Formal verification of QVT transformations for code generation

We present a formal calculus for operational QVT. The calculus is implemented in the interactive theorem prover KIV and allows to prove properties of QVT transformations for arbitrary meta models. Additionally, we present a framework for provably correct Java code generation. The framework uses a meta model for a Java abstract syntax tree as the target of QVT transformations. This meta model is mapped to a formal Java semantics in KIV. This makes it possible to formally prove (interactively) with the QVT calculus that a transformation always generates a Java model (i.e. a program) that is type correct and has certain semantical properties. The Java model can be used to generate source code by a model-to-text transformation or byte code directly.

[1]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[2]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[3]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Graph Transformation , 2006, Monographs in Theoretical Computer Science. An EATCS Series.

[4]  Nora Szasz,et al.  Verification of Model Transformations: A Survey of the State-of-the-Art , 2013, CLEI Selected Papers.

[5]  Raphael Romeikat,et al.  Translation of QVT Relations into QVT Operational Mappings , 2008, ICMT@TOOLS.

[6]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[7]  Antonio Vallecillo,et al.  Towards a Rewriting Logic Semantics for ATL , 2010, ICMT@TOOLS.

[8]  Kurt Stenzel,et al.  Generating formal specifications for security-critical applications - A model-driven approach , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[9]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[10]  Ernest Teniente,et al.  AuRUS: Automated Reasoning on UML/OCL Schemas , 2010, ER.

[11]  Dániel Varró,et al.  The model transformation language of the VIATRA2 framework , 2007, Sci. Comput. Program..

[12]  Sophia Drossopoulou,et al.  Describing the Semantics of Java and Proving Type Soundness , 1999, Formal Syntax and Semantics of Java.

[13]  Indrakshi Ray,et al.  UML2Alloy: a challenging model transformation , 2007, MODELS'07.

[14]  Yde Venema,et al.  Dynamic Logic by David Harel, Dexter Kozen and Jerzy Tiuryn. The MIT Press, Cambridge, Massachusetts. Hardback: ISBN 0–262–08289–6, $50, xv + 459 pages , 2002, Theory and Practice of Logic Programming.

[15]  Achim D. Brucker,et al.  Extending OCL with null-references: towards a formal semantics for OCL 2.1 , 2009, MODELS'09.

[16]  Kevin Lano,et al.  Comparative Evaluation of Model Transformation Specification Approaches , 2012, International Journal of Software and Informatics.

[17]  Gabriele Taentzer,et al.  Henshin: advanced concepts and tools for in-place EMF model transformations , 2010, MODELS'10.

[18]  Jerzy Tiuryn,et al.  Dynamic logic , 2001, SIGA.

[19]  José Ambrosio Toval Álvarez,et al.  Model Transformations powered by Rewriting Logic , 2008, CAiSE Forum.

[20]  Robert Wille,et al.  Encoding OCL Data Types for SAT-Based Verification of UML/OCL Models , 2011, TAP@TOOLS.

[21]  Kurt Stenzel A Formally Verified Calculus for Full Java Card , 2004, AMAST.

[22]  Kurt Stenzel,et al.  SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications , 2009, 2009 International Conference on Availability, Reliability and Security.

[23]  Andy Schürr,et al.  Specification of Graph Translators with Triple Graph Grammars , 1994, WG.

[24]  Jon Whittle,et al.  Verifying semantic conformance of state machine-to-java code generators , 2010, MODELS'10.

[25]  Achim D. Brucker,et al.  The HOL-OCL Book , 2006 .

[26]  Kurt Stenzel Verification of Java card programs , 2005 .

[27]  Kurt Stenzel,et al.  A Refinement Method for Java Programs , 2007, FMOODS.

[28]  Arend Rensink,et al.  Model Checking Dynamic States in GROOVE , 2006, SPIN.

[29]  Alexander Knapp,et al.  Executing Underspecified OCL Operation Contracts with a SAT Solver , 2008, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[30]  Kurt Stenzel,et al.  Modeling Security-Critical Applications with UML in the SecureMDD Approach , 2009 .

[31]  Tobias Nipkow,et al.  Machine-Checking the Java Specification: Proving Type-Safety , 1999, Formal Syntax and Semantics of Java.

[32]  Frank Ortmeier,et al.  The user interface of the KIV verification system: a system description , 2005 .

[33]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series) , 1992 .

[34]  Arend Rensink The GROOVE Simulator: A Tool for State Space Generation , 2003, AGTIVE.

[35]  Frédéric Jouault,et al.  On the architectural alignment of ATL and QVT , 2006, SAC '06.

[36]  Prof. Dr. Robert F. Stärk,et al.  Java and the Java Virtual Machine , 2001, Springer Berlin Heidelberg.

[37]  Martin Gogolla,et al.  USE: A UML-based specification environment for validating UML and OCL , 2007, Sci. Comput. Program..

[38]  Liliana Favre A Formal Foundation for Metamodeling , 2009, Ada-Europe.

[39]  Kurt Stenzel,et al.  Formal Verification of Application-Specific Security Properties in a Model-Driven Approach , 2010, ESSoS.

[40]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[41]  Wilhelm Schäfer,et al.  Towards Verified Model Transformations , 2006 .

[42]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[43]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[44]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[45]  Gregor Engels,et al.  From UML Activities to TAAL - Towards Behaviour-Preserving Model Transformations , 2008, ECMDA-FA.

[46]  Martin Gogolla,et al.  Consistency, Independence and Consequences in UML and OCL Models , 2009, TAP@TOOLS.

[47]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[48]  Martin Wirsing,et al.  Algebraic Specification , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[49]  Reiko Heckel,et al.  Rewriting Logic Semantics and Verification of Model Transformations , 2009, FASE.

[50]  Krzysztof Czarnecki,et al.  Feature-based survey of model transformation approaches , 2006, IBM Syst. J..

[51]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[52]  Frank Budinsky,et al.  EMF: Eclipse Modeling Framework 2.0 , 2009 .

[53]  Grzegorz Rozenberg,et al.  Handbook of Graph Grammars and Computing by Graph Transformations, Volume 1: Foundations , 1997 .

[54]  Jean Bézivin,et al.  ATL: A model transformation tool , 2008, Sci. Comput. Program..

[55]  Márk Asztalos,et al.  Towards Automated, Formal Verification of Model Transformations , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[56]  Dániel Varró,et al.  Automated formal verification of visual modeling languages by model checking , 2004, Software & Systems Modeling.

[57]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[58]  Mirco Kuhlmann,et al.  Shortcomings of the Embedding of OCL into QVT ImperativeOCL , 2008, MoDELS Workshops.