Verifying semantic conformance of state machine-to-java code generators

When applying model-driven engineering to safety-critical systems, the correctness of model transformations is crucial. In this paper, we investigate a novel approach to verifying the conformance to source language semantics of model-to-code transformations that uses annotations in the generated code. These annotations are inserted by the transformation and are used to guide a model checker to verify that the generated code satisfies the semantics of the source language - UML state machines in this paper. Verifying the generated output in this way is more efficient than formally verifying the transformation's definition. The verification is performed using Java Pathfinder (JPF) [1], a model checker for Java source code. The approach has been applied to verify three UML state machine to Java code generators: one developed by us and two commercial generators (Rhapsody and Visual Paradigm). We were able to detect non-conformance in both commercial tools, which failed some semantic properties extracted from the UML specification.

[1]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[2]  Ewen Denney,et al.  Generating customized verifiers for automatically generated code , 2008, GPCE '08.

[3]  Amir Pnueli,et al.  The Code Validation Tool (CVT) , 1998, International Journal on Software Tools for Technology Transfer (STTT).

[4]  J. Schumann,et al.  Automatic Certification of Kalman Filters for Reliable Code Generation , 2005, 2005 IEEE Aerospace Conference.

[5]  Marina Egea,et al.  Formal executable semantics for conformance in the MDE framework , 2010, Innovations in Systems and Software Engineering.

[6]  Ewen Denney,et al.  Extending Source Code Generators for Evidence-Based Software Certification , 2006, Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006).

[7]  Johann Schumann,et al.  Certification support for automatically generated programs , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[8]  Sagar Chaki,et al.  Model-driven construction of certified binaries , 2007, MODELS'07.

[9]  Jorge C. A. de Figueiredo,et al.  An Extended MDA Architecture for Ensuring Semantics-Preserving Transformations , 2008, 2008 32nd Annual IEEE Software Engineering Workshop.

[10]  Mats Per Erik Heimdahl,et al.  Partial Translation Verification for Untrusted Code-Generators , 2008, ICFEM.

[11]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[12]  Mark A. Hillebrand,et al.  Invariants, Modularity, and Rights , 2009, Ershov Memorial Conference.

[13]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[14]  Márk Asztalos,et al.  Towards Automated, Formal Verification of Model Transformations , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[15]  George C. Necula,et al.  A Proof-Carrying Code Architecture for Java , 2000, CAV.

[16]  Kevin Lano,et al.  Slicing of UML models using model transformations , 2010, MODELS'10.

[17]  Thomas Baar,et al.  A Graphical Approach to Prove the Semantic Preservation of UML/OCL Refactoring Rules , 2006, Ershov Memorial Conference.