Advertisement

CoqTL: a Coq DSL for rule-based model transformation

  • Zheng ChengEmail author
  • Massimo Tisi
  • Rémi Douence
Special Section Paper

Abstract

In model-driven engineering, model transformation (MT) verification is essential for reliably producing software artifacts. While recent advancements have enabled automatic Hoare-style verification for non-trivial MTs, there are certain verification tasks (e.g. induction) that are intrinsically difficult to automate. Existing tools that aim at simplifying the interactive verification of MTs typically translate the MT specification (e.g. in ATL) and properties to prove (e.g. in OCL) into an interactive theorem prover. However, since the MT specification and proof phases happen in separate languages, the proof developer needs a detailed knowledge of the translation logic. Naturally, any error in the MT translation could cause unsound verification, i.e. the MT executed in the original environment may have different semantics from the verified MT. We propose an alternative solution by designing and implementing an internal domain-specific language, namely CoqTL, for the specification of declarative MTs directly in the Coq interactive theorem prover. Expressions in CoqTL are written in Gallina (the specification language of Coq), increasing the possibilities of reusing native Coq libraries in the transformation definition and proof. CoqTL specifications can be directly executed by our transformation engine encoded in Coq, or a certified implementation of the transformation can be generated by the native Coq extraction mechanism. We ensure that CoqTL has the same expressive power of Gallina (i.e. if a MT can be computed in Gallina, then it can also be represented in CoqTL). In this article, we introduce CoqTL, evaluate its practical applicability on a use case, and identify its current limitations.

Keywords

Model-driven engineering Model transformation Domain-specific language Interactive theorem proving Coq 

Notes

References

  1. 1.
    Ab. Rahim, L., Whittle, J.: A survey of approaches for verifying model transformations. Softw. Syst. Model. 14(2), 1003–1028 (2015)CrossRefGoogle Scholar
  2. 2.
    Baudry, B., Ghosh, S., Fleurey, F., France, R., Le Traon, Y., Mottu, J.M.: Barriers to systematic model transformation testing. Commun. ACM 53(6), 139–143 (2010)CrossRefGoogle Scholar
  3. 3.
    Berghofer, S., Nipkow, T.: Random testing in isabelle/HOL. In: 2nd International Conference on Software Engineering and Formal Methods, pp. 230–239. IEEE, Beijing (2004)Google Scholar
  4. 4.
    Berry, G.: Synchronous design and verification of critical embedded systems using SCADE and Esterel. In: 12th International Workshop on Formal Methods for Industrial Critical Systems, pp. 2–2. Springer, Berlin (2008)Google Scholar
  5. 5.
    Burgueño, L., Troya, J., Wimmer, M., Vallecillo, A.: Static fault localization in model transformations. IEEE Trans. Softw. Eng. 41(5), 490–506 (2015)CrossRefGoogle Scholar
  6. 6.
    Büttner, F., Egea, M., Cabot, J.: On verifying ATL transformations using ‘off-the-shelf’ SMT solvers. In: 15th International Conference on Model Driven Engineering Languages and Systems, pp. 198–213. Springer, Innsbruck (2012)CrossRefGoogle Scholar
  7. 7.
    Büttner, F., Egea, M., Cabot, J., Gogolla, M.: Verification of ATL transformations using transformation models and model finders. In: 14th International Conference on Formal Engineering Methods, pp. 198–213. Springer, Kyoto (2012)CrossRefGoogle Scholar
  8. 8.
    Calegari, D., Luna, C., Szasz, N., Tasistro, Á.: A type-theoretic framework for certified model transformations. In: 13th Brazilian Symposium on Formal Methods, pp. 112–127. Springer, Natal (2011)Google Scholar
  9. 9.
    Cheng, L., Kotoulas, S.: Scale-out processing of large RDF datasets. IEEE Trans. Big Data 1(4), 138–150 (2015)CrossRefGoogle Scholar
  10. 10.
    Cheng, Z., Monahan, R., Power, J.F.: A sound execution semantics for ATL via translation validation. In: 8th International Conference on Model Transformation, pp. 133–148. Springer, L’Aquila (2015)CrossRefGoogle Scholar
  11. 11.
    Cheng, Z., Tisi, M.: Slicing ATL model transformations for scalable deductive verification and fault localization. Int. J. Softw. Tools Technol. Transf. 20(6), 645–663 (2018)CrossRefGoogle Scholar
  12. 12.
    Chlipala, A.: The Bedrock structured programming system: Combining generative metaprogramming and hoare logic in an extensible program verifier. In: 18th ACM SIGPLAN International Conference on Functional Programming, pp. 391–402. ICFP ’13. ACM, Boston, MA (2013)Google Scholar
  13. 13.
    Cuadrado, J.S., Guerra, E., de Lara, J.: Uncovering errors in ATL model transformations using static analysis and constraint solving. In: 25th IEEE International Symposium on Software Reliability Engineering, pp. 34–44. IEEE, Naples (2014)Google Scholar
  14. 14.
    Cuadrado, J.S., Molina, J.G., Tortosa, M.M.: RubyTL: A practical, extensible transformation language. In: 2nd European Conference on Model Driven Architecture: Foundations and Applications, pp. 158–172. Springer, Bilbao (2006)CrossRefGoogle Scholar
  15. 15.
    de Lara, J., Vangheluwe, H.: AToM\(^3\): a tool for multi-formalism and meta-modelling. In: 5th International Conference on Fundamental Approaches to Software Engineering, pp. 174–188. Springer, Grenoble (2002)CrossRefGoogle Scholar
  16. 16.
    Fernández, M., Terrell, J.: Assembling the proofs of ordered model transformations. In: 10th International Workshop on Formal Engineering Approaches to Software Components and Architectures, pp. 63–77. EPTCS, Rome (2013)CrossRefGoogle Scholar
  17. 17.
    Gu, R., Shao, Z., Chen, H., Wu, X., Kim, J., Sjöberg, V., Costanzo, D.: CertiKOS: An extensible architecture for building certified concurrent os kernels. In: 12th USENIX Conference on Operating Systems Design and Implementation, pp. 653–669. USENIX Association, Berkeley, CA (2016)Google Scholar
  18. 18.
    Hamiaz, M.K., Pantel, M., Combemale, B., Thirioux, X.: A formal framework to prove the correctness of model driven engineering composition operators. In: International Conference on Formal Engineering Methods (2014)Google Scholar
  19. 19.
    He, X., Hu, Z.: Putback-based bidirectional model transformations. In: 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 434–444. ACM, Miami Beach, FL (2018)Google Scholar
  20. 20.
    Hidaka, S., Hu, Z., Inaba, K., Kato, H., Nakano, K.: GRoundTram: an integrated framework for developing well-behaved bidirectional model transformations. In: 26th IEEE/ACM International Conference on Automated Software Engineering, pp. 480–483. ACM, KS (2011)Google Scholar
  21. 21.
    Hidaka, S., Jouault, F., Tisi, M.: On additivity in transformation languages. In: 20th International Conference on Model Driven Engineering Languages and Systems, pp. 23–33. ACM/IEEE, Austin, TX (2017)Google Scholar
  22. 22.
    Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: ATL: A model transformation tool. Sci. Comput. Program. 72(1–2), 31–39 (2008)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Kolovos, D.S., Paige, R.F., Polack, F.A.: The Epsilon transformation language. In: 1st International Conference on Model Transformations, pp. 46–60. Springer, Zürich (2008)Google Scholar
  24. 24.
    Lano, K., Clark, T., Kolahdouz-Rahimi, S.: A framework for model transformation verification. Formal Asp. Comput. 27(1), 193–235 (2014)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Leroy, X.: Formal certification of a compiler back-end or: programming a compiler with a proof assistant. SIGPLAN Not. 41(1), 42–54 (2006)CrossRefGoogle Scholar
  26. 26.
    Meyer, B.: Applying design by contract. Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  27. 27.
    Oakes, B.J., Troya, J., Lúcio, L., Wimmer, M.: Fully verifying transformation contracts for declarative ATL. In: 18th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, pp. 256–265. IEEE, Ottawa, ON (2015)Google Scholar
  28. 28.
    Picard, C., Matthes, R.: Coinductive graph representation: the problem of embedded lists. Electron. Commun. EASST 39, 133–147 (2011)Google Scholar
  29. 29.
    Pierce, B.C., de Amorim, A.A., Casinghino, C., Gaboardi, M., Greenberg, M., Hriţcu, C., Sjöberg, V., Yorgey, B.: Software Foundations. Electronic textbook (2017)Google Scholar
  30. 30.
    Poernomo, I., Terrell, J.: Correct-by-construction model transformations from partially ordered specifications in Coq. In: 12th International Conference on Formal Engineering Methods. pp. 56–73. Springer, Shanghai (2010)CrossRefGoogle Scholar
  31. 31.
    Selim, G., Wang, S., Cordy, J., Dingel, J.: Model transformations for migrating legacy models: an industrial case study. In: 8th European Conference on Modelling Foundations and Applications, pp. 90–101. Springer, Lyngby (2012)CrossRefGoogle Scholar
  32. 32.
    Stenzel, K., Moebius, N., Reif, W.: Formal verification of QVT transformations for code generation. Softw. Syst. Model. 14, 981–1002 (2015) CrossRefGoogle Scholar
  33. 33.
    Taentzer, G.: AGG: A graph transformation environment for modeling and validation of software. In: 2nd International Workshop on Applications of Graph Transformations with Industrial Relevance, pp. 446–453 (2003)CrossRefGoogle Scholar
  34. 34.
    Tisi, M., Cheng, Z.: Coqtl: An internal DSL for model transformation in coq. In: 11th International Conference on Model Transformation, pp. 142–156. Springer, Toulouse (2018)CrossRefGoogle Scholar
  35. 35.
    Tisi, M., Perez, S.M., Jouault, F., Cabot, J.: Lazy execution of model-to-model transformations. In: 14th International Conference on Model Driven Engineering Languages and Systems, pp. 32–46. ACM/IEEE, Wellington (2011)CrossRefGoogle Scholar
  36. 36.
    Varró, D., Balogh, A.: The model transformation language of the VIATRA2 framework. Sci. Comput. Program. 68(3), 214–234 (2007)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Varró, G., Varró, D., Friedl, K.: Adaptive graph pattern matching for model transformations using model-sensitive search plans. In: 1st International Workshop on Graph and Model Transformations, pp. 191–205. Elsevier, Brighton (2006)CrossRefGoogle Scholar
  38. 38.
    Wagelaar, D.: Using ATL/EMFTVM for import/export of medical data. In: 2nd Software Development Automation Conference, Amsterdam, Netherlands (2014)Google Scholar
  39. 39.
    Werner, B.: Sets in types, types in sets. In: Proceedings of TACS’97, pp. 530–546. Springer, Berlin (1997)Google Scholar
  40. 40.
    Willink, E., Hoyos, H., Kolovos, D.: Yet another three QVT languages. In: 6th International Conference of Model Transformations, pp. 58–59. Springer, Budapest (2013)CrossRefGoogle Scholar
  41. 41.
    Yang, Z., Hu, K., Ma, D., Bodeveix, J.P., Pi, L., Talpin, J.P.: From AADL to timed abstract state machines: a verified model transformation. J. Syst. Softw. 93, 42–68 (2014)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.LS2N (UMR CNRS 6004)ICAMNantesFrance
  2. 2.LS2N (UMR CNRS 6004)IMT AtlantiqueNantesFrance

Personalised recommendations