Abstract
Two translations from activity diagrams to the input language of NuSMV, a symbolic model verifier, are presented. Both translations map an activity diagram into a finite state machine and are inspired by existing statechart semantics. The requirements-level translation defines state machines that can be efficiently verified, but are a bit unrealistic since they assume the perfect synchrony hypothesis. The implementation-level translation defines state machines that cannot be verified so efficiently, but that are more realistic since they do not use the perfect synchrony hypothesis. To justify the use of the requirements-level translation, we show that for a large class of activity diagrams and certain properties, both translations are equivalent: regardless of which translation is used, the outcome of model checking is the same. Moreover, for linear stuttering-closed properties, the implementation-level translation is equivalent to a slightly modified version of the requirements-level translation. We use the two translations to model check data integrity constraints for an activity diagram and a set of class diagrams that specify the data manipulated in the activities. Both translations have been implemented in two tools. We discuss our experiences in applying both translations to model check some large example activity diagrams.
- Alonso, G., Casati, F., Kuno, H., and Machiraju, V. 2004. Web Services: Concepts, Architectures and Applications. Springer.Google Scholar
- André, C., Boulanger, F., and Girault, A. 2001. Software implementation of synchronous programs. In Proceedings of the Second International Conference on Application of Concurrency to System Design (ACSD 2001). IEEE Computer Society, 133--142. Google Scholar
- Berry, G. and Gonthier, G. 1992. The Esterel synchronous programming language: design, semantics, implementation. Sci. Compu. Prog. 19, 2, 87--152. Google Scholar
- Bock, C. 1999. Unified behavior models. J. Object-Oriented Prog. 12, 5.Google Scholar
- Boehm, B. 1981. Software Engineering Economics. Prentice Hall. Google Scholar
- Booch, G., Rumbaugh, J., and Jacobson, I. 1999. The Unified Modeling Language User Guide. Addison-Wesley. Google Scholar
- Browne, M., Clarke, E., and Grumberg, O. 1988. Characterizing finite kripke structures in propositional temporal logic. Theo. Compu. Sci. 59, 115--131. Google Scholar
- Burch, J., Clarke, E., McMillan, K., Dill, D., and Hwang, L. 1992. Symbolic model checking: 1020 states and beyond. Information and Computation 98, 2, 142--170. Google Scholar
- Campbell, L., Cheng, B., McUmber, W., and Stirewalt, R. 2002. Automatically detecting and visualising errors in UML diagrams. Requirements Eng. J. 7, 264--287.Google Scholar
- Caspers, A. 1998. Workflow management: Analyse, modellering en implementatie (in Dutch). M.S. thesis, Vrije Universiteit Amsterdam.Google Scholar
- Chan, W., Anderson, R., Beame, P., Burns, S., Modugno, F., Notkin, D., and Reese, J. 1998. Model checking large software specifications. IEEE Trans. Soft. Eng. 24, 7, 498--520. Google Scholar
- Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., and Tacchella, A. 2002. NuSMV Version 2: An OpenSource Tool for Symbolic Model Checking. In Proceedings of the International Conference on Computer-Aided Verification (CAV 2002), E. Brinksma and K. Larsen, Eds. Vol. Lecture Notes in Computer Science 2404. Springer, 359--364. Google Scholar
- Clarke, E., Grumberg, O., and Peled, D. 1999. Model Checking. The MIT Press. Google Scholar
- Clarke, E. and Wing, J. 1996. Formal methods: State of the art and future directions. ACM Compu. Surv. 28, 4, 626--643. Google Scholar
- Dehne, F., Wieringa, R., and van de Zandschulp, H. 2000. Toolkit for conceptual modeling (TCM)---user's guide and reference. Tech. Rep., University of Twente.Google Scholar
- Desel, J. and Esparza, J. 1995. Free choice Petri nets. Cambridge Tracts in Theoretical Computer Science, vol. 40. Cambridge University Press. Google Scholar
- Emerson, E., Jha, S., and Peled, D. 1997. Combining partial order and symmetry reduction. In Proceedings of Tools and Algorithms for the Construction and Analysis of Systems (TACAS'97), E. Brinksma, Ed. Lecture Notes in Computer Science 1217. Springer, 19--34. Google Scholar
- Eriksson, H.-E. and Penker, M. 2000. Business Modeling With UML: Business Patterns at Work. Wiley Computer Publishing. Google Scholar
- Eshuis, R. 2002. Semantics and verification of UML activity diagrams for workflow modelling. Ph.D. thesis, Centre for Telematics and Information Technology, University of Twente. Available at http://www.ctit.utwente.nl/library/phd/eshuis.pdf.Google Scholar
- Eshuis, R., Jansen, D., and Wieringa, R. 2002. Requirements-level semantics and model checking of object-oriented statecharts. Requirements Eng. J. 7, 243--263.Google Scholar
- Eshuis, R. and Wieringa, R. 2001a. An execution algorithm for UML activity graphs. In Proceedings of ≪UML≫ 2001, M. Gogolla and C. Kobryn, Eds. Lecture Notes in Computer Science 2185. Springer, 47--61. Google Scholar
- Eshuis, R. and Wieringa, R. 2001b. A real-time execution semantics for UML activity diagrams. In Proceedings of Fundamental Approaches to Software Engineering (FASE 2001), H. Hussmann, Ed. Lecture Notes in Computer Science 2029. Springer, 76--90. Google Scholar
- Eshuis, R. and Wieringa, R. 2002. Verification support for workflow design with UML activity graphs. In Proceedings of the International Conference on Software Engineering (ICSE 2002). ACM Press, 166--176. Google Scholar
- Eshuis, R. and Wieringa, R. 2003. Comparing Petri net and activity diagram variants for workflow modelling---a quest for reactive Petri nets. In Petri Net Technology for Communication Based Systems, H. Ehrig, W. Reisig, G. Rozenberg, and H. Weber, Eds. Lecture Notes in Computer Science 2472. Springer, 321--351.Google Scholar
- Eshuis, R. and Wieringa, R. 2004. Tool support for verifying UML activity diagrams. IEEE Trans. Soft. Eng. 30, 7, 437--447. Google Scholar
- Grefen, P., Pernici, B., and Sánchez, G. 1999. Database Support for Workflow Management: the WIDE Project. Kluwer Academic Publishers. Google Scholar
- Harel, D. 1987. Statecharts: A visual formalizm for complex systems. Sci. Comput. Prog. 8, 3, 231--274. Google Scholar
- Harel, D. and Naamad, A. 1996. The STATEMATE Semantics of Statecharts. ACM Trans. Soft. Eng. Metho. 5, 4, 293--333. Google Scholar
- Hausmann, J., Heckel, R., and Täntzer, G. 2002. Detection of conflicting functional requirements in a use case-driven approach: a static analysis technique based on graph transformation. In Proceedings of the International Conference on Software Engineering (ICSE 2002). ACM Press, 105--115. Google Scholar
- Holzmann, G. 1997. The model checker SPIN. IEEE Trans. Soft. Eng. 23, 5, 279--295. Google Scholar
- Inverardi, P., Muccini, H., and Pelliccione, P. 2001. Automated Check of Architectural Models Consistency using SPIN. In Proceedings of the Automated Software Engineering Conference (ASE 2001). IEEE Computer Society, 346--349. Google Scholar
- Kesten, Y., Pnueli, A., and Raviv, L. 1998. Algorithmic verification of linear temporal logic specifications. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP'98), K. Larsen, S. Skyum, and G. Winskel, Eds. Lecture Notes in Computer Science 1443. Springer, 1--16. Google Scholar
- Lamport, L. 1983. What good is temporal logic? In Proceedings of the IFIP Congress on Information Processing, R.E.A. Mason, Ed. North-Holland, 657--667.Google Scholar
- Latella, D., Majzik, I., and Massink, M. 1999. Automatic verification of a behavioural subset of UML statechart diagrams using the SPIN model-checker. Formal Aspects of Computing 11, 6, 637--664.Google Scholar
- Lilius, J. and Paltor, I. P. 1999. Formalizing UML state machines for model checking. In Proceedings of ≪UML≫ 2001, R. France and B. Rumpe, Eds. Lecture Notes in Computer Science 1723. Springer, 430--445. Google Scholar
- Manna, Z. and Pnueli, A. 1992. The Temporal Logic of Reactive and Concurrent Systems. Springer. Google Scholar
- McMillan, K. 1993. Symbolic Model Checking. Kluwer Academic Publishers. Google Scholar
- MIT. MIT process handbook. http://ccs.mit.edu/ph.Google Scholar
- Murata, T. 1989. Petri nets: Properties, analysis, and applications. In Proceedings of the IEEE 77, 4, 541--580.Google Scholar
- No Magic, Inc. MagicDraw. http://www.magicdraw.com.Google Scholar
- Paech, B. 1999. On the role of activity diagrams in UML: A user task centered development process for UML. In Proceedings of ≪UML'98≫, J. Bézivin and P.-A. Muller, Eds. Vol. Lecture Notes in Computer Science 1618. Springer, 267--277. Google Scholar
- Peled, D. 1993. All from one, one from all: on model checking using representatives. In Proceedings of the International Conference on Computer Aided Verification (CAV'93). Lexture Notes in Computer Science 697. Springer-Verlag, 409--423. Google Scholar
- Peled, D. 1997. On projective and separable properties. Theor. Comput. Sci. 186, 1-2, 135--156. Google Scholar
- Pnueli, A. and Shahar, E. 1996. A platform combining deductive with algorithmic verification. In Proceedings of the International Conference on Computer Aided Verification (CAV '96), R. Alur and T.A. Henzinger, Eds. Lecture Notes in Computer Science 1102. Springer, 184--195. Google Scholar
- RosettaNet consortium. RosettaNet. http://www.rosettanet.org.Google Scholar
- Schäfer, T., Knapp, A., and Merz, S. 2001. Model checking UML state machines and collaborations. In Proceedings of the Workshop on Software Model Checking, S. Stoller and W. Visser, Eds. Electronic Notes in Theoretical Computer Science 55, 3.Google Scholar
- Selic, B. 2001. Physical programming: Beyond mere logic. In Proceedings of Fundamental Approaches to Software Engineering (FASE 2001), H. Hussmann, Ed. Lecture Notes in Computer Science 2029. Springer, 1. Google Scholar
- TCM 2005. Toolkit for conceptual modeling (TCM). Available at http://www.cs.utwente.nl/~tcm.Google Scholar
- UML Revision Taskforce. 2003a. OMG UML Specification v. 1.5. Object Management Group. OMG Document Number formal/2003-03-01. Available at http://www.omg.org.Google Scholar
- UML Revision Taskforce. 2003b. UML 2.0 Superstructure Specification. Object Management Group. OMG Document Number ptc/03-07-06. Available at http://www.omg.org.Google Scholar
- UN/CEFACT and OASIS. ebXML. http://www.ebxml.org.Google Scholar
- Yang, J., Mok, A., and Wang, F. 1997. Symbolic model checking for event-driven real-time systems. ACM Trans. Prog. Lang. Syst. 19, 2, 386--412. Google Scholar
Index Terms
- Symbolic model checking of UML activity diagrams
Recommendations
Model Checking UML Activity Diagrams in FDR
ICIS '09: Proceedings of the 2009 Eigth IEEE/ACIS International Conference on Computer and Information ScienceThe Unified Modeling Language (UML) is the de-facto industrial standard for modeling object-oriented software systems. UML Activity diagrams (ADs) can be used for software modeling and they have under gone significant changes with UML 2.0 specification, ...
Translation of UML 2 Activity Diagrams into Finite State Machines for Model Checking
SEAA '09: Proceedings of the 2009 35th Euromicro Conference on Software Engineering and Advanced ApplicationsActivity diagrams are part of the Unified Modeling Language (UML) to specify a system’s behavior. This formalism has been substantially revised in UML 2. Concepts like signal handling and interruptible activity regions were introduced. By using a token ...
Model Checking UML Statechart Diagrams Using JACK
HASE '99: The 4th IEEE International Symposium on High-Assurance Systems EngineeringStatechart Diagrams provide a graphical notation for describing dynamic aspects of system behaviour within the Unified Modeling Language (UML). In this paper we present a branching time model-checking approach to the automatic verification of formal ...
Comments