1 Evaluation of OCL for Large-Scale Modelling A Different View of the Mondex Smart Card Application Emine G. Aydal, Richard F. Paige, Jim Woodcock University.

Slides:

Advertisements

Similar presentations

Where Agile Meets Formal Methods

Advertisements

A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.

Design by Contract.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

1 A UML Class Diagram Analyzer Tiago Massoni Rohit Gheyi Paulo Borba Software Productivity Group Informatics Center – UFPE October 2004.

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

September 2002 R McFadyen1 Domain Model Use Case Model text diagram SSD System operation contracts Design Model Figure 13.3.

1 Advanced Material The following slides contain advanced material and are optional.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

Describing Syntax and Semantics

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Database Systems Group Department for Mathematics and Computer Science Lars Hamann, Martin Gogolla, Mirco Kuhlmann OCL-based Runtime Monitoring of JVM.

Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.

Object-Oriented Software Testing. C-S 5462 Object-Oriented Software Testing Research confirms that testing methods proposed for procedural approach are.

Applying the Inspection Process. What Software Artifacts Are Candidates for Inspection? Software Requirements Software Designs Code Test Plans.

Supporting Automatic Model Inconsistency Fixing Yingfei Xiong University of Tokyo, Japan Zhenjiang HuNational Institute of Informatics, Japan Haiyan ZhaoPeking.

Topics Covered: Software requirement specification(SRS) Software requirement specification(SRS) Authors of SRS Authors of SRS Need of SRS Need of SRS.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.

Verification and Test Automation of UML Projects Nikita Voinov, Vsevolod Kotlyarov (Saint-Petersburg State Polytechnic University) The Third Spring Young.

From Use Cases to Test Cases 1. A Tester’s Perspective  Without use cases testers will approach the system to be tested as a “black box”. “What, exactly,

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Composition of UML Described Refactoring Rules Presented by Chin-Yi Tsai.

CS 363 Comparative Programming Languages Semantics.

1 OCL Tools Supervised by Prof. Daniel Amyot May Khalil Nadia Spido Submitted to Professor Daniel Amyot in partial fulfillment of the requirements for.

A Static Approach to Consistency Verification of UML Models Andrea Baruzzo Department of Computer Science University of Udine MoDeV.

1 OCL The Role of OCL in UML. 2 רשימת הנושאים  מבוא  מרכיבי השפה  דוגמאות  מקורות.

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

Agile Test-based Modeling 資工聶順成. Outline  Introduction : Modeling meets Programming  Agile Modeling: Using Models in Agile Projects  Model-based.

Deriving Operational Software Specification from System Goals Xin Bai EEL 5881 Course Fall, 2003.

CSC 480 Software Engineering Design by Contract. Detail Design Road Map Begin with architectural models  Class model: domain classes  Overall state.

ISBN Chapter 3 Describing Semantics.

Chapter 3 Part II Describing Syntax and Semantics.

Jairson Vitorino, Cin UFPE May, 2nd 2005

Software Engineering 2 -Prakash Shrestha.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

Week 3: Requirement Analysis & specification

Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.

CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.

Lectures 2 & 3: Software Process Models Neelam Gupta.

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.

DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.

Interpreting the Object Constraint Presented by: Ed Kausmeyer.

Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.

Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.

What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.

© 2009 Artisan Software Tools. All rights reserved. Testing Solutions with UML/SysML Andrew Stuart, Matthew Hause.

On Combining Multi-formalism Knowledge to Select Models for Model Transformation Testing Sagar Sen (1 st year PhD student), Benoit Baudry, Jean-Marie Mottu.

Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.

CHESS Methodology and Tool Federico Ciccozzi MBEES Meeting Sälen, January 2011 January 2011.

TQS - Teste e Qualidade de Software (Software Testing and Quality) Test Case Design – Model Based Testing João Pascoal.

Used to help understand requirements more completely

Arab Open University 2nd Semester, M301 Unit 5

Programming Languages 2nd edition Tucker and Noonan

Programming Languages 2nd edition Tucker and Noonan

Software Development Process Using UML Recap

Presentation transcript:

1 Evaluation of OCL for Large-Scale Modelling A Different View of the Mondex Smart Card Application Emine G. Aydal, Richard F. Paige, Jim Woodcock University of York

2 AGENDA Motivation Goal Modelling Mondex Modelling issues Validation Test case generation Conclusion Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

3 Alloy (MIT) Event-B (University of Southampton) OCL (University of Bremen) Perfect Developer (Escher Technologies) RAISE (Uni. of UN Macao and TUD) Z (University of York) Based on the monograph that outlined the specifications, refinement and proof details of Mondex in Z (Stepney and Woodcock) Motivation MONDEX : Global e-payment scheme that offers immediate transfer of value without signature or PIN in currencies allowed. First Step in Grand Challenge Program Contribution of this study Model the system from informal requirements by using semi-formal techniques Perform model-based testing on formally-verified versions of Mondex Assess the value added Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion

4 Goal Test cases derived from models before development stage Model-based testing of formally verified s/w Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion

5 Goal Model Mondex by using UML and OCL Diagrams Invariants Pre/post-conditions Validate the model through scenarios Explore the relationship between test case generation and assertion-based scenarios Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

6 Modelling Mondex No.Module Name M1Payment M2Logging M3Recovery M4Currency Management M5Operational Control M6Data Display and Customisation Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

7 Modelling Mondex Modelling Language : UML enriched with OCL expressions Tool : UML Specification Environment (USE) Use case diagrams and use scenarios Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

8 Modelling Mondex 8 Classes 30 Invariants 31 Operations 197 Pre/post-conditions Traceability Matrix Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

9 Modeling issues Constants Derived Parameters May be fixed at a later stage in the development or during application loading Currently no support for constants Example: inv iNoLanguages: self.languages->size() <= cNoLanguages Prefixed with ‘/’ in UML (‘_’ in USE) Supported by OCL Not integrated into the OCL tools Workaround : create invariants ensuring the correct calculation of the derived attributes inv iNoUnusedException : _NumberOfUnusedExceptions = cNoException - exceptionlogs->size() Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

10 Modeling issues Constants Derived Parameters Invariants Pre/post-conditions (assertions) No consistency check Restricting invariants No tool support yet (OCL Compiler v2.0) Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

11 Modeling issues Pre/Post-conditions State Checking Self.OclInState(Unlocked) Self.LockingState = ‘Unlocked’ Messaging: HasSent Operator (‘^’) post ChangePersonalCodePost1: %Personal Code changes successfully or (PersonalCode = and Self^ChangeTheStateToLockedOut and result = false) Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

12 Modeling issues Pre/Post-conditions Frame Variables Set (FVS) Distinct set of variables read/written by each operation Determination of these variables Management of the post values of these variables Assumption : All the variables not included in FVS of an operation stay unchanged after the execution of that operation No tool support Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion

13 Validation of the model Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Overall Objective: The model behaves as expected when an instance of the model is executed under certain conditions. There is at least one instance of the model that satisfies all the invariants. There is at least one instance of the model that allows each operation to run successfully, i.e. preconditions and postconditions of the operation are satisfied and the instance does not conflict with any of the invariants.

14 Validation of the model Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Scenario: An instance of the model that serves a purpose, i.e. that satisfies a property. Base object model : An initial, stable instance of the model that satisfies all the invariants. Scenario structure Setting/creation of FVS Access the operation (Precondition check) Modification/Deletion of FVS Exit the operation (Postcondition check)

15 Validation of the model Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Creation of scenarios that validate operations Execution of scenarios Immediate feedback by the tool Drawback: Finding the set of frame variables and their values in order to satisfy assertions of a certain operation

16 Test Case Generation Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Assertions ensure the correct functioning of operations. So why not using these critical points in test case generation? Idea: Find scenarios that violates each assertion of each operation.

17 Test Case Generation Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Existing research: In order to validate a model, generate automatic snapshots of a model by using ASSL (A Snapshot and Sequence Language) in USE [Gogolla,2003] Based on invariant conflict. Each invariant is addressed separately by feeding the system with its reverse.

18 Test Case Generation Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Additional information Scenarios that violate 197 assertions are already created manually. Future work Apply the technique described in [Gogolla,2003] for invariants to assertions. Automate the generation of such scenarios Compare the results of manual and automatic scenario generation Concretise scenarios into test scripts

19 Conclusion Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion Modeled a real life application by using OCL. The large number of invariants and assertions provided us ideas in terms of features that needs to be added into OCL tools. The scenarios are a way of validating your model. The fact that scenarios use artifacts of the model supports the validation process. Test case generation and Validation are two processes that may have common grounds.

20 THANK YOU… Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion