Encapsulation, Operator Overloading, and Error Class Mechanisms in OCL

Similar documents
Extendable Toolchain for Automatic Compatibility Checks

InfrastructuretoUse OCL forruntime Structural Compatibility Checks of Simulink Models

Compositional Model Based Software Development

Object Orientated Analysis and Design. Benjamin Kenwright

Metamodeling. Janos Sztipanovits ISIS, Vanderbilt University

Metamodeling with Metamodels. Using. UML/MOF including OCL

Agenda. More on the Unified Modeling Language. UML diagram types. Packages

What are the characteristics of Object Oriented programming language?

Ingegneria del Software Corso di Laurea in Informatica per il Management. Introduction to UML

The Mathemagix compiler. Joris van der Hoeven, Palaiseau

9/21/17. Outline. Expression Evaluation and Control Flow. Arithmetic Expressions. Operators. Operators. Notation & Placement

The Mathemagix compiler. Joris van der Hoeven, Palaiseau 2011

Introduction to Programming Using Java (98-388)

Orthographic Software Modeling A Practical Approach to View Based Development

RSL Reference Manual

Composite Structures

OCL Support in MOF Repositories

Software Architecture

1. Write two major differences between Object-oriented programming and procedural programming?

Appendix A OCL 2.0 Grammar

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107

OCL parsing / type checking in the context of GF and KeY. Kristofer Johannisson

RSARTE Icons. Mattias Mohlin Senior Software Architect IBM

MDT OCL Goes Generic. Introduction to OCL and Study of the Generic Metamodel and API. Christian W. Damus IBM Rational Software OCL Committer

TIME-BASED CONSTRAINTS IN THE OBJECT CONSTRAINT LANGUAGE OCL

NOTES ON OBJECT-ORIENTED MODELING AND DESIGN

Specification-based Testing of Embedded Systems H. Schlingloff, SEFM 2008

Object-Oriented Design

OCL for the Specification of Model Transformation Contracts

Safety SPL/2010 SPL/20 1

Reviewing for the Midterm Covers chapters 1 to 5, 7 to 9. Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013

Object Oriented Programming in Java. Jaanus Pöial, PhD Tallinn, Estonia

Object-Oriented Programming

UNIT-II Introduction to UML

Towards Compositional Domain Specific Languages

Dresden OCL2 in MOFLON


Automation of Semantic Web based Digital Library using Unified Modeling Language Minal Bhise 1 1

Object-Oriented Design

COP 3330 Final Exam Review

Building Java Programs

Final-Term Papers Solved MCQS with Reference

From OCL to Typed First-order Logic

Java Learning Object Ontology

MontiArc Architectural Modeling of Interactive Distributed and Cyber-Physical Systems. Arne Haber and Jan Oliver Ringert and Bernhard Rumpe

Object-Oriented Concepts and Principles (Adapted from Dr. Osman Balci)

6. Hoare Logic and Weakest Preconditions

Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)

G Programming Languages - Fall 2012

Recursion and Iteration Support in USE Validator with AnATLyzer

Subtyping. Lecture 13 CS 565 3/27/06

Index. business modeling syntax 181 business process modeling 57 business rule 40

Compiler Construction

Class diagrams and architectural design

Object-Oriented Programming

Operators and Expressions

Report on the Aachen OCL Meeting

Parametric Polymorphism for Java: A Reflective Approach

Outline. A little history. Outline. The Unified Modeling Language Opportunities and Challenges for Formal Methods

Chapter 6 Introduction to Defining Classes

Handout 9: Imperative Programs and State

Part I: Preliminaries 24

Unified Modeling Language 2

Chapter 1. Preliminaries

IBM Case Manager Version User's Guide IBM SC

CimConteXtor User Guide

An Ontological Analysis of Metamodeling Languages

Code Generation for SCA Components. Mark Hermeling

JOURNAL OF OBJECT TECHNOLOGY Online at Published by ETH Zurich, Chair of Software Engineering. JOT, 2002

(800) Toll Free (804) Fax Introduction to Java and Enterprise Java using Eclipse IDE Duration: 5 days

10. Object-oriented Programming. 7. Juli 2011

Control Structures. Outline. In Text: Chapter 8. Control structures Selection. Iteration. Gotos Guarded statements. One-way Two-way Multi-way

Static type safety guarantees for the operators of a relational database querying system. Cédric Lavanchy

Models versus Ontologies - What's the Difference and where does it Matter?

MDD with OMG Standards MOF, OCL, QVT & Graph Transformations

Softwaretechnik Model Driven Architecture Meta Modeling

Overloading, Type Classes, and Algebraic Datatypes

The Lorax Programming Language

Announcements. Specifications. Outline. Specifications. HW1 is due Thursday at 1:59:59 pm

Rubby Casallas Grupo de Construcción de Software Uniandes

Compiler Construction

Formal Methods in Software Engineering 1

SLIDES: Introductory Modeling Example Employing UML and OCL [UML: Unified Modeling Language, OCL:Object Constarint Language]

CE221 Programming in C++ Part 1 Introduction

/633 Introduction to Algorithms Lecturer: Michael Dinitz Topic: Priority Queues / Heaps Date: 9/27/17

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.

Object-Oriented Programming

A Metamodel-Based OCL-Compiler for UML and MOF

ATL TRANSFORMATION EXAMPLE

STUDY NOTES UNIT 1 - INTRODUCTION TO OBJECT ORIENTED PROGRAMMING

with openarchitectureware

Exam Duration: 2hrs and 30min Software Design

Object-Oriented Programming in C# (VS 2015)

Chapter 02 Building Multitier Programs with Classes

Iterative Statements. Iterative Statements: Examples. Counter-Controlled Loops. ICOM 4036 Programming Languages Statement-Level Control Structure

Formal Specification and Verification

Fundamentals of Programming Languages

CSSE 490 Model-Based Software Engineering: Software Factories

EL2310 Scientific Programming

An Introduction to Software Engineering. David Greenstein Monta Vista High School

Transcription:

Encapsulation, Operator Overloading, and Error Class Mechanisms in OCL OCL @ MODELS 2016 Vincent Bertram, Bernhard Rumpe, Michael von Wenckstern RWTH Aachen http://www.se-rwth.de/

Page 2 Outline 1. Motivation 2. Encapsulation, Operator Overloading, Error Classes 3. Example Workflow 4. Conclusion

Page 3 Motivation - General Due to the highly competitive automotive market, manufacturers update their vehicles continuously with new features. A special single feature does not necessary affect every software part, therefore individual components are updated to successively replace old component versions with new ones. A feature change can cause incompatibilities, the automotive industry is constantly stating the structural (and/or behavioral) backward compatibility.

Page 4 Motivation Static software verification Static software verification is a software engineering discipline, analyzing software against a given specification without running any line of code by using formal methods. Checking models for correctness or compatibility using standard formal modeling techniques (such as OCL) has merits in abstraction and compactness. It is inconvenient for developers, since there are no standard mechanisms how to handle large and complex OCL constraints.

Page 5 Motivation - Questions The contribution is to answer the following questions: (1) How to logically group OCL constraints? (2) How to split up complex constraints easily into multiple smaller ones? (3) How to use OCL operators for self-defined model structures? (4) How to produce meaningful error messages to the user?

Page 6 Outline 1. Motivation 2. Encapsulation, Operator Overloading, Error Classes 3. Example Workflow 4. Conclusion

Page 7 Interface compatibility Interface compatibility (A is interface compatible to B iff) Component A has at least (it may have more) the same input and output port names as Component B A s input ports accept the same or more input values than B s input ports A s output ports produce the same or fewer output values than B s output ports It is not complicated to define interface compatibility, but still, you can face a lot of small constraints: (1) primitive data type compatibility (e.g. when are enumerations compatible) (2) unit compatibility such as km/h and m/s (3) range compatibility considering several ranges each of which may have different min, max, accuracy or resolution

«instanceof» Vincent Bertram Page 8 Derived MetaModel «interface» FunctionComponentElement FunctionComponent PortConnector String: name * contains 1 source * dest 0..1 1 1 1..* «abstract» Port String: name Boolean: in implements * 1 CD (class diagram is an excerpt) 1 Interface String: name acceleration, energy or speed is implemented by concrete SI units (kg, m, s) 1 * QuantityKind String: name 1 «interface» Unit PrimitiveType type * Reference * * ranges 1..* * min Range max acc * * * 0..1 res Number 0..1 accuracy Bertram, V., Manhart, P., Plotnikov, D., Rumpe, B., Schulze, C., von Wenckstern, M.: Infrastructure to Use OCL for Runtime Structural Compatibility Checks of Simulink Models. In: Modellierung (2016) 1 1 1 resolution Primitive Type Value

Page 9 ADAS Object Diagram instantiation OD OD ADAS_V1: FunctionComponent v_limitersetvalue: SignalPort in = true ADAS_V4: FunctionComponent v_limitersetvalue: SignalPort in = true :PrimitiveType Reference Acceleration_pedal_pc: SignalPort Acceleration_pedal_pc: SignalPort :PrimitiveType Reference KilometerPerHour: DerivedUnit :Accuracy value= 3.5 in = true :Range min = 0 max = 250 res :Resolution value = 0.05 in = true :Resolution value = 0.05 res :Range min = 0 max = 250 None: DerivedUnit :Accuracy value= 3.0 Interface backward compatibility between two Component & Connector (C&C) models. Given if ADAS_V4 can replace ADAS_V1.

Page 10 General interface compatibility constraint InterfaceCompatibility «query» + Boolean v2backwardscompatibletov1() v1 (ADAS_V1) FunctionComponent String: name v2 (ADAS_V4) CD 1 context InterfaceCompatibility inv: 2 self.v2backwardscompatibletov1() 3 = the equals operator in OCL 2.4 is similar to OCL/P s <=>. OCL 2.4 OCL/P 1context InterfaceCompatibility ic inv: 2 ic.v2backwardscompatibletov1() 3 <=> calls for every InterfaceCompatiblity object the query method v2backwardscompatibletov1(). the context in which a constraint is embedded into; e.g. names of classes, attributes and/or properties in class diagrams a boolean statement about a system describes a property that must hold in a system at each point of time The constraint has a context and describes an invariant, meaning the constraint must be satisfied for all InterfaceCompatiblity class instances.

Page 11 Definition of Library Expressions Defining an OCL library with expressions in a function-like way The definition expression defines new attributes and query operations to existing models, which can be used in other constraints. Define a new query method: IsBackwardsCompatibleTo(FunctionComponent v1) to the CD model FunctionComponent and makes the modeling of an extra class like InterfaceCompatibility in the CD redundant. This function depends on other compatibility constraints such as data type, range, unit compatibility. This would result in polluting CD with unnecessary, and probably not reusable, query functions just to make one definition good readable. We present a method for how to define an OCL library comfortably with public (can be called from outside the library) and private (can only be used inside this library) functions

Page 12 Library definition in OCL/P and OCL 1 library InterfaceCompatiblity is: 2 + def boolean v2backwardscompatibletov1 3 (FunctionComponent v1, FunctionComponent v2) is: 4 result = 5 (forall Port ports1 in v1.implements.ports, 6 public Port ports2 in v2.implements.ports: 7 datatypecompatible(ports1, ports2)) 8 && 9 - def boolean datatypecompatible(port p1, Port p2) is: 10 result = private 11 package InterfaceCompatiblity 12 context FunctionComponent 13 def: v2backwardscompatibletov1(v2: FunctionComponent) 14 :Boolean = 15 self.implements.ports->forall(ports1: Port 16 v2.implements.ports->forall(ports2: Port 17 datatypecompatible(ports1, ports2)) 18 && 19 context Port 20 def: datatypecompatible(p2: Port) :Boolean = 21 endpackage OCL/P OCL 2.4 Example for an OCL library with public and private query functions

Page 13 Define new functions and operators there exists no equivalent translation in OCL 2.4 ( Definition constraint must be attached to a Classifier ) 1 def boolean v2backwardscompatibletov1 2 (FunctionComponent v1, FunctionComponent v2) is: semantically equivalent 1 context FunctionComponent v1: 2 def boolean v2backwardscompatibletov1(functioncomponent v2) is: OCL/P OCL/P 1 context FunctionComponent 2 def: v2backwardscompatibletov1(v2: FunctionComponent) :Boolean = OCL 2.4 The top part shows the previous convenience definition. FunctionComponent extending the class FunctionComponent with an extra query function v2backwardscompatibletov1(). Similar to C ++ s mechanism that define new functions and operators as member and non-member, new operations can also be defined without an explicit given context.

Page 15 Overload infix / prefix operators using OCL/P 1 def boolean infix (Unit u1) ~ (Unit u2) is: OCL/P 2 result = u1.quantitykind == u2.quantitykind 3 def boolean infix (Number v) in (Range r) is: 4 result = 5 v >= r.min && (Range r has no optional association res to Resolution) 6 v <= r.max && 7 (~r.res (v - r.min) % r.res == 0) 8 def boolean infix (Number v) in (List<Range> ranges) is: 9 result = exists Range r in ranges: v in r 10 def boolean typereferencecompatible(primitivetypereference tr1, 11 PrimitiveTypeReference tr2) is: 12 let 13 PrimitiveTypeReference tr1c = tr1.convert(tr2.unit) 14 in 15 result = (converts e.g. tr1 from eg. 1 m in 100 cm) 16 tr1.unit ~ tr2.unit && 17 forall Number v in tr1c.ranges: 18 v in tr2.ranges && 19 20 def boolean prefix ~ (Association a) is: 21 result = a.size > 0 syntax of overloading a prefix operator

Page 16 Overload operators using OCL 1 context Unit 2 def: _ = (u2: Unit) :Boolean = self.quantitykind == u2.quantitykind 3 context Number 4 def: isinrange(r: Range) :Boolean = 5 self >= r.min && 6 self <= r.max && 7 (r.res->notempty() (self - r.min) % r.res == 0) 8 def: isinonerange(ranges: Sequence(Range)) :Boolean = 9 ranges->exists(r: Range self.isinrange(r)) 10 context PrimitiveTypeReference 11 def: typereferencecompatible(tr2: PrimitiveTypeReference) :Boolean = 12 let 13 tr1c: PrimitiveTypeReference = tr1.convert(tr2.unit) 14 in 16 tr1.unit = tr2.unit && changed from ~ to =, because OCL 2.4 can only overlaod: +, -, *, /, =, <>, <, >, <=, >= 17 Number.allInstances()->forall(v: Number 18 v.isinonerange(tr1c.ranges) implies 19 v.isinonerange(tr2.ranges) && 20 OCL 2.4

Page 17 OCL Error Classes for Intuitive Feedback A mechanism how to generate user-friendly error messages if OCL constraints fail. These error messages can be domain-specific and hence can give users all the information needed to trace down existing errors. One drawback of a OCL definition is its restriction to a Boolean result for the user. The answer satisfied (ADAS_V4 is compatible to ADAS_V1) or non-satisfied makes it hard to understand where exactly the constraints failed in case of a negative answer. A definition of error classes overcomes this drawback by providing easy to understand witness instantiations of an OCL error class.

Page 18 Example error class instantiation «query» UnitWitness CD - readonly String portname - readonly Unit unit1 - readonly Unit unit2 + String getportname() + Unit getunit1() + Unit getunit2() A valid UnitWitness instantiation related to the previos OD would have the attribute values: portname = "v_limitersetvalue" unit1 = "KilometerPerHour unit2 = "None" A witness instance can be used in templates for generating user friendly text messages. In order to maintain only one kind of artifact, OCL has been extended by the counterexample keyword as demonstrated: counterexample String portname, Unit unit1, Unit unit2 inv UnitWitness:

Page 19 Defining error classes producing counterexamples «query» UnitWitness - readonly String portname - readonly Unit unit1 - readonly Unit unit2 + String getportname() + Unit getunit1() + Unit getunit2() OCL/P can navigate against navigation direction ports belong to different function components (different interface names) ports have the same name units of the ports are not compatible 1 context UnitWitness uw inv: 2 let 3 SignalPort p1 = uw.getunit1(). 4 primitivetypereference.signalport; 5 SignalPort p2 = uw.getunit2(). 6 primitivetypereference.signalport; 7 in 8 p1.interface.name!= p2.interface.name && 9 uw.getportname() == p1.name && 10 uw.getportname() == p2.name && 11!(uw.getUnit1() ~ uw.getunit2()) 1 counterexample String portname, Unit unit1, Unit unit2 inv UnitWitness: 2 let 3 SignalPort p1 = unit1.primitivetypereference.signalport; 4 SignalPort p2 = unit2.primitivetypereference.signalport; 5 in CD 6 p1.interface.name!= p2.interface.name && 7 portname == p1.name && portname == p2.name && 8!(unit1 ~ unit2) CD + OCL/P context is replaced by OCL/P counterexample OCL/P semantically equivalent OCL/P

Page 20 OCL Conditions to define Error Classes B1 B1 CO1 R1 R2 R8 R11 All names of model elements within a component namespace have to be unique. Top-level component type definitions do not have instance names. Connectors may not pierce through component interfaces. Each outgoing port of a component type definition is used at most once as target of a connector. Each incoming port of a subcomponent is used at most once as target of a connector. The target port in a connection has to be compatible to the source port, i.e., the type of the target port is identical or a supertype of the source port type. Inheritance cycles of component types are forbidden. For each formalized ContextCondition also a counterexample class is given to produce meaningful user feedback.

Page 21 Outline 1. Motivation 2. Encapsulation, Operator Overloading, Error Classes 3. Example Workflow 4. Conclusion

Page 22 Workflow: Check structural compatibility ADAS_V1 ADAS_V4 ➀ ➀ ➁ Two white box Simulink models Check structural compatibility Check interface compatibility [no structural compatibility] [structural compatibility] Return not matching ports Create counter example ➂ 4 AD ➄ Compatibility statement 4 ➄

Page 23 ADAS main component (TP) (SPa) (SPa) LeverAngle.m classdef(enumeration) LeverAngle < Simulink.IntEnumType enumeration ZeroDegree(0) PlusFiveDegree(1) MinusFiveDegree(2) end end (SPb) (VP) (SPc) (CP) LeverAnglePro.m classdef(enumeration) LeverAngle < Simulink.IntEnumType enumeration ZeroDegree(0) PlusFiveDegree(1) PlusSevenDegree(2) MinusFiveDegree(3) MinusSevenDegree(4) end end (1) (2) (3)

Page 24 Data type compatibility fault of type enumeration «enumeration» LeverAngle ZeroDegree PlusFiveDegree MinusFiveDegree CD SL «enumeration» LeverAnglePro CD ZeroDegree PlusFiveDegree PlusSevenDegree MinusFiveDegree MinusSevenDegree

Page 25 Simulink: structural incompatibility Structural compatibility errors found (left) are illustrated as Simulink model (right)

Page 26 Outline 1. Motivation 2. Encapsulation, Operator Overloading, Error Classes 3. Example Workflow 4. Conclusion

Page 27 Conclusion (Concepts) The OCL library concept with private and public constraints, supports to organize the amount of constraints by hiding unnecessary details for developers. Maybe operator overloading would not be necessary, but it made it easier to read OCL constraints. The most important concept is the introduction of error classes, otherwise it is not possible to use OCL for ContextConditions, since the user needs to know which C&C element causes a constraint to fail. To create even better user feedback, error classes are prioritized. The error prioritization is done by defining disjunct error classes, which ensures that solely one error is causing the incompatibility for exactly one port of the C&C model instead of many different errors that are implied by the one main error (e.g. unit compatibility is higher prioritized than range compatibility). making a unit dimensionless results in changing its value ranges and its accuracies

Page 28 Conclusion (Answering the initial questions) How to logically group OCL constraints? Create OCL libraries to structure the code and use their encapsulation mechanisms with private and public constraint definitions. How to split up complex constraints easily into multiple smaller ones? Create smaller OCL helper constraints by the OCL def operator. It is now very similar to splitting large Java or C function into smaller ones. How to use OCL operators for self-defined model structures? Thanks to operator overloading, a well-known principle in many languages, selfdefined models, e.g. complex numbers defined as a CD, can be accessed as intuitive (e.g. + operator) as the OCL basic types such as integer numbers. How to produce meaningful user error messages? A methodology on how to specify and prioritize error classes for users to generate intuitive user feedback was developed.

Page 29 Finish Thank you for your attention.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback