Shuzhen Yao,Sol M. Shatz

DOI: https://doi.org/10.1109/cic.2006.32

2006-01-01

Abstract:To aid the development of high quality software applications, we present an approach for consistency checking of UML dynamic models based on Petri net techniques. ECPN, an extended colored Petri net, is used to formally describe state transitions of individual objects and interactions among objects, and is therefore capable of verifying the consistency of the models based on Petri net theory. In this work, we consider UML sequence diagrams and statecharts. The approach begins with a flattening strategy for UML dynamic models and then discusses translation of statecharts with composite states to an ECPN notation. The coverability graph is used to drive the consistency checking process. The paper discusses all phases of the approach and illustrates the concept by an example

Yao Shuzhen,Maozhong Jin

2007-01-01

Abstract:The structural and semantic features of UML statecharts are analyzed firstly,and the hierarchical colored Petri net(HCPN) is constructed to solve modeling issues,especially those related to hierarchical statecharts with composite states.The Petri subnet for a composite state is composed of input/output interfaces,a state-transition part and a history state part.The input/output interfaces are used to parse entry arcs and gather exiting arcs to/from composites respectively.The state-transition part realizes transitions of the internal states.The history state part deals with memory recovery and memory cleanup of history units.After abstracting semantic rules and constrains of entry/exit transitions,their descriptions and analysis techniques of composite states based on HCPNs are illustrated.Finally,in the view of safety of UML statechart,HCPN semantic representation for completeness,consistency and reachability of statechart is elaborated.Optimizing the design of complex systems the guide in theory and practice for further research on developing automatic verification tools is provided.

LIU Xiao-jian,LI Zhan-huai

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2008.01.009

2008-01-01

Abstract:UML (Unifying Modeling Language) is a de-facto standard for the design of systems, and has been widely used to specify safety-critical reactive control systems. Incompleteness and inconsistency are two common specification flaws in UML State-machines models. The early checking of these errors is crucial for system development. This paper gives the definitions of completeness and consistency, proposing an approach to checking the completeness and consistency. Our approach firstly transforms State-machines formalism into a clearer and equivalent intermediate format Extended Hierarchical Automata (EHA), and then checks EHA model for these properties. The advantages of EHA allow us to develop an efficient and simple algorithm to check completeness and consistency.

Xiangpeng Zhao,Quan Long,Zongyan Qiu

DOI: https://doi.org/10.1007/11901433_24

2006-01-01

Abstract:UML is widely accepted and extensively used in software modeling. However, using different diagrams to model different aspects of a system brings the risk of inconsistency among diagrams. In this paper, we investigate an approach to check the consistency between the sequence diagrams and statechart diagrams using the SPIN model checker. To deal with the hierarchy structure of statechart diagrams, we propose a formalism called Split Automata, a variant of automata, which is helpful to bridge the statechart diagrams to SPIN efficiently. Compared with the existing work on model checking UML which do not have formal verification for their translation from UML to the model checker, we formally define the semantics and prove that the automatically translated model (i.e. Split Automata) does simulate the UML model. In this way, we can guarantee that the translated model does represent the original model.

Xinhong Hei,Lining Chang,Weigang Ma,Jinli Gao

DOI: https://doi.org/10.1109/ICQR2MSE.2011.5976760

2011-01-01

Abstract:As a powerful and object-oriented graphical modeling language, Unified Modeling Language (UML) has been introduced into the design and development of safety-critical computer systems. However, UML model is difficult to reflect the concurrency and consistency of constraint rules between objects and impossible to completely demonstrate the dynamic behavior characteristics of a system. Further, it cannot be directly expressed and analyzed by mathematical tools. Petri net modeling technology uses graphical element place and transition to clearly describe the internal interactions of a system. Meanwhile, Petri net has mature mathematical analysis methods. We have proposed to combine these two tools for designing and analyzing a system with a set of transformation rules from UML statecharts to Petri net. In this paper, an automatic conversion tool is introduced. The tool performs the transformation with three steps as follows: (1) Transforming UML model into XML document, which makes information extraction of the UML model become easier. (2) Analyzing semantics of UML model and Petri net model, then designing data structure for transformation, and completing the transformation based on the transformation rules. (3) Analyzing the transformed Petri net model to verify the characteristics of the UML model. The transformation rules and the tools are developed based on a new railway interlocking system.

LIU Xiao-jian,LI Zhan-huai

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.26.005

2006-01-01

Computer Engineering and Applications Journal

Abstract:UML class diagram,as one of the important UML model elements,takes an essential role in the requirement analysis.This paper explores the semantic consistency problem of UML class diagram,and proposes an approach to automatically check the consistency of a class diagram.Our approach is based on an extended relational calculus,and reduces the consistency problem to a satisfiability problem of relational formulae.Our experience shows that this approach can be used to effectively check the consistency of a class diagram,detect the errors and bugs in a requirement analysis,and guarantee the correctness of class model.

JIANG Jin-long,ZHOU Xian-zhong,SUN Yong-cheng,XU Yan-yong

DOI: https://doi.org/10.3969/j.issn.1004-731x.2006.02.006

2006-01-01

Abstract:The modeling analysis mehtod with new manner combining UML with Petri Net.was proposed.This approach adopted a hierarchical analytical method with top-down techniques,described the whole systemic structure and static property through extended UML model,showed systemic dynamic characteristic using extended Petri Net then transformed to the corresponding State Diagram and Sequence Diagram,finally integrated all UML model and realized systemic code through RationalRose or other software.At last,the approach was illustrated by its application to FMS.

Xiaohong Chen,Frederic Mallet,Xiaoshan Liu

DOI: https://doi.org/10.1016/j.scico.2022.102777

IF: 1.039

2022-01-01

Science of Computer Programming

Abstract:UML interactions, aka sequence diagrams, are frequently used by engineers to describe expected scenarios of good or bad behaviors of systems under design, as they provide allegedly a simple enough syntax to express a quite large variety of behaviors. This paper uses them to express formal safety requirements for safety critical systems in an incremental way, where the scenarios are progressively relined after checking the consistency of the requirements. As before, the semantics of these scenarios are expressed by transforming them into an intermediate semantic model amenable to formal verification. We rely on the Clock Constraint Specification Language (CCSL) as the intermediate semantic language. An SMT-based analysis tool called MyCCSL is used to check consistency of the sequence diagrams. We compare these requirements against actual execution traces to prove the validity of our transformation. In some sense, sequence diagrams and CCSL constraints both express a family of acceptable infinite traces that must include the behaviors given by the finite set of finite execution traces against which we validate. Finally, the whole process is illustrated on partial requirements for a railway transit system.

Zhilong XIA,Shang GAO

DOI: https://doi.org/10.3969/j.issn.1673-4807.2017.03.013

2017-01-01

Abstract:Unified modeling language (UML) pervades the practices of software engineering.The evolution of UML models would introduce the inconsistency problems.Exploiting formal methods is a way to analyze the inconsistency problems of UML models.This paper provides a process to define the rules for transforming a UML model to an Event-B model and the transforming algorithms,and defines a conformance standard to be followed by this transforming.A set of concrete transforming algorithms are provided in this paper,whose conformance to that conformance standard is proved as well.The equivalence of a UML model and an Event-B model,which is generated by those transforming algorithms from the prior UML model,is proved on the consistency of semantics of two models.Upon these preparations,a method of formally analyzing the inconsistency of UML models is presented.Then,an example shows the details of the process of formally analyzing the inconsistency of UML models,whose outcomes specify the effectiveness of thisprocess.This formal analysis process is valid and effective for improving the quality of models in software engineering.

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

2024-07-24

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

Software Engineering,Logic in Computer Science

Biao LI,Feng GUO,Shu-zhen YAO

DOI: https://doi.org/10.3969/j.issn.1004-731X.2005.z1.050

2005-01-01

Abstract:As an OO analysis and design modeling language, Unified Modeling Language (UML) has been used in many large systems more and more. However, the semi-formal property of UML makes it difficult to support the rigorous semantic analysis and accuracy verification of the models. Being an important part of UML dynamic describing mechanism, state diagram has the disadvantage described above too. Petri nets is another modeling tool, it has rigorous formal semantics and many mature analysis methods. Based on UML2.0 state diagram model, this article researches the method of transforming between state diagram and Petri net, and finally proposes an algorithm of converting state diagram to Petri nets model.

XIE Yanhui,YAO Shuzhen,GUO Feng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.06.091

2006-01-01

Abstract:As an OO analysis and design modeling language,UML has been used in many large systems.However,the semi-formal property of UML makes it difficult to support the rigorous semantic analysis and accuracy verification of the models.Being an important part of UML dynamic describing mechanism,sequence diagram has the disadvantage described above too.Petri nets is another modeling tool,it has rigorous formal semantics and many mature analysis methods.Based on UML2.0 sequence diagram model,this paper combines several simple structures which have been put forward before,and proposes an algorithm of converting sequence diagram to Petri nets model,finally the effectiveness of this algorithm is demonstrated by an example.

袁崇义,余鹏,王生原

DOI: https://doi.org/10.3969/j.issn.1004-731x.2003.z1.006

2003-01-01

Abstract:A program system is, in the first place, a physical system, which behaves in accordance with physical laws. But it is a common convention for parallel programming models to rely on state sequences in their mathematical semantic treatment. When a partially ordered state space is fully ordered by interleaving, misleading results may emerge in program property argumentation. Possible misleading results, i.e. deviations from real execution, can be revealed with the help of Petri Nets. These deviations are related to what is called conflict, contact, concurrency and confusion in Petri Nets. This paper analyzes such misleading situations in terms of Petri Nets.

Wei Dong,Ji Wang,Zhichang Qi,Ni Rong

DOI: https://doi.org/10.1109/aspec.2007.25

2007-01-01

Abstract:UML dynamic models are important for software analysis and design. Verifying UML dynamic models to find design errors earlier is a key issue for ensuring software quality. Because of the characteristics such as concurrency and hierarchy, model checking of UML Statecharts and collaboration diagrams faces the problem of state explosion. In this paper, UML Statecharts is firstly structurally expressed by hierarchical automata and its semantics for open systems is introduced. Then, the synchronization composition of objects in UML collaboration diagrams is expatiated, based on which the global system behaviors can be constructed. Based on hierarchical automata and simulation relation between semantics structures, the compositional rules for verifying concurrent object systems are proposed. It makes possible that the construction of global state space will be unnecessary in model checking of UML collaboration diagrams. The hierarchical structures of UML Statecharts are also brought into the compositional verification, which makes the model checking of implementation models can be carried out through replacing detailed components by abstract specifications.

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

IF: 16.6

2023-01-17

ACM Computing Surveys

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

computer science, theory & methods

Xuandong Li,Xiaokang Qiu,Linzhang Wang,Bin Lei,W. Eric Wong

DOI: https://doi.org/10.1145/1363686.1363781

2008-01-01

Abstract:In object-oriented programs, we often need to set some restrictions on the temporal orders of the message receiving for objects, which forms a class of safety requirements. In this paper, we use UML state machine diagrams as design specifications, and present an approach to runtime verification of Java programs, which is focused on the temporal order of message receiving based consistency verification between the behavior of state machine diagrams and the program execution traces. In the approach, we first instrument the program under verification so as to gather the program execution traces related to a given state machine diagram. Then we drive the instrumented program by random test cases so as to generate the program execution traces. Finally we check if the collected program execution traces are consistent with the behavior of the state machine diagram, which means that the temporal orders of the message receiving occurring in the program traces are consistent with the ones occurring in the state machine diagram. Our approach can be used to detect not only the program bugs resulting from the wrong temporal orders of message receiving, but also the imperfect state machine models constructed in reverse engineering for legacy systems, and leads to a testing tool which may proceed in a fully automatic fashion.

Nianhua Yang,Huiqun Yu,Hua Sun,Zhilin Qian

DOI: https://doi.org/10.1007/s11235-011-9424-5

2011-01-01

Telecommunication Systems

Abstract:Unified modeling language (UML) sequence diagrams combined with the UML profile for modeling and analysis of real-time and embedded (MARTE) systems are used to represent systems' requirements. To enhance formal analysis abilities, sequence diagrams annotated with MARTE stereotypes are mapped into timed colored Petri nets with inhibitor arcs (TCPNIA). The mapping rules for the fragments of sequence diagrams and MARTE stereotypes are proposed respectively. They are proposed both in graphical and formal forms. The soundness of mapping rules is analyzed. The data related issues are handled through colored properties in TCPNIA models, guard functions and operational functions. A mapping rule for state invariant is proposed based on data related information. Through state invariant, complicated control relations can be expressed. Formal definitions for morphing and substitution in TCPNIA models are given. They provide modular and hierarchical modeling methods for TCPINA models. To show the applicability and feasibility of our method, an application example in vehicular ad hoc networks (VANETs) domain is studied.

ZHANG Pin,LUO Gui-ming

2007-01-01

Journal of Computer Applications

Abstract:Unified Modeling Language(UML)is the most commonly used method in software system design and analysis,and how to verify that the UML model satisfies some properties is a very important issue.Model Checking is an efficient automatic technique for the improvement of system's reliability,and this paper is a research into how to check UML model through the Simple PROMELA Interpreter(SPIN)model-checker.After describing the UML model using formal method,we first used hierarchical automata to express statecharts diagram.In addition,we translated the statecharts and part of the class diagram into PROMELA based on the operational semantic of hierarchical automata,and verified the model by using Simple Promela Interpreter(SPIN)to test if it satisfied the LTL properties.We also verified the consistency between sequence diagram and statecharts diagram by using LTL formula to express sequence diagram.Finally,based on the method,we developed a model checker tool called UMLChecker.

Meixia Zhu,Hanpin Wang,Wei Jin,Zizhen Wang,Chunxiang Xu

DOI: https://doi.org/10.1109/compsacw.2010.38

2010-01-01

Abstract:The Sequence Diagram(SD) of UML2.0 enriches those of previous versions by two new operators, assert and negate, for specifying required and forbidden behaviors. The semantics of SD, however, being based on pairs of valid and invalid sets of traces, is inadequate, and prevents the new operators from being used effectively. The semantic confusions between assert and negate operators in UML SD are significant, since they pose great difficulty to the confirmation of the security of the system they designed. A new Petri-net model named LPNforSD is designed in this paper. Transformation rules from SD to LPNforSD are given out. We take fragment that described by assert or negate operator as independent part and transform it into LPNforSDs. An algorithm is also designed to check whether the SD is safe by comparing its traces with the traces getting from negate and assert fragments. By this way, we cannot only eliminate the semantic confusions between assert and negate operators, but also reduce the numbers of contingent traces. Thus, we can ensure the system more reliable.

DONG Wei,WANG Ji,QI Zhi-Chang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.07.070

2005-01-01

Computer Science

Abstract:Based on expressing UML Statecharts with hierarchical automata structurally, the paper defines the syn- chronous composition of concurrent objects in UML collaboration diagram. Then, the method and rules of composi- tional verification for concurrent object systems are studied based on the simulation relation between structures, which makes it possible that the global state graph is not needed in model checking and state explosion problem will be reduced.