Faculty of Computer Science Institute of Software- and Multimedia-Technology, Software Technology Group
MODEL AND OBJECT VERIFICATION
Use Cases of OCL and the Dresden OCL Toolkit
Claas Wilke and Birgit Demuth
Dresden, Oct. 15th 2009
OverviewIntroduction
Dresden OCL
VerificationApproaches
Use Cases
Summary andDiscussion
questions?
noyes
• Introduction• Dresden OCL Toolkit• Verification Approaches
– Interpretative Approach– Generative Approach
• OCL Use Cases– Interpretative Use Cases– Generative Use Cases
• Summary
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 2
Introduction
Run-timeObjects
Class Diagram
UML
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
M2
M1
M0
Meta-Meta-Model
<<instance-of>>
M3
Class
PropertyOperation
0..*0..*
MOF
Personname:Stringage:int
p1:Personname=“Claas“age=26
Object
Property
Extent
Student
p2:Personname=“Micha“age=24
<<instance-of>>
<<instance-of>>
<<instance-of>>
What is OCL?
• Part of UML• Additional
Semantics• Queries and
Constraints• On different
MOF layers• On different
Meta-Models
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 3
Introduction Person
age: int
birthdayHappens()
An Example
context Personinv : s e l f . age >= 0
context Person : birthdayHappens ( )post : s e l f . age = s e l f . age@pre + 1
context Persondef i s A d u l t : Boolean =
i f ( age >= 18)then t rueelse f a l s e
endif
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 4
Dresden OCL ToolkitAbout the Project
• Started in 1999• A toolkit to extend case tools with OCL• http://dresden-ocl.sourceforge.net/
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
First OCL versiondeveloped by IBM
UML 1.1 andUML OCL 1.1
Standard
Start of UML2.0and OCL2.0(Request forProposals)
UML 2.0 and UML 2.0 OCL
Standard
First work withOCL by Andreas
Schmidt
Start of theDresden OCL2Toolkit (DOT2)development
Development ofthe Pivot Model
Release of theDresden OCLToolkit (DOT)
Release of theDresden OCL2Toolkit (DOT2)
Release ofDresden OCL2
for Eclipse(DOT4Eclipse)
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 5
DresdenOCL ToolkitDresden OCL2 for Eclipse
• Developed since 2007• Meta-Model independent
(Based on a Pivot Model)• Supported Meta-Models:
– EMF Ecore– Eclipse MDT UML2– Java
• Provided Tools:– OCL2 Parser– OCL2 Interpreter– OCL2toJava Code Generator– Meta-Model Adapter Generator
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 6
Dresden OCL ToolkitThe Generic Three Layer Metadata Architecture
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
<<are-evaluated-on>>
Mn+1
Mn
Mn-1
Essential OCL
<<instance-of>>
<<extends>>
Pivot Model
<<is-a>>
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 7
Verification Approaches
Two different approaches exists:
1. Interpretative Approach– Verification by interpretation
2. Generative Approach– Verification through generated check code
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 8
Verification
Meta-Model
Model
<<instance-of>>
Mn+1
Mn
Mn-1
ApproachesInterpretative Approach
1. Modeling
2. Constraint specification
3. Model Instance definition/generation
4. Interpretation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 9
Verification
Meta-Model
Model
<<instance-of>>
Constraints
<<refines>>
Mn+1
Mn
Mn-1
ApproachesInterpretative Approach
1. Modeling
2. Constraint specification
3. Model Instance definition/generation
4. Interpretation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 9
Verification
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
Mn+1
Mn
Mn-1
ApproachesInterpretative Approach
1. Modeling
2. Constraint specification
3. Model Instance definition/generation
4. Interpretation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 9
Verification
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
Mn+1
Mn
Mn-1
<<are-interpreted-on>>
ApproachesInterpretative Approach
1. Modeling
2. Constraint specification
3. Model Instance definition/generation
4. Interpretation
Verification is part of theInterpretative Approach
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 9
Verification
Meta-Model
Model
<<instance-of>>
Mn+1
Mn
Mn-1
ApproachesGenerative Approach
1. Modeling
2. Constraint specification
3. Code generation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 10
Verification
Meta-Model
Model
<<instance-of>>
Constraints
<<refines>>
Mn+1
Mn
Mn-1
ApproachesGenerative Approach
1. Modeling
2. Constraint specification
3. Code generation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 10
Verification
Meta-Model
Model
<<instance-of>>
Constraints
<<refines>>
Mn+1
Mn
Mn-1
Check Code
<<are-transformed-into>>
ApproachesGenerative Approach
1. Modeling
2. Constraint specification
3. Code generation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 10
Verification
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
<<verifies>>
Mn+1
Mn
Mn-1
Check Code
<<are-transformed-into>>
ApproachesGenerative Approach
1. Modeling
2. Constraint specification
3. Code generation
Execution and Verification arenot part of the Generative Approach
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 10
OCL Use Cases
• Interpretative Approaches– Model Verification– Testing– Run-time (Object) Verification– Simulation/Animation– Querying
• Generative Approaches– Testing– Run-time (Object) Verification– Simulation/Animation– Model Transformation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 11
OCL Use Cases
• Interpretative Approaches– Model Verification– Testing– Run-time (Object) Verification– Simulation/Animation– Querying
• Generative Approaches– Testing– Run-time (Object) Verification– Simulation/Animation– Model Transformation
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 11
OCL Use Cases
Meta-Meta-Model
Meta-Model
Model
<<instance-of>>
<<instance-of>>
WFRs
<<refines>>
<<are-interpreted-on>>
M3
M2
M1
Interpretative Approaches:Model Verification
• Constraints on Meta-Models– Well-Formedness Rules– Modeling Guide-Lines
• Interpretation/Verificationof Models during Modeling
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 12
OCL Use Cases
Interface
Feature
Operation
Property
feature0..*
Classifier
InterpretativeApproaches: Model Verification - WFRsand Modeling Guidelines in UML [OMG09]
context I n t e r f a c einv fea tu resArePub l i c :s e l f . fea tu re−>f o r A l l ( f | f . v i s i b i l i t y = # p u b l i c )
context Classinv S i n g l e I n h e r i t a n c e :
s e l f . g e n e r a l i z a t i o n−>s i ze ( ) <=1
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 13
OCL Use Cases
Meta-Model
Model
Run-time Objects
<<instance-of>>
<<instance-of>>
Business Rules
<<refines>>
<<are-interpreted-on>>
M2
M1
M0
Interpretative Approaches:Run-Time (Object) Verification
• Constraints are definedon a Model
• Interpretation/Verificationof objects during run-time
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 14
OCL Use CasesInterpretative Approaches:Run-Time (Object) Verification in Treaty [DJ08, Tre09]
context DateFormatter : : format ( aDate : Date ) : S t r i n gpost containsDay :
l e t day : S t r i n g = aDate . t o S t r i n g ( ) . subs t r i ng (9 , 10)in resu l t . conta ins ( day )
<<component>>Clock
dateformatterservice-provider
<<component>>DateFormatter
class
formatdef
dateformatter
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 15
OCL Use Cases
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Queries
<<are-defined-on>>
<<are-interpreted-on>>
Mn+1
Mn
Mn-1
InterpretativeApproaches: Querying
• Queries on Modelsor Meta-Models
• Interpreter queries on an instanceof the Model or Meta-Model
• Collect invalid Objects
• Compute Model Metrics
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 16
OCL Use Cases
Plugin
extensionPoints0..*
ExtensionPoint
id: String
services0..*
Service
id: String
id: Stringname: Stringversion: Stringprovider: String
Feature
id: Stringname: Stringversion: String
plugins0..*
features0..1
InterpretativeApproaches: Querying non-well-formedModel Objects in a PML model [Brä07]
context P lug indef g e t I l l e g a l P l u g i n s ( ) :
Set ( P lug in ) =
s e l f . a l l I n s t a n c e s ( )−>se lec t ( i d . oc l IsUndef ined ( ) )
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 17
OCL Use Cases
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
<<tests>>
M2
M1
M0
Test Code
<<are-transformed-into>>
GenerativeApproaches: Testing
• Constraints are definedon Models
• Code Generator generatesTest Code
• Test Code testsModel Instances
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 18
OCL Use Cases Person
age: int
birthdayHappens()
Generative Approaches:Testing - JUnit Code Generation
context Personinv age I sPos i t i ve : s e l f . age >= 0
In Java:
@Testpublic void t es tAge IsPos i t i ve ( ) {
Person aPerson = new Person ( ) ;asser tTrue ( aPerson . age >= 0) ;
}
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 19
OCL Use Cases
Meta-Model
Model
Model Instance
<<instance-of>>
<<instance-of>>
Constraints
<<refines>>
<<is-instrumented-into>>
M2
M1
M0
Verification Code
<<are-transformed-into>>
Generative Approaches:Run-Time (Object) Verification
• Constraints are defined on Models
• Code Generator generatesConstraint Code
• Constraint code is instrumentedor woven into Model code
• Constraints are verified duringModel Instance execution
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 20
OCL Use CasesGenerative Approaches:Run-Time Verification - AspectJ Code Generation [Wil09]
context Personinv age I sPos i t i ve : s e l f . age >= 0
In Java:
pointcut ageChanged ( Person aPerson ) :set (∗ Person . age ) && th is ( aPerson ) ;
af ter ( Person aPerson ) : ageChanged ( Person ) {i f ( ! aPerson . age >= 0) {
throw new RuntimeException (" The age of a person must not be negat ive " ) ;
}}
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 21
OCL Use Cases Person
age: int
birthdayHappens()
Generative Approaches:Run-time Verification -OCL2 to SQL Transformation [Hei05]
context Personinv age I sPos i t i ve : s e l f . age >= 0
SQL Integrity View(contains all objects that violate the constraint):
create view AGEISPOSITIVE asselect ∗ from PERSON SELFwhere not ( SELF .AGE >= 0)
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 22
Summary
• Object Constraint Language– Model Verification– Object Verification
• Dresden OCL2 for Eclipse– Generic Three Layer Metadata Architecture– Supports both Model, and Object Verification– A Set of Tools for other Case Tools
• Two groups of Verification Use Cases– Interpretative Approaches– Generative Approaches
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 23
Summary
• We are interested in other OCL use cases and yourown experiences with OCL!
• Feedback is welcome!• Dresden OCL Toolkithttp://dresden-ocl.sourceforge.net/
• Use our mailinglists athttp://sourceforge.net/projects/dresden-ocl/
• Direct Contact: [email protected]
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 24
References I
BRÄUER, Matthias:Models and Metamodels in a QVT/OCL Development Environment.Großer Beleg (Minor Thesis), TU Dresden, May 2007
DIETRICH, Jens ; JENSON, G.:Treaty - A Modular Component Contract Language.In: Proceedings of the Thirteenth International Workshop onComponent-Oriented Programming (WCOP’2008), 2008, S. 33–38
HEIDENREICH, Florian:SQL-Codegenerierung in der metamodellbasierten Architektur des DresdenOCL Toolkit.Großer Beleg (Minor Thesis), TU Dresden, May 2005. –Published in German
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 25
References II
HEIDENREICH, Florian:OCL-Codegenerierung für deklarative Sprachen.Diploma Thesis, TU Dresden, April 2006. –Published in German
Object Management Group (OMG):OMG Unified Modeling LanguageTM(OMG UML), Superstructure.http://www.omg.org/spec/UML/2.2/Superstructure.Version: 2.2, February 2009
Treaty Project Website.Google Code Project Website.http://code.google.com/p/treaty/.Version: July 2009
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 26
References III
WILKE, Claas:Java Code Generation for Dresden OCL2 for Eclipse.Großer Beleg (Minor Thesis), TU Dresden, February 2009
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 27
OCL Use Cases
Plugin
extensionPoints0..*
ExtensionPoint
id: String
services0..*
Service
id: String
id: Stringname: Stringversion: Stringprovider: String
Feature
id: Stringname: Stringversion: String
plugins0..*
features0..1
InterpretativeApproaches: WFRs in PML [Brä07]
context P lug ininv :not s e l f . i d . oc l IsUndef ined ( )
context Featureinv : s e l f . p lug ins−>isUnique ( p lug in | p lug in . i d )
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 28
OCL Use CasesGenerative Approaches - Run-time Verification - OCL2 toXMLSchema/XQuery Transformation [Hei06]
XMLSchema:
<xs : complexType name=" Person "><xs : element name="age " type ="xs : i n tege r " />
</xs : complexType>
XQuery Integrity Query(contains all objects that violate the constraint):
for $SELF in fn : doc ( " modelInstance . xml " ) / Personwhere not ( $SELF / age >= 0)return $SELF
TU Dresden, Oct. 15th 2009 Model and Object Verification slide 29