Formal Aspects of Computing

, Volume 23, Issue 5, pp 589–606 | Cite as

Assuring property conformance of code generators via model checking

  • Sven JörgesEmail author
  • Tiziana Margaria
  • Bernhard Steffen
Original Article


Automatic code generation is an essential cornerstone of today’s model-driven approaches to software engineering. Thus a key requirement for the success of this technique is the reliability and correctness of code generators. This article describes how we employ standard model checking-based verification to check that code generator models developed within our code generation framework Genesys conform to (temporal) properties. Genesys is a graphical framework for the high-level construction of code generators on the basis of an extensible library of well-defined building blocks along the lines of the Extreme Model-Driven Development paradigm. We will illustrate our verification approach by examining complex constraints for code generators, which even span entire model hierarchies. We also show how this leads to a knowledge base of rules for code generators, which we constantly extend by e.g. combining constraints to bigger constraints, or by deriving common patterns from structurally similar constraints. In our experience, the development of code generators with Genesys boils down to re-instantiating patterns or slightly modifying the graphical process model, activities which are strongly supported by verification facilities presented in this article.


Extreme Model-Driven Development Code generation Model checking Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. All83.
    Allen JF (1983) Maintaining knowledge about temporal intervals. Commun ACM 26(11): 832–843zbMATHCrossRefGoogle Scholar
  2. Apa07.
    Apache Software Foundation (2007) Velocity Website, 2007.
  3. App01.
    Appel AW (2001) Foundational Proof-Carrying Code. In Proceedings of LICS ’01. IEEE Computer Society, p 247Google Scholar
  4. BJM09.
    Bakera M, Jörges S, Margaria T (2009) Test your strategy: graphical construction of strategies for connect-four. In: Proceedings of the 14th IEEE international conference on engineering of complex computer systems, ICECCS 2009. IEEE Computer Society, pp 172–181Google Scholar
  5. BM06.
    Bajohr M, Margaria T (2006) Matrics: a service-based management tool for remote intelligent configuration of systems. Innov Syst Software Eng 2(2): 99–111CrossRefGoogle Scholar
  6. BMRS07a.
    Bakera M, Margaria T, Renner C, Steffen B (2007) Property-driven functional healing: playing against undesired behavior. In: 10th CONQUESTGoogle Scholar
  7. BMRS07b.
    Bakera M, Margaria T, Renner C, Steffen B (2007) Verification, diagnosis and adaptation: tool supported enhancement of the model-driven verification process. In: Workshop: formal methods in avionics, space and transport (ISOLA), pp 85–98Google Scholar
  8. CG05.
    Coglio A, Green C (2005) A constructive approach to correctness, exemplified by a generator for certified Java Card Applets. In: Proceedings of VSTTEGoogle Scholar
  9. CGP01.
    Clarke EM, Grumberg O, Peled DA (2001) Model checking. MIT Press, CAGoogle Scholar
  10. DAC99.
    Dwyer M, Avrunin G, Corbett J (1999) Patterns in Property specifications for finite-state verification. In: Proceedings of ICSE ’99. IEEE CS Press, pp 411–420Google Scholar
  11. DF06.
    Denney E, Fischer B (2006) Extending source code generators for evidence-based software certification. In: Proceedings of ISOLA ’06Google Scholar
  12. DKM+94.
    Dillon LK, Kutty G, Moser LE, Melliar-Smith PM, Ramakrishna YS (1994) A graphical interval logic for specifying concurrent systems. ACM Trans Software Eng Methodol 3(2): 131–165CrossRefGoogle Scholar
  13. FSS98.
    Fuchs NE, Schwertel U, Schwitter R (1998) Attempto controlled english—not just another logic specification language. In: LOPSTR ’98: Proceedings of the 8th international workshop on logic programming synthesis and transformation, pp 1–20Google Scholar
  14. GZ99.
    Goos G, Zimmermann W (1999) Verification of Compilers. In correct system design. Springer, New York, vol 1710, pp 201–2309Google Scholar
  15. HM85.
    Hennessy M, Milner R (1985) Algebraic laws for nondeterminism and concurrency. J ACM 32(1): 137–161MathSciNetzbMATHCrossRefGoogle Scholar
  16. HM05.
    Hoare CAR, Misra J (2005) Verified software: theories, tools, experiments. Vision of a Grand Challenge Project. In: Proceedings of VSTTE, Zürich, Switzerland. Springer, New YorkGoogle Scholar
  17. HMM+08.
    Hörmann M, Margaria T, Mender T, Nagel R, Steffen B, Trinh H (2008) The jABC approach to rigorous collaborative development of SCM applications. In Proceedings of ISoLA, pp 724–737Google Scholar
  18. Hoa03.
    Hoare CAR (2003) The verifying Compiler: a grand challenge for computing research. J ACM 50(1): 63–69CrossRefGoogle Scholar
  19. Hol99.
    Holt A (1999) Formal verification with natural language specifications: guidelines, experiments and lessons so far. S Afr Comput J 24: 253–257Google Scholar
  20. Hol03.
    Holzmann GJ (2003) The SPIN model checker: primer and reference manual. Addison-Wesley Professional, MAGoogle Scholar
  21. IT92.
    ITU-T (1992) Recommendation Q.1203. Intelligent network—global functional plane architecture. Technical report, Standardization Sector of ITUGoogle Scholar
  22. ITU93.
    ITU (1993) General recommendations on telephone switching and signaling—intelligent network: introduction to intelligent network capability set 1, Recommendation Q.1211. Technical report, Standardization Sector of ITU, GenevaGoogle Scholar
  23. JKPM07.
    Jörges S, Kubczak C, Pageau F, Margaria T (2007) Model driven design of reliable robot control programs using the jABC. In: Proceedings of EASe ’07, pp 137–148Google Scholar
  24. JMS06.
    Jörges S, Margaria T, Steffen B (2006) FormulaBuilder: a tool for graph-based modelling and generation of formulae. In: Proceedings of ICSE ’06Google Scholar
  25. JMS08.
    Jörges S, Margaria T, Steffen B (2008) Genesys: service-oriented construction of property conform code generators. Innov Syst Software Eng 4(4): 361–384CrossRefGoogle Scholar
  26. KM06.
    Karusseit M, Margaria T (2006) Feature-based modelling of a complex, online-reconfigurable decision support service. Electr Notes Theor Comput. Sci 157(2): 101–118CrossRefGoogle Scholar
  27. KMSN08.
    Kubczak C, Margaria T, Steffen B, Nagel R (2008) Service-oriented mediation with jABC/jETIGoogle Scholar
  28. Koz83.
    Kozen D (1983) Results on the propositional mu-Calculus. Theor Comput Sci 27: 333–354MathSciNetzbMATHCrossRefGoogle Scholar
  29. LMS06a.
    Lamprecht A-L, Margaria T, Steffen B (2006) Data-flow analysis as model checking within the jABC. In: Compiler construction, pp 101–104Google Scholar
  30. Mil89.
    Milner R (1989) Communication and concurrency. Prentice Hall international series in computer science. Prentice-Hall, Englewood CliffsGoogle Scholar
  31. MKS07.
    Margaria T, Kubczak C, Steffen B (2007) Bio-jeti: a service integration, design, and provisioning platform for orchestrated bioinformatics processes. In BioMed Central (BMC) Bioinformatics supplement dedicated to network tools and applications in biology 2007 workshop (NETTAB 2007), vol 9Google Scholar
  32. MOSS99.
    Müller-Olm M, Schmidt DA, Steffen B (1999) Model-checking: a tutorial introduction. SAS, pp 330–354Google Scholar
  33. MS08.
    Margaria T, Steffen B (2008) Agile IT: thinking in user-centric models. In Procedings of ISoLA 2008, CCIS N.17. Springer, New York, pp 493–505Google Scholar
  34. MS09.
    Margaria T, Steffen B (2009) Business process modelling in the jABC: the one-thing approach. Handbook of research on business process modeling. IGI Global, PAGoogle Scholar
  35. Nec97.
    Necula GC (1997) Proof-carrying code. In: Proceedings of POPL ’97, ACM Press, New York, pp 106–119Google Scholar
  36. Nec00.
    Necula GC (2000) Translation Validation for an Optimizing Compiler. ACM SIGPLAN Notices 35(5): 83–94CrossRefGoogle Scholar
  37. NSM+01.
    Niese O, Steffen B, Margaria T, Hagerer A, Brune G, Ide H-D (2001) Library-based design and consistency checking of system-level Industrial test cases. In: Proceedings of FASE, volume 2029 of LNCS. Springer, New York, pp 233–248Google Scholar
  38. OA07.
    OASIS (2007) WS-BPEL 2.0 Specification,
  39. Obj07.
    Object Mentor (2007) JUnit Website.
  40. QS82.
    Queille J-P, Sifakis J (1982) Specification and verification of concurrent systems in CESAR. In: Proceedings of 5th Colloquium on international symposium on programming, Springer, London, pp 337–351Google Scholar
  41. SACO02.
    Smith RL, Avrunin GS, Clarke LA, Osterweil LJ (2002) Propel: an approach supporting property elucidation. In: ICSE ’02: Proceedings of the 24th international conference on software engineering, ACM Press, New York, pp 11–21Google Scholar
  42. SMBK97.
    Steffen B, Margaria T, Braun V, Kalt N (1997) Hierarchical service definition. In: Annual review of communication. International Engineering Consortium Chicago (USA), IEC, pp 847–856Google Scholar
  43. SMN+06.
    Steffen B, Margaria T, Nagel R, Jörges S, Kubczak C (2006) Model-driven development with the jABC. In: HVC—IBM Haifa Verification Conference, LNCS N.4383, Springer, New YorkGoogle Scholar
  44. SN07.
    Steffen B, Narayan P (2007) Full life-cycle support for end-to-end processes. IEEE Comput 40(11): 64–73Google Scholar
  45. Ste91.
    Steffen B (1991) Data flow analysis as model checking. In: TACS ’91: Proceedings of the international conference on theoretical aspects of computer software. Springer, New York, pp 346–365Google Scholar
  46. SWC05.
    Stürmer I, Weinberg D, Conrad M (2005) Overview of existing safeguarding techniques for automatically generated code. In: Proceedings of SEAS ’05, ACM Press, New York, pp 1–6Google Scholar
  47. The08.
    The jABC Team (2008) jABC Common Sibs.

Copyright information

© British Computer Society 2010

Authors and Affiliations

  • Sven Jörges
    • 1
    Email author
  • Tiziana Margaria
    • 2
  • Bernhard Steffen
    • 1
  1. 1.Chair of Programming SystemsTechnische Universität DortmundDortmundGermany
  2. 2.Service and Software EngineeringUniversität PotsdamPotsdamGermany

Personalised recommendations