Skip to main content

Timing consistency checking for UML/MARTE behavioral models

Abstract

UML/MARTE model-driven development approaches are gaining attention in developing real-time embedded software (RTES). UML behavioral models with MARTE annotations are used to describe timing behaviors and timing characteristics of RTES. Particularly, state machine, sequence, and timing diagrams with MARTE annotations are appropriate to understand and analyze timing behaviors of RTES. However, to guarantee software correctness and safety, timing inconsistencies in UML/MARTE should be identified in the design phase of RTES. UML/MARTE timing inconsistencies are related to modeling errors and can be hazards throughout the lifecycle of RTES. We propose a systematic approach to check timing consistency of state machine, sequence, and timing diagrams with MARTE annotations for RTES. First, we present how state machine, sequence, and timing diagrams with MARTE annotations specify the behaviors of RTES. To overcome informal semantics of UML/MARTE models, we provide formal definitions of state machine, sequence, and timing diagrams with MARTE annotations. Second, we present the timing consistency checking approach that consists of a rule-based and a model checking-based timing consistency checking. In the rule-based timing consistency checking, we validate well formedness of UML/MARTE behavioral models in timing aspects. In the model checking-based timing consistency checking, we verify whether timing behaviors of sequence and timing diagrams with MARTE annotations are consistent with the timing behaviors of state machine diagrams with MARTE annotations. We support an automated timing consistency checking tool UML/MARTE timing Consistency Analyzer for a seamless approach. We demonstrate the effectiveness and the practicality of the proposed approach by two case studies using cruise control system software and guidance and control unit software .

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28
Fig. 29

References

  • Alur, R., & Dill, D. L. (1994). A theory of timed automata. Theoretical Computer Science, 126(2), 183–235.

    MathSciNet  Article  MATH  Google Scholar 

  • Amnell, T., Fersman, E., Pettersson, P., Sun, H., & Yi, W. (2002). Code synthesis for timed automata. Nordic Journal of Computing, 9(4), 269–300.

    MathSciNet  MATH  Google Scholar 

  • Amnell, T., Fersman, E., Mokrushin, L., Pettersson, P., & Yi, W. (2004). TIMES: A tool for schedulability analysis and code generation of real-time systems. In Formal modeling and analysis of timed systems (pp. 60–72). Berlin: Springer.

  • Bérard, B., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petrucci, L., et al. (2010). Systems and software verification: Model-checking techniques and tools. Berlin: Springer.

    MATH  Google Scholar 

  • Chiorean, D., Paşca, M., Cârcu, A., Botiza, C., & Moldovan, S. (2004). Ensuring UML models consistency using the OCL environment. Electronic Notes in Theoretical Computer Science, 102, 99–110.

    Article  Google Scholar 

  • Choi, J. (2015). UMCA (UML/MARTE timing Consistency Analyzer) tool. http://sites.google.com/site/jhchoi93/.

  • Choi, J., & Bae, D. H. (2012). An approach to constructing timing diagrams from UML/MARTE behavioral models for guidance and control unit software. In Computer applications for database, education, and ubiquitous computing (pp. 107–110). Berlin: Springer.

  • Choi, J., Shim, J., & Yim, S. (2005). The implementation and performance analysis of soft timer interrupt UML-RT model on a windows platform with real-time extension. In Proceedings of the korea information science society fall conference (Vol. 32, pp. 841–843)

  • Choi, J., Jee, E., Kim, H. J., & Bae, D. H. (2011a). A case study on timing constraints verification for a safety-critical, real-time system. In Proceedings of the Korea computer congress (KCC) (Vol. 38, pp. 166–169).

  • Choi, J., Jee, E., Kim, H. J., & Bae, D. H. (2011b). A case study on timing constraints verification for a safety-critical, time-triggered embedded software. Journal of KIISE: Software and Applications, 38(12), 647–656.

    Google Scholar 

  • Choi, J., Jee, E., & Bae, D. H. (2012a). Systematic vxworks-based code generation from timed automata model. In Proceedings of the Korea computer congress (KCC) (Vol. 39, pp. 138–140).

  • Choi, J., Jee, E., & Bae, D. H. (2012b) Toward systematic construction of timing diagrams from UML/MARTE behavioral models for time-triggered embedded software. In 2012 IEEE sixth international conference on Software Security and Reliability (SERE) (pp. 118–127).

  • Choi, J., Jee, E., & Bae, D. H. (2013). Systematic generation of VxWorks-based code from timed automata models. Journal of KIISE: Computing Practices and Letters, 19(2), 90–94.

    Google Scholar 

  • Clarke, E. M., Grumberg, O., & Peled, D. (1999). Model checking. Cambridge: MIT Press.

    Google Scholar 

  • Egyed, A. (2006). Instant consistency checking for the UML. In Proceedings of the 28th international conference on Software Engineering (pp. 381–390). ACM

  • Egyed, A. (2007). UML/Analyzer: A tool for the instant consistency checking of UML models. In 29th International Conference on Software Engineering, 2007. ICSE 2007 (pp. 793–796).

  • Egyed, A. (2011). Automatically detecting and tracking inconsistencies in software design models. IEEE Transactions on Software Engineering, 37(2), 188–204.

    Article  Google Scholar 

  • Engels, G., Küster, J. M., Heckel, R., & Groenewegen, L. (2001). A methodology for specifying and analyzing consistency of object-oriented behavioral models. In ACM SIGSOFT Software Engineering Notes (Vol. 26, pp. 186–195)

  • Fersman, E., Pettersson, P., Yi, W. (2002). Timed automata with asynchronous processes: Schedulability and decidability. In Tools and Algorithms for the Construction and Analysis of Systems (pp. 67–82). Berlin: Springer

  • Fowler, M. (2004). UML distilled: A brief guide to the standard object modeling language. Boston: Addison-Wesley Professional.

    Google Scholar 

  • Gherbi, A., & Khendek, F. (2007) Consistency of UML/SPT models. In SDL 2007: Design for dependable systems (pp. 203–224). Berlin: Springer.

  • Gogolla, M., Büttner, F., & Richters, M. (2007). Use: A UML-based specification environment for validating UML and OCL. Science of Computer Programming, 69(1), 27–34.

    MathSciNet  Article  MATH  Google Scholar 

  • Gomaa, H. (2001). Designing concurrent, distributed, and real-time applications with UML. In Proceedings of the 23rd international conference on software engineering, (pp. 737–738). IEEE Computer Society.

  • Gomes, L., Fernandes, J. M., & Global, I. (2010). Behavioral modeling for embedded systems and technologies: Applications for design and implementation. InInformation Science Reference

  • Holzmann, G. J. (2003). The SPIN model checker: Primer and reference manual. Boston: Addison-Wesley Professional.

    Google Scholar 

  • Knapp, A., Merz, S., & Rauh, C. (2002). Model checking timed UML state machines and collaborations. In Formal techniques in real-time and fault-tolerant systems, (pp. 395–414). Berlin: Springer

  • Kuster, J., & Stroop J (2001) Consistent design of embedded real-time systems with UML-RT. In Proceedings. Fourth IEEE international symposium on object-oriented real-time distributed computing, 2001. ISORC-2001, (pp. 31–40).

  • Laleau, R., & Polack, F. (2008). Using formal metamodels to check consistency of functional views in information systems specification. Information and Software Technology, 50(7), 797–814.

    Article  Google Scholar 

  • Lavagno, L., Martin, G., & Selic, B. V. (2003). UML for real: Design of embedded real-time systems. Berlin: Springer.

    Book  MATH  Google Scholar 

  • Leveson, N. (2011). Engineering a safer world: Systems thinking applied to safety. Cambridge: Mit Press.

    Google Scholar 

  • Lucas, F. J., Molina, F., & Toval, A. (2009). A systematic review of UML model consistency management. Information and Software Technology, 51(12), 1631–1645.

    Article  Google Scholar 

  • Millett, L. I., Thomas, M., Jackson, D., et al. (2007). Software for dependable systems: Sufficient evidence?. Washington: National Academies Press.

    Google Scholar 

  • Nentwich, C., Capra, L., Emmerich, W., & Finkelsteiin, A. (2002). xlinkit: A consistency checking and smart link generation service. ACM Transactions on Internet Technology (TOIT), 2(2), 151–185.

    Article  Google Scholar 

  • Nguyen, M. C., Jee, E., Choi, J., & Bae, D. H. (2014). Automatic construction of timing diagrams from UML/MARTE models for real-time embedded software. In Proceedings of the 29th annual ACM symposium on applied computing, (pp. 1140–1145).

  • OMG. (2005). UML profile for schedulability, performance, and time specification, version 1.1 (formal/2005-01-02) Edition. http://www.omg.org.

  • OMG. (2006). Object Constraint Language. version 2.0 (formal/06-05-01) Edition. http://www.omg.org.

  • OMG. (2011a). UML profile for MARTE: Modeling and analysis of real-time embedded systems. version 1.1 (formal/2011-06-02) Edition. http://www.omg.org

  • OMG. (2011b). Unified Modeling Language: Superstructure. version 2.4.1 (formal/2011-08-06) Edition. http://www.omg.org.

  • Papyrus . (2012). Papyrus. http://www.eclipse.org/modeling/mdt/papyrus/

  • Paradigm, V. (2012). Visual Paradigm for UML Communication Edition. http://www.visual-paradigm.com.

  • Peraldi-Frati, M. A., Blom, H., Karlsson, D., & Kuntz, S. (2012). Timing modeling with autosar-current state and future directions. In Design, automation and test in Europe conference and exhibition (DATE), IEEE (pp. 805–809).

  • Pont, M. J. (2001). Patterns for time-triggered embedded systems. New York: Person Edueation.

    Google Scholar 

  • Rumbaugh, J., Jacobson, I., & Booch, G. (2004). The unified modeling language reference manual. Boston: Addison-Wesley Professional.

    Google Scholar 

  • Selic, B. (1998). Using UML for modeling complex real-time systems. In Languages, compilers, and tools for embedded systems (pp. 250–260), Berlin: Springer.

  • Sgroi, M., Lavagno, L., & Sangiovanni-Vincentelli, A. (2000). Formal models for embedded system design. IEEE Design & Test of Computers, 17(2), 14–27.

    Article  MATH  Google Scholar 

  • Sommerville, I. (2011). Software engineering (9th ed.). Boston: Addison Wesley.

    MATH  Google Scholar 

  • Sourrouille, J. L., & Caplat, G. (2002). Checking UML model consistency. In Workshop on consistency problems in UML-based software development, Blekinge Institute of Technology (pp. 1–15).

  • TIMES. (2007). Uppsala university design and analysis of real-time systems team. TIMES-a tool for modeling and implementation of embedded systems. http://www.timestool.com.

  • UPPAAL. (2012). Uppsala University and Aalborg University. UPPAAL-a tool for verification of real-time systems. http://www.uppaal.org.

  • Usman, M., Nadeem, A., Kim, T. H., & Cho, E. S. (2008). A survey of consistency checking techniques for UML models. In Advanced software engineering and its applications, 2008, ASEA 2008 IEEE, (pp. 57–62).

  • Wieringa, R. J. (2003). Design methods for reactive systems: Yourdon, statemate, and the UML. Amsterdam: Elsevier.

    Google Scholar 

  • Zhao, X., Long, Q., & Qiu, Z. (2006). Model checking dynamic UML consistency. In Formal methods and software engineering, Berlin: Springer (pp. 440–459).

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jinho Choi.

Appendices

Appendix 1: Rules for rule-based timing consistency checking

Intra-model consistency checking rules

SMD-MARTE ExecTime

SMD-MARTE ExecTime rule defines that an execution time of an SMD/MARTE should be greater than or equal to an execution time of the following two conditions:

  1. 1.

    An execution time of each state.

  2. 2.

    Execution times of execution paths from a state with a receiving message in a incoming transition to a state with a sending message in a outgoing transition only if all states in execution paths have an execution time. ⌟

Rule. SD-MARTE ExecTime

SD-MARTE ExecTime rule defines that an execution time of a lifeline in an SD/MARTE should be greater than or equal to an execution time of each execution specification in the lifeline. ⌟

Rule. TD-MARTE ExecTime

TD-MARTE ExecTime rule defines that if duration of a state represents an execution time, an execution time of a lifeline in a TD/MARTE is greater than or equal to the following two conditions:

  1. 1.

    An execution time of each state.

  2. 2.

    Execution times of execution paths from a state with a receiving message to a state with a sending message. ⌟

Rule. SMD-MARTE Deadline

Rule. SD-MARTE Deadline

Rule. TD-MARTE Deadline

SMD-MARTE Deadline, SD-MARTE Deadline, and TD-MARTE Deadline rules define that deadline should be greater than or equal to an execution time of a UML/MARTE model. ⌟

Rule. SD-MARTE TimeObservation

SD-MARTE TimeObservation rule defines that a time observation value in an SD/MARTE is the sum of a time observation value and an execution time of the previous execution specification in the SD/MARTE. ⌟

Rule. TD-MARTE TimingRuler

TD-MARTE TimingRuler rule defines that the timing ruler values in a TD/MARTE should be increased at regular intervals. ⌟

Inter-model consistency checking rules

Rule. SD-SMD MARTE

SD-SMD MARTE rule defines that MARTE annotation linked to a lifeline in an SD/MARTE should be the same as a MARTE annotation linked to an SMD/MARTE of the lifeline. ⌟

Rule. SD-SMD Lifeline

SD-SMD Lifeline rule defines that a lifeline in an SD/MARTE should have a corresponding SMD/MARTE. ⌟

Rule. SD-SMD Message

SD-SMD Message rule defines that a receiving message and a sending message of lifelines in an SD/MARTE should be defined in events and actions in an SMD/MARTE of the lifeline, respectively. ⌟

Rule. SD-SMD ExecTime

SD-SMD ExecTime rule defines that an execution time of an execution specification in an SD/MARTE is greater than or equal to an execution time of a state in an SMD/MARTE for the following three conditions:

  1. 1.

    An execution time of an execution specification with only a receiving message in an SD/MARTE should be greater than or equal to an execution time of a state with the same receiving message in an SMD/MARTE of the lifeline.

  2. 2.

    An execution time of an execution specification with only a sending message in an SD/MARTE should be greater than or equal to an execution time of a state with the same sending message in an SMD/MARTE of the lifeline.

  3. 3.

    An execution time of an execution specification with a receiving message and a sending message in an SD/MARTE should be equal to an execution time of a path from a state with the same receiving message to a state with the same sending message in an SMD/MARTE of the lifeline. ⌟

Rule. TD-SMD MARTE

TD-SMD MARTE rule defines that a MARTE annotation linked to a lifeline in a TD/MARTE should be equal to a MARTE annotation linked to an SMD/MARTE of the lifeline. ⌟

Rule. TD-SMD Lifeline

TD-SMD Lifeline rule defines that a lifeline in a TD/MARTE should have a corresponding SMD/MARTE. ⌟

Rule. TD-SMD Message

TD-SMD Message rule defines that a receiving message and a sending message of lifelines in a TD/MARTE should be defined in events or actions of an SMD/MARTE of the lifeline, respectively. ⌟

Rule. TD-SMD State

TD-SMD State rule defines that states of a lifeline in a TD/MARTE should be defined in an SMD/MARTE of the lifeline. ⌟

Rule. TD-SMD ExecTime

TD-SMD ExecTime rule defines that an execution time of a state of a lifeline in a TD/MARTE is the same as an execution time of a state in an SMD/MARTE of the lifeline. ⌟

Rule. SD-TD MARTE

SD-TD MARTE rule defines that MARTE annotation of a lifeline in an SD/MARTE should be the same as a MARTE annotation of the lifeline in a TD/MARTE. ⌟

Rule. SD-TD Lifeline

SD-TD Lifeline rule defines that a lifeline of an SD/MARTE and a lifeline of TD/MARTE should be the same only if MARTE annotations of an SD/MARTE and a TD/MARTE are same and a message of the lifeline in an SD/MARTE is included in messages of the lifeline in a TD/MARTE. ⌟

Rule. SD-TD ExecTime

SD-TD ExecTime rule defines that an execution time of an execution specification of a lifeline in an SD/MARTE is the same as an execution time of a state in a TD/MARTE only if the execution specification of a lifeline has a receiving and sending message, and the lifeline in a TD/MARTE also have the same receiving and sending message. ⌟

Appendix 2: SMDs/MARTE for CCS software

See Figs. 30, 31, 32, 33, 34 and 35.

Fig. 30
figure 30

SMD/MARTE for SettingController

Fig. 31
figure 31

SMD/MARTE for CruiseController

Fig. 32
figure 32

SMD/MARTE for display

Fig. 33
figure 33

SMD/MARTE for SpeedCounter

Fig. 34
figure 34

SMD/MARTE for SpeedController

Fig. 35
figure 35

SMD/MARTE for user

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Choi, J., Jee, E. & Bae, DH. Timing consistency checking for UML/MARTE behavioral models. Software Qual J 24, 835–876 (2016). https://doi.org/10.1007/s11219-015-9290-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11219-015-9290-6

Keywords

  • UML
  • State machine diagram
  • Sequence diagram
  • Timing diagram
  • MARTE
  • Timing consistency checking