Behavioral Semantics of Modeling Languages: A Pragmatic Approach

Domain-specific modeling languages (DSMLs) are specialized languages tailored with concepts and features of a particular domain. The abstractions offered by DSMLs allow designers of software systems to ignore implementation details and instead focus on the system at a high level. While higher levels of abstraction can offer many advantages, there are still unresolved issues with DSMLs. One of these is the difficulty of applying formal verification methods. This dissertation presents two contributions that assist with the formal verification of domain-specific models. The first is a unified framework in which Statechart models of different semantic variants can be defined, simulated and verified. The key idea is that the user describes only the structure of a model, and then selects the semantics from a set of pluggable components. This allows a single model to be executed using multiple semantics, and a system comprised of interacting models using different semantics can be simulated and verified in a single environment. A lightweight method for specifying properties based on a pattern system was also developed. To perform analysis, the framework is integrated with Java Pathfinder, a software model checker, and Symbolic Pathfinder, its symbolic execution engine. Symbolic execution allows both test-vector generation and reachability analysis. The second major contribution is an extension to Formula, a modeling language and analysis tool from Microsoft Research, that calculates execution traces of models. The behavioral semantics are defined as a set of model transformations, each of which represents an atomic step of execution. The trace computing extension consists of three components. The first is a component that applies all applicable transformations to an input model at a given step and creates a separate trace for each application. The second component is used to create a separate trace for each non-deterministic choice of the input parameters that are passed to a transformation, making non-determinism inside a single execution step explicit to the trace computing module. The third component stores execution traces efficiently by computing and storing only the differences between consecutive steps in a trace when possible.

[1]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[2]  Robert D. Tennent,et al.  The denotational semantics of programming languages , 1976, CACM.

[3]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[4]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[5]  Martin Wirsing,et al.  Formal Syntax and Semantics of Java , 1999 .

[6]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[7]  Bernhard Rumpe,et al.  Meaningful modeling: what's the semantics of "semantics"? , 2004, Computer.

[8]  Daniel Kroening,et al.  A Survey of Automated Techniques for Formal Software Verification , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[9]  Jens Palsberg,et al.  Safety Analysis versus Type Inference , 1992, Inf. Comput..

[10]  Sriram K. Rajamani,et al.  An empirical study of optimizations in YOGI , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[11]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[12]  René Rydhof Hansen,et al.  Language-agnostic Contract specification and checking with CodeContracts and Clousot , 2010 .

[13]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[14]  Lloyd Allison,et al.  A Practical Introduction to Denotational Semantics , 1987 .

[15]  Peter D. Mosses Compiler Generation Using Denotational Semantics , 1976, MFCS.

[16]  Uwe F. Pleban,et al.  Experience with an experimental compiler generator based on denotational semantics , 1982, SIGPLAN '82.

[17]  Anneke Kleppe,et al.  The Object Constraint Language: Getting Your Models Ready for MDA , 2003 .

[18]  Dániel Varró,et al.  Automated formal verification of visual modeling languages by model checking , 2004, Software & Systems Modeling.

[19]  Antonio Vallecillo,et al.  Adding Behavior to Models , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[20]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[21]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[22]  Michael von der Beeck,et al.  A Comparison of Statecharts Variants , 1994, FTRTFT.

[23]  Patrick Cousot,et al.  Abstract Interpretation Based Formal Methods and Future Challenges , 2001, Informatics.

[24]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[25]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[26]  Steve Cook,et al.  Domain-Specific Development with Visual Studio DSL Tools , 2007 .

[27]  Daniel Jackson,et al.  A Comparison of Object Modelling Notations : Alloy , UML and Z , 1999 .

[28]  Grady Booch,et al.  Object-oriented analysis and design with applications, third edition , 2007, SOEN.

[29]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[30]  Willem Visser,et al.  Model Checking Programs with Java PathFinder , 2005, SPIN.

[31]  R. Stärk,et al.  Abstract State Machines , 2003, Springer Berlin Heidelberg.

[32]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[33]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[34]  Philippe Schnoebelen,et al.  A parametric analysis of the state-explosion problem in model checking , 2006, J. Comput. Syst. Sci..

[35]  J. W. de Bakker,et al.  Mathematical theory of program correctness , 1980, Prentice-Hall international series in computer science.

[36]  Moshe Y. Vardi Automatic verification of probabilistic concurrent finite state programs , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[37]  Corina S. Pasareanu,et al.  JPF-SE: A Symbolic Execution Extension to Java PathFinder , 2007, TACAS.

[38]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[39]  Grady Booch,et al.  Object-Oriented Analysis and Design with Applications , 1990 .

[40]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[41]  Sherif Abdelwahed,et al.  Semantic Anchoring with Model Transformations , 2005, ECMDA-FA.

[42]  Henk Barendregt,et al.  The Lambda Calculus: Its Syntax and Semantics , 1985 .

[43]  Edsger W. Dijkstra,et al.  Go To Statement Considered Harmful , 2022, Software Pioneers.

[44]  Peter D. Mosses The Varieties of Programming Language Semantics , 2000, IFIP TCS.

[45]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[46]  K. Rustan M. Leino,et al.  A Polymorphic Intermediate Verification Language: Design and Logical Encoding , 2010, TACAS.

[47]  Gul A. Agha,et al.  ACTORS - a model of concurrent computation in distributed systems , 1985, MIT Press series in artificial intelligence.

[48]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[49]  Michael W. Whalen A parametric structural operational semantics for stateflow, uml statecharts , 2010 .

[50]  Nancy A. Day,et al.  Template Semantics for Model-Based Notations , 2003, IEEE Trans. Software Eng..

[51]  Paulo Borba,et al.  A UML Class Diagram Analyzer , 2004 .

[52]  Edmund M. Clarke,et al.  Bayesian statistical model checking with application to Stateflow/Simulink verification , 2010, Formal Methods in System Design.

[53]  Guy L. Steele,et al.  Java(TM) Language Specification , 2005 .

[54]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[55]  Sofia Cassel,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 2012 .

[56]  Gabor Karsai,et al.  Model-integrated development of embedded software , 2003, Proc. IEEE.

[57]  Martin Wirsing,et al.  An Event-Based Structural Operational Semantics of Multi-Threaded Java , 1999, Formal Syntax and Semantics of Java.

[58]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[59]  gerard. j. holzmann Tr ends in Software Verification , 2003 .

[60]  David Harel,et al.  The Rhapsody Semantics of Statecharts (or, On the Executable Core of the UML) - Preliminary Version , 2004, SoftSpez Final Report.

[61]  Bernhard Rumpe,et al.  System Model-Based Definition of Modeling Language Semantics , 2009, FMOODS/FORTE.

[62]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[63]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[64]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[65]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[66]  Gerard J. Holzmann,et al.  Software model checking with SPIN , 2005, Adv. Comput..

[67]  Edsger W. Dijkstra,et al.  Letters to the editor: go to statement considered harmful , 1968, CACM.

[68]  Edmund M. Clarke,et al.  Verification of All Circuits in a Floating-Point Unit Using Word-Level Model Checking , 1996, FMCAD.

[69]  Peter Thiemann,et al.  Syntactic Type Soundness Results for the Region Calculus , 2002, Inf. Comput..

[70]  Janos Sztipanovits,et al.  Formalizing the structural semantics of domain-specific modeling languages , 2009, Software & Systems Modeling.

[71]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[72]  Gabor Karsai,et al.  The ESMoL Language and Tools for High-Confidence Distributed Control Systems Design. Part 1: Design Language, Modeling Framework, and Analysis , 2011 .

[73]  Janos Sztipanovits,et al.  Towards a formal foundation for domain specific modeling languages , 2006, EMSOFT '06.

[74]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[75]  Nikolaj Bjørner,et al.  Specifying and Composing Non-functional Requirements in Model-Based Development , 2009, SC@TOOLS.

[76]  Joseph Sifakis,et al.  From high-level component-based models to distributed implementations , 2010, EMSOFT '10.

[77]  Gabor Karsai,et al.  Reusing Model Transformations While Preserving Properties , 2010, FASE.

[78]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.