A formal verification technique for behavioural model-to-model transformations

In Model Driven Software Engineering, models and model transformations are the primary artifacts when developing a software system. In such a workflow, model transformations are used to incrementally transform initial abstract models into concrete models containing all relevant system details. Over the years, various formal methods have been proposed and further developed to determine the functional correctness of models of concurrent systems. However, the formal verification of model transformations has so far not received as much attention. In this article, we propose a formal verification technique to determine that formalisations of such transformations in the form of rule systems are guaranteed to preserve functional properties, regardless of the models they are applied on. This work extends our earlier work in various ways. Compared to our earlier approaches, the current technique involves only up to n individual checks, with n the number of rules in the rule system, whereas previously, up to 2n − 1 checks were required. Furthermore, a full correctness proof for the technique is presented, based on a formal proof conducted with the Coq proof assistant. Finally, we report on two sets of conducted experiments. In the first set, we compared traditional model checking with transformation verification, and in the second set, we compared the verification technique presented in this article with the previous version.

[1]  Kurt Stenzel,et al.  Formal Verification of QVT Transformations for Code Generation , 2011, MoDELS.

[2]  Alexandra Silva,et al.  Generalizing determinization from automata to coalgebras , 2013, Log. Methods Comput. Sci..

[3]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[4]  Anton Wijs,et al.  REFINER: Towards Formal Verification of Model Transformations , 2014, NASA Formal Methods.

[5]  Benoît Combemale,et al.  Essay on Semantics Definition in MDE - An Instrumented Approach for Model Verification , 2009, J. Softw..

[6]  S. P. Luttik Description and formal specification of the Link Layer of P1394 , 1997, FME 1997.

[7]  Emmanuelle Encrenaz-Tiphène,et al.  CTL-property Transformations along an Incremental Design Process , 2004, International Journal on Software Tools for Technology Transfer.

[8]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[9]  Radu Mateescu,et al.  Partial Model Checking using Networks of Labelled Transition Systems and Boole an Equation Systems , 2013, Log. Methods Comput. Sci..

[10]  Jon Whittle,et al.  A survey of approaches for verifying model transformations , 2013, Software & Systems Modeling.

[11]  Anton Wijs Confluence Detection for Transformations of Labelled Transition Systems , 2015, GaM.

[12]  Scott A. Smolka,et al.  Incremental Model Checking in the Modal Mu-Calculus , 1994, CAV.

[13]  Dragan Bosnacki,et al.  GPU-PRISM: An Extension of PRISM for General Purpose Graphics Processing Units , 2010, 2010 Ninth International Workshop on Parallel and Distributed Methods in Verification, and Second International Workshop on High Performance Computational Systems Biology.

[14]  Anton Wijs Achieving Discrete Relative Timing with Untimed Process Algebra , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[15]  Radu Mateescu,et al.  CADP 2010: A Toolbox for the Construction and Analysis of Distributed Processes , 2011, TACAS.

[16]  Anneke Kleppe,et al.  MDA explained - the Model Driven Architecture: practice and promise , 2003, Addison Wesley object technology series.

[17]  Anton Wijs,et al.  From Chi-t to mCRL: Combining Performance and Functional Analysis , 2005 .

[18]  Emmanuelle Encrenaz-Tiphène,et al.  CTL-Property Transformations Along an Incremental Design Process , 2005, Electron. Notes Theor. Comput. Sci..

[19]  Kurt Stenzel,et al.  Formal verification of QVT transformations for code generation , 2011, MODELS'11.

[20]  Jan Friso Groote,et al.  An O(m\log n) Algorithm for Stuttering Equivalence and Branching Bisimulation , 2016, TACAS.

[21]  Anton Wijs,et al.  Define, Verify, Refine: Correct Composition and Transformation of Concurrent System Semantics , 2013, FACS.

[22]  Rob J. van Glabbeek,et al.  Branching time and abstraction in bisimulation semantics , 1996, JACM.

[23]  Reiko Heckel,et al.  Bisimilarity and Behaviour-Preserving Reconfigurations of Open Petri Nets , 2007, CALCO.

[24]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[25]  Glynn Winskel A Compositional Proof System on a Category of Labelled Transition Systems , 1989 .

[26]  Gabor Karsai,et al.  Towards Verifying Model Transformations , 2008, GT-VMT@ETAPS.

[27]  Detlef Plump,et al.  Graph Transformation in Constant Time , 2006, ICGT.

[28]  Erik P. de Vink,et al.  An Overview of the mCRL2 Toolset and Its Recent Advances , 2013, TACAS.

[29]  Jonathan P. Bowen,et al.  Formal Methods , 2010, Computing Handbook, 3rd ed..

[30]  Mihaela Sighireanu,et al.  A Graphical Parallel Composition Operator for Process Algebras , 1999, FORTE.

[31]  Radu Mateescu,et al.  Partial Model Checking Using Networks of Labelled Transition Systems and Boolean Equation Systems , 2012, TACAS.

[32]  Arend Rensink,et al.  Showing Full Semantics Preservation in Model Transformation - A Comparison of Techniques , 2010, IFM.

[33]  Wilhelm Schäfer,et al.  Towards Verified Model Transformations , 2006 .

[34]  Robert K. Brayton,et al.  Incremental Methods for Formal Verification and Logic Synthesis , 1996 .

[35]  Cees T. A. M. de Laat,et al.  A Medium-Scale Distributed System for Computer Science Research: Infrastructure for the Long Term , 2016, Computer.

[36]  Gabor Karsai,et al.  On the Correctness of Model Transformations in the Development of Embedded Systems , 2006, Monterey Workshop.

[37]  David Eppstein,et al.  Dynamic graph algorithms , 2010 .

[38]  Judi Romijn Model checking the HAVi leader election protocol , 1999 .

[39]  Frédéric Lang,et al.  Refined Interfaces for Compositional Verification , 2006, FORTE.

[40]  Sabine Glesner,et al.  Formal Verification of Java Code Generation from UML Models , 2005 .

[41]  Christel Baier,et al.  Principles of model checking , 2008 .

[42]  Wan Fokkink,et al.  Is Timed Branching Bisimilarity an Equivalence Indeed? , 2005, FORMATS.

[43]  Eduard Babkin,et al.  Automated Formal Verification of Model Transformations Using the Invariants Mechanism , 2019, BIR.

[44]  Jürgen Dingel,et al.  Formal Verification Techniques for Model Transformations: A Tridimensional Classification , 2015, J. Object Technol..

[45]  Anton Wijs,et al.  Verifying a Verifier: On the Formal Correctness of an LTS Transformation Verification Technique , 2016, FASE.

[46]  Anton Wijs,et al.  Property-dependent reductions adequate with divergence-sensitive branching bisimilarity , 2014, Sci. Comput. Program..

[47]  Thomas W. Reps,et al.  On the Computational Complexity of Dynamic Graph Problems , 1996, Theor. Comput. Sci..

[48]  Scw Bas Ploeger,et al.  Analysis of ACS using mCRL2 , 2009 .

[49]  Markus Roggenbach,et al.  Property Preserving Refinement for Csp-Casl , 2009, WADT.

[50]  Sorin Lerner,et al.  Automated refinement checking of concurrent systems , 2007, 2007 IEEE/ACM International Conference on Computer-Aided Design.

[51]  Diptikalyan Saha An Incremental Bisimulation Algorithm , 2007, FSTTCS.

[52]  Kevin Lano The B language and method - a guide to practical formal development , 1996, FACIT: Formal approaches to computing and information technology.

[53]  Anton Wijs,et al.  Efficient Property Preservation Checking of Model Refinements , 2013, TACAS.

[54]  Jürgen Dingel,et al.  Specification and Verification of Graph-Based Model Transformation Properties , 2014, ICGT.

[55]  Holger Giese,et al.  Towards Automatic Verification of Behavior Preservation for Model Transformation via Invariant Checking , 2012, ICGT.