Domain-Specific Model Verification with QVT [chapter]

Maged Elaasar, Lionel Briand, Yvan Labiche
2011 Lecture Notes in Computer Science  
Model verification is the process of checking models for known problems (or anti-patterns). We propose a new approach to declaratively specify and automatically detect problems in domain-specific models using QVT (Query/View/Transformation). Problems are specified with QVT-Relations transformations from models where elements involved in problems are identified, to result models where problem occurrences are reported in a structured and concise manner. The approach uses a standard formalism,
more » ... ies generically to any MOF-based modeling language and has well-defined detection semantics. We apply the approach by defining a catalog of problems for a particular but important kind of models, namely metamodels. We report on a case study where we used the catalog to verify recent revisions of the UML metamodel. We detected many problem occurrences that we analyzed and helped resolve in the (latest) UML 2.4 revision. As a result, the metamodel was found to have improved dramatically by the experts defining it. Introduction Model-driven engineering (MDE) is a software methodology that is based on the use of models as a primary form of expression. In such methodology, models get defined and keep evolving continuously to cope with changing system requirements. Models are defined as instances of a metamodel, a higher-level model that describes the abstract syntax of a modeling language, which can either be general-purpose like UML [ 1] or domain-specific (DSML) like BPMN [ 2] . Metamodels are themselves defined using a DSML called the Meta Object Facility (MOF) [ 3] that is standardized by the Object Management Group (OMG). A MOF-based metamodel consists of a set of metaclasses, their attributes and relationships, plus constraints governing their integrity. Metamodel constraints are often specified using the Object Constraint Language (OCL) [ 4] that is based on first-order predicate logic and set semantics. Model verification is an integral process of MDE that is concerned with checking models to find occurrences of known problems. Problems can be of different kinds: a) syntactic problems specified by the well-formedness constraints of metamodels and their extensions (e.g., UML profiles are extensions of UML); b) semantic problems describing poor design choices that are known to have a negative impact on some aspect (e.g., implementability, maintainability, usability, performance) of models; c) convention problems, which are violations to methodological, organizational or project-specific conventions (e.g., naming conventions). Verifying (large) models manually is a time and resource consuming activity that is also error-prone (some problems are complex, cross-cutting many model elements). A better approach is to automate model verification. Such an approach should first allow problems to be specified declaratively (leading to concise and maintainable specifications) using a generic (i.e., adaptable to any DSML), flexible (i.e., supporting arbitrary, complex problems) and standard (i.e., familiar and portable) formalism. Second, it should also allow problems to be detected automatically (using their specifications) and directly (involving no data conversion) in models. Finally, it should allow problem occurrences to be reported in a concise (i.e., easy to inspect) and structured (i.e., showing all role bindings) manner. Several approaches ([ 14] to [ 24] ) have been proposed in the literature. However, none of them satisfies all of the aforementioned requirements (more details in Section 2). In this paper, we present three contributions. First, we propose adopting the pQVT approach, which has been used for design pattern specification and detection in [ 5], for model verification. Similar to a design pattern, a problem is composed of interrelated and constrained model elements playing unique roles in a given context. Only this time, the context is problematic and the detection leads to finding problem (vs. pattern) occurrences. We show how pQVT can be used to specify and detect arbitrary problems of any MOF-based DSML. Problems get specified with a QVT-Relations (QVTr) [ 6] transformation from input models (conforming to a MOF-based metamodel), where elements involved in problems are identified, to result models (conforming to the pResults metamodel [ 5]), where problem occurrences are reported in a structured and concise manner. pQVT uses a standard declarative formalism and provides powerful reuse semantics, allowing for modularizing problem specifications and handling of problem variants. Thanks to QVTr's well-defined execution semantics, problems are detected by simply running the transformations, producing concise result models containing any detected problem occurrences. Second, we investigate the power of our approach by defining a catalog of problems for a specific DSML, namely MOF. We chose to study MOF as it is used to define many popular metamodels (e.g., UML and BPMN) that tend to have a large number of issues [ 7] . The catalog has 113 problems in different categories: syntactic (based on MOF well-formedness rules), semantic (based on metamodeling idioms and best practices) and convention (based on conventions used for standard metamodels). Third, we report on a case study where we specified the catalog with pQVT. The approach was found to be very adequate for expressing such a large and complex catalog in a modular and concise manner. We then used the specification to detect problems with recent revisions (2.2, 2.3 and 2.4 beta) of the standard UML metamodel. We detected and analyzed hundreds of problem occurrences, reported them to the UML 2.4 revision task force (RTF), and helped resolve 53% of them in
doi:10.1007/978-3-642-21470-7_20 fatcat:rwqdbkowanfgnkywm3fq3ykqwe