Behavioral Semantics of DSMLs
6.4 Behavioral Semantic Mappings and Tool Support
After the discussion in the previous sections, we can note the similarity between the two ap-proaches presented to specify the behavior of DSMLs: in-place transformation rules can be naturally formalized as rewrite rules. Thus, to take advantage of both worlds, we have defined a mapping from in-place model transformation to the Maude semantic domain. This allows us to specify the dynamic behavior of a DSML in a graphical and intuitive way, and conduct sim-ulation and reachability and model-checking analysis using the tools and techniques already available for Maude as explained in Section 6.2.
As part of this work we have integrated Maude with the e-Motions [104, 103, 111] and AToM3 [128, 51, 106] tools. We want users to benefit from Maude simulation and analysis capabilities, but working with their favorite notation and tools.
The e-Motions tool is a language and graphical framework developed for Eclipse that sup-ports the specification of graphical in-place model transformation rules. Moreover, it extends in-place model transformation with a model of timed behaviors and a mechanism to state ac-tion properties. The language, the tool and the semantic mappings defined from its behavioral specification to Maude are presented in the next chapter.
AToM3 is a tool for multi-paradigm modeling based on graph grammars [115]. With AToM3, we can specify the behavior of our DSML by means of graphical graph transformation rules [59]. In collaboration with Juan De Lara and Esther Guerra, we have built a Maude parser and code generator, and integrated them in the AToM3tool. Thus, AToM3is now provided with the analysis capabilities of Maude, and, on the other hand, it can be used as a visual front-end for Maude.
The code generator synthesizes Maude specifications from the DSML’s metamodel, the graph transformation rules describing its behavior and its models. Properties to be checked using reachability analysis can be specified by means of graph constraints [59, 67], which con-stitute a graphical and formal way to specify model properties. We use graph constraints to specify the search pattern when performing reachability analysis in Maude. The result of a reachability analysis is parsed and presented back in the AToM3 tool in terms of the origi-nal DSML, thus hiding the formal methods used for the aorigi-nalysis. Further visual support for defining model checking predicates and showing model execution paths are future work.
Figure 6.4: Reachability analysis with the AToM3tool.
Figure 6.4 shows the state of the AToM3 environment for a DSML similar to the production system DSML presented in Section 3.2. The initial model is shown in the main window. The lower three buttons on the left side of the main window allow, respectively, simulating the model using the graph transformation rules, performing reachability analysis, and generating plain Maude code, so that for example model checking can be performed. The window in the middle shows a screenshot during the specification of the reachability analysis, and the right-most window shows the specification of a graphical constraint.
The way we encode the DSML’s metamodel, the graph transformation rules describing its behavior, and the models from AToM3 to Maude are presented in [106]. We do not introduce them here because of its similarity with the semantic mappings that we have defined from the e-Motions tool to Maude, which will be presented in the next chapter.
6.5 Related Work
One way to specify the semantics of a language is to define a translation from expressions in that language into expressions in another language with well defined semantics (cf, e.g., [68]). These semantic mappings between semantic domains are very useful, not only to provide metamodels with semantics, but also to be able to simulate, analyze or reason about them using the logical and semantical framework available in the target domain (in general, each semantic
domain is more appropriate to represent and reason about certain properties, and to conduct certain kinds of analyses).
The most common formalization of graph transformation is the so-called algebraic ap-proach, which uses category theory to express the rewriting [59]. This approach supports a number of interesting analysis techniques, such as detecting rule dependencies [59] or calcu-lating critical pairs (minimal context of pairs of conflicting rules) [69]—usually with simple type graphs [50].
However, graph transformation offers limited support for other kinds of analyses, such as reachability analysis, model checking, etc. This is why some authors define semantic mappings between graph transformation and other semantic domains, and then back-annotate the analysis results to the source notation [35, 51, 52, 69]. This possibility allows one to use the techniques specific to the target semantic domain for analyzing the source models. For example, in [17]
rules are translated into Alloy in order to study the applicability of sequences of rules and the reachability of models; in [16] rules are translated into Petri nets to check safety properties;
in [129] they are transformed into Transition Systems (TS) for model-checking; and in [34, 35] rules are transformed into OCL pre- and postconditions for rule analysis (e.g., conflict detection) using standard OCL tools.
One of the problems of these approaches is due to the fact that they require, from the DSML designer, deep knowledge of the target language in order to specify the transformations. How-ever, this problem can be partially overcome if the transformations are automated, using, e.g., model transformation techniques. For example, in [52] the authors are able to generate the transformations from rule-based Domain-Specific Visual Languages (DSVLs) into semantic domains with an explicit notion of transition, such as place-transition Petri nets. The generated transformation is expressed in the form of operational triple graph grammar rules that trans-form the static intrans-formation (initial model) and the dynamics (source rules and their execution control structure). Similarly, in [35] the authors describe how graph transformation rules can be mapped into OCL pre- and postconditions for rule analysis. However, as the authors de-scribe in their paper, not all kinds of graph transformations can be automatically transformed into OCL, and the analyses that can be conducted are somehow limited.
Another problem of these approaches is that they are usually restricted in the kind of graphs and attributes they can handle, so they cannot deal with, e.g., some DSMLs that can be defined with Ecore. For instance, the work of [129] does not allow unbounded attributes in metamodel elements, and the Groove tool [101], a tool that incorporates a built-in explicit model checker for graph transformation systems, works with simple graphs with edge labels, i.e., it cannot
analyze models that have multiple edges between the same two nodes.
The use of Maude as a semantic domain in which DSMLs can be mapped has enabled the use of more powerful analysis on the source models. First, Maude we can deal with more complex structural and behavioral specifications (i.e., not limited to place/transition systems);
and second, it offers an integrated environment and a toolkit for conducting different kinds of analysis, such as reachability and model checking analysis, so we do not need to define several semantic mappings to different domains to perform each of them.
Other approaches use UML behavioral models to represent system dynamics. For example, in [62] operational semantics are represented using UML collaboration diagrams, which are then formalized into graph transformation rules. In [63], Story Diagrams are presented as a new graph rewrite language based on UML and Java. More precisely, the authors propose the use of UML together with pieces of Java code to express a graph rewrite language mixed with object-oriented data concepts. The whole specification (including dynamic behavior) is then transformed into Java classes and methods, although not all kinds of story patterns can be translated automatically. Again, the kind of analysis is limited in these approaches, and they do not use the concrete syntax of the DSML, but an object diagram-like structure.
Other works propose model transformation languages to specify the behavioral semantics of DSMLs. For example, in [82], QVT is proposed to specify the semantics of OCL, but anal-ysis capabilities are not provided. The MOMENT-QVT tool [25] is a model transformation engine that provides partial support for the QVT Relations language. The behavioral specifi-cations are also transformed into Maude in order to perform reachability and model checking analysis. These specifications, as well as the properties to be analyzed, are expressed in a tex-tual fashion (by means of QVT rules and model patterns, and boolean OCL expressions). This proposal does not support the use of the graphical concrete syntax of his/her DSML to express them in a more intuitive way.
In [47] the authors propose generative technologies that ease the development of model animation tools inside the TopCased platform. They rely on an architecture for executable metamodel (i.e., the Top- Cased model execution metamodeling pattern) to bind the behavioral semantics of the modeling language. This semantics is defined by implementing a specific class (Interpreter) of the TopCased execution engine, which describes how the models evolve.
In the first version of the TopCased animators, the main method of the class (the run method) was hand-coded using Java and the EMF API. Then, they evolve to SmartQVT (an open source transformation language that implements QVT) to perform such a task.
Kermeta [89] is an extension of EMOF (part of the MOF 2.0 specification) for specifying
operational semantics. It enriches the EMOF metamodel with an action specification meta-model, introducing another new language to express specifications of algorithms. Simulation and execution possibilities are available for this approach.
Di Ruscio et al. [117] presents an approach for specifying dynamic semantics of domain specific languages in the context of MDE. In particular, they extend KM3 [22] (a textual lan-guage for describing metamodels) with the Abstract State Machines (ASM) formalism to spec-ify its dynamic behavior. Simulation and analysis capabilities are not provided although, as the authors point out, it could be possible to use other existing ASM tools for that purpose.
Another interesting approach for defining semantic mappings in order to specify the be-havioral semantics of a language is the semantic anchoring method developed at the Vanderbilt University [39]. Semantic anchoring relies on the use of well-defined “semantic units” of sim-ple, well-understood constructs and on the use of model transformations that map higher level modeling constructs into configured semantic units. The approach uses UML Class Diagrams and OCL to represent the structure of a DSML, and ASM as the semantic framework. In partic-ular, the structural specifications are transformed into ASM to make use of the Abstract State Machine Language (AsmL) and associated tools for enabling the programming, simulating and model checking of ASM models [39]. One of the drawbacks of this approach is that it requires specialized knowledge and expertise on the ASM formalism and AsmL tools, since behavior and analysis are specified directly in this formalism.