1. Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering and Network Systems Lab Michigan State University This work has been supported in part by National Science Foundation grants (CCR-9901017, CCR-9633391, CCR-9407318), a DARPA grant, and Eaton Corporation.

2. Hydra Tool Overview Hydra parses a textual representation of an integrated collection of Unified Modeling Language (UML) graphical diagrams that represent a model of the system. Hydra’s textual input format, Hydra Intermediate Language (HIL), allows Hydra to remain independent from optional graphical front ends. It then generates appropriate formal specifications in the desired target specification language. Formal languages supported include VHDL and Promela, the input language for Bell Labs’ model checker SPIN.

3. Theoretical Basis for Hydra Underlying the Hydra tool is a general framework for formalizing UML diagrams with formal languages. This framework defines a homomorphic mapping between a unified metamodel for UML class and state diagrams and a metamodel for the target formal language. A metamodel is a class diagram that describes the constructs of a modeling language and the relationships between the constructs. Homomorphisms preserve structure, so the mapping rules are complete.

4. Unified UML Metamodel Model Class Relationships Instance Variables Instance Variables Aggregation Generalization Association Behavior State Vertex Transition Rest of dynamic model State diagram related Class diagram related

5. Homomorphic Mapping Formal specification of system Formal specification of system Homomorphism Formal language metamodel Formal language metamodel UML diagrams UML diagrams UML metamodel UML metamodel Mapping Rules Constrains Diagrams Constrains Rules Constrains Model

6. Semantics UML does not attach formal semantics to diagrams. Without a fixed semantics, it is not possible to apply rigorous automated analysis such as simulation or model checking to UML diagrams. The Hydra framework attaches a specific semantics to the UML diagrams from a range of possible semantics, thus enabling the derivation of formal language specifications and the application of automated analysis techniques.

7. Unified Modeling Language UML is a collection of graphical object-oriented modeling notations for visually depicting various aspects of a software system. Hydra integrates two: Class Diagrams depict system structure: classes (boxes) and relationships between them (adorned lines). State Diagrams depict object behavior: events on transitions (directed arcs) can cause a change of state (rounded rectangles).

8. Class and State Diagrams Getting classes Begin enrolling Sign up (X) [have prereq for X] Finished enrolling Science Course StudentPrerequisite BiologyChemistry takeshas-a is-a 0..3 Add class X Idle Sign up (X) [don’t have prereq for X]

9. Architecture of Hydra HIL 1 Spec* Parser [1] Hydra Intermediate Language [*] Hydra can automatically generate formal specifications for a number of target languages, including VHDL and Promela. The class library used would be appropriate for the target language. Target language specific class library

10. Using Hydra Optional graphical editor Hydra Analysis tool UMLHIL Analysis results Spec* * Hydra can automatically generate formal specifications for a number of target languages, including VHDL and Promela. The analysis tool used would be appropriate for the target language.

11. Simulation and Model Checking Simulation of a collection of UML diagrams via its formal specification enables the developer to validate behavioral requirements and to debug the system design. It is a useful technique, especially early in the diagram construction process. However, simulation is not exhaustive. Model checking is, in general, an exhaustive technique that covers the entire state space of possible executions of the system. Using SPIN, for example, this technique can find deadlocks and unreachable states, test system invariants against the model, and verify temporal claims.

12. Applications and Future Work Hydra has been used to model a furnace controller in both VHDL and Promela, and a Smart Cruise Control system in Promela. Current investigations include creating a metamodel and mapping rules for SMV, the input language for Clarke’s Symbolic Model Verifier (another model checking tool). A complementary system, M INERVA, is currently under development both as a graphical front-end to the Hydra tool and as a visualization environment for analysis results.