Inter-association Constraints in UML2:Comparative Analysis, Usage Recommendations,

and Modeling Guidelines

Azzam Maraee1,2 and Mira Balaban2?

1 Deutsche Telekom Laboratories, Ben-Gurion University of the Negev, ISRAEL2 Computer Science Department, Ben-Gurion University of the Negev, ISRAEL

mari@cs.bgu.ac.il, mira@cs.bgu.ac.il

Abstract. UML specification is verbal and imprecise, the exact mean-ing of many class diagram constructs and their interaction is still obscure.There are major problems with the inter-association constraints subsets,union, redefinition, association specialization, association-class special-ization. Although their standard semantics is ambiguous and their inter-action unclear, the UML meta-model intensively uses these constraints.The paper investigates the semantic implications of the above inter-association constraints, their interaction with other constraints, and im-plied correctness problems. Based on this study, we present a comparativeanalysis of these constraints, that includes characterization, and refersto complexity factors, and usefulness aspect. This analysis yields recom-mendations concerning the semantics and usefulness of the constraints.In addition, we present modeling guidelines for users. To the best of ourknowledge, this is the first all inclusive analysis of the inter-associationconstraints in UML2.

1 Introduction

UML 2 [1] introduces several new constraints, property subsetting, property unionand property redefinition for inter-property relationships, and widely uses themin the definition of its meta-model. The new constraints add up to the previousconstraints association specialization and association-class hierarchies, to formthe set of inter-association constraints. These constraints are important due totheir role in the meta-model, in defining new modeling languages [2] and in realdomains such as configuration management.

Inter-association constraints present a computational complexity problem.Artale et al. [3] shows that reasoning about consistency of class diagrams withinter-association constraints is an ExpTime problem. Dropping the complete,association-class hierarchy and association specialization constraints decreasesthe complexity to NP.

? Supported in part by the Paul Ivanir Center for Robotics and Production Manage-ment at Ben- Gurion University of the Negev

The semantics of inter-association constraints as described in the meta-modelis ambiguous, their inter-relationships are obscure, and some constraints havecontradictory interpretations. The subsetting, redefinition, association special-ization and union have been studied in [2, 4–11]. These works try to settle varioussemantic issues, but did not reach a semantic agreement. An overall considera-tion of all constraints, including association-class hierarchy, is still missing.

This paper presents an observable-based approach for investigating the inter-association constraints in UML2. The observables are properties of the con-straints, for which there is a general agreement among the researchers. Westudy possible interpretations of the inter-association constraints, following threecriteria: (1) preservation of observables; (2) minimizing contradiction with themeta-model; (3) consistency with the selected semantics of other UML con-straints. In addition, the paper investigates the semantic implications of theinter-association constraints, their interaction with other constraints, and im-plied correctness problems. The results of the investigation have been added toour ongoing anti-pattern catalog of class diagram correctness patterns [12], andfor extending the FiniteSat [13] tool to apply to these constraints.

Based on this study, we present a comparative analysis of these constraints,referring to complexity factors, and usefulness aspect. This analysis yields rec-ommendations for standard semantics, and modeling guidelines. To the bestof our knowledge, this is the first all inclusive analysis of the inter-associationconstraints in UML2.

Section 2 formally defines the UML class diagram model. Sections 3-5 studythe inter-association constraints, subsetting, redefinition, association specialisa-tion and association class hierarchy respectively; Section 7 presents a compara-tive analysis of these constraints; Section 8 presents recommendations and Sec-tion 9 concludes the paper. Due to space limitation, we omit the union constraintfrom this paper.

2 Background

A class diagram is a structural abstraction of a real world phenomenon. Themodel consists of basic elements, descriptors and constraints. This section definesthe abstract syntax and the semantics of the class diagram without the inter-association constraints. Our definitions follow the works of [2, 14]. We use aproperty oriented abstract syntax, since it enables a better formulation of thesemantics of inter-association constraints. Inter-association constraints will beaddressed separately in the latter sections.

Abstract syntax A class diagram is a tuple 〈C,P,A, props, propsac, source, target,Constraint〉 where

– C is a set of class symbols.– P is a set of property symbols (sometimes called association ends). Prop-

erty symbols denote mappings derived from their associations. Ordering anduniquness constraints are not discussed in this paper [15].

– A is a set of association symbols.

– props : A → P × P is a 1:1 assignment of different properties to associationsymbols. For an association a, props(a) 6= 〈p, p〉. For a property p, there isa unique a ∈ A, such that props(a) = (p, ∗) or props(a) = (∗, p), where * isa wild card. We write assoc(p) or assoc(p1, p2) for the association of p or of(p1, p2), and props1(a), props2(a) for the two properties of a.

– source : P → C and target : P → C are 1:1 mappings of properties toclasses such that for an association a with props(a) = (p1, p2), target(p1) =source(p2) and target(p2) = source(p1). In Figure 1, target(p1) = source(p2) =A and source(p1) = target(p2) = B.

Fig. 1: Visualization of a binary association

– AC is a set of association-class symbols.– assocAC : AC → A is a 1:1 assignment of association symbols to association

class symbols. For an association class C, pairsC is a mapping betweenobjects of C to object-pairs of assocAC(C).

– Constraint is a set of constraints as follows:

1. Multiplicity constraints on properties: mul : P → (N ∪{0})×(N ∪{∗}) as-signs multiplicity constraints to property symbols. For simplicity we usea compact symbolic representation, where association a in Figure 1 is de-noted a(p1 : A[ m1, n1], p2 : B[ m2, n2]). The functions minMul : P →{N∪{0}} and maxMul : P → {N∪{∗}} give the minimum and maximummultiplicities assigned to a property, respectively.

2. Aggregation and Composition: Two unary relationships on the set ofproperty symbols denoted by pa and pc respectively. Visually, composi-tion is shown by a filled diamond adornment on the composite associationend while aggregation is shown as an open diamond.

3. Class-hierarchy: A non-circular binary relationship ≺ on the set of classsymbols: ≺ ⊆ C×C. Henceforth we use the notation C2 ≺ C1, where C1

is the superclass and C2 is the subclass (also called direct-descendant).The weak version of ≺ is denoted �, which is “≺ or equal“. The reflexivetransitive closure of ≺ is called the descendant relation, and denoted ≺∗.Its irreflexive version is denoted ≺+. .

4. Generalization-set (GS ) constraints: GS is an (n + 1)-ary relationshipon C, for n ≥ 2. An element 〈C,C1, . . . , Cn〉 in GS must satisfy:For i, j = 1..n, i 6= j, (1) C 6= Ci; (2) Ci 6= Cj ; (3) Ci ≺ C.C is called the superclass and the Ci-s are called the subclasses. Elementsof GS maybe associated with a constraint const ∈ {〈disjoint〉, 〈overlapping〉,〈complete〉, 〈incomplete〉, 〈disjoint, complete〉, 〈disjoint, incomplete〉,〈overlapping, complete〉, 〈overlapping, incomplete〉}. We use the sym-bolic representation GS(C,C1, . . . , Cn; const) for GS constraints. Note

that an unconstrained GS is redundant, as it specifies only class hierar-chy constraints.

Semantics: The standard set theoretic semantics of class diagrams associatesa class diagram with instances I, that have a semantic domain and an extensionmapping, that associates syntactic symbols with elements over the semantic do-main. For a symbol x, xI is its denotation in I.Symbol denotation:– Class: For a class C, CI , the extension of C in I, is a set of elements in the

semantic domain. The elements of class extensions are called objects.– Property: For a property p, pI is a multi-valued function from its source

class to its target class: pI : source(p)I → target(p)

I.

– Association: For an association a, aI , the extension of a in I, is a binaryrelationship on the extensions of the classes of a. If props(a) = (p1, p2), thenpI1 and pI2 are restricted to be inverse functions of each other: pI1 = (pI2)−1.The association denotes all object pairs that are related by its properties:aI = {(e, e′) | e ∈ target(p1)

I, e′ ∈ target(p2)

I, e′ ∈ pI2(e)}. The elements

of association extensions are called links.– Association class: For an association-class C, CI is a set of elements in

I and pairsCI : CI → (assocAC(C))

Iis a 1:1 and onto mapping. Further-

more, an object e ∈ CI is mapped to at most a single pair of objects in anassociation.

The semantics of the constraints with respect to an instance I:

1. Multiplicity constraints on properties: For a property p, pI is restrictedby the multiplicity constraints. For every e ∈ source(p)

I, minMul(p) ≤

|pI(e)| ≤ maxMul(p). The upper bound is ignored if maxMul(p) = ∗.2. Aggregation: An aggregation denotes two constraints:

– Irreflexivity : For e ∈ source(pa)I , paI(e) 6= e;– Transitivity on the aggregation relation.

Together, these constraints imply antisymmetry :

For aggregation properties pa1 , . . . , pan, such that

target(pai ) = source(pai+1), i = 1, n− 1, if e ∈source(pa1)I , then pan

I(pn−1aI(. . . (pa1

I(e)))) 6= e.3. A composition is an aggregation with two additional constraints:

– A composition property pc is not multi-valued;– multi-composition constraint:

For composite properties pc1, pc2 such thatsource(pc1) = source(pc2), if e ∈ source(pc1)I , then pc1(e) = pc2(e).

4. Class-hierarchy constraints: Class hierarchy constraints denote subsetrelations between the extensions of the involved classes. That is, for C1 ≺ C2,C1

I ⊆ C2I .

5. GS constraints have the following meaning:(a) disjoint: CI

i ∩ CIj = ∅,∀i, j

(b) overlapping: For some i, j, it might be CIi ∩ CI

j 6= ∅

(c) complete: CI =n⋃

i=1

CIi

(d) incomplete:n⋃

i=1

CIi ⊆ CI

A legal instance of a class diagram is an instance that satisfies all constraints.A class diagram is consistent or satisfiable if it has a legal instance with non-empty class extensions, and is finitely satisfiable if it has a finite non-emptyinstance [16–20, 13, 14].

3 Subsetting constraint

Subsetting is a basic inter-association constraint, quite popular in the UMLmeta-model. It is defined between two properties (association ends), constrain-ing one to be a sub-mapping of the other. Figure 2 includes two subsettingconstraints: The presentation property subsets the paper property, and the pre-senter property subsets the author property. The constraints state that a paperpresented by an author must be a paper of the author, and the presenter of anaccepted paper is also the author of that paper.

Fig. 2: A class diagram with subsetting constraints (Based on [21])

Subsetting is syntactically denoted by a binary relation on the set of prop-erty symbols: ≺ ⊆ P × P. p1 ≺ p2, stands for “p1 subsets p2”. p1 istermed the subsetting property, and p2 is termed the subsetted end. In Fig-ure 2, presentation ≺ paper and presenter ≺ author. The UML specifica-tion imposes the following constraints on p1 ≺ p2: source(p1) ≺∗ source(p2),target(p1) ≺∗ target(p2) and maxMul(p1) ≤ maxMul(p2).

Subsetting is the only inter-association constraint for which there is an overallagreement about its semantics. For p1, p2 ∈ P, p1 ≺ p2 states that p1 is a sub-mapping of p2, i.e., for a legal instance I, e ∈ source(p1)I implies p1

I(e) ⊆p2

I(e).Semantic properties of the subsetting constraint: Let p1, p2 ∈ P, p1 ≺ p2,and I a legal instance. Then:

1. Symmetry: [2, 5] p−11 ≺ p−12 .2. Association inclusion: [5] assoc(p1)I ⊆ assoc(p2)I . Furthermore, the meta-

model [1] states that subsetting implies association specialization (see section5).

3. [5]: If minMul(p1) > minMul(p2), there exist an object e ∈ source(p2)I

such that |pI2(e)| ≥ minMul(p1).

3.1 Interaction with Other Constraints

The interaction of the subsetting constraint with other constraints can causevarious correctness problems. Below, we analyze some problems, and point thereader to our catalog [12] for other problems.

A finite satisfiability problem due to conflicts with multiplicity constraints: Con-sider Figure 3. In every legal instance I, for e ∈ CI , |bI3(e)| = 2, and also bI3(e) ⊆bI1(e). But, the multiplicity constraints on association r dictate |AI | = |BI |, im-plying that either I is an infinite instance or |bI1(e)| = 1. Therefore, the diagramdoes not have a finite non-empty legal instance, implying that the diagram is notfinitely satisfiable3. This example shows how the surrounding context of prop-erties can affect the correctness of the diagram. For other conflicts of subsettingwith multiplicity constraints, such as in presence of qualifier constraints, consult[12].

A B

C D

1

a1

q 1..2

b1

1 a2

r

1b2

1

a3 {subsets a1}s 2

b3 {subsets b1}

Fig. 3: A finite satisfiability problem due to interaction between subsetting andmultiplicity constraints

Correctness problems due to conflicts with aggregation/composition constraints:Aggregation/Composition constraints are frequently used in the metamodel andin conceptual modeling. We analyze here only consistency problems caused byinteraction with subsetting. For more finite satisfiability problems consult [12].

Figure 4a presents a consistency problem due to composition cycles (noticedby [2]): In every legal instance I, for e ∈ BI

1 , pc1I(qc2

I(e)) = e. Figure 4b has thesame consistency problem, but the composition cycle is caused indirectly, dueto interaction with the subsetting constraints.

Claim 1 generalizes the result of [2] for indirect composition cycles.

Claim 1 Let p, q, r ∈ P, where r ≺∗ p and r−1 ≺∗ q. Then, p and q are notboth composition properties.

Proof. (Sketched) Assume by contradiction that both p and q are composi-tion properties (denoted, for clarity pc, qc). Let I be a legal instance and e ∈source(r)I , such that pcI(e) 6= ∅. Then, rI(e) = pcI(e), and r−1

I(rI(e)) =

qcI(rI(e)) (due to subsetting and composition), imply r−1I(rI(e)) = e. There-

fore, qcI(pcI(e)) = e, i.e., a composition cycle. Consequently, at most one of por q can be a composition property.

3 A different way to describe this problem is noting that the r, q association cycle im-plies that the maximum multiplicity 2 on b1 is not realized in any legal finite instance,i.e., the multiplicity constraint on b1 is not tight. But, tightening maxMul(b1) to be1 creates a consistency problem in finite legal instances.

(a) (b)

Fig. 4: Consistency problems due to subsetting and (indirect) composition cycles

Induced constraints, due to interaction with disjoint GS constraints: The subset-ting constraint affects disjoint GS constraints on parallel hierarchies, as demon-strated in Figure 5. The subsetting constraints induce a disjoint constraint onGS(A,A1.A2), and therefore the diagram is incomplete. In order to see that,let I be a legal instance, and assume that there exists e ∈ AI

1 ∩ AI2. Then,

|pI1(e)| = 1, |pI2(e)| = 1 and pI1(e) ∩ pI2(e) = ∅. The subsetting constraints imply(pI1(e) ∪ pI2(e)) ⊆ pI(e), which further implies |pI(e)| ≥ 2, in contradiction tothe maximum multiplicity constraint on p. Therefore, AI

1 and AI1 are disjoint in

any legal instance. Claim 2 generalizes the result.

Fig. 5: Interaction of subsetting with disjoint constraint

Claim 2 Assume that a class diagram includes a GS constraint GS(B,B1 . . . , Bn;disjoint), and properties pi ≺ p such that target(pi) ≺∗ Bi, for i = 1, n.Then, if for every i, j, i 6= j, minMul(pi) + minMul(pj) > maxMul(p),the class diagram entails the induced GS constraint GS(source(p), source(p1),. . . , source(pn); disjoint).

Proof. Assume by contradiction that there exists a legal instance I with anobject e such that for some i 6= j, e ∈ source(pi)

I ∩ source(pj)I . Then, since

target(pi)I and target(pj)

I are disjoint, |pIi (e)∪pIj (e)| ≥ minMul(pi)+minMul(pj) >

maxMul(p). But, pIi (e)∪pIj (e) ⊆ pI(e), implying |pI(e)| > maxMul(p), in con-tradiction to the multiplicity constraint. A special case of this claim involvesproperties pi for which minMul(pi) = maxMul(p).

4 Property redefinition constraint

Property redefinition, like subsetting, is a constraint that is imposed betweenproperties, and is frequently used in the meta-model. It can refer to several

property characteristics like name, time, visibility, multiplicity, type [22, 1], ofwhich we discuss only type and multiplicity constraints.

(a)

GraduateStudent

Student

GraduateCourse

Course-register

1..*

{redefines register}

-gregister

4

(b)

Fig. 6: Class diagrams with redefinition constraints

Figure 6 demonstrates type and multiplicity redefinition constraints. In Fig-ure 6a, property tacourse redefines the multiplicity constraint of property course.It restricts a teaching assistant to teach exactly one course, although Academicemployees can teach up to three courses. In Figure 6b, property gregister rede-fines the type and multiplicity of property register. It restricts a graduate studentto register to exactly four graduate courses instead of to any number of generalcourses.

Redefinition is syntactically denoted by a binary relation on the set of prop-erty symbols: B⊆ P × P. p1 B p2, stands for “p1 redefines p2”. p1 is termedthe redefining property and p2 is termed the redefined property. In Figure 6a,tacourse B course.

The UML specification imposes the following constraints on p1 B p2: source(p1)≺+ source(p2), target(p1) ≺∗ target(p2), minMul(p1) ≥ minMul(p2) andmaxMul(p1) ≤ maxMul(p2). In addition, since the class hierarchy relation isacyclic (constraint 2 in [1, p. 52]), redefinition is also acyclic.

The semantics of redefinition, as explained in the metamodel [1, 23], is unclearand contains contradictory statements. Three different interpretations have beendiscussed in the literature [4, 2, 7, 8, 10, 9], with no single agreement. We considereach separately, and then present criteria for selecting one. Let p1, p2 ∈ P, p1 Bp2. The interpretations are:

1. Single association (refinement) semantics: [24, 5, 9] p2 values on source(p1)are restricted to be in target(p1), i.e., for a legal instance I, e ∈ source(p1)I

implies p2I(e) ∈ target(p1)I and minMul(p1) ≤ |p2I(e)| ≤ maxMul(p1).

The redefining association aassoc(p1) is ignored, and is not treated as anindependent association.

2. Overriding (covariant) semantics: [2, 7] The redefined property p2 isnot defined on source(p1), i.e., for a legal instance I, pI2 : source(p2)I −source(p1)I → target(p2)I .

3. Subsetting semantics: [8, 10, 6] The redefined property p2 is restrictedto be the redefining property p2 on source(p1), i.e., for a legal instance I,e ∈ source(p1)I implies p2

I(e) = p1I(e). According to this interpretation,

redefinition strengths the subsetting constraint with additional constraints.

In order to recommend a semantics for adoption, we single out observablesof redefinition, i.e., characteristics that are agreed by most interpretations. Our

criteria for semantics selection involve (1) preservation of observables; (2) min-imizing contradiction with the meta-model; (3) consistency with the selectedsemantics of other UML constraints.Redefinition observables: Let p1 B p2, and let I be a legal instance. The fol-lowing two properties seem to characterize most texts that discuss redefinition:

1. Type redefinition: For object e ∈ source(p1)I , p2I(e) ∈ target(p1)I .

2. Multiplicity redefinition: For object e ∈ source(p1)I , maxMul(p1) ≤|p2I(e)| ≤ maxMul(p1)

The single association semantics satisfies the observables. Therefore, we considerthe other two criteria. We suggest to reject this semantics since it ignores theredefining association, practically treating it as removed. The problem is thatthe meta-model [1], states that redefinition entail association specialization, im-plying that the redefining association has a role in the diagram. Besides, thissemantics ignores the p−11 property, including its possible associated constraints,like multiplicity, qualifier, composition and subsetting constraints.

The overriding semantics does not satisfy the observables. Besides, under thissemantics, subsetting and redefinition contradict each other. But, the combina-tion of redefinition and subsetting on the same property occurs in the meta-model(e.g., Figure 12.21 on [1, p. 307]). In addition, covariant subtyping is problematicsince a client of source(p2), when actually holding an object from source(p1),expects the p2 property to be applicable [25, 4].

The subsetting semantics satisfies the observable, and is consistent with theUML meta-model and with other inter-relationship constraints. In particular,it entails subsetting. Therefore, we suggest adopting it as the semantics of theredefinition constraint.

note: Unlike subsetting, redefinition is not necessarily symmetric. That is, of phas a redefinition constraints, then p−1 is not necessarily a redefinition property.

5 Association Specialisation

Association is a classifier, and therefore can be specialized by another associa-tion. Like class hierarchy, association specialization appears in early versions ofUML, with an inclusion semantics. Figure 7 show an association specializationbetween the special authorization and the authorization associations. It enforcesan external user with a special authorization access to some wireless network, tohave a regular user authorization to the same network. Association specializationis cognitively complex, and is not frequently used.

User

ExternalUser

Wireless

InnerUser

SpechialAuthorization

Authorization

Fig. 7: Association Specialisation

Association specialization is syntactically denoted by a binary relation on theset of association symbols: ≺⊆ A × A. a1 ≺ a2 stands for “a1 specializes a2”.a1 is the super-association and a2 is the sub-association. The UML specificationconstrains association specialization to be acyclic and requires hierarchy amongthe involved classes. That is, for a1 ≺ a2, with props(ai) = (p′i, p

′′i ), i = 1, 2,

source(p′1) ≺∗ source(p′2) and source(p′1) ≺∗ source(p′2). This causes the prop-erties of the associations to be covariant, which is problematic for subtyping. Inaddition, see below for problems of property correspondence.

Although association specialization is an earlier concept, its semantics is stillunsettled. The UML specification includes two references to its semantics. Inone place, association specialization is given a generalization semantics, whichimplies an inclusion relation between the instances of the involved associations.In another place, it is given a specialization semantics which implies intentionalrelationship between the related associations.

Observable of association specialisation: Let a1 ≺ a2 and let I be alegal instance. Then, aI1 ⊆ aI2.

The inclusion observable reveals an inherent problem in the syntactic speci-fication of association specialization: It neglects the correspondence between theproperties of the association. Therefore, it does not provide sufficient informa-tion as to the order of the objects in included pairs. Figure 8 presents two legalinstance diagrams for the class diagram in Figure 8a. In both instances, sp1 is amanager and sp2 is a special. The difference is that in Figure 8b, sp1 is a grantorand sp2 is a grantee, while in Figure 8c sp1 is a grantee and sp2 is a grantor.The problem is that the association specialization syntax is lacking – it does notspecify correspondences between the properties of the sub-association and thesuper-association. We return to this point after the discussion of the semantics.

Fig. 8: An association hierarchy between two reflexive assiciations

Four possible interpretations for association specialization appear in the lit-erature:

1. Inclusion semantics: [21, 3] Association specialization is interpreted as theinclusion observable.

2. Covariant semantics: [26, 27] This approach considers association special-ization as redefinition on the two properties of the sub-association, with theoverriding (covariant) semantics.

3. Redefinition semantics [28, 22, 29]: Association specialization is equiva-lent to redefinition constraints on both properties of the sub-association.

4. Subsetting semantics: [8, 10, 6] Association specialization is equivalent tosubsetting constraints on the properties of the sub-association.

The inclusion semantics has the property correspondence problem. The covariantsemantics relies on a redefinition semantics that does not satisfy the observablesof redefinition, and therefore also does not satisfy the observable of associationspecialization. The redefinition semantics implies that association specializationentails subsetting. But, since the meta-model specifies that subsetting entailsassociation specialization [1], the conclusion is that association specialization isequivalent to subsetting, which is the third and most popular semantics.

In order to fully specify the subsetting semantics of association specializa-tion, the syntax should be strengthened to include specification of property cor-respondence as subsetting constraints. For example: specialAuthorization ≺authorization with manager ≺ grantor and sp ≺ grantee.

Association hierarchies with generalization set constraints: The metamodel al-lows defining GS constraints with association specializations. Generalization setconstraints over association specialization or association class hierarchies havebeen used in the translation of description logic into UML [18].

The syntax is similar to the syntax of the generalization set above classes:GS(a, a1, . . . , an; const), ai ≺ a where const is one of the GS constraints definedfor classes. The semantics of GS constraints over associations is similar to that ofGSs over classes. While association specialization without GS constraint can bereplaced by subsetting constraints, GS constraints require the explicit presenceof association specialization.

The interaction of association specialization with association GS constraintsand with other constraints yields correctness and quality problems that are an-alyzed in [12].

6 Association-class Hierarchy

Association class is defined in [1] as a sub-class of the classifiers Association andClass, and therefore it can be specialized by another association class. Associ-ation classes appear frequently in the translation of description logics to classdiagrams, but in other domains its usage is rare. Syntactically, it is a binaryrelation on the set of association class symbols: ≺⊆ AC ×AC.

The semantics of association-class hierarchy has received little attention inthe literature and its definition in the metamodel is unclear. Its intuitive seman-tics is a mixture of the semantics of class generalization and association special-ization, and can be interpreted in different ways. Three criteria, from which wederive the observables, seem to characterize association-class hierarchy:

1. Class generalization: The sub-association-class denotes a subset of thesuper-association-class denotation.

Fig. 9: Association class hierarchy

2. Association specialization: The sub-association is a specialization of thesuper-association.

3. Association class: The association-class nature of the association-classesis not violated.

Observables of association-class hierarchy:

1. No-double-pair: An object of the sub-association-class C does not identify(through the pairsC mapping) two different pairs, one in the sub-associationand one in the super-association (as demonstrated in Figure 10a).

2. No-double-object: A pair of objects in the sub-association is not iden-tified by two different objects of the sub-association-class and the super-association-class (as demonstrated in Figure 10b).

3. Association subsetting: The sub-association satisfies subsetting constraintswith respect to the super-association. Note, that this observable implies thatproperty correspondence between the sub and super associations is settled,and the sub-association inherits the multiplicity constraints of the super-association4.

(a) An object identifis 2 pairs (b) 2 objects identify a pair (c) Recommended

Fig. 10: Instances of Figure 9 according to three possible interpretations

Possible interpretations for association-class hierarchy can be considered:

1. Class-hierarchy semantics: The hierarchy constraint affects only the as-sociated classes, with no reference to the association of the association-class.

2. Class-hierarchy + subsetting semantics: The class hierarchy constraintis strengthened with subsetting between the involved associations.

4 Some versions of the USE system [30] do not satisfy this observable.

3. Class-hierarchy + subsetting + single-mapping semantics: The classhierarchy and subsetting constraints are strengthened by a requirement fora single pair identification for objects in the sub-association-class: For asso-ciation classes C1 ≺ Cc, and a legal instance I, (pairsIC2

)/CI1

= pairsIC1.

The class-hierarchy semantics does not satisfy the no-double-pair observable,and the subsetting observables. The class-hierarchy + Subsetting semantics doesnot satisfy the no-double-object observable. The class-hierarchy + subsetting +single-mapping semantics satisfies all three observables (Figure 10c demonstratesthis semantics), and therefore is recommended as most appropriate.

Interaction with other constraints is omitted, for lack of space.

7 Comparative analysis of Inter-Association ConstraintsCharacterization: Syntax and Semantics Subsetting and redefinition areconstraints between properties, association specialization is a constraint be-tween associations and association-class hierarchy is a constraint between theassociated-classes. The semantic characterization covers several aspects:

1. Expressive power: Subsetting and association specialization are equiva-lent; redefinition entails subsetting and association-class hierarchy entailsassociation specialization.

2. Symmetry: Subsetting is symmetric with respect to the association onwhich it is imposed, while redefinition is not.

3. Semantics variation status: Subsetting has an overall agreement about itssemantics. The semantics of redefinition is still controversial. There is dis-agreement between the three interpretations, termed “single association”,“covariant” and “subsetting”. We have shown that the first two are notconsistent with the meta-model. The semantics that we recommend for as-sociation specialization, i.e., subsetting, is widely accepted, although its in-tentional aspect is still unclear. The semantics of association-class hierarchiesis hardly addressed.

Complexity factors:Inter-association constraints raise several complexity issues with respect to modelevaluation and modeling activity. Cognitive complexity is a modeling activityfactor that refers to the mental burden that people (e.g. analysts, designers, de-velopers, etc.) experience when building, validating, verifying or using models[31, 32]. Design problems and structural complexity are model evaluation fac-tors. Design problems refer to correctness and quality of models, and structuralcomplexity refers to the inter-relationships between model elements [31, 32].

Design problems All inter-association constraints cause correctness and qual-ity problems due to their complex interaction with other constraints. The com-plex interaction can be local or global, and involves the associated classes, whichare already constrained among themselves.

Structural and Cognitive Complexity Structural and cognitive complexity[31] are widely recognized as factors that affect model understandability. Struc-tural complexity affects cognitive complexity, which reduces understandability

[32]. Empirical studies show that class diagram complexity is an indication forcognitive complexity and external quality attributes such as maintainability andmodifiability [33]. For example, deep class hierarchies decrease understandability.

The effect of inter-association constraints on the structural properties of classdiagrams has been not studied yet. We hypothesize that they increase cognitivecomplexity and reduce model understandability, for the following reasons:1. Global inter-relationships: The association ends that are involved in a

constraint can appear in a far distance from each other (high hierarchy depthin association class/association specialization). This occurs frequently in themeta-model, where finding a subsetted property might require high naviga-tion skills through multiple meta-model diagrams.

2. Induced constraints: The amount of induced constraints due to interac-tion with other constraints is quite high. Identification of induced constraintsrequires understanding of indirect relationships between constraints, some-times within a large scope (e.g. identifying indirect composition cycles).

Visual aspect The visual representation of model element affects its cognitivecomplexity. Good visual representations enjoy the cognitive effectiveness prop-erty, i.e., the ability to directly clarify cognitive to visual translations [34].

– Subsetting and Redefinition: Their visual notations of are textual, anddo not rely on efficient cognitive processes [34]. Their major problem is thattheir notations have a global scope, that might be the entire class diagram.Besides, the syntax {subsets x} or {redefines x} does not indicate whichclass is related to property x. additional issues are that subsetting and re-definition notations do not show the relationship between the super andsub-associations, and subsetting does not reflect its symmetric nature.

– Association Specialization and Association-Class Hierarchy: The vi-sual notation of association specialization and of association-class hierarchyis intuitive because it directly specifies the involved associations. Its visualnotation indicates its semantic properties of the constraint: transitivity, ir-reflexivity, and asymmetry [34, 35]. The visual notation, however, does notshow the subsetting relationship between the association ends, which in-creases clarity but creates redundancy. In complex structures, associationspecialization might create edge crossings, that decreases understandability.

Usefulness Subsetting, union, and redefinition are frequently used by the meta-model, in that frequency order. Association specialization and association-classhierarchy are not used. Description logics use association specialization andassociation-class hierarchy in translations to UML.

8 Recommendations and guidelines for usinginter-association constraints

Semantics decisions

1. Redefinition: We suggest strengthening the meta-model to include the en-tailment relationship between the redefinition and subsetting constraints,and the symmetry of subsetting. Furthermore, the meta-model can be sim-plified, by removing combined specification of subsetting and redefinition.

2. Association-class hierarchy and Association specialization: We rec-ommend (1) enforcing specification of subsetting constraints; (2) modifyingthe meta-model so that association specialization do not entail class hierar-chy between the associated classes.

3. Visual decisions: We suggest updating the visual representation of sub-setting and redefinition to include information about the classes. A possiblerepresentation is {subsets C.p}, where C = source(p).

Modeling Guidelines and recommendations

1. Overuse of inter-association constraints, as in the meta-model, increasesstructure complexity, cognitive complexity, and the number of induced con-straints and correctness problems.

2. (a) Since subsetting is symmetric, define subsetting on both properties ofan association, unless there is a redefinition constraint. This can decreaseambiguity, where a reader may conclude that one property includes moreconstraints than the other.(b) In case of redefinition on both properties of an association, subsetting isredundant since redefinition entails subsetting. Combining it with subsettingcan confuse.(c) If only one property of an association includes a redefinition constraint,adding subsetting on the other property may increase understandability.

3. Avoid subsetting/redefinition of properties in far distance. This can help indiscovering the design problems caused by these constraints. We recommenddefining subsetting/redefinition constraints on a property in an ascendingorder according to their distance in the hierarchy of the associated classes.

4. Involving inter-association constraints with GS constraints is a potential ofdesign problems.

5. Association-class hierarchy and association specialization: The semantics ofassociation-class hierarchy is not intuitive, while association specializationis equivalent to subsetting. Both constraints require subsetting constraintsand their visual notation in complex hierarchy structures is obscure.Therefore, we recommend using these constraints only if they are part of GSconstraints (on classes or on associations).

9 Conclusion and future work

We presented a coherent approach for choosing the semantics of inter-associationconstraints in UML2, with a maximum compatibility with the Meta-Model, andbased on common observables. The paper addressed correctness problems thatresult from these constraints which we added to our catalog [12]. The paper pre-sented a comparative analysis of these constraints, semantics recommendationsand modeling guidelines.

The inter-association constraints contribute markedly to the complexity ofclass diagram constraints. Modelers cannot be expected to master the complexinteractions among constraints. Therefore, the well-formedness rules should beautomated and embedded in model-level IDEs. Another research direction in-volves the study of metrics for model complexity.

References

1. OMG: UML 2.4 Superstructure Specification. Specification Version 2.4.1, ObjectManagement Group (2011)

2. Alanen, M., Porres, I.: A Metamodeling Language Supporting Subset and UnionProperties. Software and Systems Modeling 7 (2008) 103–124

3. Artale, A., Calvanese, D., Ibanez-Garcia, A.: Full Satisfiability of UML ClassDiagrams. In: Proc. of the 29th Int. Conf. on Conceptual Modeling (ER 2010).Volume 6412 of LNCS., Springer (2010) 317–331

4. Costal, D., Gomez, C.: On the Use of Association Redefinition in Uml ClassDiagrams. In: Conceptual Modeling - ER 2006. Volume 4215 of Lecture Notes inComputer Science. Springer (2006) 513–527

5. Costal, C., Gomez, C., Nieto, P.: On the Semantics of Redefinition, Specializationand Subsetting of Associations in UML (Extended Version). Technical report,Universitat Politcnica de Catalunya. (2010)

6. Costal, D., Gomez, C., Guizzardi, G.: Formal Semantics and Ontological Analysisfor Understanding Subsetting, Specialization and Redefinition of Associations inUML. In: ER 2011. Volume 6998 of LNCS. Springer (2011) 189–203

7. Kleppe, A., Rensink, A.: On a Graph-Based Semantics for UML Class and ObjectDiagrams. In: Graph Transformation and Visual Modelling Techniques. Volume 10of EASST., EASST (2008)

8. Amelunxen, C., Schurr, A.: Formalising Model Transformation Rules for UML/-MOF 2. IET Software 2(3) (2008) 204–222

9. Nieto, P., Costal, D., Gomez, C.: Enhancing the Semantics of UML AssociationRedefinition. Data & Knowledge Engineering 70 (2) (2011) 182–207

10. Bildhauer, D.: On the Relationships Between Subsetting,Redefinition and Associ-ation Specialization. In: Ninth Conference on Databases and Information Systems.(2010)

11. Maraee, A., Balaban, M.: On the Interaction of Inter-Relationship Constraints.(2011) Workshop on Model-Driven Engineering, Verification and Validation (MoD-eVVA 2011), MoDELS 2011.

12. BGU Modeling Group: UML Class Diagram Pattern Catalog. http://www.cs.

bgu.ac.il/~cd-patterns/ (2010)13. BGU Modeling Group: FiniteSatUSE – A Class Diagram Correctness Tool. http:

//sourceforge.net/projects/usefsverif/ (2011)14. Balaban, M., Maraee, A.: Finite Satisfiability of UML Class Diagrams with Con-

strained Class Hierarchy. ACM Transactions on Software Engineering and Method-ology (TOSEM) (to appear)

15. Milicev, D.: On the Semantics of Associations and Association Ends in UML.IEEE Transactions on Software Engineering 33 (2007) 238 –251

16. Cadoli, M., Calvanese, D., De Giacomo, G., Mancini, T.: Finite Satisfiability ofUML Class Diagrams by Constraint Programming. In: The Workshop on CSPTechniques with Immediate Application. (2004)

17. Boufares, F., Bennaceur, H.: Consistency Problems in ER-schemas for DatabaseSystems. Information Sciences (2004) 263–274

18. Berardi, D., Calvanese, D., Giacomo, D.: Reasoning on UML Class Diagrams.Artificial Intelligence 168 (2005) 70–118

19. Maraee, A., Makarenkov, V., Balaban, B.: Efficient Recognition and Detectionof Finite Satisfiability Problems in UML Class Diagrams: Handling ConstrainedGeneralization Sets, Qualifiers and Association Class Constraints. In: MCCM08.(2008)

20. Queralt, A., Teniente, E.: Verification and Validation of UML Conceptual Schemaswith OCL Constraints. ACM Transactions on Software Engineering and Method-ology (TOSEM) 21 (2012) 13:1–13:41

21. Szlenk, M.: UML Static Models in Formal Approach. In: Balancing Agility andFormalism in Software Engineering. Volume 5082 of LNCS. Springer Berlin (2008)129–142

22. Rumbaugh., J., Jacobson, G., Booch, G.: The Unified Modeling Language Refer-ence Manual Second Edition. Adison Wesley (2004)

23. OMG: UML 2.4 Infrastructure Specification. Specification Version 2.4, ObjectManagement Group (2011)

24. Olive, A.: Conceptual Modeling of Information Systems. Springer-Verlag (2007)25. Buttner, F., Gogolla, M.: On Generalization and Overriding in UML 2.0. In: UML

Modeling Languages and Applications, Springer (2004)26. Snoeck, M., Lemahieu, W.: Specializing Associations. Technical Report 0329,

Katholieke Universiteit Leuven (2003)27. Varro, D.and Pataricza, A.: VPM: A Visual, Precise and Multilevel Metamodeling

Framework for Describing Mathematical Domains and Metamodeling Frameworkfor Describing Mathematical Domains and UML. Softw Syst Model 2 (2003) 180–210

28. Pons, C.: Generalization Relation in UML Model Elements. In: Inheritance Work-shop at European Conference for Object-Oriented Programming (ECOOP). (2002)

29. Monperrus, M., Beugnard, A., Champeau, J.: A Definition of ”Abstraction Level”for Metamodels. In: 16th Annual IEEE International Conference and Workshopon the Engineering of Computer Based System. (2009)

30. Bremen Database Systems Group: A UML-based Specification Environment.http://www.db.informatik.uni-bremen.de/projects/USE/ (2012)

31. Btiand, L., J., W., Lounis, H., Ikomomvski, S.: A Comprehensive Investigationof Quality Factors in Object-oriented Designs: An Industrial Case Study. In: The21st International Conference on Software Engineering. (1999) 345–354

32. Cruz-Lemus, J., Maes, A., Genero, M., Poels, G., Piattini, M.: The Impact ofStructural Complexity on the Understandability of UML Statechart Diagrams.Information Sciences 180 (2010) 2209–2220

33. Genero, M., Manso, E., Visaggio, A., Canfora, G., Piattini, M.: Building measure-based prediction models for uml class diagram maintainability. Empirical SoftwareEngineering 12 (2007) 517–549

34. Moody, D.: The ”Physics” of Notations: Towards a Scientific Basis for Construct-ing Visual Notations in Software Engineering. IEEE Transactions on SoftwareEngineering 35 (2009) 756 – 779

35. GURR, C.: Effective Diagrammatic Communication: Syntactic, Semantic andPragmatic Issues. Journal of Visual Languages and Computing 10 (1999) 317– 342