tics, including the concurrency model, the semantic rules, and a well-defined and expressive communication protocol between them. Our approach comes with a dedicated meta- language to specify the communication protocol, and with an execution environment to simulate executable models. We illustrate and validate our approach with an implementation of fUML, and discuss the modularity and applicability of our approach.