ME-10, October 2010
Shahar Maoz, Jan Oliver Ringert, Bernhard Rumpe Lehrstuhl Informatik 3 (Software Engineering)
RWTH Aachen
matching between model elements and on finding and presenting differences at a concrete or abstract syntactic level. While showing some success these approaches are limited to comparing syntactic structures.
We present our vision to develop semantic diff operators for model
comparisons: operators whose input consists of two models and
whose output is a set of diff witnesses, instances of one model that
are not instances of the other.
We demonstrate our vision using two concrete diff operators for
class diagrams and activity diagrams, with motivating examples, formal definitions, and early prototype implementations.
Employee Manager manages * managedBy Task * 1 sDate: Date Employee Manager manages * managedBy Task 0..2 sDate: Date 1
What is the semantic difference between cd1.v1 and cd1.v2 ?
Employee Manager manages * 0..1 managedBy Task * 1 sDate: Date Employee Manager manages * 0..1 managedBy Task 0..2 sDate: Date 1 :Manager managedBy manages om2 :Employee t1:Task sDate = date1 t2:Task sDate = date2 t3:Task sDate = date3 :Manager om1 om2 2 diff(cd1.v2,cd1.v1) om1 2 diff(cd1.v1,cd1.v2)
Department Employee worksIn has <<singleton>> * Department Employee worksIn has * cd2.v1 cd2.v2
Department Employee worksIn has <<singleton>> * Department Employee worksIn has * cd2.v1 cd2.v2 d1:Department :Employee om3 d2:Department om4 {om3, om4} ½ diff(cd2.v2,cd2.v1)
Employee 1 livesIn1 Address Employee Address 1 1 livesIn Person <<abstract>> cd3.v1 cd3.v2
Employee 1 livesIn1 Address Employee Address 1 1 livesIn Person <<abstract>> cd3.v1 cd3.v2
internal
assign to project add to website
manager interview external
assign to project get welcome pack
authorize payment manager report internal add to website external assign to project get welcome pack
assign keys
manager interview
authorize payment manager report
What is the semantic difference between ad.v1 and ad.v2 ?
internal
assign to project add to website
manager interview external
assign to project get welcome pack
authorize payment manager report internal add to website external assign to project get welcome pack
assign keys
manager interview
authorize payment manager report assign to project
Example diff witness for internal employees: the trace <register>, <get welcome pack>, <assign to project>, <add to website>, <manager interview> was possible in ad.v1 and is no longer possible in ad.v2.
No diff witnesses for external employees. 2
3 4
internal
add to website external
assign to project get welcome pack
assign to project assign keys manager interview authorize payment manager report internal add to website external assign to project get welcome pack
assign to project assign keys
manager interview
authorize payment manager report
internal
add to website external
assign to project get welcome pack
assign to project assign keys manager interview authorize payment manager report internal add to website external assign to project get welcome pack
assign to project assign keys manager interview authorize payment manager report 2 3
Example diff witness for external employees: the trace <register>, <assign to project>, <authorize payment> was possible in ad.v3 and is no longer possible in ad.v4.
Modeling language ML = <Syn,Sem,sem> [HR04]
• Syn: set of syntactically correct expressions
• Sem: semantic domain
• sem: semantic mapping sem: Syn ! ℘(Sem)
We define the generic semantic diff operator
diff : Syn £ Syn ! ℘(Sem)
diff(e1,e2) = { s ∈ Sem | s ∈ sem(e1) ⋀ s ∉ sem(e2) }
Constructive (generates witnesses)
State-based (agnostic to edit operations)
diff is not symmetric
diff(e1,e1)= ;
• Syntax defined using MontiCore [KRV08]
• Semantics given as a set of finite object models [EFLR98]
We use a complete semantics: whatever is not specified in the CD is
indeed not present in the object models
Supported features: generalizations (inheritance), abstract and
singleton classes, class attributes, unidirectional and bidirectional associations with multiplicities, enumerations, aggregation, and composition.
cddiffk is a family of bounded operators For all k >= 0,
cddiffk (cd1,cd2) = { om ∈ OM| om ∈ cddiff(cd1,cd2) ⋀ |om| < k +1 )} where
|om| is the maximal number of instances per class in om.
We give a bounded definition since the unbounded operator might
• Alternative syntax defined using MontiCore
• Semantics given as a set of traces
In our AD language we allow a single initial node but many initial
states defined by the values of input variables
We support external non-determinism by input variables, and
internal non-determinism by interleaving semantics of forked branches (guarded transitions have to be disjoint)
Supported features: input variables, local variables, fork, join,
decision, merge, assignments to local variables from action nodes, guarded transitions from decision nodes
Looking only for the shortest diff traces
Formal definition:
addiff(ad1, ad2) = { tr | tr 2 sem(ad1) Æ tr sem(ad2) Æ
@ tr': tr' 2 sem(ad1) Æ tr' sem(ad2) Æ tr' v tr }
We compute only one diff witness for each set of input values (i.e.,
• for bounded cddiff, using Alloy [Jac06]
• for addiff, using a translation to SMV (and JTLV [PSZ10])
Prototypes integrated into Eclipse plug-ins
• for CDs using MontiCore UML/P
Presentation
sometimes even impossible. When computable, its complexity depends on the specific modeling language semantics at hand.
For example
• CDDiff must be bounded to be tractable
• ADDiff requires a traversal of the state space of the ADs at hand. The state space may be exponential in the size of the AD.
To scale, should adapt algorithms and heuristics from formal
verification (model checking), e.g., partial order reduction, abstraction / refinement etc.
the engineer. Just like for computation, the presentation of diff
witnesses is language specific; it depends on the specific modeling language of the models involved and its semantics.
For example
• For CDDiff, diff witnesses presented as object diagrams
• For ADDiff, diff witnesses presented visually by coloring and numbering the nodes participating in the diff trace on both ADs
As there may be (possibly infinitely) many diff witnesses, it is
necessary to define sorting and filtering mechanisms, to select the
`most interesting' witnesses for presentation and efficiently iterate over them at the user's request.
model differencing, it may be useful to combine syntactic differencing with semantic differencing.
For example
• Extend the applicability of semantic diffing in comparing models whose elements have been renamed or moved in the course of
evolution, by applying a syntactic matching before running a
semantic diffing: this would result in a mapping plus a set of diff witnesses.
• Use information extracted from syntactic diffing as a means to localize and improve the performance of semantic diffing
EPK06,XS07,KGE09])
Most works go beyond the concrete textual or visual representation
and have defined the comparison at the abstract-syntax level,
detecting additions, removals, and shifts operations on model elements
To the best of our knowledge, none considers model comparisons at
the level of the semantic domain
[JL94] presented a tool that summarizes the semantic diff between
two procedures in terms of observable input-output behaviors
[PDE+08] suggested to compute a behavioral characterization of a
program change using a technique called differential symbolic execution
We concentrate on models, not programs; our technique is different;
comparison, as new fundamental building blocks for change management in model-driven engineering.
We motivated our vision with examples, and gave a brief overview of
the formal background and the algorithms used in our prototype implementations.
Finally, we listed new research challenges that emerge from our
vision, related to the computation and presentation of semantic
