1
ALLOY4SPV
Part of Yoann Laurent’s Phd Work (a Year and half) - LIP6
yoann.laurent@lip6.fr
Reda Bendraou- LIP6
Definitions: Agents, Activities & Artifacts
Software
Process
Agent
Activity
Artifact
… build ...
in order to
produce…
Modeler
Developer
Tester
…
Models
Source Code
Tests
…
Software
Activity is an elementary task.
Artifact is a product created or modified during a process either as a required result or to facilitate the process.
Agent is a performer of the process. It may be a human or a computerized tool.
Software Process is a set of partially ordered activities realized by agents, which create/maintain sets of related artifacts.
Based on [Lonchamp, ICSP’93]
2
Definitions : Software Process Model
« … is an abstract software process description. It can be more or less
formal. A given process model expresses: (i) a certain level of abstraction
and (ii) a particular view on the process. »
[Lonchamp, SICSP’93]
Artifact
designModel
design
sourceCode
code
Activity
Used for learning, vericiation and execution purposes
3
Some constraints are not represented
in Software Process Models
4

Software Process Models never come alone

Organizational Constraints


Business Constraints


Timing and resources assignement issues
Specific and very contextual to the project
And of course, process models should be sound before
deployment

Well-Known soundness properties
Behavioral Constraints
5
(1) Soundness
A
B
D
Control-Flow
{Initial, A, Decision, C, Merge, D, Final}
C
{Initial, A, Decision, B, Merge}
« CtoD » will not receive an offer
« D » input will never receive an offre
1..1
A
B
1..1
Data-Flow
D
{Initial, A, Decision, B, Merge, D, Final}
C

{Initial, A, Decision, C, Merge}
« Soundness of Workflow nets » [Aalst’11]

(1) Option to complete (2) Proper completion (3) No dead
transition
Behavioral Constraints
6
(2) Organizational
A
B1
D
(1hour)
(1hour)
(1hour)
B2
Execution path
Time
Possible in 3 hours?
(2hour)
B3
(30min)
[continue]
{A, B1, D}
3h
yes
{A, B2, D}
4h
Impossible
{A, (B3)*, D}
[2:30 à oo]
yes but only if B executes
only once
Behavioral Constraints
7
(3) Business
ImportantArtifact
A
B
D
ImportantAction

Constraints specific to a given project:


ImportantAction should be executed
whatever the execution path.
ImportantArtifact should be
created whatever the execution path.
{Initial, A, Decision, ImportantAction, Merge,
D, Final}
{Initial, A, Decision, B(ImportantArtifact),
Merge, D, Final}
Software Process Constraintes
8

Logiques temporelles
LTL : Linear Temporal Logic
 CTL : Computation Tree Logic

PSEE – Process-centered Software
Engineering Environment
« … provides some assistance to its users by
interpreting software proces models »
Based on [Lonchamp, SICSP’93]
designModel
design
Process
Modeler
start
design
create
design
Model
sourceCode
code
end
design
Agent
Are the required
artifacts present?
Are the produced
artifacts correct?
Manager
Is the agent doing what
she/he is supposed to do?
9
Process Models: Strong assumptions
10
1) The process model is perfect

captures the right steps, milestones, artifacts, roles & workflow
2) Process’s agents are strictly following the process model

They don’t take any personal initiative to perform the process differently
Process Deviations
Business Constraints
11
Process Model
Organizational
Constraints
Process
Description
Process
realization
C
o
n
s
i
s
t
e
n
c
y
….
PSEE / Execution


Agent deviation
from the process model
C
o
n
s
i
s
t
e
n
c
y
Time
What the PSEE/Project
Manager should do?
Deviation: any action performed by an agent during the process execution which is not defined
in the process model (In almost 98% of the time [Vissagio])
Deviation Vs Exception [Lerner et al.]
What are the impacts of these
deviations?
12
H
I
A
J
Soundness ?
E
F
G
Skip an Activity
Organizational Constraints ?
H
I
A
Business Constraints ?
J
E
F
G
J
I
A
E
F
G
Add a new Activity
X
Consequences of agent’s deviations
13

Do they represent a threat to the process’s continuity & project
management ?

Do we still have a chance to respect project deadlines?

What are the impacts of these deviations?

How can we make sure to preserve these constraints along the
process execution if deviations or modifications have to occur?
Our previous work on process deviations
14

Early detection of deviations [MoDELS 10a, b][TSI 13][Caise-F 12]

Handling of deviations [Caise 10, EDOCW11]

Living with Deviations [ASE 11]

But we never explored the idea of on the fly process
model modification to handel deviations => need to
calculate the impact of a modification/deviation
Requirements for more flexibiliy in
handling process deviations
15

Ability to decorate the process model with various
constraints
 More


reusability of process models
Ability to verify process models before execution
Ability to preserve process constraints at runtime
even if deviations occur
 Planning
possible solutions
Our Proposition: Alloy4SPV

Alloy for Software Process Verification
UML2.0 Activities
16
fUML
Process Model
AlloyToProcess
PSEE
is Enacted
Process View
Process Engine
interact
ProcessToAlloy
PropertiesToAll
oyView
Properties
Alloy Modules
Semantic.als
Alloy4SPV
Alloy Analyzer
Syntax.als
ProcessModel.als
Properties.als
Satysfying
Solution
Counterexample
Our Proposition: Alloy4SPV
17

Constraints specification through a GUI
 Automatic
translation to Alloy
Why Alloy?
18




You define your own semantics, you don’t need to rely on any other
formalims such as Petri Nets.
It supports a wide variety of properties such as invariants, user-defined
assertions, LTL and CTL formulas with fairness constraints
It is expressive enough to represent a UML-based model associated with
OCL constraints
A model-finder (and not a model-checker)



Simulation (run) : finds an instance that satisfies a set of constraintes
Checking (check) : finds a counter-example that violates a constraint
On-the-shelf SAT-solvers (MiniSat, ZChaff,...).
Contributions so far
19

Formalization of the fUML in first order logic [1]

Implementation of the fUML semantics using Alloy

Process execution engine and debugger based on fUML


A library of ready to use and customizable constraints
expressed through a graphical interface
Graphical Alloy-based Verification tool
[1] http://pagesperso-systeme.lip6.fr/Yoann.Laurent/alloy4sp/formal.pdf
Results
20



Time to analyze the « OptionToComplete »
property with Alloy4SPV
We had « good » results (18 bilion clauses . 7 Bilion
vars.) in less than 1 minute
This proofs the effectiveness of the approach…
21
Still to achieve: Performance issues
Some Intuitions !
Abstracting the process
22
H
A
Sequence Reduction
I
J
B
C
E
F
IJ
D
A
BCD
E
G
10 Actions

H
FG
6 Actions
Reduction Rules for Petri-Net [Murata’89,Desel’95]
Decomposition
23

Program slicing methods
 Single
Entry Single Exit (SESE) [Johnson’94]
H
I
J
B
C
2
1
A
D
E
3
F
G
A
Scope and Constraints reductions
24
H
I
A
Impact Reduction
J
E
F
F
Currently
executing

G
G
X
X
New activity
Scope and constraints reductions [SPE Journal 13]
Conclusion
25

Some promising results so far

Two perspectives on the agenda
 To
 To
increase performance at runtime
use the “Synthesis” facility of Alloy to compute
solutions and repair plans
Questions
26

Paper accepted this year around this work



Executing and Debugging UML Models: an fUML extension,
SAC’2013
Generation of Process using Multi-objective Genetic Algorithm,
ICSSP’2013 (ICSE co-located event)
Submitted

Alloy4SPV: a Formal Framework for Software Process
Verification, SLE’2013