A formal verification framework for SysML activity diagrams

https://doi.org/10.1016/j.eswa.2013.10.064Get rights and content

Highlights

  • We propose a formal verification framework for complex systems.

  • These systems are modeled as a composition of a set of SysML activity diagrams.

  • The composition is formalized and automatically transformed into the probabilistic model checker “PRISM” input language.

  • The soundness of the proposed framework is proved.

  • The proposed framework verifies two real systems: the shopping online system, and the real time streaming protocol.

Abstract

SysML activity diagrams are OMG/INCOSE standard diagrams used for modeling and specifying probabilistic systems. They support systems composition by call behavior and send/receive artifacts. For verification, the existing approaches dedicated to these diagrams are limited to a restricted set of artifacts. In this paper, we propose a formal verification framework for these diagrams that supports the most important artifacts. It is based on mapping a composition of SysML activity diagrams to the input language of the probabilistic symbolic model checker called “PRISM”. To prove the soundness of our mapping approach, we capture the underlying semantics of both the SysML activity diagrams and their generated PRISM code. We found that the probabilistic equivalence relation between both semantics preserve the satisfaction of the system requirements. Finally, we demonstrate the effectiveness of our approach by presenting real case studies.

Introduction

A major challenge in software and systems development process is to advance error detection at early stages of their life-cycles. It has been shown that the cost of repairing a software flaw during maintenance is approximately 500 times higher than fixing it at early design phases (Baier and Katoen, 2008). Fig. 1 depicts bugs introduction, detection, and repair costs during software life cycle. It shows that only 15% of flaws are detected in the initial design phase, whereas the cost of fixing them at this phase is extremely beneficial as compared to fixing them at the testing phase. Therefore, an ambitious challenge is to accelerate the verification process of a product based on its design artifacts.

In system and software engineering, SysML (Systems Modeling Language) (OMG, 2007a) is a standard modeling language used for system applications. It reuses a subset of UML (Unified Modeling Language) packages (OMG, 2007b) and extends others with specific systems’ engineering features such as probability. Mainly, it covers four perspectives on systems modeling: structure, behavior, requirement, and parametric diagrams (OMG, 2007a.) Particularly, SysML activity diagrams are behavioral diagrams used to model system behaviors at various levels of abstraction (Holt and Perry, 2007.) In addition, they support systems composition by call behavior and send/receive artifacts. To verify these diagrams, the existing approaches (Andrade et al., 2009, Baldan et al., 2005, Banti et al., 2011, Carneiro et al., 2008, Debbabi et al., 2010, Elmansouri et al., 2011, Eshuis, 2006, Jansen et al., 2002, Jansen et al., 2003, Rafe et al., 2009) ignore probabilistic features, systems composition, and, they do not show the preservation of the system requirements while they use model-checking in general. In addition, they do not either formalize or prove the soundness.

Model checking is a formal automatic verification technique for finite state concurrent systems that checks temporal logic specifications on a given model. In addition to qualitative verification, quantitative verification techniques based on probabilistic model checkers (Baier and Katoen, 2008) have recently gained popularity. Probabilistic model checking offers the capability for interpreting probabilistically the satisfiability of a given property on systems that inherently exhibit probabilistic behavior. In our work, we use the PRISM probabilistic symbolic model checker (Kwiatkowska et al., 2011).

PRISM checks probabilistic specifications over probabilistic models. The specifications can be expressed either in the probabilistic computation tree logic (PCTL) (Baier and Katoen, 2008, Forejt et al., 2011) or in a continuous stochastic logic. The models can be described using the PRISM language as discrete-time Markov chains, continuous-time Markov chains, Markov decision processes (MDPs), or probabilistic timed automata. PRISM also supports probabilistic automata (PAs), but for simplicity, it refers to them by MDPs (Forejt et al., 2011). For the verification efficiency, the constructed models can be stored as binary decision diagrams (BDDs) and multi-terminal BDDs (MTBDDs). In addition, PRISM has built-in symmetry reduction and implements iterative numerical computations to overcome the state explosion problem (Baier and Katoen, 2008, Forejt et al., 2011).

Framework. In this paper, we are interested in the formal verification of probabilistic systems modeled as SysML activity diagrams. These diagrams can call and communicate with other diagrams and allow for probabilistic behavior specification. The overview of our proposed framework is depicted in Fig. 2. It takes a composition of SysML activity diagrams and PCTL properties as input.

Our framework is based on representing SysML activity diagrams to an equivalent PRISM model. The PRISM model checker verifies PCTL properties on the resulting model. And, we extract the adequate semantics model related to SysML activity diagrams. Then, we present the underlying semantics related to the produced PRISM model. Furthermore, we show that the relation between both semantics preserves the satisfiability of PCTL properties. In summary, the main contributions of this paper are described as follows.

  • 1.

    Developing an adequate semantics to capture formally SysML activity diagrams behaviors,

  • 2.

    Proposing a semantics for the used PRISM model.

  • 3.

    Proposing a mapping approach that transforms SysML activity diagrams into the PRISM input language.

  • 4.

    Implementing and applying our approach on real systems.

Motivation Example. An Automated Teller Machine (ATM) is a system that interacts with a potential customer via a specific interface and communicates with the bank over an appropriate communication protocol. This is modeled as SysML activity diagram that is depicted in Fig. 3(a). A user that requests a service from the ATM has to insert an ATM card (the action InsertCard) and enter a personal identification number (the action EnterPIN). Both information need to be sent to the bank for validation. This operation is represented in Fig. 3(b) by another SysML activity diagram that is called from the action CheckCard. If the credentials of the customer are not valid, the card will be ejected out (the action EjectCard). More specifically, the main diagram (Fig. 3) calls three diagrams in three different actions: Check Card, Authorize, and Transaction. The property to check is to measure the probability of authorizing a transaction after inserting a card. After applying our approach, we found that the probability value to satisfy this requirement is 0.84.

Paper organization. The remainder of this paper is organized as follows. Section 2 surveys the existing related work. The preliminaries needed for our work are presented in the next section. Section 4 describes and formalizes SysML activity diagrams. The semantics of PRISM models is presented in Section 5. The transformation algorithm is detailed in Section 6 and its soundness is proved in Section 7. Section 8 describes the experimental results. Finally, Section 9 concludes this paper and provides hints on the possible future works.

Section snippets

Related work

In this section, we cite the state-of-the-art related to the formalization and the verification of UML sequence, state machine, activity diagrams, and SysML diagrams. Then, we compare our framework to the existing ones.

Preliminaries

In this section, we describe SysML activity diagrams as presented in the OMG standard (OMG, 2007a). In addition, we present the probabilistic automata as a probabilistic modeling formalism and PCTL as a probabilistic temporal logic. These can further help understanding the functionality of SysML activity diagrams and formalizing them later on.

SysML activity diagram formalization

In this section, we formalize SysML activity diagrams by providing an adequate calculus that helps to formalize and prove the soundness of our approach.

PRISM formalization

In this section, we formalize PRISM by presenting its syntax and semantics. In our formalization, we focus more on the probabilistic automata model in PRISM.

Generally, a probabilistic system “S” that is described as a PRISM program “P” that comprises a set of n modules (n>0), the state of each one is defined by the evaluation of a countable set of finite-ranging local variables. The global state of the system is the evaluation of the local variables (Vl) and the global ones (Vg) denoted by V=Vg

The verification approach

This section describes the transformation of SysML activity diagrams A into a PA written in PRISM input language. Algorithm 1 illustrates the transformation algorithm T that takes A as input and returns its PRISM code image denoted by PrismCode. The diagram A is visited using a depth-first search procedure and the algorithm’s output produces PRISM synchronized modules. The algorithm is described as follows. First, the initial node is pushed into the stack of nodes denoted by nodes (line 5).

The transformation soundness

Our aim is to prove the soundness of the transformation algorithm T by showing that the proposed algorithm preserves the satisfiability of PCTL properties. Let A be a NuAC term and MA is its corresponding PA constructed by the NuAC operational semantics denoted by S such that S(A)=MA. The function Γ is defined previously to implement the transformation rules in order to produce a PRISM program P such that Γ(A)=P. For the program P, let MP be its corresponding PA constructed by the PRISM

Implementation and experimental results

In this section, we apply our verification framework on the online shopping system (Gomaa, 2011) and the Real Time Streaming Protocol (RTSP) 1 hypothetical application. The related SysML activity diagrams are modeled on Topcased2 then mapped into Prism code via our Java implementation. In the purpose of providing experimental results demonstrating the efficiency and

Conclusion

In this paper, we presented a formal verification framework to improve the model checking of SysML activity diagrams. To verify these diagrams, we have devised an approach that maps a set of SysML activity diagrams composed by call behavior and communication artifacts into the input language of the probabilistic model checker PRISM. We proposed a calculus dedicated to these diagrams that captures precisely their underlying semantics. In addition, we formalized PRISM language by showing its

References (39)

  • M. Debbabi et al.

    Verification and validation in systems engineering – assessing UML/SysML design models

    (2010)
  • R. Elmansouri et al.

    From UML activity diagrams to CSP expressions: A graph transformation approach using Atom3 tool

    IJCSI International Journal of Computer Science Issues

    (2011)
  • R. Eshuis

    Symbolic model checking of UML activity diagrams

    ACM Transactions on Software Engineering and Methodology

    (2006)
  • D.N. Jansen et al.

    A probabilistic extension of UML statecharts – specification and verification

  • Jansen, D. N., Hermanns, H., & Katoen, J. P. (2003). A QoS-oriented extension of UML statecharts. Lecture notes in...
  • Rafe, V., Rafeh, R., Azizi, S., & Miralvand, M. (2009). Verification and validation of activity diagrams using graph...
  • M. Kwiatkowska et al.

    PRISM 4.0: verification of probabilistic real-time systems

  • V. Forejt et al.

    Automated verification techniques for probabilistic systems

  • E. Ebeid et al.

    Generation of SystemC/TLM code from UML/MARTE sequence diagrams for verification

    2012 IEEE 15th international symposium on design and diagnostics of electronic circuits systems (DDECS)

    (2012)
  • Cited by (0)

    View full text