Softw Syst Model DOI 10.1007/s10270-016-0530-4 EXPERT VOICE Road to a reactive and incremental model transformation platform: three generations of the VIATRA framework Dániel Varró1,2,3 · Gábor Bergmann1,2,3 · Ábel Hegedüs3 · Ákos Horváth1,3 · István Ráth1,3 · Zoltán Ujhelyi3 Received: 22 March 2016 / Revised: 21 April 2016 / Accepted: 23 April 2016 © The Author(s) 2016. This article is published with open access at Springerlink.com Abstract The current release of VIATRA provides open- 1 Software tools in systems engineering source tool support for an event-driven, reactive model transformation engine built on top of highly scalable incre- Model-driven engineering (MDE) plays an important role in mental graph queries for models with millions of elements the design of critical embedded and cyber-physical systems and advanced features such as rule-based design space in various application domains such as automotive, avion- exploration complex event processing or model obfuscation. ics or telecommunication. MDE tools aim to simultaneously However, the history of the VIATRA model transformation improve quality and decrease costs by early validation by framework dates back to over 16years. Starting as an early highlighting conceptual design flaws well before traditional academic research prototype as part of the M.Sc project of testing phases in accordance with the correct-by-construction the the first author it first evolved into a Prolog-based engine principle. Furthermore, they improve productivity of engi- followed by a family of open-source projects which by now neers by automatically synthesizing different design artifacts matured into a component integrated into various industrial (source code, configuration tables, test cases, fault trees, etc.) and open-source tools and deployed over multiple technolo- necessitated by certification standards (like DO-178C [117], gies. This invited paper briefly overviews the evolution of DO-330 [116] or ISO 26262[78]). the VIATRA/IncQuery family by highlighting key features Certain shares in the software tool market of systems engi- and illustrating main transformation concepts along an open neering are dominated by very few industrial tools (e.g., case study influenced by an industrial project. MATLAB Simulink, Dymola, DOORS, MagicDraw) each of which typically provides advanced support for certain Keywords Model transformations · Incremental evaluation · development stages (requirements engineering, simulation, Reactive transformations · Graph queries allocation, test generation, etc). To protect their intellec- tual property rights, these tools are of closed nature, which implies huge tool integration costs for system integrators (such as airframers or car manufacturers). On the other hand, recent initiatives (such as PolarSys, OpenModelica) have Communicated by Prof. Rumpe, Bernhard. started to promote open language standards and the system- atic use of open-source software components in tools for B Dániel Varró critical systems to reduce licensing costs and risks of vendor [email protected] lock-in. Certification standards of critical cyber-physical systems 1 Department of Measurement and Information Systems, Budapest University of Technology and Economics, Magyar require that software tools used for developing such critical tudósok krt. 2, Budapest 1117, Hungary system are validated with the same scrutiny as the system 2 MTA-BME Lendület Research Group on Cyber-Physical under design by software tool qualification [87,116], espe- Systems, Nádor utca 5, Budapest 1051, Hungary cially, when no further human checking is carried out on 3 IncQuery Labs Ltd., Bocskai út 77-79, Budapest 1117, the outputs of such tools. Software tool qualification dis- Hungary tinguishes between design tools which, by definition, may 123 D. Varró et al. introduce new errors to the system and verification tools 2 Motivating example which may fail to reveal existing errors of the system [87]or falsely reduce or simplify the verification process itself by As a motivating example, we investigate model deployment automation [116]. transformations for dynamic and self-adaptive systems fre- Unsurprisingly, software tool qualification is extremely quently considered in the context of smart cyber-physical costly due to high algorithmic complexity [97], tightly cou- systems (CPS) [92]. The source domain describes a high- pled architecture and unexpected feature interaction of such level generic infrastructure where applications (services) are tools [86]. In fact, many companies rather opt for using tools dynamically allocated to connected hosts. The target domain just as design aids to highlight errors quickly, and then, they represents low-level system deployment configuration with carry out the traditional verification and validation process stateful applications deployed on hosts. Traceability links by thorough simulation and testing [32,156]. Anyhow, sys- between the source and target models are also persisted as tematic software engineering techniques to simultaneously models to comply with traceability requirements of CPSs. improve quality and reduce the costs of software tool The full case study presents a complex challenge includ- qualification would be highly beneficial. Existing software ing (1) continuous validation of well-formedness constraints, engineering practices may guarantee the quality of the sys- (2) a model synchronization scenario, i.e., a model-to-model tem itself, but they frequently fail to ensure the quality of (M2M) transformation from the CPS model to a deployment the software tool used in systems engineering [141]. Fur- model and (3) a code generation scenario from the deploy- thermore, the rapid increase in the size and complexity of ment model to Java code. systems models introduces significant scalability challenges In a real design tool, some of these steps can be addressed for these tools [84]. by batch (on-demand) transformations which are initiated Software language engineering aims to provide founda- explicitly by the engineer, while others are defined as live tions, techniques and tools for domain-specific modeling (reactive) transformations which are triggered automatically languages to capture the models. Model transformation by certain changes in the underlying model. Some transfor- engineering aims to systematically develop queries and trans- mation steps can be target incremental which only update formations used in automated code generators, simulators or move target model elements instead of regenerating them or debuggers to process these models. Of course, seamless from scratch. Furthermore, source incremental transforma- integration of these techniques is needed when developing tion steps traverse or query exactly those source elements industrial tools. which are relevant for change detection and propagation The VIATRA open-source software project provides [68,123]. advanced support for incremental and reactive model trans- Due to data and control dependencies, the different trans- formations [20,141] built on top of incremental graph queries formation phases heavily depend upon each other. For to assist the systematic development of novel tools for sys- instance, continuous validation of constraints has to be tems engineering. This invited paper extends previous papers suspended, while a transformation is running; otherwise, [20,39,137,141,142,148] to provide an overview on the his- constraint violations may be unintentionally detected in an tory and evolution of the VIATRA model transformation incomplete state. In a traditional MDE toolchain, separate framework. It first started as part of the MSc research project tool features (e.g., plugins) would be used to describe the of the first author in 1999 [146,147], then evolved into a various phases, requiring an external orchestrator to facil- Prolog-based model transformation engine [39,148] (Sect. 3) itate the coordination. Complex features in real MDE tools followed by an open-source Eclipse project founded in 2005 (like model indexing or file operations) add further complex- [142] and used in various European projects (Sect. 4). Since ity to the integration of tool features. Needless to say that such 2010, the VIATRA family includes IncQuery [22,137] orchestrators are extremely hard to develop and debug. which supports the scalable incremental evaluation of graph queries over large models of heterogeneous technological Metamodels We present simplified fragments of the meta- spaces (Sect. 5.2). The current industrial release of VIATRA models in Fig. 1 to provide better focus for our paper. [20] (Sects. 5.3, 5.4) is a reactive and incremental transfor- The source (CPS) domain (Fig. 1a) contains classes (nodes) mation engine built on top of graph queries following several HostInstances and AppInstances, respectively, typed by principles of reactive programming [13] and active data- HostTypes and AppTypes as denoted by the corresponding bases [106]. We overview the main features of each major instances references (edges). AppInstances are allocated release along an open case study influenced by an indus- to a HostInstance captured by allocatedTo references. trial project (Sect. 2) which uses reactive transformations for In the target (Deployment) domain (Fig. 1b), Deploymen- model-based deployment with run-time models. We present tHosts and DeploymentApplications are derived from their selected academic and industrial applications of the VIATRA counterparts in the CPS model, but hosted applications are family and summarize related work in a historical