Compositional Operational Semantics of a UML-Kernel-Model Language

We define a compositional operational semantics for state machines and their composition in UML. Each state machine describes the behavior of an object of a class. If a class of a newly generated object is active, a new activity group, which is a singly-threaded collection of objects, is generated. Communication of state machines between activity groups differs from the one inside an activity group. We introduce (i) two parallel combinators reflecting this difference, which return a SOS given that their arguments are SOS, (ii) an SOS for each state machine regarded in isolation.     

从UML顺序图生成状态图的一个方法

UML (Unified Modeling Language) is a visual modeling language used for specifying,visualizing,constructing,and documenting the artifacts of software systems by various diagrams.It has been widely accepted as a standard modeling language in both academic and industrial areas.UML sequence diagrams are mostly used in specifying system requirements.By representing interactions,which are arranged in time sequence,between the objects in a system,sequence diagrams can construct scenarios indicating the system‘‘s functions.A UML statechart diagram is a graph shows the sequences of states that an object or an interaction goes through during its life in response to received stimuli,together with its responses and actions.It‘‘s useful in the design stage of system development.This essay discusses the computer-aided transformation from sequence diagrams to statechart diagrams,which can offer strong support for the transfering from requirement analysis to system design in the software development process.With OCL (Object Control Language) semantic constrain,a transform algorithm is provided in the paper.And the differences with the related works are also mentioned.     

Towards an Integrated Graph Based Semantics for UML

Recently, we proposed an integrated formal semantics based on graph transformation for central aspects of UML class, object and state diagrams. In this paper, we explain the basic ideas of that approach and show how two more UML diagram types, sequence and collaboration diagrams, can be captured. For UML models consisting of a class diagram and particular state diagrams, a graph transformation system can be defined. Its graphs are associated with system states and its rules with operations in the class diagram and transitions in the state diagrams. Sequence and collaboration diagrams then characterize sequences of operation applications and therefore sequences of transformation rule applications. Thus valid sequence and collaboration diagrams correspond to derivations induced by the graph transformation system. Proceeding this way, it can be checked for example whether such an operation application sequence may be applied in a specific system state.     

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.     

Manual test case derivation from UML activity diagrams and state machines: A controlled experiment

ContextIt is a difficult and challenging task to fully automatize model-based testing because this demands complete and unambiguous system models as input. Therefore, in practice, test cases, especially on the system level, are still derived manually from behavioral models like UML activity diagrams or state machines. But this kind of manual test case derivation is error-prone and knowing these errors makes it possible to provide guidelines to reduce them.ObjectiveThe objective of the study presented in this paper therefore is to examine which errors are possible and actually made when manually deriving test cases from UML activity diagrams or state machines and whether there are differences between these diagram types.MethodWe investigate the errors made when deriving test cases manually in a controlled student experiment. The experiment was performed and internally replicated with overall 84 participants divided into three groups at two institutions.ResultsAs a result of our experiment, we provide a taxonomy of errors made and their frequencies. In addition, our experiment provides evidence that activity diagrams have a higher perceived comprehensibility but also a higher error-proneness than state machines with regard to manual test case derivation. This information helps to develop guidelines for manual test case derivation from UML activity diagrams and state machines.ConclusionMost errors observed were due to missing test steps, conditions or results, or content was written into the wrong field. As activity diagrams have a higher perceived comprehensibility, but also more error-prone than state machines, both diagram types are useful for manual test case derivation. Their application depends on the context and should be complemented with clear rules on how to derive test cases.     

A transformation‐based approach to testing concurrent programs using UML activity diagrams

Unified Modeling Language (UML) activity diagrams are widely used to model concurrent interaction among multiple objects. In this paper, we propose a transformation‐based approach to generating scenario‐oriented test cases for applications modeled by UML activity diagrams. Using a set of transformation rules, the proposed approach first transforms a UML activity diagram specification into an intermediate representation, from which it then constructs test scenarios with respect to the given concurrency coverage criteria. The approach then finally derives a set of test cases for the constructed test scenarios. The approach resolves the difficulties associated with fork and join concurrency in the UML activity diagram and enables control over the number of the resulting test cases. We further implemented a tool to automate the proposed approach and studied its feasibility and effectiveness using a case study. Experimental results show that the approach can generate test cases on demand to satisfy a given concurrency coverage criterion and can detect up to 76.5% of seeded faults when a weak coverage criterion is used. With the approach, testers can not only schedule the software test process earlier, but can also better allocate the testing resources for testing concurrent applications. Copyright © 2015 John Wiley & Sons, Ltd.     

From UML Models to Graph Transformation Systems

In this paper we present an approach that allows to validate properties of UML models. The approach is based on an integrated semantics for central parts of the UML. We formally cover UML use case, class, object, statechart, collaboration, and sequence diagrams. Additionally full OCL is supported in the common UML fashion. Our semantics is based on the translation of a UML model into a graph transformation system consisting of graph transformation rules and a working graph that represents the system state. By applying the rules on the working graph, the evolution of the modeled system is simulated.     

Modeling and validating Mondex scenarios described in UML and OCL with USE

This paper describes the Mondex case study with UML class diagrams and restricting OCL constraints. The constraints have been formulated either as OCL class invariants or as OCL pre- and postconditions. The proposed two models include UML class diagrams and OCL constraints which have been checked by the UML and OCL tool USE (UML-based Specification Environment). USE allows validation of a model by testing it with scenarios. The Mondex case study has been validated by positive and negative test cases. The test cases allow the validity of the various constraints to be traced and checked. Validation results are presented as textual protocols or as UML sequence diagrams where starting, intermediate, and resulting system states are represented by UML object diagrams. UML sequence diagrams, UML object diagrams, and textual protocols are shown with varying degrees of detail for the attributes, constraints, and executed commands. J. C. P. Woodcock     

分布式软件系统交互行为建模、验证与测试

为了确保分析与设计阶段分布式软件系统中模块之间交互行为的正确性,提出了一种分布式软件系统模块交互的抽象方法,分别通过系统状态机图和对象状态机图对各模块状态变迁进行建模,使用UML2.0序列图对模块之间交互行为进行描述.采用基于命题投影时序逻辑的模型检测技术,将对象状态机图转换为Promela模型,系统交互性质转换为命题投影时序逻辑公式,通过模型检测器验证交互模型是否满足于系统的性质,若不满足于该性质,则能够获得反例执行的路径.给出了一个分布式软件系统测试框架,在验证后的序列图模型基础上,使用基于模型的测试用例自动生成方法得到测试用例集合,该集合能够实现对交互行为的有效测试.实例结果表明,该方法可以提高分布式软件系统中模块交互行为的有效性和可靠性.     

Timing consistency checking for UML/MARTE behavioral models

UML/MARTE model-driven development approaches are gaining attention in developing real-time embedded software (RTES). UML behavioral models with MARTE annotations are used to describe timing behaviors and timing characteristics of RTES. Particularly, state machine, sequence, and timing diagrams with MARTE annotations are appropriate to understand and analyze timing behaviors of RTES. However, to guarantee software correctness and safety, timing inconsistencies in UML/MARTE should be identified in the design phase of RTES. UML/MARTE timing inconsistencies are related to modeling errors and can be hazards throughout the lifecycle of RTES. We propose a systematic approach to check timing consistency of state machine, sequence, and timing diagrams with MARTE annotations for RTES. First, we present how state machine, sequence, and timing diagrams with MARTE annotations specify the behaviors of RTES. To overcome informal semantics of UML/MARTE models, we provide formal definitions of state machine, sequence, and timing diagrams with MARTE annotations. Second, we present the timing consistency checking approach that consists of a rule-based and a model checking-based timing consistency checking. In the rule-based timing consistency checking, we validate well formedness of UML/MARTE behavioral models in timing aspects. In the model checking-based timing consistency checking, we verify whether timing behaviors of sequence and timing diagrams with MARTE annotations are consistent with the timing behaviors of state machine diagrams with MARTE annotations. We support an automated timing consistency checking tool UML/MARTE timing Consistency Analyzer for a seamless approach. We demonstrate the effectiveness and the practicality of the proposed approach by two case studies using cruise control system software and guidance and control unit software.     

基于UML活动图的测试研究进展

UML活动图不再是状态图的特例,它作为一种独立的模型广泛用于软件的行为建模.基于UML活动图的测试受到业界的普遍欢迎.然而从UML活动图自动生成完整的测试场景\用例成为一个难点.本文对基于UML活动图的测试进行了比较分析,总结了几种从UML活动图生成测试场景\用例的方法及其使用的算法,即反蚂蚁Agent方法、灰盒方法、自适应细菌Agent方法和系统的形式化方法.对这些方法进行了分析与比较,指出一些不足之处.最后对UML活动图测试的发展趋势做了一些展望.     

Validating timed UML models by simulation and verification

This paper presents a technique and a tool for model-checking operational (design level) UML models based on a mapping to a model of communicating extended timed automata. The target language of the mapping is the IF format, for which existing model-checking and simulation tools can be used. Our approach takes into consideration most of the structural and behavioural features of UML, including object-oriented aspects. It handles the combination of operations, state machines, inheritance and polymorphism, with a particular semantic profile for communication and concurrency. We adopt a UML profile that includes extensions for expressing timing. The breadth of concepts covered by our mapping is an important point, as many previous approaches for applying formal validation to UML put much stronger limitations on the considered models. For expressing properties about models, a formalism called UML observers is defined in this paper. Observers reuse existing concepts like classes and state machines, and they allow expressing a significant class of linear temporal properties. The approach is implemented in a tool that imports UML models from an XMI repository, thus supporting several editors like Rational Rose, Rhapsody or Argo. The generated IF models may be simulated and verified via an interface that presents feedback in the vocabulary of the original UML model. This work has been partially supported by the OMEGA European Project (IST-33522). See also http://www-omega.imag.fr     

Automatic extraction of OWL ontologies from UML class diagrams: a semantics-preserving approach

Full implementation of the Semantic Web requires widespread availability of OWL ontologies. Manual ontology development using current OWL editors remains a tedious and cumbersome task that requires significant understanding of the new ontology language and can easily result in a knowledge acquisition bottleneck. On the other hand, abundant domain knowledge has been specified by existing database schemata such as UML class diagrams. Thus developing an automatic tool for extracting OWL ontologies from existing UML class diagrams is helpful to Web ontology development. In this paper we propose an automatic, semantics-preserving approach for extracting OWL ontologies from existing UML class diagrams. This approach establishes a precise conceptual correspondence between UML and OWL through a semantics-preserving schema translation algorithm. The experiments with our implemented prototype tool, UML2OWL, show that the proposed approach is effective and a fully automatic ontology extraction is achievable. The proposed approach and tool will facilitate the development of Web ontologies and the realization of semantic interoperations between existing Web database applications and the Semantic Web.     

UMLTGF:一个基于灰盒方法从UML活动图生成测试用例的工具

UML已经成为建模语言的事实标准，如何从UML分析设计模型生成测试用例也为面向对象软件测试带来了新的挑战．为了从UML设计模型中的活动图直接生成测试用例，给出了UML活动图的形式化定义和灰盒测试方法．该方法首先分析UML活动图上的所有执行路径（每条路径称为一个测试场景），然后根据测试场景中的节点和转换所代表的活动及其输入／输出变量、相关约束条件等生成测试用例．并根据该方法实现了一个自动生成测试用例的工具UMLTGF，它可以从Rational Rose的规约文件中提取活动图信息并生成相应的测试用例．该工具能够提高软件测试的效率，降低测试成本．     

基于对象着色Petri网的UML模型研究

UML广泛应用于软件建模,但缺乏有效的模型检测的方法,使用形式化方法对UML模型进行分析,可以发现UML模型的设计问题,提高UML模型的质量。对象着色Petri网是一种拥有接口库所的模块化着色Petri网,既是一种图形化建模工具,又是具有严格的语法语义定义的形式化方法。通过引入事件托肯,改进了将UML模型转换为对象着色Petri网的方法,结合实例将UML状态图和协作图映射为对象着色Petri网模型。并用着色Petri网的方法和工具对模型进行了分析,验证了模型的一系列性质。     

A compositional semantics of UML-RSDS

This paper provides a semantics for the UML-RSDS (Reactive System Development Support) subset of UML, using the real-time action logic (RAL) formalism. We show how this semantics can be used to resolve some ambiguities and omissions in UML semantics, and to support reasoning about specifications using the B formal method and tools. We use ‘semantic profiles’ to provide precise semantics for different semantic variation points of UML. We also show how RAL can be used to give a semantics to notations for real-time specification in UML. Unlike other approaches to UML semantics, which concentrate on the class diagram notation, our semantic representation has behaviour as a central element, and can be used to define semantics for use cases, state machines and interactions, in addition to class diagrams.     

基于UML和模型检测的安全模型验证方法

安全策略的形式化分析与验证随着安全操作系统研究的不断深入已成为当前的研究热点之一.文中在总结前人工作的基础上,首次提出一种基于UML和模型检测器的安全模型验证方法.该方法采用UML将安全策略模型描述为状态机图和类图,然后利用转换工具将UML图转化为模型检测器的输入语言,最后由模型检测器来验证安全模型对于安全需求的满足性.作者使用该方法验证了DBLP和SLCF模型对机密性原则的违反.     

一种用于类测试的改进型EFSM模型

扩展有限状态机(EFSM)中迁移存在前置条件和相应操作,而前置条件和相应操作中变量的相互依赖性导致了EFSM中存在不可达路径,不利于基于EFSM模型的类的测试。通过把UML状态图转换成EFSM模型,提出一种消除EFSM模型不可达路径算法,从而建立一种用于面向对象软件的类测试模型,通过该模型可以应用传统的数据流和控制流分析技术对类进行测试。