Full contract verification for ATL using symbolic execution

The Atlas Transformation Language (ATL) is currently one of the most used model transformation languages and has become a de facto standard in model-driven engineering for implementing model transformations. At the same time, it is understood by the community that enhancing methods for exhaustively verifying such transformations allows for a more widespread adoption of model-driven engineering in industry. A variety of proposals for the verification of ATL transformations have arisen in the past few years. However, the majority of these techniques are either based on non-exhaustive testing or on proof methods that require human assistance and/or are not complete. In this paper, we describe our method for statically verifying the declarative subset of ATL model transformations. This verification is performed by translating the transformation (including features like filters, OCL expressions, and lazy rules) into our model transformation language DSLTrans. As we handle only the declarative portion of ATL, and DSLTrans is Turing-incomplete, this reduction in expressivity allows us to use a symbolic-execution approach to generate representations of all possible input models to the transformation. We then verify pre-/post-condition contracts on these representations, which in turn verifies the transformation itself. The technique we present in this paper is exhaustive for the subset of declarative ATL model transformations. This means that if the prover indicates a contract holds on a transformation, then the contract’s pre-/post-condition pair will be true for any input model for that transformation. We demonstrate and explore the applicability of our technique by studying several relatively large and complex ATL model transformations, including a model transformation developed in collaboration with our industrial partner. As well, we present our ‘slicing’ technique. This technique selects only those rules in the DSLTrans transformation needed for contract proof, thereby reducing proving time.

[1]  Gehan M. K. Selim Formal Verification of Graph-Based Model Transformations , 2015 .

[2]  Jürgen Dingel,et al.  Specification and Verification of Graph-Based Model Transformation Properties , 2014, ICGT.

[3]  Eyrak Paen,et al.  Measuring Incrementally Developed Model Transformations Using Change Metrics , 2012 .

[4]  Jürgen Dingel,et al.  A Tridimensional Approach for Studying the Formal Verification of Model Transformations , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[5]  Kevin Lano,et al.  A framework for model transformation verification , 2014, Formal Aspects of Computing.

[6]  Jordi Cabot,et al.  Model-Driven Software Engineering in Practice , 2017, Synthesis Lectures on Software Engineering.

[7]  Hans Vangheluwe,et al.  T-Core: a framework for custom-built model transformation engines , 2013, Software & Systems Modeling.

[8]  Levi Lucio,et al.  DSLTrans: A Turing Incomplete Transformation Language , 2010, SLE.

[9]  Antonio Vallecillo,et al.  Static Fault Localization in Model Transformations , 2015, IEEE Transactions on Software Engineering.

[10]  Yves Le Traon,et al.  Model transformation testing: oracle issue , 2008, 2008 IEEE International Conference on Software Testing Verification and Validation Workshop.

[11]  Nicolas Belloir,et al.  OCL contracts for the verification of model transformations , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[12]  Richard F. Paige,et al.  Model comparison: a foundation for model composition and model transformation testing , 2006, GaMMa '06.

[13]  James F. Power,et al.  A Sound Execution Semantics for ATL via Translation Validation - Research Paper , 2015, ICMT.

[14]  J. Küster,et al.  Analysis of Model Transformations via Alloy , 2007 .

[15]  Jürgen Dingel,et al.  Finding and Fixing Bugs in Model Transformations with Formal Verification: An Experience Report , 2015, AMT@MoDELS.

[16]  Manuel Wimmer,et al.  Fully verifying transformation contracts for declarative ATL , 2015, 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS).

[17]  Gerti Kappel,et al.  Automated verification of model transformations based on visual contracts , 2013, Automated Software Engineering.

[18]  Laurent Pautet,et al.  Translating ATL Model Transformations to Algebraic Graph Transformations , 2015, ICMT.

[19]  Nora Szasz,et al.  A Type-Theoretic Framework for Certified Model Transformations , 2010, SBMF.

[20]  Andy Schürr,et al.  On the Usage of TGGs for Automated Model Transformation Testing , 2014, ICMT.

[21]  Jon Whittle,et al.  A survey of approaches for verifying model transformations , 2013, Software & Systems Modeling.

[22]  Jordi Cabot,et al.  On verifying ATL transformations using 'off-the-shelf' SMT solvers , 2012, MODELS'12.

[23]  Jürgen Dingel,et al.  Model transformation intents and their properties , 2016, Software & Systems Modeling.

[24]  Martin Gogolla,et al.  Tractable Model Transformation Testing , 2011, ECMFA.

[25]  Iman Poernomo,et al.  Correct-by-Construction Model Transformations from Partially Ordered Specifications in Coq , 2010, ICFEM.

[26]  Richard F. Paige,et al.  EUnit: a unit testing framework for model management tasks , 2011, MODELS'11.

[27]  Jean Bézivin,et al.  ATL: A model transformation tool , 2008, Sci. Comput. Program..

[28]  Martin Gogolla,et al.  Checking Transformation Model Properties with a UML and OCL Model Validator , 2014, VOLT@STAF.

[29]  Jordi Cabot,et al.  ATLTest: a white-box test generation approach for ATL transformations , 2012, MODELS'12.

[30]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[31]  Levi Lucio,et al.  A technique for automatic validation of model transformations , 2010, MODELS'10.

[32]  Martin Gogolla,et al.  Formal Specification and Testing of Model Transformations , 2012, SFM.

[33]  Jürgen Dingel,et al.  SyVOLT: Full Model Transformation Verification Using Contracts , 2015, P&D@MoDELS.

[34]  Annegret Habel,et al.  From Core OCL Invariants to Nested Graph Constraints , 2014, ICGT.

[35]  Jordi Cabot,et al.  Refining Models with Rule-based Model Transformations , 2011 .

[36]  Lo ¨ ic F-Alloy: An Alloy Based Model Transformation Language , 2015 .

[37]  Vicente Pelechano,et al.  Test-Driven Development of Model Transformations , 2009, MoDELS.

[38]  Juan de Lara,et al.  Uncovering Errors in ATL Model Transformations Using Static Analysis and Constraint Solving , 2014, 2014 IEEE 25th International Symposium on Software Reliability Engineering.

[39]  Antonio Vallecillo,et al.  A Rewriting Logic Semantics for ATL , 2011, J. Object Technol..

[40]  Gábor Bergmann,et al.  Translating OCL to Graph Patterns , 2014, MoDELS.

[41]  Ákos Horváth,et al.  Workflow-Driven Tool Integration Using Model Transformations , 2010, Graph Transformations and Model-Driven Engineering.

[42]  Juan de Lara,et al.  Checking Model Transformation Refinement , 2013, ICMT.

[43]  Jürgen Dingel,et al.  An executable formal semantics for UML-RT , 2014, Software & Systems Modeling.