Using UML and OCL to maintain the consistency of spatial data in environmental information systems

The Object Constraint Language (OCL) is a subset of the well-known Unified Modeling Language (UML) that allows specifying constraints over entities representing concepts from the application domain. The purpose of this paper is to describe a specific extension of OCL to model spatial constraints of Environmental Information Systems (EIS). These new features are applied to the agricultural spreading of organic matter. In this context, it is important to model a set of spatial constraints that define precisely where spreading can take place. For example, organic matters can never be spread inside certain natural areas. At present, some tools allow producing integrity checking mechanisms in different languages (Java, C#, SQL, etc.) from specifications of non-spatial constraints expressed in OCL. For instance, the SQL code generated by OCL2SQL can be used to check if a database verifies constraints or to forbid inserting data that do not verify them. In order to check spatial constraints in EIS, we implemented the “Spatial OCL” proposed in this paper into an extension of OCL2SQL.     

带OCL约束条件的类图到Object-Z规格说明的转换

如何提高软件的可靠性是目前软件研究领域的一个热点。将形式化方法和主流的软件开发方法相结合是一个可行的方法。本文研究UML语言和Object-Z语言相结合的方法,为主流的软件开发人员所使用的图形化规格说明技术与形式方法提供的精确的分析和验证技术架起了一座桥梁。本文定义如何将带0CL约束条件的类图转换到Object-Z规格说明的方法。这样不仅可以通过支持Object-Z语言的工具采对UML语言描述的系统性质进行验证和确认,而且能够帮助规格说明人员方便地构造Object-Z规格说明。     

Secure component composition with modular behavioral properties

We propose a flexible way of allowing the users of software components to specify their security policies, and endow digitally signed certificates with more expressive power at link time. Secure linking (SL) is more flexible than type-checking or other static checking mechanisms with endowing users the freedom to specify security policies at link time, and SL is more expressive than simple digital signing with restricting the scope of guarantees made by digitally signed certificates. SL would not prevent bugs in a software component, but it gives signers of software components finer-grain control of the meaning of their certificates. We implemented a logic-based framework for SL, which consists of the SL logic, a proof verifier, a tactical prover, and user interface languages. The framework of SL encompasses the existing constraint languages, such as OCL and JML, so the security policies and the property statements of software components can be written easily using those popular languages. In this paper, we explain the linking protocol of SL, the SL framework, and the extended user interface languages with OCL and JML. We also discuss the strength of the proposed linking protocol in developing practical software systems.     

Empirically evaluating OCL and Java for specifying constraints on UML models

The Object Constraint Language (OCL) has been applied, along with UML models, for various purposes such as supporting model-based testing, code generation, and automated consistency checking of UML models. However, a lot of challenges have been raised in the literature regarding its applicability in industry such as extensive training, slow learning curve, and significant effort to use OCL due to lack of familiarity of practitioners. To confirm these challenges, empirical evidence is needed, which is severely lacking in the literature. To build such preliminary evidence, we report a controlled experiment that was designed to evaluate OCL by comparing it with Java; a programming language that has also been used to specify constraints on UML models. Results show that the participants using OCL perform as good as the participants working with Java in terms of three objective quality metrics (i.e., completeness, conformance and redundancy) and two subjective metrics (i.e., applicability and confidence level). In addition, the participants using OCL performed consistently well for all the constraints of varying complexity, while fluctuating results were obtained for the participants using Java for the same constraints. Based on the empirical evidence, we can conclude that it does not make much difference to use OCL or Java for specifying constraints on UML models. However, the participants working with OCL performed consistently well on specifying constraints of varying complexity suggesting that OCL can be used to model complicated constraints (commonly observed in industrial applications) with the same quality as for simpler constraints. Moreover, additional analyses on the constraints when using Java and OCL tools revealed that tools are needed to specify fully correct constraints that can be used to support automation.     

Digital filters for clustered-OFDM-based PLC systems: Design and implementation

This work aims to investigate the design and implementation of digital filters for separating clusters in a clustered-orthogonal frequency-division multiplexing scheme for power line communication systems. In this regard, we formulate the mathematical problem and present a criterion which is capable of searching for digital filters that maximizes data rate. In the following, several finite impulse response and infinite impulse response digital filters are analyzed in order to validate the proposed criterion and to verify the best one which fulfills the given constraints. Furthermore, regarding only the best digital filters obtained, a finite precision and complexity analyses are carried out by using a field-programmable gate array device. Based on numerical results, we show that finite impulse response equiripple minimum phase and infinite impulse response Chebyshev type II digital filters yield the best data rates among the chosen digital filters. Moreover, we point out that equiripple minimum phase digital filters consume more hardware resources than Chebyshev type II digital filters, although the first one deal better with the field-programmable gate array constraints when more bits are used to implement the digital filter. Due to that, finite impulse response digital filters are more indicated to be implemented in a field-programmable gate array device.     

Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL

ContextRole-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules.ObjectiveA systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available.MethodIn this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts.ResultWe show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation.ConclusionTo the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.     

Specification of temporal properties with OCL

The Object Constraint Language (OCL) is widely used to express static constraints on models and object-oriented systems. However, the notion of dynamic constraints, controlling the system behavior over time, has not been natively supported. Such dynamic constraints are necessary to handle temporal and real-time properties of systems.In this paper, we first add a temporal layer to the OCL language, based syntactically on Dwyer et al.'s specification patterns. We enrich it with formal scenario-based semantics and integrate it into the current Eclipse OCL plug-in. Second, we translate, with a compositional approach, OCL temporal properties into finite-state automata and we connect our framework to automatic test generators. This way, we create a bridge linking model driven engineering and usual formal methods.     

A feedback technique for unsatisfiable UML/OCL class diagrams

In Model‐Driven Development (MDD), detection of model defects is necessary for correct model transformations. Formal verification tools and techniques can to some extent verify models. However, scalability is a serious issue in relation to verification of complex UML/OCL class diagrams. We have proposed a model slicing technique that slices the original model into submodels to address the scalability issue. A submodel can be detected as unsatisfiable if there are no valid values for one or more attributes of an object in the diagram or if the submodel provides inconsistent conditions on the number of objects of a given type. In this paper, we propose a novel feedback technique through model slicing that detects unsatisfiable submodels and their integrity constraints among the complex hierarchy of an entire UML/OCL class diagram. The software developers can therefore focus their revision efforts on the incorrect submodels while ignoring the rest of the model. Copyright © 2013 John Wiley & Sons, Ltd.     

Refactoring OCL annotated UML class diagrams

Refactoring of UML class diagrams is an emerging research topic and heavily inspired by refactoring of program code written in object-oriented implementation languages. Current class diagram refactoring techniques concentrate on the diagrammatic part but neglect OCL constraints that might become syntactically incorrect by changing the underlying class diagram. This paper formalizes the most important refactoring rules for class diagrams and classifies them with respect to their impact on attached OCL constraints. For refactoring rules that have an impact on OCL constraints, we formalize the necessary changes of the attached constraints. Our refactoring rules are specified in a graph-grammar inspired formalism. They have been implemented as QVT transformation rules. We finally discuss for our refactoring rules the problem of syntax preservation and show, by using the KeY-system, how this can be resolved.     

Modeling and validating Mondex scenarios described in UML and OCL with USE

This paper describes the Mondex case study with UML class diagrams and restricting OCL constraints. The constraints have been formulated either as OCL class invariants or as OCL pre- and postconditions. The proposed two models include UML class diagrams and OCL constraints which have been checked by the UML and OCL tool USE (UML-based Specification Environment). USE allows validation of a model by testing it with scenarios. The Mondex case study has been validated by positive and negative test cases. The test cases allow the validity of the various constraints to be traced and checked. Validation results are presented as textual protocols or as UML sequence diagrams where starting, intermediate, and resulting system states are represented by UML object diagrams. UML sequence diagrams, UML object diagrams, and textual protocols are shown with varying degrees of detail for the attributes, constraints, and executed commands. J. C. P. Woodcock     

Specification of invariability in OCL

The Object Constraint Language (OCL) is a high-level, object-oriented language for contractual system specifications. Despite its expressivity, OCL does not provide primitives for a compact specification of invariability. In this paper, problems with invariability specification are listed and some weaknesses of existing solutions are pointed out. The question of invariability specification is addressed and a simple but expressive extension of OCL is proposed. It allows a view-oriented specification of invariability constraints, whereby we restrict the notion of view to reducts based on order-sorted algebras. The semantics of this extension is defined in terms of standard OCL.     

Test data generation for web application using a UML class diagram with OCL constraints

In this paper, we report on our current work toward efficient and effective verification of web application’s basic design. We use a UML class diagram with Object Constraint Language (OCL) to describe the application behaviors and data constraints. Then we generate test data from the formally represented specifications. We make the observation that key web application behaviors can be captured through table size constraints as well as data constraints like foreign key constraints. Based on the observation, we translate the OCL specification into the equivalent constraints using table size expressions. We present a scheme to generate test data from the translated constraints using a Satisfiability Modulo Theories solver. We employ two techniques to reduce constraints. The first is string handling and the other is decomposition of table structures. We also report on an experimental result of test data generation. The result indicates a potential that our scheme works well for real applications in reasonable times.     

Automated reasoning on UML conceptual schemas with derived information and queries

ContextIt is critical to ensure the quality of a software system in the initial stages of development, and several approaches have been proposed to ensure that a conceptual schema correctly describes the user’s requirements.ObjectiveThe main goal of this paper is to perform automated reasoning on UML schemas containing arbitrary constraints, derived roles, derived attributes and queries, all of which must be specified by OCL expressions.MethodThe UML/OCL schema is encoded in a first order logic formalisation, and an existing reasoning procedure is used to check whether the schema satisfies a set of desirable properties. Due to the undecidability of reasoning in highly expressive schemas, such as those considered here, we also provide a set of conditions that, if satisfied by the schema, ensure that all properties can be checked in a finite period of time.ResultsThis paper extends our previous work on reasoning on UML conceptual schemas with OCL constraints by considering derived attributes and roles that can participate in the definition of other constraints, queries and derivation rules. Queries formalised in OCL can also be validated to check their satisfiability and to detect possible equivalences between them. We also provide a set of conditions that ensure finite reasoning when they are satisfied by the schema under consideration.ConclusionThis approach improves upon previous work by allowing automated reasoning for more expressive UML/OCL conceptual schemas than those considered so far.     

Improving the performance of OCL constraint solving with novel heuristics for logical operations: a search-based approach

A common practice to specify constraints on the Unified Modeling Language (UML) models is using the Object Constraint Language (OCL). Such constraints serve various purposes, ranging from simply providing precise meaning to the models to supporting complex verification and validation activities. In many applications, these constraints have to be solved to obtain values satisfying the constraints, for example, in the case of model-based testing (MBT) to generate test data for the purpose of generating executable test cases. In our previous work, we proposed novel heuristics for various OCL constructs to efficiently solve them using search algorithms. These heuristics are enhanced in this paper to further improve the performance of OCL constraint solving. We performed an empirical evaluation comprising of three case studies using three search algorithms: Alternating Variable Method (AVM), (1?+?1) Evolutionary Algorithm (EA), and a Genetic Algorithm (GA) and in addition Random Search (RS) was used as a comparison baseline. In the first case study, we evaluated each heuristics using carefully designed artificial problems. In the second case study, we evaluated the heuristics on various constraints of Cisco’s Video Conferencing Systems defined to support MBT. Finally, the third case study is about EU-Rent Car Rental specification and is obtained from the literature. The results of the empirical evaluation showed that (1?+?1) EA and AVM with the improved heuristics significantly outperform the rest of the algorithms.     

User-oriented Security Supporting Inter-disciplinary Life Science Research across the Grid

Understanding potential genetic factors in disease or development of personalised e-Health solutions require scientists to access a multitude of data and compute resources across the Internet from functional genomics resources through to epidemiological studies. The Grid paradigm provides a compelling model whereby seamless access to these resources can be achieved. However, the acceptance of Grid technologies in this domain by researchers and resource owners must satisfy particular constraints from this community - two of the most critical of these constraints being advanced security and usability. In this paper we show how the Internet2 Shibboleth technology combined with advanced authorisation infrastructures can help address these constraints. We demonstrate the viability of this approach through a selection of case studies across the complete life science spectrum.     

A UML/OCL framework for the analysis of graph transformation rules

In this paper we present an approach for the analysis of graph transformation rules based on an intermediate OCL representation. We translate different rule semantics into OCL, together with the properties of interest (like rule applicability, conflicts or independence). The intermediate representation serves three purposes: (1) it allows the seamless integration of graph transformation rules with the MOF and OCL standards, and enables taking the meta-model and its OCL constraints (i.e. well-formedness rules) into account when verifying the correctness of the rules; (2) it permits the interoperability of graph transformation concepts with a number of standards-based model-driven development tools; and (3) it makes available a plethora of OCL tools to actually perform the rule analysis. This approach is especially useful to analyse the operational semantics of Domain Specific Visual Languages. We have automated these ideas by providing designers with tools for the graphical specification and analysis of graph transformation rules, including a back-annotation mechanism that presents the analysis results in terms of the original language notation.     

在带OCL约束的状态图下测试线索的自动生成*

保证软件质量的前提下如何减少测试用例规模是测试设计的关键技术之一。提出一种带OCL约束的状态图测试线索的自动生成方法。该方法自动解析类图和带OCL约束的状态图的XML模型文件,获取相应的状态节点邻接表,再结合状态对-事件约束集合生成带OCL约束的测试线索。实例研究表明,通过OCL约束冲突判断可避免不可行测试线索的生成,减少测试用例数目,达到降低测试成本的目的。实验结果证明了该方法的可行性和有效性。     

A transformation contract to generate aspects from access control policies

Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we address the problems of specification and validation of code generation for access control policies targeting an aspect-based infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints of the transformation contract.     

Using UML and OCL for representing multiobjective combinatorial optimization problems

This paper describes the results of a preliminary feasibility study of an approach to representing multiobjective combinatorial optimization problems in UML (structural constraints) and OCL (procedural constraints) and then automatically translating the representations to a constraint satisfaction solving language (Oz) for execution. The paper presents two examples of the application of the approach—a job scheduling problem and a (fixture) design problem. The main goal of this paper is to investigate directions towards a standard, graphical language for representing combinatorial optimization problems. The paper shows that for the two selected problems it is easy to represent structural constraints in UML and that procedural constraints are representable in OCL. The results also show that a developed translator automatically converts the UML/OCL representations to Oz and that the resulting Oz program performs very reasonably, in some cases outperforming the hand-written benchmark programs.     

OCL for formal modelling of topological constraints involving regions with broad boundaries

Integrity constraints can control topological relations of objects in spatial databases. These constraints can be modelled using formal languages such as the spatial extension of the Object Constraint Language (Spatial OCL). This language allows the expression of topological integrity constraints involving crisp spatial objects but it does not support constraints involving spatial objects with vague shapes (e.g. forest stand, pollution zone, valley or lake). In this paper, we propose an extension of Spatial OCL based on (1) a geometric model for objects with vague shapes, and (2) an adverbial approach for modelling topological constraints involving regions with broad boundaries. This new language provides an easiness in the formal modelling of these complex constraints. Our approach has been implemented in a code generator. A case study is also presented in the paper in the field of agriculture spreading activities. AOCL _OVS takes account of the shape vagueness of spread parcel and improve spatial reasoning about them.