Runtime Verification of Executable Models Fernando Macas - - PowerPoint PPT Presentation

runtime verification of
SMART_READER_LITE
LIVE PREVIEW

Runtime Verification of Executable Models Fernando Macas - - PowerPoint PPT Presentation

Dec 08, 2023 719 likes •1.07k views

NWPT 2015 Runtime Verification of Executable Models Fernando Macas fernando.macias@hib.no Adrian Rutle adrian.rutle@hib.no Volker Stolz volker.stolz@hib.no Motivation Modelling offers one more level of abstraction above

slide-1
SLIDE 1

Runtime Verification of Executable Models

Fernando Macías – fernando.macias@hib.no Adrian Rutle – adrian.rutle@hib.no Volker Stolz – volker.stolz@hib.no

NWPT 2015

slide-2
SLIDE 2

Motivation

  • Modelling offers one more level of abstraction

above programming

  • Close the gap between domain experts and

software engineers

› Different views of the system › The solution can be specified in the problem space

2

Problem space Domain experts Solution space Software engineers

slide-3
SLIDE 3

Two types of models

Structural models Behavioural models

3

  • The metamodel defines

a type of structure

  • The model represents a

particular structure

  • Semantics given by a

set of instances (snapshots)

  • E.g: Class diagrams
  • The metamodel defines

a process language

  • The model represent a

process

  • Semantics can be

expressed as model transformations

  • E.g: BPMN, Petri nets
slide-4
SLIDE 4

Verification of Behavioural Models

  • Testing

› Applied on small parts of the model › Cumbersome in big models › Not exhaustive

  • Model checking

› Exhaustive and strong › Bad scalability

  • Runtime verification

4

slide-5
SLIDE 5

Runtime Verification of Behavioural Models

  • Useful when the system is too complex to be

analysed thoroughly1

  • Can be performed over simulations or the actual

deployed system

  • Based on:

› Temporal properties: Invariants, implications of present/past events in future events, global properties (e.g: termination) › Monitors: Check properties against running instances

  • 1. Leucker et al. A brief account of runtime verification.

5

slide-6
SLIDE 6

Executable Modelling

  • Definition of models with enough information to be

executed

  • Two alternatives

› Interpreted: The model itself is run in a custom runtime

  • environment. The instances are evolved through model

transformations1 › Compiled: The model is transformed into a machine- readable representation, e.g: imperative code2

  • Focus on definition of interpreted process models
  • 1. Guermazi et al. Executable Modeling with fUML and Alf in Papyrus
  • 2. Dévai et al. UML Model Execution via Code Generation

6

slide-7
SLIDE 7

Runtime Verification of Executable Models

Fernando Macías – fernando.macias@hib.no Adrian Rutle – adrian.rutle@hib.no Volker Stolz – volker.stolz@hib.no

slide-8
SLIDE 8

Hierarchy for Executable Modelling

8

  • The standardized

solutions are EMF (MOF) and UML

  • Both have a bigger focus
  • n structure
  • Limited number of levels
  • In complex architectures,

the levels have to be collapsed

› Convolution of models › Bad maintainability

Meta-metamodel Metamodel Model

slide-9
SLIDE 9

Hierarchy for Executable Modelling

8

  • The standardized

solutions are EMF (MOF) and UML

  • Both have a bigger focus
  • n structure
  • Limited number of levels
  • In complex architectures,

the levels have to be collapsed

› Convolution of models › Bad maintainability

Meta-metamodel Metamodel Typed by Model Typed by

slide-10
SLIDE 10

Hierarchy for Executable Modelling

9

slide-11
SLIDE 11

Hierarchy for Executable Modelling

  • 1. De Lara et al. When and How to Use Multilevel Modelling

9

  • Our hierarchy exploits

the concept of Multilevel Modelling “Enabling modelling at an arbitrary number of meta- levels” 1

Model Model Model Model Instance Typed by Typed by Typed by Typed by

slide-12
SLIDE 12

Hierarchy for Executable Modelling

10

Model Model Model Model Instance Typed by Typed by Typed by Typed by

slide-13
SLIDE 13

Hierarchy for Executable Modelling

10

  • Our hierarchy exploits

the concept of Deep Metamodelling “An element in a model can be typed by another element several models above”

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by

slide-14
SLIDE 14

Hierarchy for Executable Modelling

11

  • This hierarchy allows to

› Define custom executable modelling languages › Create models according to those languages › Run the instances with default semantics › Customize semantics › Simulation › Deployment › Runtime verification over the running instances

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by

slide-15
SLIDE 15

Property Specification Language

12

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by

slide-16
SLIDE 16

Property Specification Language

  • 1. Rossini et al. A formalisation of deep metamodelling

12

  • Using the concept of

Linguistic Extension “Instantiation within a linguistic modelling language used to specify the models at all metalevels of the

  • ntological stack” 1

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by Property Specification Language

slide-17
SLIDE 17

Property Specification Language

13

slide-18
SLIDE 18

Property Specification Language

14

slide-19
SLIDE 19

Property Specification Language

14

  • Linguistic Extension

allows to create properties connected to model elements

  • Temporal properties

expressed over types and instances of the models

slide-20
SLIDE 20

Property Specification Language

14

  • Linguistic Extension

allows to create properties connected to model elements

  • Temporal properties

expressed over types and instances of the models

  • Possibility to define

cross-level properties

slide-21
SLIDE 21

Property Specification Language

14

  • Linguistic Extension

allows to create properties connected to model elements

  • Temporal properties

expressed over types and instances of the models

  • Possibility to define

cross-level properties

  • Possibility to link to

several instances

slide-22
SLIDE 22

Property Specification Language

15

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by Property Specification Language 1

slide-23
SLIDE 23

Property Specification Language

15

  • The hierarchy allows to

add new languages (e.g. TLTL, SALT)

Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by Property Specification Language 1 Property Specification Language 2

slide-24
SLIDE 24

Property Specification Language

15

  • The hierarchy allows to

add new languages (e.g. TLTL, SALT)

  • Possibility of a

hierarchy of property languages

Property Language Metamodel Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by Property Specification Language 1 Property Specification Language 2

slide-25
SLIDE 25

Property Specification Language

15

  • The hierarchy allows to

add new languages (e.g. TLTL, SALT)

  • Possibility of a

hierarchy of property languages

Property Language Metamodel Model Model Model Model Instance Typed by Typed by Typed by Typed by Typed by Typed by Property Specification Language 1 Property Specification Language 2

slide-26
SLIDE 26

Property Specification Language

16

slide-27
SLIDE 27

Syntax

Abstract syntax Concrete syntax

17

  • Internal representation
  • f the model
  • In graph-based models,

nodes and relations among them

  • Created to be human

readable

  • Synchronized with the

abstract syntax

  • Text, diagrams...

Model Model F G

slide-28
SLIDE 28

Semantics

  • LTL temporal operator unrolling

› › ›

  • LTL Next operator (X) processing

  • LTL reduction

18

)) ( (       U X U       XF F      XG G   ) ( ) (

1 

n n

t t X     G GG 

slide-29
SLIDE 29

Repeat until every property has been reduced to ⊤

  • r ⊥

Semantics

19

F1 (t) F2 (t) Mp(t) Unrolling (MT) F1 (t) F2 (t) Mp(t) Compare with instance (query) Mr (t) F1 (t+1) F2 (t+1) Mp(t+1) Reduction (MT) F1 (t) F2 (t) Mp(t+1)

slide-30
SLIDE 30

Semantics

  • ATL/EMF implementation

abstract rule processX { from input : mmProperties!X to

  • utput : mmProperties!UnaryOperator (

formula <- input.formula.formula ) }

20

slide-31
SLIDE 31

Semantics as model transformations

  • ATL/EMF implementation

21

slide-32
SLIDE 32

Future work

  • Integrate our hierarchy of models and languages

into an existing framework (GEMOC), or…

  • … create a multilevel modelling editor for EMF

models

  • Add new languages for the specification of

temporal properties

  • Seamless and automatic linking of property

specification languages with any model in the hierarchy

22

slide-33
SLIDE 33

Summary

  • Introduction of flexible hierarchy for executable

modelling

  • Definition of abstract syntax, concrete syntax and

semantics for temporal properties on behavioural models

  • Runtime Verification of temporal properties on

interpreted models. No need for compilation/translation

  • Usage of deep metamodelling concepts to achieve

a customizable hierarchy

23

slide-34
SLIDE 34

Summary

  • Introduction of flexible hierarchy for executable

modelling

  • Definition of abstract syntax, concrete syntax and

semantics for temporal properties on behavioural models

  • Runtime Verification of temporal properties on

interpreted models. No need for compilation/translation

  • Usage of deep metamodelling concepts to achieve

a customizable hierarchy

23

Thank you for your attention!