Apport de l Ingénierie des Langages de Modélisation à l Ingénierie Système Basée sur les Modèles : conception d une méthode outillée pour la génération de Langages Métier interopérables, analysables et prouvables Blazo Nastov Laboratoire de Génie Informatique et d Ingénierie de Production Journée des doctorant, Nîmes, France 19 June 2014 Institut Mines-Télécom LGI2P - Ecole des Mines d Alès LIRMM - Université Montpellier 2 Blazo.Nastov@mines-ales.fr
Plan Context Creating DSMLs Model simulation & Property proof Limitations of existing works Conclusion and Perspectives 2
Systems Engineering Approach for designing complex systems Involves to create, manipulate and analyze models A model = an aspect of a system under study Engineers take and argue architectural decisions based on models Decisions have impact on the system functioning, safety, cost Engineers must have confidence in created models Confidence in a model if one is 1) Well formed and 2)The right model Model verification improves confidence in models 3
How to creating a DSML Language description Abstract syntax: metamodel Language concepts Relationships between concepts Concrete syntax Textual Graphical Define abstract syntax Define concrete syntax Semantics description An abstract syntax reveal a partial description of the language s semantics Such semantics may sometimes be ambiguous: Different specialists may have different understanding of a single model Types of semantics Denotational - a set of mathematical objects (denotations) which represents the meaning of the model Operational - how a model is interpreted as a sequence of computational steps Translational - translating a model into another language that is well understood 4
Model simulation & Property proof Case 1: Manipulate 3th party equivalent models Provide translational semantics Case 2: Directly manipulate created models Provide operational semantics DSML created by Model Translational Semantics based on translate into Target DSML created by Model Operational Semantics Simulate based on Operational Semantics DSML State of the art: based on create by Simulate Model A Design Pattern to Build Executable DSMLs and Associated V&V Tools (Combemale 2012) 5
Studied approach: concept A metamodel including multiple metamodels DDMM - Domain Definition Meta Model SDMM - State Definition Meta Model EDMM - Event Definition Meta Model TM3 - Trace Management Meta Model Semantics description A Property-Driven Approach for Formal Verification of process Models (Combemale 2008) Limitations State notion Event-State-Property notion Temporal dimension Stable state Property description Language interoperability MetaMetaModel (M3) Action Language or Model Transformation Metamodeling Language (e.g. MOF) MetaModel (M2) <<conforms to>> SDMM States Definition MetaModel <<merge>> <<changes>> <<conforms to>> <<merge>> TM3 Trace management MetaModel <<import>> Semantics Semantics Mapping <<trigerredby>> DDMM Domain Definition MetaModel <<merge>> EDMM Events Definition MetaModel 6
<<Resource>> Limitations of studied approach (1) 1) State notion and formalization Principle The behavior of a concept = state model The evolution of a concept = state change Example of a SDMM Limitation: concepts having large, possibly unlimited, number of states Example: Oil 5L <<Function>> F1 Example of EDMM Observation: the resource oil should be in a state of min 5L Proposal: SDMM extension Define a finite number of descriptive states (e.g. sufficient or insufficient) Quality and Quantity state variables Mixed 7
Limitations of studied approach (2) 2) Towards condition and event based transition approach Principle Define states in a SDMM Define events in a EDMM Define evolution properties Example (see SDMM and EDMM) For f Function { (f.state==authorised) AND ( i f.iteminputs,(i.state==present)) AND ( j f. resourceflowinputs,((j.requestedquantity >= j.sourceresource.availablequantity) AND (j.requestedquality == j.sourceresource.quality)))) implies executefunction(f) } Limitation: difficult to read and understand Proposal: use state machines to abstract SDMM and EDMM in order to improve readability and understandability Proposal: define transition firing, including an explicit conditional part clearly identified and separated from the SDMM and EDMM Example Authorised Cond1 ExecuteFunction Execution Cond1: {(f.state==authorised) AND ( i f.iteminputs,(i.state==present)) AND ( j f. resourceflowinputs, ( (j.requestedquantity >= j.sourceresource.availablequantity) AND (j.requestedquality == j.sourceresource.quality))))} 8
Limitations of studied approach (3) 3) Towards model transient states detection and management Principle Temporal properties are defined using TOCL Only one clock is considered Limitation: model stability is out of reach A model is in a stable state if it cannot evolve into another state, taking into account the inputs defined into an operational scenario A transient state of a concept is a state such that it is possible to change that state without modifying the inputs Example Firing conditions b 0 = A 1 a 1 = B 1 Scenario = (a 0,T 0, A 0, B 0 ) T 0 T 1 T 2 a 0 b 0 a 1 A 0 A 1 B 0 B 1 A 1 A 2 a 0 a 1 A 0 A 1 A 2 A 0 Result= (T 1, A 2, B 1 ) a 3 A 1 b 0 a 2 B 0 B 1 b 1 Proposal: consider model stability Introduce two types of clocks External: bound to the environment Internal: bound to the concept evolution Introduce evolution algorithm RI read input CFS calculate future state WO write output Initialize internal clock T i Initialize external clock T e RI CFS t 0 t 1 t 2 Increment external clock Stability is reached? Internal clock External clock WO 9
Limitations of studied approach (4) 4) Towards properties modeling language and checking techniques Principle A property should be verified at each execution (universal property), or at least once (existential property) Type of properties Structural properties Temporal properties Quantitative properties Limitation: considered approach is less advanced and profound compared to other property-driven approaches Proposal: study existing approached and extend then formalize the considered pattern 5) Towards modeling languages and models interoperability Limitation: model interoperability is out of reach of considered pattern Proposal: extend the pattern in order to handle model interoperability Model interoperability = Dynamic semantics interoperability Extend SDMM & EDMM DSML Model Ecore Define interoperability rules Interactions DSML Model 10
Studied approach: tools Kermeta - executable metamodeling language Define operational semantics trough aspect programming in imperative way ATL - Atlas Transformation Langage Define operational semantics through endogenous transformations in declarative way Define translational semantics through exogenous transformations in declarative way Main limitation and locks Programming related SE experts are not necessarily experts in programming 11
Synthesis Systems engineering Model confidence & verification techniques A complete language description is composed of An abstract syntax A concrete syntax A semantics description Simulation and property proof A Design Pattern to Build Executable DSMLs Limitations and Proposals 12
Publications B. Nastov, F. Pfister, Experimentation of a Graphical Concrete Syntax Generator for Domain Specific Modeling Languages. INFORSID 2014 (Selected for a special number of the review ISI) B. Nastov,Contribution to model verification: operational semantic for System Engineering modeling languages. CIEL 2014 B. Nastov, V. Chapurlat, C. Dony and F. Pfister. A verification approach from MDE applied to Model Based System Engineering: xeffbd dynamic semantic. CSD&M 2014 13