1 / 12

Model Checking for an Executable Subset of UML

Model Checking for an Executable Subset of UML. Fei Xie 1 , Vladimir Levin 2 , and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories, Lucent Technologies. Motivations. Executable subsets of UML Widely applied to model software system designs;

eliza
Télécharger la présentation

Model Checking for an Executable Subset of UML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Checking for an Executable Subset of UML Fei Xie1, Vladimir Levin2, and James C. Browne1 1Dept. of Computer Sciences, UT at Austin 2Bell Laboratories, Lucent Technologies

  2. Motivations • Executable subsets of UML • Widely applied to model software system designs; • Have well-defined execution semantics; • Enable early verification of design models. • Model checking can potentially improve the reliability of executable design models.

  3. xUML: An Executable Subset of UML • A system consists of interacting class instances; • Class instances communicate mainly through asynchronous message passing with buffering; • State models are extended with state actions; • State transitions are enabled by messages; • System executions follow asynchronous interleaving semantics.

  4. A Sample xUML State Model State Transition State Action Message Type State

  5. Model Checking xUML Models xUML Model xUML Query xUML Level Error Report xUML-to-S/R Translation Error Report Generation S/R Model S/R Query S/R Query COSPAN Error Track Model Checking with COSPAN Model Checker Legend: Input Output Data Process

  6. COSPAN Model Checker and S/R Automaton Language • COSPAN is a synchronous model checker and inputs models and queries formulated in S/R. • In S/R, a system is a synchronous parallel composition of its components modeled as processes. Process Process Output Process Input Process State Space

  7. xUML Level Query Formulation Proposition Semantic Constructs of xUML Model DECLARE Joint_2_in_Move_EE <<Joint 2>> $Move_EE; DECLARE Recovery_Called <<Recovery 1>> recovery_status = 1; NEVER (Joint_2_in_Move_EE AND Recovery_Called); Instantiation of Temporal Template

  8. xUML-to-S/R Model Translation • Maps class instances to S/R processes; • Models asynchrony with synchrony; • An S/R process as global execution scheduler; • Message buffers by separate S/R processes; • Simulates dynamic creation of class instances; • Bounds infinite state spaces of xUML models.

  9. State Space Reductions in Model Translation • Static partial order reduction (SPOR); • Translating static attributes to constants; • Reducing the send and consumption of a self message into a single state transition; • Ranging variables to facilitate symbolic model checking (SMC).

  10. Error Trace Analysis Support • Visualize errors via simulation driven by error traces.

  11. Effectiveness of State Space Reductions • A liveness property to be checked on online ticket sale system; • xUML model translated to two S/R models with SPOR on or off; • Two S/R models checked by COSPAN with SMC on or off.

  12. Conclusions and Future Work • An approach to model checking of xUML models is defined and implemented. • Non-trivial xUML models have been checked. • A robot control system; • An online ticket sale system. • Integrated state space reduction that supports verifying larger models is being developed.

More Related