An Uml Activities Diagrams Translation Into Event B
Total Page:16
File Type:pdf, Size:1020Kb
AN UML ACTIVITIES DIAGRAMS TRANSLATION INTO EVENT B SUPPORTING THE SPECIFICATION AND THE VERIFICATION OF WORKFLOW APPLICATION MODELS From UML Activities Diagrams to Event B Leila Jemni Ben Ayed, Najet Hamdi and Yousra Bendaly Hlaoui Research Unit of Technologies of Information and Communication UTIC ESSTT 5, Avenue Taha Hussein, P.B. 56, Bab Menara, 1008 Tunis, Tunisia Keywords: Specification, Verification, UML, Event B, Workflow applications. Abstract: This paper exposes the transformation of UML activity diagrams into Event B for the specification and the verification of parallel and distributed workflow applications. With this transformation, UML models could be verified by verifying derived event B models. The design is initially expressed graphically with UML and translated into Event B. The resulting model is then enriched with invariants describing dynamic properties such as deadlock freeness, livelock freeness and reachability. The approach uses activity diagrams meta- model. 1 INTRODUCTION matical foundation for software. They increase the quality of distributed and parallel applications devel- Distributed and parallel applications are characterized opment and perform the reliability of the applications. by a high complexity. Increasingly, they became om- Regarding to the UML’s drawbacks and to the ca- nipresent in critical calculation domain. These ap- pacity of the formal methods to defeat such incon- plications need great care in their development and venient, it would be better to integrate formal method their implementation. They require an adequate soft- in the modeling process with UML. In this context, ware specification technique and a suitable develop- we provide a specification and verification technique ment method. The used specification formalisms need for workflow applications using UML activity dia- to be comprehensive, allowing communication be- grams (UML AD) and the event B method. The dis- tween developers and customers, expressive, and pre- tributed and parallel workflow application is initially cise. The semi-formal language UML (Jacobson and modeled graphically with an UML activity diagram. Booch, 1998) has become a standard notation for de- After that, the resulting graphical model is translated scribing analysis and design models of complex soft- into an Event B model. This allows developers to rig- ware systems. Developers and their customers intu- orously verify UML specifications by analyzing de- itively grasp the general structure of a model and thus rived B specifications. This paper addresses transla- have good basis for discussing system requirements. tion in event B of UML AD. The approach focus on UML is widely used for domain such as telecom- the activity diagrams meta-model (Group, 2003), we munications (Holz, 1997) and distributed web appli- transform different UML AD’s constructs their opera- cation (Conallen, 1999). Recently, UML has been tional semantic. The resulting model is then enriched used for modeling parallel and distributed applica- with invariants describing required properties to be tions (Pllana and Fahring, 2002). However, the fact checked (Safety, reachability, liveness) with a B tool. that UML lacks a precise semantic is a serious draw- Proof obligations are produced from events in order back of UML-based techniques. The implementation to state that the invariant condition is preserved in the of UML specifications often drags of important lee- initialization and by each event. The verification of way due to a wrong interpretation of these specifica- activity diagrams properties is done by analyzing de- tions. On the other hand, formal methods, including rived Event B specification; if these proofs succeed event B method that we deal with here, are the mathe- we can state that the graphical model is verified. This Jemni Ben Ayed L., Hamdi N. and Bendaly Hlaoui Y. (2010). 329 AN UML ACTIVITIES DIAGRAMS TRANSLATION INTO EVENT B SUPPORTING THE SPECIFICATION AND THE VERIFICATION OF WORKFLOW APPLICATION MODELS - From UML Activities Diagrams to Event B. In Proceedings of the 5th International Conference on Software and Data Technologies, pages 329-332 DOI: 10.5220/0003013003290332 Copyright c SciTePress ICSOFT 2010 - 5th International Conference on Software and Data Technologies paper is structured as follows. Section 2 presents the Rule 1. An activity diagram is translated into a B kernel of our proposal, it presents the proposed ap- model. proach UML AD and Event B. Section 3 discusses ActivityNode can be described by their type (ac- the interest of this approach for the verification and tion node, initial node, decision node .) and an at- the validation of distributed and parallel applications. tribute id to verify their uniqueness, consequently. This abstract class can be seen as a description of a set of objects identified by two attributes: id and 2 THE PROPOSED APPROACH type. We suggested so to translate an abstract class ActivityNode into an abstract set and all the derived classes are transformed into data included in this ab- The purpose of our approach is to produce a B spec- stract set. The most appropriate B expression is the B ification from a giving UML AD in order to verify record (Abrial, 1996). and check its dynamic properties (Bjorner, 1987) such as deadlock freeness. The proposed translation gives rec(ident1 : x;ident2 : y;;identn : t) not only a syntactical translation, but also a formal Where (x;y;::t;E1;E2;;EN) are respectively the semantic using the Event B method semantic. Conse- values and type of fields (ident1;ident2;identn). Since quently, we have to focus both on the activity diagram the derived nodes are identified by their identifier and and its meta-model in order to have a coherent trans- their type, we propose to specify two fields for the lation (Vidal, 2006). record: field Idnode to identify the node and field and Type to indicate its type. The abstract class is so trans- UML Activity Diagram + Meta‐model lated into the following B record: Identification of the static part of the resulting B specification by applying rules. Nodes = Struct(Id − node : integer;Type : String). Identification of the dynamic part of In that manner, each node is considered as the resulting B specification Step1 data record of Nodes and then is translated into B specification representing the Informal description of activity diagram. required properties. rec(Id = a;Type = b). Description of required properties in the Event B model. B constraints have to be proved on the obtained specification. Rule 2. The abstract class ActivityNode is trans- lated into a B record: Nodes = Struct(Id − node : Introduction of invariants describing required properties in the Event B model. Step2 integer;Type : String), in the clause DEFINITION of B specification representing the activity diagram and properties describing UML AD correctness. the B model, and having as elements the different Proving those properties using a B tool (B4free). nodes defined in the activity diagram that we aim to translate. The nodes are then translated into vari- Figure 1: Overview of the translation process. ables nodei, declared in the VARIABLES clause and typed in the INVARIANT clause: nodei 2 Nodes. The translation process illustrated in 1, proceeds The abstract class ActivityEdge is related with in three steps. The first one consists of identifying the the class ActivityNode by two relations: target body of the B specification from an UML AD by ap- and source. Hence, each edge has only one target plying a set of rules divided into structural rules and node and one source node. Besides to this relation, semantics ones. The second step enriches the result- the activity diagrams meta-model specifies other ing model by relevant properties that will be proved relation with the class ValueSpeci fication : guard, to in the third step using a B prover (Pllana and Fahring, indicate that an edge is carrying tokens or not. We 2002). The verification of these properties ensures the propose so to specify four fields to describe those correctness and the validation of the UML AD. relations:Id-edge, Id-source, Id-target and Ready to indicate if the edge is carrying tokens or not. 2.1 The Translation Approach: Step1 Rule 3. The abstract class ActivityEdge is translated The main goal of this step 1 is to translate an activity into a B record: Edges = (Idedge : integer;idsource : diagram into a B specification, this translation deals integer;Idt arget : integer;ready : boolean), declared with both the syntactical and semantics of UML in the clause DEFINITION of the B model, and hav- AD. The syntactical translation is based on the UML ing as elements the different edges defined in the ac- Activity diagram and its meta-model. We associate tivity diagram that we aim to translate. The edges to each activity diagram concept a translation rule are then translated into variables edgei, declared in describing its equivalent construction in event B. the VARIABLES clause and typed in the INVARIANTS clause: arci 2 Edges. 330 AN UML ACTIVITIES DIAGRAMS TRANSLATION INTO EVENT B SUPPORTING THE SPECIFICATION AND THE VERIFICATION OF WORKFLOW APPLICATION MODELS - From UML Activities Diagrams to Event B SYSTEM Mdl0Model0 DEFINITIONS Nodes==struct (id_node:I NTE GER ,T ype:IN TEG ER); Edges==struct(Id_node:INTEGER,Id_source:INTEGER, Id_target: INTEGER,ready:BOOL) EventFinal= SELECT (∃ x(x.( x∈Edges ∧ xxId’Id_ C= N ∧ xxready’ready=True)) THEN VARIABLES node1, node2, arc1 a12’ready:=False… END INVARIANTS node1∈Nodes ∧ node2∈Nodes ∧ arc1∈Edges INITIALIZATION nod1de1, nod2de2:= rec(1, AN), rec(2, AN)||arc 1:=rec(112FALSE)(1,1,2,FALSE); Rule 6. A final node N is interpreted as an event B having as structure: SELECT guard THEN substi- tutions END, where the guard consists of the predi- 0 0 The semantics translation focuses on the meaning cate Q = 9x(x 2 Edges ^ x Idt arget = N ^ x ready = of each concept. An action node is being executing True), while its substitutions denote the disabling of when all its incoming control and data tokens are all the edges.