Scenario-driven analysis of systems specified through graph transformations

https://doi.org/10.1016/j.jvlc.2012.12.002Get rights and content

Abstract

Model checking is one of the most accurate analysis techniques which are used to verify software and hardware systems. However, the analysis of large and complex systems tends to become infeasible since their state spaces easily become too big. Besides well-known abstraction techniques, which may hamper the accuracy of results, in this paper we propose the use of scenario-driven model checking to address and mitigate the state explosion problem. The proposal starts from systems specified through a Graph Transformation (GT) system and it is focused on the analysis of the most significant scenarios. We exploit the modularity of GT systems to reduce the state space by eliminating all the nodes and rules that are not involved in the scenario. Focused analysis also helps concentrate on the most critical behaviors of the system and smooth the risks associated with them. The paper introduces the analysis approach and explains how scenarios (specified in terms of sequence diagrams) can help to reduce the state space. All main concepts are illustrated through a simple application for a travel agency specified as if it were a service-oriented application.

Highlights

► We propose an approach to increase the performance of the model checking process. ► The novelty is in the field of graph transformation. ► In the field of the visual modeling, graph transformation is a proper formalism. ► Using scenarios makes it possible to check small parts. ► Our experimental results show a reasonable improvement.

Introduction

Even if correctness is a desirable property of all software systems, faults are common. Great part of the development effort is often devoted to assessing the quality of developed software through testing, but verification would provide more confidence and more comprehensive results [1]. Moreover, it is a well-known adagio that the earlier problems are discovered, the better conceived solutions are. This means that design models should be a natural fit for verification and different aspects (e.g., database access, user interaction, synchronization among remote components) can be analyzed through dedicated models (or views) [2]. One could also think of studying the interplay between the actual application components and the middleware selected to glue them. Different interaction styles, but also different guarantees provided by the middleware infrastructure, may highly impact the functionality provided by application components [3].

Conversely, model checking techniques have been widely used to verify many different software systems [1]. These techniques are accurate and automated, but being based on the analysis of the state space, that is, all the possible states reachable by the system, tend to become inapplicable with mildly complex systems. Many techniques have been proposed over the years to alleviate these problems [4], [5], [6], [7], [8], [9], but there is still room for improvement. Too abstract models scale efficiently [10], but may provide inaccurate results, partitioning is too complex and problem-dependent, while domain specific techniques like [3] still need to prove their generality.

This paper addresses the problem by blending graph transformation (GT) and scenarios to prune the unnecessary parts of the state space and keep it under control. Graph transformation systems [11], [12] provide the formal underpinnings. Even if they have not been very popular for years, the advent of model-driven approaches is changing the landscape, and it is now acknowledged that a graph transformation system is able to capture the behavior of a system naturally and succinctly. Modeling per-se is not enough; it must be complemented with proper validation and verification techniques to assess the quality of designed systems. Different approaches already exist to verify graph transformation systems through model checking [13], [14], [15], [16], [17], [18], [19], but none of them is really able to cope with the state explosion problem.

The work presented in this paper is the prosecution of what already presented in [14], [20]: an efficient solution for model checking graph transformation systems by using Bogor [21], a well-known model checker. The analysis approach supports layered graphs [20], attributed and typed graph transformations, dynamic systems, and also different kinds of properties (i.e., safety, reachability, liveness and deadlock freeness). The actual novelty of the work presented here is the use of scenarios to reduce the size of the state space when the verification cannot be performed efficiently in the usual way. The proposal exploits cuts, to divide the verification of a single property into a sequence of simpler ones, node deletion, to remove unnecessary nodes and thus limit the state space, and rule selection, to optimize the actual subset of rules that must be considered, and again limit the state space. The paper reuses also the formalization of the SOA architectural style presented in [22]. The authors model service-oriented architectures through a graph transformation system and use it to analyze particular scenarios described by means of sequence diagrams. The emphasis of the work is on formalizing the architectural style and on considering it an asset for modeling service-centric applications. There is nothing about optimizing the analysis. Even if demonstrated by means of the architectural style already formalized in [22], in general, the proposed approach can be used for verifying a wide range of systems specified through graph transformation systems.

The rest of the paper is organized as follows. Section 2 introduces the background exploited in the paper, that is, the SOA architectural style formalized through a GT system and the approach presented in [14], [20] to analyze GT systems through model checking and Bogor. Section 3 presents the scenario-based verification approach, while Section 4 proposes some preliminary experimental results. Section 5 surveys related approaches and Section 6 concludes the paper.

To illustrate our proposal, we will use the electronic travel agency [23] as running example. The agency allows customers to individually arrange and book journeys including flight reservations, hotel accommodations, and car rentals. Clients can rely on the travel agency to negotiate with the different stakeholders and provide viable solutions that match their constraints. Fig. 1 identifies the main components (actors) of the system: Client c is the clients' personal agent, TravelAgency t is the software used by the travel agency, and the others are the usual parties involved in setting journeys and vacations (an Airline company, a Hotel and the clients Bank).

Section snippets

Background

This section introduces the core SOA meta-model presented in Ref. [22] along with the approach proposed by Baresi et al. [14], [20] to verify graph transformation systems through Bogor.

Scenario-driven model checking

Requirements play a key role in many development processes. One of the many ways to materialize them is through scenarios [26], for example rendered as UML sequences diagrams. Usually these diagrams work at conceptual level, and do not consider implementation details. Even so, they provide a very interesting means for analysis: any model/implementation of the system should be able to satisfy them. This hypothesis can be verified by assessing the reachability of the consecutive configurations

Experimental results

To demonstrate the feasibility of the approach, we tested the dinning philosophers example and e-travel agency with different host graphs. Our main experimental results are shown in Table 2. These experiments were run on a 3 GHz Pentium IV processor with 1 GB of RAM (the same machine used for the results of Table 1).

The first row of the table is about the dinning philosophers problem with eight philosophers and eight forks. Initially, all philosophers are thinking and all forks are available.

Related work

Baresi et al. [29] present a meta-model to render the main concepts of service-oriented systems, propose graph transformation as means to reason on their dynamic evolution, and show how to verify some interesting properties of these systems by encoding everything for the Murphi model checker. The results were interesting, but the actual scalability of the proposal was limited. When the whole transition system must be searched, the authors mention that the state space tends to become too big

Conclusions and future work

This paper introduces the concept of scenario-based model checking as efficient solution to analyze large and complex software systems. The idea is to render properties as scenarios and exploit their locality to reduce the size of the verification space. Scenarios are rendered as sequence diagrams, and proper horizontal cuts allow us to create consecutive configurations and prove their reachability. The locality of scenarios allows us to only consider the components (nodes) and rules involved

Acknowledgement

We would like to thank Luciano Baresi (Politecnico di Milano) for his valuable comments and discussions

References (32)

  • S. Edelkamp, S. Jabbar, A.L. Lafuente, Heuristic search for the analysis of graph transition systems. In: Proceedings...
  • K. McMillan, Interpolation and sat-based model checking. In: Proceedings of the International Conference on Computer...
  • S. Abed, O. Mohamed, G., Sammane, Integrating sat with multiway decision graphs for efficient model checking. In:...
  • D. Jackson

    Software Abstractions: Logic, Language, and Analysis

    (2006)
  • L. Baresi, R. Heckel, Tutorial introduction to graph transformation: A software engineering perspective. In:...
  • H. Ehrig et al.

    Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series)

    (2006)
  • Cited by (28)

    • Extracting Combinatorial Test parameters and their values using model checking and evolutionary algorithms

      2020, Applied Soft Computing Journal
      Citation Excerpt :

      For evaluation in this section, we will examine 5 known case studies we consider the first case study sample as the DPP, which was thoroughly investigated. The four following items are the Online Shopping System (OSS) [55], Bug Tracking System (BTS) [56], Travel Agency System (TAS) [57] and an example of hotel management [52,55,56]. We give a brief explanation of each of these.

    • Using evolutionary algorithms for reachability analysis of complex software systems specified through graph transformation

      2019, Reliability Engineering and System Safety
      Citation Excerpt :

      Even though we propose our approach base on evolutionary algorithms, one should note that there are other approaches for handling this problem, which are not using heuristic and meta-heuristic approaches. For example, Lahtinen et al. [20] use a concrete abstraction refinement technique, or Herbert and Hansen [32] uses stochastic techniques, and Rafe [19] uses scenario-driven techniques to reliability assessing of complex systems using model checking. Reachability and safety are two important properties which can be examined by model checking [3].

    • Model-based test suite generation for graph transformation system using model simulation and search-based techniques

      2019, Information and Software Technology
      Citation Excerpt :

      The maximum number of test cases was set to N = 15. For the evaluation, we selected three well-known case studies, including Online Shopping system [41], Bug Tracker System [47] and Travel Agency System [49] as well as Scanflow Cash Register Protocol [50]. Each of the case studies has a large state space such that the state space explosion problem occurs.

    • Deadlock detection in complex software systems specified through graph transformation using Bayesian optimization algorithm

      2017, Journal of Systems and Software
      Citation Excerpt :

      Some of them are classical and non-heuristic solutions which attempt to reduce the number of explored states without considering the underling property. Approaches like symbolic model checking (Clarke et al., 1996), partial order reduction (Lluch-Lafuente et al., 2002), symmetry reduction (Lafuente, 2003), scenario-driven model checking (Rafe, 2013), approximation (Baldan et al., 2008), abstraction (Boneva et al., 2012; Rensink and Zambon, 2012; Rensink and Distefano, 2006), parallel exploration (Allal et al., 2016) are some examples from these solutions. There are some other solutions which try to explore a portion of the state space instead of exhaustive exploration.

    • EMCDM: Efficient model checking by data mining for verification of complex software systems specified through architectural styles

      2016, Applied Soft Computing Journal
      Citation Excerpt :

      In other words, if the system has a large or infinite state space, then the model checker will not be able to generate the system state space completely due to computational restrictions [5–7]. During the past years, a lot of research studies have been done to cope with this problem and several techniques have been developed in order to reduce the impact of the state space explosion in the model checking process such as symbolic model checking [8], partial order reduction [9], symmetry reduction [10] and scenario-driven model checking [11]. However, almost all of these methods still may encounter the explosion of state space.

    View all citing articles on Scopus

    This paper has been recommended for acceptance by S. Kho Chang.

    View full text