Modular and Distributed Veriﬁcation of SysML Activity Diagrams

Messaoud Rahim

, Ahmed Hammad

and Malika Ioualalen

Sciences and Technology Faculty, Yahia Fares University, Medea, Algeria

Institut FEMTO-ST, UMR CNRS 6174, Besancon, France

LSI, Computer Science Department, USTHB, Algiers, Algeria

Keywords:

SysML, Activity Diagram, Places Bordered Petri Nets, Distributed Model-checking.

Abstract:

Model-based development for complex system design has been used to support the increase of systems com-

plexity. SysML is a modeling language that allows a system description with various integrated diagrams, but

SysML lacks formality for the requirement veriﬁcation. Translating SysML-based speciﬁcation into Petri nets

allows to enable rigorous system analysis. However, for complex systems, we have to deal with the state space

explosion problem. In this paper, we propose new approach to allow a modular and distributed veriﬁcation of

SysML Activity Diagram basing on the derived Petri net.

1 INTRODUCTION

The System Modeling Language (SysML) is UML

proﬁle that can be used to specify graphically

all aspects of complex systems(Friedenthal et al.,

2008). Nevertheless, despite the various advantages

of SysML, it remains a semi-formal language with-

out possibilities of formally verifying the models

described by it. Industrial safety-related standards

strongly recommend the use of formal methods to val-

idate critical systems. For that purposes, it is needed

to use SysML in conjunction with formal method to

provide formal veriﬁcation of the speciﬁed system.

Several approaches based on mapping SysML be-

havioural diagrams to Petri nets have been proposed

(Carneiro et al., 2008; Andrade et al., 2009; Linhares

et al., 2007). The aim of these approaches was to pro-

vide a way to verify the speciﬁed system with a Model

checking technique. However, in the case of complex

systems, we have to deal with the state space explo-

sion problem to analyse the resulting Petri net. A way

to overcome the state space explosion is the use of

modular analysis. Another way that had gained inter-

est, in the recent years is the use of distributed pro-

cessing (Kristensen and Petrucci, 2004; Barnat and

Rockai, 2008).

In this paper, we propose a global approach for

performing a modular and distributed veriﬁcation of

the SysML activity diagram. Basing on composite

activities, we derive places-bordered Petri net mod-

ule for each activity. The veriﬁcation of the system

can concern only one simple activity or the global

SysML activity diagram. For the second case, and

in order to deal with the state space explosion prob-

lem, we propose to adapt the distributed veriﬁcation

process using a cluster of computing nodes(Boukala

and Petrucci, 2011; Abid and Zouari, 2007) for ver-

ifying the derived modular Petri net. For mapping

a SysML activity diagram into places-bordered Petri

net, we propose a translation rule for the call behav-

ior action. The translation of the other basic SysML

activity constructs is inspired from previous works.

The rest of this paper is organized as follows: in

Section 2, we discuss related works. In Section 3,

we present the SysML activity diagram. In Section

4, we give a deﬁnitions of places bordered Petri net.

In section 5, we present the mapping technique. We

present the modular and distributed veriﬁcation pro-

cess in Section 6. Finally, in Section 7, we conclude

and we outline some ideas for future works.

2 RELATED WORKS

The most proposed approaches concerning the for-

mal speciﬁcation of SysML diagrams have used Petri

net models due to their expressiveness and formal-

ity (Linhares et al., 2007; Carneiro et al., 2008; An-

drade et al., 2009). To our knowledges, this work is

the ﬁrst that considers the composite structure of the

SysML activity diagram for a veriﬁcation purposes.

202

Rahim M., Ahmed H. and Malika I..

Modular and Distributed Veriﬁcation of SysML Activity Diagrams.

DOI: 10.5220/0004320602020205

In Proceedings of the 1st International Conference on Model-Driven Engineering and Software Development (MODELSWARD-2013), pages 202-205

ISBN: 978-989-8565-42-6

 2013 SCITEPRESS (Science and Technology Publications, Lda.)

The composite and modular veriﬁcation approaches

aim to take beneﬁt from some information about the

components of the system and the way they commu-

nicate. Modular Petri nets allow designers to specify

a system as communicating modules. Modules com-

municate using shared transitions or fusion places.

The work presented in (Valmari, 1994) proposes a

compositional veriﬁcation method for Petri net com-

posed of place bordered subnets. The veriﬁcation ap-

proach used in this work is based on Model checking

technique. However, for complex system, we have

to overcome the state space explosion problem. Sev-

eral recent approaches use distributed processing en-

vironments to extend the size of the state space to be

constructed(Boukala and Petrucci, 2011). This work

proposes to adapt these approaches combined with a

modular analysis to verify a SysML activity diagrams.

3 THE SysML ACTIVITY

DIAGRAM

In SysML(OMG, 2010), an activity is a formalism

for describing behaviour that speciﬁes the transfor-

mation of inputs to outputs through a controlled se-

quence of actions. The basic constructs of an activity

are actions and control nodes as illustrated in Figure

1. Actions are the building blocks of activities, each

action can accept inputs and produces outputs, called

tokens. These tokens can correspond to anything that

ﬂows such as information or physical item (e.g., wa-

ter, signal). Control nodes include fork, join, decision,

Figure 1: Activity diagram basic constructs.

merge, initial, activity ﬁnal, and ﬂow ﬁnal. A call

behavior action permits to invoke an activity when it

starts, and passes the tokens from its input pins to the

input parameter nodes of the invoked activity.

4 PLACES-BORDERED PETRI

NETS

Formally a Petri net is (Valmari, 1994):

Deﬁnition 1. A Petri net is triplet: PN = (P, T, W ).

Where: P is ﬁnite set of places, T is ﬁnite set of tran-

sitions, (P ∩ T =

0) and W : (PXT) ∪ (T XP) → N is

a weight function, W(p, t) (resp. W (t, p)) gives the

weight of the arc from p to t (resp. from t to p).

Usually, an initial marking is associated with the

Petri net:

Deﬁnition 2. A marked Petri net (PN, M

), is a Petri

net PN with an initial marking M

: P → N. The initial

marking of a place p ∈ P is M

(p).

To compose a large Petri net from smaller pieces,

we deﬁne a places-bordered Petri (Valmari, 1994). A

places-bordered Petri net modules interface with each

other via common places, called border places.

Deﬁnition 3. A places-bordered Petri net module is

the 4-tuple NC = (P, T, W, B). where : P, T , and W

are as in a Petri net, B ⊆ P is the set of border places.

5 THE MAPPING TECHNIQUE

Basing on the previous works that propose a map-

ping of UML and SysML activity diagram to Petri

nets (N. Yang and Qian, 2010; Andrade et al., 2009;

Staines, 2008), our technique deﬁnes a mapping for

the call behavior actions and propose to map the

SysML activity diagram to modular Petri net with

border places. The mapping we propose is activity

based decomposition. The decomposition is guided

by the call behavior actions which permits to facili-

tate the mapping of a SysML activity diagram even

it includes several composite activities. The Petri net

derived from the SysML activity diagram is a set of

places-bordered Petri net modules, each one repre-

sents an activity instance.

5.1 Mapping Initial and Final Nodes

Initial node represents the start point of an activity.

As illustrated in ﬁgure 2, to map the initial node, we

use one transition (t in Act) with one input place and

two output places. The input place (en Act) is used to

enable the execution of the activity. The ﬁrst output

place (on Act) is used to indicate that we are execut-

ing the activity and the second output place (Ctl out)

is used to represent the control ﬂow.

Activity ﬁnal represents the end point of an activ-

ity. As illustrated in ﬁgure2, to map ﬁnal node, we

use one transition (t out Act) with two input places

and one output place. The ﬁrst input place (on Act)

represents that we are executing the activity and the

second input place (Ctl in) represents the output ﬂow

enabling the termination of the activity. The output

place (end Act) is used to indicate that the activity is

terminated.

ModularandDistributedVerificationofSysMLActivityDiagrams

203

Figure 2: Mapping initial and ﬁnal activity node.

5.2 Mapping Actions and Object Flows

As illustrated in the ﬁgure 3, for mapping an ac-

tion with control and data ﬂow into Petri net, places

are used to represent the input and the output ﬂows

(in A, Ctl in A, out A, Ctl out A, ) and one transition

(Exec A) is used to represent the action.

For mapping an object ﬂow that connects output pin

of one action A to the input pin of another action B,

we fusion the place (Out A) that represents the out-

put pin of the action A with the place (In B) which

represents the input pin of the action B.

Figure 3: Mapping simple action and Object ﬂows between

actions.

5.3 Mapping Routing Object Flows

For mapping a fork node 4 we use a transition

t A f ork that represents the split operation with out A

as input place and in B with in C as output places. For

mapping a join node 4 we use a transition t AB join

that represents the synchronisation between out A and

out B as input places and in C as output place.

Figure 4: Mapping join and fork nodes.

5.4 Mapping Call Behavior Action

To map A call behavior action we consider that the

invoked activity is already mapped into places bor-

dered Petri net module. As presented in Figure 5,

the mapping of a call behavior action A that in-

vokes an activity Act with one input and one output

ﬂow is places bordered Petri net module which has

in act, en Act, out Act and end Act as border places

with the Petri net module that represents the calling

activity. The transition t Abact is used to pass all in-

put ﬂows of the call behavior action to the invoked

activity and to enable its execution. When the called

activity terminates, we use the transition t Aeact to

pass all output ﬂows of the invoked activity to the call

behavior action.

Figure 5: Mapping call behavior action.

6 THE MODULAR AND

DISTRIBUTED VERIFICATION

PROCESS

As described in the mapping technique, the resulting

Petri net is set of place bordered Petri net modules.

Modular veriﬁcation is enabled by the fact that each

Petri net module speciﬁes the behavior of an activ-

ity. A simple activity can be veriﬁed by using only

its related Petri net module. For verifying a compos-

ite activity we have to use its related Petri net mod-

ule and all the Petri net modules corresponding to

their call behavior actions. A modular and distributed

veriﬁcation can be used to perform the analysis of a

complex composite activities. The main step in the

model-checking is the construction of the state space.

In order to construct the state space of the Petri net

derived from the SysML activity diagram we decom-

pose the state space construction problem into a num-

ber of distributed tasks. The decomposition is guided

by the SysML activities. The approach we propose

is parallel objects based (Kale and Zheng, 2009). For

constructing the state space, we use one main task to

initialize the state space construction process, and a

set of parallel tasks which we call activity tasks to

explore and store the state space. Activity tasks are

used to encode a place bordered Petri net modules.

Each Petri net module is assigned to an activity task

which explores independently the internal states of

the module. Activity tasks encapsulate informations

about transitions and border places. They perform

the exploration of a given state, the storing of internal

successors state, seek for previously explored states

and invoke the storing of external states. Each activ-

ity task encapsulates a hash table that is used to store

a fragments of the state space. From a logical point of

view, we consider all the processing nodes as a unique

computing node. The activity tasks are viewed as an

arrays of parallel Tasks. Physically, all the tasks are

mapped over the physical nodes. The mapping is done

MODELSWARD2013-InternationalConferenceonModel-DrivenEngineeringandSoftwareDevelopment

204

Figure 6: Logical and physical view of the application ar-

chitecture.

when we create the tasks. The Figure 6 presents an

example using four (4) computing nodes.

The state space is the basic model on which most

veriﬁcations are built. The constructed state space is

modular. It can be used to verify behavioural proper-

ties in the hole activity diagram or just on some ac-

tivities. The properties to verify can be basic such

as reachability, deadlocks, liveness and home state.

We can adopt the approach presented in (Boukala and

Petrucci, 2011) to verify such properties in the dis-

tributed and modular state space. Functional prop-

erties have to be extracted and translated from the

SysML requirements diagram to temporal logic such

as LTL and CTL. Various works have been proposed

to verify LTL and CTL formulas in distributed and

modular state space (Latvala and Makela, 2004).

7 CONCLUSIONS

The paper presents a modular and distributed veriﬁca-

tion approach for formally verifying complex systems

described by SysML activity diagrams. A technique

for mapping the SysML activities to Petri net have

been proposed. The mapping is guided by the call be-

havior actions. The modular veriﬁcation is enabled

by analysing each activity using its related Petri net

module. For enabling the veriﬁcation of complex and

composite activities a modular and distributed veriﬁ-

cation technique have been proposed to overcome the

state space explosion problem. As future works, it is

important to consider the process of extracting prop-

erties as temporal logic formulas from the SysML

requirement diagram to complete the approach pre-

sented in this paper.

REFERENCES

Abid, C. A. and Zouari, B. (2007). A distributed veriﬁcation

approach for modular petri nets. In proc. of the 2007

summer computer simulation conference, pages 681–

690.

Andrade, E., Macie, P., Callou, G., and Nogueira, B. (2009).

A methodology for mapping sysml activity diagram to

time petri net for requirement validation of embedded

real-time systems with energy constraints. In proc.

ICDS’09, pages 266–271.

Barnat, J. and Rockai, P. (2008). Shared hash tables in par-

allel model checking. In Electronic Notes in Theoret-

ical Computer Science 198(1), proc. of the 6th Inter-

national Workshop on PDMC 2007.

Boukala, M. and Petrucci, L. (2011). Distributed veriﬁca-

tion of modular systems. In in Proc. of CompoNet and

SUMo.

Carneiro, E., Maciel, E., Callou, P., and Tavares, G. (2008).

Mapping sysml state machine diagram to time petri

net for analysis and veriﬁcation of embedded real-time

systems with energy constraints. In proc. ENICS08,

pages 1–6.

Friedenthal, S., Moore, A., and Steiner, R. (2008). Omg

systems modeling language (omg sysml) tutorial. In

INCOSE.

Kale, L. V. and Zheng, G. (2009). Charm++ and ampi:

Adaptive runtime strategies via migratable objects.

In In M. Parashar, editor, Advanced Computational

Infrastructures for Parallel and Distributed Applica-

tions, page 265282. Wiley-Interscience.

Kristensen, S. and Petrucci, L. (2004). An approach to dis-

tributed state space exploration for coloured petri nets.

In In Proc. 25th Int. Conf. Application and Theory of

Petri Nets (ICATPN2004), Bologna, Italy, pages 474–

483.

Latvala, T. and Makela, M. (2004). Ltl model checking for

modular petri nets. In In proc. of ICATPN’04, pages

298–311.

Linhares, M.-V., de Oliveira, R.-S., Farines, J.-M., and

Vernadat, F. (2007). Introducing the modeling and

veriﬁcation process in sysml. In proc. 12th IEEE

ETFA’2007, pages 344–351.

N. Yang, H. Yu, H. S. and Qian, Z. (2010). Mapping uml

activity diagrams to analyzable petri net models. In

Proc. of the 10th IEEE Int. Conf. on Quality Software,

pages 369–372.

OMG (2010). Omg systems modeling language (omg

sysml) version 1.2. In http://www.omg.org.

Staines, T. S. (2008). Intuitive mapping of uml 2 activity

diagrams into fundamental modeling concept petri net

diagrams and colored petri nets. In 15th Annual IEEE

Int. Conf. and Workshop on the Engineering of Com-

puter Based Systems, ECBS 2008, pages 191–200.

Valmari, A. (1994). Compositional analysis with place-

bordered subnets. In Proc. of the 15th Int. Conf. on

Application and Theory of Petri Nets, pages 531–547.

ModularandDistributedVerificationofSysMLActivityDiagrams

205