evaluation of ocl for large-scale modelling
DESCRIPTION
Evaluation of OCL for Large-Scale Modelling. A Different View of the Mondex Smart Card Application. Emine G. Aydal, Richard F. Paige, Jim Woodcock University of York. AGENDA. Motivation Goal Modelling Mondex Modelling issues Validation Test case generation Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
1
Evaluation of OCL for Large-Scale Modelling
A Different View of the Mondex Smart Card Application
Emine G. Aydal, Richard F. Paige, Jim WoodcockUniversity of York
2
AGENDA Motivation Goal Modelling Mondex Modelling issues Validation Test case generation Conclusion
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
3
Alloy (MIT) Event-B (University of Southampton) OCL (University of Bremen) Perfect Developer (Escher Technologies) RAISE (Uni. of UN Macao and TUD) Z (University of York)Based on the monograph that outlined the specifications, refinement and proof details of Mondex in Z (Stepney and Woodcock)
Motivation MONDEX : Global e-payment scheme that offers
immediate transfer of value without signature or PIN in currencies allowed.
First Step in Grand Challenge Program Contribution of this study
Model the system from informal requirements by using semi-formal techniques
Perform model-based testing on formally-verified versions of Mondex
Assess the value added
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion
4
Goal
Test cases derived from models before development stage
Model-based testing of formally verified s/w
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion
5
Goal
Model Mondex by using UML and OCL Diagrams Invariants Pre/post-conditions
Validate the model through scenarios Explore the relationship between test case
generation and assertion-based scenarios
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
6
Modelling Mondex
No. Module Name
M1 Payment
M2 Logging
M3 Recovery
M4 Currency Management
M5 Operational Control
M6 Data Display and Customisation
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
7
Modelling Mondex
Modelling Language : UML enriched with OCL expressions
Tool : UML Specification Environment (USE)
Use case diagrams and use scenarios
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
8
Modelling Mondex
8 Classes 30 Invariants 31 Operations 197 Pre/post-conditions Traceability Matrix
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
9
Modeling issues
Constants Derived Parameters
May be fixed at a later stage in the development or during application loading
Currently no support for constants Example:inv iNoLanguages:
self.languages->size() <= cNoLanguages
Prefixed with ‘/’ in UML (‘_’ in USE) Supported by OCL Not integrated into the OCL tools Workaround : create invariants ensuring the correct
calculation of the derived attributesinv iNoUnusedException :
_NumberOfUnusedExceptions =
cNoException - exceptionlogs->size()
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
10
Modeling issues
Constants Derived Parameters Invariants Pre/post-conditions (assertions) No consistency check
Restricting invariants No tool support yet (OCL Compiler v2.0)
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
11
Modeling issues
Pre/Post-conditions State Checking
Self.OclInState(Unlocked)
Self.LockingState = ‘Unlocked’
Messaging: HasSent Operator (‘^’)post ChangePersonalCodePost1:
%Personal Code changes successfully
or
(PersonalCode = PersonalCode@pre
and Self^ChangeTheStateToLockedOut
and result = false)
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
12
Modeling issues
Pre/Post-conditions Frame Variables Set (FVS)
Distinct set of variables read/written by each operation Determination of these variables Management of the post values of these variables Assumption : All the variables not included in FVS of
an operation stay unchanged after the execution of that operation
No tool support
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
13
Validation of the model
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Overall Objective: The model behaves as expected when an instance of the model is executed under certain conditions. There is at least one instance of the model that
satisfies all the invariants. There is at least one instance of the model that
allows each operation to run successfully, i.e. preconditions and postconditions of the operation are satisfied and the instance does not conflict with any of the invariants.
14
Validation of the model
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Scenario: An instance of the model that serves a purpose, i.e. that satisfies a property.
Base object model : An initial, stable instance of the model that satisfies all the invariants.
Scenario structure Setting/creation of FVS Access the operation (Precondition check) Modification/Deletion of FVS Exit the operation (Postcondition check)
15
Validation of the model
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Creation of scenarios that validate operations Execution of scenarios Immediate feedback by the tool Drawback: Finding the set of frame variables
and their values in order to satisfy assertions of a certain operation
16
Test Case Generation
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Assertions ensure the correct functioning of operations. So why not using these critical points in test case generation?
Idea: Find scenarios that violates each assertion of each operation.
17
Test Case Generation
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Existing research: In order to validate a model, generate automatic snapshots of a model by using ASSL (A Snapshot and Sequence Language) in USE [Gogolla,2003]
Based on invariant conflict. Each invariant is addressed separately by feeding the
system with its reverse.
18
Test Case Generation
Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion
Additional information Scenarios that violate 197 assertions are already
created manually.
Future work Apply the technique described in [Gogolla,2003] for
invariants to assertions . Automate the generation of such scenarios Compare the results of manual and automatic
scenario generation Concretise scenarios into test scripts
19
Conclusion
Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion
Modeled a real life application by using OCL. The large number of invariants and assertions
provided us ideas in terms of features that needs to be added into OCL tools.
The scenarios are a way of validating your model. The fact that scenarios use artifacts of the model supports the validation process.
Test case generation and Validation are two processes that may have common grounds.
20
THANK YOU…
Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion