A feature-based classification of formal verification techniques for software models

Software models are the core development artifact in model-based engineering (MBE). The MBE paradigm promotes the use of software models to describe structure and behavior of the system under development and proposes the automatic generation of executable code from the models. Thus, defects in the models most likely propagate to executable code. To detect defects already at the modeling level, many approaches propose to use formal verification techniques to ensure the correctness of these models. These approaches are the subject of this survey. We review the state of the art of formal verification techniques for software models and provide a feature-based classification that allows us to categorize and compare the different approaches.

[1]  Arend Rensink,et al.  Showing Full Semantics Preservation in Model Transformation - A Comparison of Techniques , 2010, IFM.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Martin Strecker,et al.  Interactive and automated proofs for graph transformations , 2018, Mathematical Structures in Computer Science.

[4]  R. Stärk,et al.  Abstract State Machines , 2003, Springer Berlin Heidelberg.

[5]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .

[6]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[7]  Yang Liu,et al.  An Automatic Approach to Model Checking UML State Machines , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion.

[8]  Olivier Roussel,et al.  The International SAT Solver Competitions , 2012, AI Mag..

[9]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[10]  Till Mossakowski,et al.  Multi-view Consistency in UML , 2016, ArXiv.

[11]  Lingyu Wang,et al.  Formal Verification and Validation of UML 2.0 Sequence Diagrams using Source and Destination of Messages , 2009, SSV.

[12]  Petra Kaufmann,et al.  OCL meets CTL: Towards CTL-Extended OCL Model Checking , 2013, OCL@MoDELS.

[13]  Martin Gogolla,et al.  Initiating a Benchmark for UML and OCL Analysis Tools , 2013, TAP@STAF.

[14]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[15]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[16]  Ed Seidewitz,et al.  What Models Mean , 2003, IEEE Softw..

[17]  Orna Grumberg,et al.  Applying Software Model Checking Techniques for Behavioral UML Models , 2012, FM.

[18]  Jerzy Tiuryn,et al.  Dynamic logic , 2001, SIGA.

[19]  Diane Boyer,et al.  ABSTRACT STATE MACHINES..A METHOD FOR HIGH-LEVEL SYSTEM DESIGN AND ANALYSIS , 2019 .

[20]  Miroslaw Malek,et al.  The Art of Creating Models and Models Integration , 2008, MBSDI.

[21]  Mourad Badri,et al.  Applying Model Checking to Concurrent UML Models , 2008, J. Object Technol..

[22]  Ali Harounabadi,et al.  Verification and validation of UML 2.0 sequence diagrams using colored Petri nets , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[23]  Victor I. Chang,et al.  UML models consistency management: Guidelines for software quality manager , 2016, Int. J. Inf. Manag..

[24]  Christoph Weidenbach,et al.  SPASS Version 3.5 , 2009, CADE.

[25]  Jon Whittle,et al.  A survey of approaches for verifying model transformations , 2013, Software & Systems Modeling.

[26]  Vieri Del Bianco,et al.  Model checking UML specifications of real time software , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[27]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[28]  Ramadan Abdunabi,et al.  An Approach to Analyzing Temporal Properties in UML Class Models , 2013, MoDeVVa@MoDELS.

[29]  Fernando Orejas,et al.  On the Specification and Verification of Model Transformations , 2009, Semantics and Algebraic Specification.

[30]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[31]  Detlef Plump,et al.  The GP Programming System , 2008, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[32]  Johan Lilius,et al.  vUML: a tool for verifying UML models , 1999, 14th IEEE International Conference on Automated Software Engineering.

[33]  Holger Giese,et al.  Towards Automatic Verification of Behavior Preservation for Model Transformation via Invariant Checking , 2012, ICGT.

[34]  Dániel Varró,et al.  CheckVML: A Tool for Model Checking Visual Modeling Languages , 2003, UML.

[35]  Joost-Pieter Katoen,et al.  On a Temporal Logic for Object-Based Systems , 2000, FMOODS.

[36]  Hartmut Ehrig,et al.  Semantical Correctness and Completeness of Model Transformations Using Graph and Rule Transformation , 2008, ICGT.

[37]  Arend Rensink,et al.  Model Checking Dynamic States in GROOVE , 2006, SPIN.

[38]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[39]  Maurice H. ter Beek,et al.  A state/event-based model-checking approach for the analysis of abstract system properties , 2011, Sci. Comput. Program..

[40]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[41]  Markus Völter,et al.  Model-Driven Software Development: Technology, Engineering, Management , 2006 .

[42]  Reiko Heckel,et al.  Rewriting Logic Semantics and Verification of Model Transformations , 2009, FASE.

[43]  Arend Rensink,et al.  Pattern-Based Graph Abstraction , 2012, ICGT.

[44]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[45]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[46]  José Meseguer,et al.  Membership algebra as a logical framework for equational specification , 1997, WADT.

[47]  Bernd Westphal,et al.  The Rhapsody UML Verification Environment , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[48]  Jordi Cabot,et al.  Formal verification of static software models in MDE: A systematic review , 2014, Inf. Softw. Technol..

[49]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[50]  Amy P. Felty,et al.  The Coq proof assistant user's guide : version 5.6 , 1990 .

[51]  Wojciech Penczek,et al.  A New Approach to Model Checking of UML State Machines , 2009, Fundam. Informaticae.

[52]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[53]  Reiko Heckel,et al.  Compositional Verification of Reactive Systems Specified by Graph Transformation , 1998, FASE.

[54]  Martin Strecker,et al.  Modeling and Verifying Graph Transformations in Proof Assistants , 2008, TERMGRAPH@ETAPS.

[55]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[56]  Jörg Desel,et al.  ''What Is a Petri Net?'' , 2001, Unifying Petri Nets.

[57]  Krzysztof Czarnecki,et al.  Feature-based survey of model transformation approaches , 2006, IBM Syst. J..

[58]  Julian Padget,et al.  Symbolic model checking of UML statechart diagrams with an integrated approach , 2004, Proceedings. 11th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, 2004..

[59]  Luciano Baresi,et al.  Verification of Model Transformations: A Case Study with BPEL , 2006, TGC.

[60]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[61]  Jianhong Ma,et al.  Research on Model Checking Technology of UML , 2012, 2012 International Conference on Computer Science and Service System.

[62]  Artur Boronat,et al.  An Algebraic Semantics for MOF , 2008, FASE.

[63]  Ivan Porres Modeling and Analyzing Software Behavior in UML , 1910 .

[64]  Dániel Varró,et al.  Model Checking Graph Transformations: A Comparison of Two Approaches , 2004, ICGT.

[65]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[66]  Indrakshi Ray,et al.  UML2Alloy: a challenging model transformation , 2007, MODELS'07.

[67]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[68]  Dániel Varró,et al.  Automated formal verification of visual modeling languages by model checking , 2004, Software & Systems Modeling.

[69]  Ji Wang,et al.  Model checking UML statecharts , 2001, Proceedings Eighth Asia-Pacific Software Engineering Conference.

[70]  Barbara König,et al.  Towards the Verification of Attributed Graph Transformation Systems , 2008, ICGT.

[71]  Antonio Vallecillo,et al.  A Rewriting Logic Semantics for ATL , 2011, J. Object Technol..

[72]  Edward Y. Chang,et al.  The Safety-Progress Classification , 1993 .

[73]  Diego Latella,et al.  Model checking UML Statechart diagrams using JACK , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[74]  Annegret Habel,et al.  Relabelling in Graph Transformation , 2002, ICGT.

[75]  Ian Graham,et al.  30 Things that Go Wrong in Object Modelling with UML 1.3 , 1999, Behavioral Specifications of Businesses and Systems.

[76]  Barbara König,et al.  Counterexample-Guided Abstraction Refinement for the Analysis of Graph Transformation Systems , 2006, TACAS.

[77]  Luciano Baresi,et al.  An Efficient Solution for Model Checking Graph Transformation Systems , 2008, Electron. Notes Theor. Comput. Sci..

[78]  Gabriele Taentzer,et al.  AGG 2.0 - New Features for Specifying and Analyzing Algebraic Graph Transformations , 2011, AGTIVE.

[79]  Kevin J. Compton,et al.  A toolset for supporting UML static and dynamic model checking , 2002, Proceedings 26th Annual International Computer Software and Applications.

[80]  Petra Kaufmann,et al.  Intra- and interdiagram consistency checking of behavioral multiview models , 2015, Comput. Lang. Syst. Struct..

[81]  Iulian Ober,et al.  Validation of UML Models via a Mapping to Communicating Extended Timed Automata , 2004, SPIN.

[82]  Igor Siveroni,et al.  Property Specification and Static Verification of UML Models , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[83]  Hermann Schichl,et al.  Models and the History of Modeling , 2004 .

[84]  Daniel Leivant,et al.  Higher order logic , 1994, Handbook of Logic in Artificial Intelligence and Logic Programming.

[85]  Michael K. Molloy,et al.  Petri net , 2003 .

[86]  Michel R. V. Chaudron Models in Software Engineering, Workshops and Symposia at MODELS 2008, Toulouse, France, September 28 - October 3, 2008. Reports and Revised Selected Papers , 2009, MoDELS Workshops.

[87]  Gabor Karsai,et al.  Towards Verifying Model Transformations , 2008, GT-VMT@ETAPS.

[88]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[89]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series) , 1992 .

[90]  Bran Selic The theory and practice of modern modeling language design for model-based software engineering , 2011, AOSD '11.

[91]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[92]  Arend Rensink The GROOVE Simulator: A Tool for State Space Generation , 2003, AGTIVE.

[93]  John Mullins,et al.  Model Checking of Extended OCL Constraints on UML Models in SOCLe , 2007, FMOODS.

[94]  Andrei Voronkov,et al.  First-Order Theorem Proving and Vampire , 2013, CAV.

[95]  Jürgen Dingel,et al.  Towards a model transformation intent catalog , 2012, AMT '12.

[96]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[97]  Jürgen Dingel,et al.  A Tridimensional Approach for Studying the Formal Verification of Model Transformations , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[98]  Morten Heine Sørensen,et al.  Chapter 4 - The Curry-Howard isomorphism , 2006 .

[99]  Daniel Jackson,et al.  Automating first-order relational logic , 2000, SIGSOFT '00/FSE-8.

[100]  R. Smullyan First-Order Logic , 1968 .

[101]  Philippe Schnoebelen,et al.  Systems and Software Verification , 2001, Springer Berlin Heidelberg.

[102]  Uwe Zdun,et al.  A Model Checking Based Approach for Containment Checking of UML Sequence Diagrams , 2016, 2016 23rd Asia-Pacific Software Engineering Conference (APSEC).

[103]  Hartmut Ehrig,et al.  Deriving bisimulation congruences in the DPO approach to graph rewriting with borrowed contexts , 2006, Mathematical Structures in Computer Science.

[104]  Ivan Porres,et al.  Model Checking Dynamic and Hierarchical UML State Machines , 2006 .

[105]  Abdelkrim Amirat,et al.  From UML 2.0 Sequence Diagrams to PROMELA code by Graph Transformation using AToM3 , 2011, CIIA.

[106]  Hartmut Ehrig,et al.  Handbook of graph grammars and computing by graph transformation: vol. 3: concurrency, parallelism, and distribution , 1999 .

[107]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[108]  Gabor Karsai,et al.  Polyglot: Systematic Analysis for Multiple Statechart Formalisms , 2013, TACAS.

[109]  Bran Selic,et al.  The Pragmatics of Model-Driven Development , 2003, IEEE Softw..

[110]  Bernhard Rumpe,et al.  Behavioral Specifications of Businesses and Systems , 1999, Behavioral Specifications of Businesses and Systems.

[111]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[112]  Mordechai Ben-Ari,et al.  Principles of the spin model checker , 2008 .

[113]  Willem P. de Roever,et al.  29 New Unclarities in the Semantics of UML 2.0 State Machines , 2005, ICFEM.

[114]  M. Sørensen,et al.  Lectures on the Curry-Howard Isomorphism, Volume 149 (Studies in Logic and the Foundations of Mathematics) , 2006 .

[115]  M. Seidl,et al.  A Classification of Model Checking-Based Verification Approaches for Software Models , 2013 .

[116]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[117]  Iman Poernomo,et al.  Correct-by-Construction Model Transformations from Partially Ordered Specifications in Coq , 2010, ICFEM.

[118]  Alexander Knapp,et al.  Model checking of UML 2.0 interactions , 2006, MoDELS'06.

[119]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[120]  Andrea Corradini,et al.  A Static Analysis Technique for Graph Transformation Systems , 2001, CONCUR.

[121]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[122]  Martin Gogolla,et al.  Filmstripping and Unrolling: A Comparison of Verification Approaches for UML and OCL Behavioral Models , 2014, TAP@STAF.

[123]  Frédéric Jouault,et al.  Transforming Models with ATL , 2005, MoDELS.

[124]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[125]  Shane Sendall,et al.  Model Transformation: The Heart and Soul of Model-Driven Software Development , 2003, IEEE Softw..

[126]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[127]  Toby Walsh,et al.  Handbook of Satisfiability: Volume 185 Frontiers in Artificial Intelligence and Applications , 2009 .

[128]  Martin Gogolla,et al.  OCL Extended with Temporal Logic , 2003, Ershov Memorial Conference.

[129]  Luciano Baresi,et al.  On the Use of Alloy to Analyze Graph Transformation Systems , 2006, ICGT.

[130]  Iulian Ober,et al.  Validating timed UML models by simulation and verification , 2006, International Journal on Software Tools for Technology Transfer.

[131]  Jean Bézivin,et al.  On the unification power of models , 2005, Software & Systems Modeling.

[132]  Barbara König,et al.  Augur 2 - A New Version of a Tool for the Analysis of Graph Transformation Systems , 2008, GT-VMT@ETAPS.

[133]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[134]  Gabriele Taentzer,et al.  Henshin: advanced concepts and tools for in-place EMF model transformations , 2010, MODELS'10.

[135]  G. Bennington Foundations , 2007 .

[136]  Martin Gogolla,et al.  Model Validation and Verification Options in a Contemporary UML and OCL Analysis Tool , 2016, Modellierung.

[137]  Helmut Veith,et al.  Model Checking: Back and Forth between Hardware and Software , 2005, VSTTE.

[138]  Detlef Plump,et al.  Verifying Total Correctness of Graph Programs , 2013, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[139]  Kurt Stenzel,et al.  Formal verification of QVT transformations for code generation , 2011, MODELS'11.

[140]  Artur Boronat,et al.  Algebraic Semantics of OCL-Constrained Metamodel Specifications , 2009, TOOLS.

[141]  Gerard J. Holzmann,et al.  Implementing statecharts in PROMELA/SPIN , 1998, Proceedings. 2nd IEEE Workshop on Industrial Strength Formal Specification Techniques.

[142]  Detlef Plump,et al.  Hoare-Style Verification of Graph Programs , 2012, Fundam. Informaticae.

[143]  Andy Schürr,et al.  Specification of Graph Translators with Triple Graph Grammars , 1994, WG.

[144]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[145]  Martin Gogolla,et al.  Verification of ATL Transformations Using Transformation Models and Model Finders , 2012, ICFEM.

[146]  Gabriele Taentzer,et al.  Formal foundation of consistent EMF model transformations by algebraic graph transformation , 2011, Software & Systems Modeling.

[147]  José Meseguer,et al.  Twenty years of rewriting logic , 2010, J. Log. Algebraic Methods Program..

[148]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[149]  Tommi A. Junttila,et al.  Symbolic model checking of hierarchical UML state machines , 2008, 2008 8th International Conference on Application of Concurrency to System Design.

[150]  Martin Gogolla,et al.  USE: A UML-based specification environment for validating UML and OCL , 2007, Sci. Comput. Program..

[151]  Arend Rensink,et al.  Neighbourhood Abstraction in GROOVE , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[152]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[153]  Radu Mateescu,et al.  CADP 2011: a toolbox for the construction and analysis of distributed processes , 2012, International Journal on Software Tools for Technology Transfer.

[154]  Jozef Hooman,et al.  Formalizing UML Models and OCL Constraints in PVS , 2004, SFEDL@ETAPS.