Hydra

(A General Framework for Formalizing UML with Formal Languages for Embedded Systems*)

*from the Ph.D. thesis of William E. McUmber

Software Engineering and Network Systems Lab Michigan State University This work has been supported in part by National Science Foundation grants (CCR-9901017, CCR-9633391, CCR-9407318), a DARPA grant, and Eaton Corporation.

Hydra Tool Overview

• Hydra parses a textual representation of an integrated collection of

Unified Modeling Language

(UML) graphical diagrams that represent a model of the system.

• Hydra’s textual input format,

Hydra Intermediate Language

(HIL), allows Hydra to remain independent from optional graphical front ends. • It then generates appropriate formal specifications in the desired target specification language. Formal languages supported include VHDL and Promela, the input language for Bell Labs’ model checker SPIN.

Theoretical Basis for Hydra

• Underlying the Hydra tool is a general framework for formalizing UML diagrams with formal languages. • This framework defines a

homomorphic mapping

between a

unified metamodel

for UML class and state diagrams and a metamodel for the target formal language. • A metamodel is a class diagram that describes the constructs of a modeling language and the relationships between the constructs. • Homomorphisms preserve structure, so the mapping rules are complete.

Unified UML Metamodel

Model

Behavior

Class

State Vertex

Transition Instance Variables Rest of dynamic model

Relationships

Aggregation Association Generalization Class diagram related State diagram related

Homomorphic Mapping

UML metamodel Constrains Diagrams Homomorphism Constrains Rules UML diagrams Mapping Rules Formal language metamodel Constrains Model Formal specification of system

Semantics

• UML does not attach formal semantics to diagrams. • Without a fixed semantics, it is not possible to apply rigorous automated analysis such as

simulation

or

model checking

to UML diagrams. • The Hydra framework attaches a specific semantics to the UML diagrams from a range of possible semantics, thus enabling the derivation of formal language specifications and the application of automated analysis techniques.

Unified Modeling Language

• UML is a collection of graphical object-oriented modeling notations for visually depicting various aspects of a software system. Hydra integrates two: • •

Class Diagrams

depict system structure: classes (boxes) and relationships between them (adorned lines).

State Diagrams

depict object behavior: events on transitions (directed arcs) can cause a change of state (rounded rectangles).

Class and State Diagrams

Student takes is-a Science Course is-a has-a 0..3

Prerequisite Biology Chemistry Idle Begin enrolling Sign up (X) [have prereq for X] Getting classes Finished enrolling Sign up (X) [don’t have prereq for X] Add class X

HIL 1

Architecture of Hydra

Parser Target language specific class library [1] Hydra Intermediate Language [*] Hydra can automatically generate formal specifications for a number of target languages, including VHDL and Promela. The class library used would be appropriate for the target language.

Spec*

Using Hydra

UML Optional graphical editor HIL Hydra Spec* Analysis tool Analysis results * Hydra can automatically generate formal specifications for a number of target languages, including VHDL and Promela. The analysis tool used would be appropriate for the target language.

Simulation and Model Checking

• •

Simulation

of a collection of UML diagrams via its formal specification enables the developer to validate behavioral requirements and to debug the system design. It is a useful technique, especially early in the diagram construction process. However, simulation is not exhaustive.

Model checking

is, in general, an exhaustive technique that covers the entire state space of possible executions of the system. Using SPIN, for example, this technique can find deadlocks and unreachable states, test system invariants against the model, and verify temporal claims.

Applications and Future Work

• Hydra has been used to model a furnace controller in both VHDL and Promela, and a Smart Cruise Control system in Promela. • Current investigations include creating a metamodel and mapping rules for SMV, the input language for Clarke’s Symbolic Model Verifier (another model checking tool). • A complementary system,

M INERVA

, is currently under development both as a graphical front-end to the Hydra tool and as a visualization environment for analysis results.