From Transpilers to​ Semantic Libraries

Transcript

1. From Transpilers to Semantic Libraries Ármin Zavada, Kristóf Marussy, Vince

   Molnár From Transpilers to Semantic Libraries Formal Verification With Pluggable Semantics Supported by the ÚNKP-23-2-III-BME-47 New National Excellence Program of the Ministry for Culture and Innovation from the source of the National Research, Development and Innovation Fund. Supported by IncQuery Labs https://dl.acm.org/doi/10.1145/3652620.3686251

2. From Transpilers to Semantic Libraries Context Ever-increasing complexity Multi-paradigm modeling

   Dynamic environment Critical functionality Complex Cyber-Physical & Embedded Systems Automotive, Aerospace, Medical, Railway, Robotics, Industry 4.0, Nuclear Energy… Model-based Systems Engineering 2

3. From Transpilers to Semantic Libraries Formal Verification Formal model Formal

   requirement Counter example Proof Model checker Does the system behave correctly? Systems engineer Requires formal knowledge 3

4. The Operation state is reachable (from the initial state) From

   Transpilers to Semantic Libraries Hidden Formal Verification Does the system behave correctly? Systems engineer Formal model Formal requirement Model checker Engineering requirement Engineering model A → B → C → D → ↯ (Counter)example Verification tool 4

5. The Operation state is reachable (form the initial state) From

   Transpilers to Semantic Libraries Hidden Formal Verification Does the system behave correctly? Systems engineer Formal model Formal requirement Model checker Engineering requirement Engineering model A → B → C → D → ↯ (Counter)example Verification tool 5 Automated

6. From Transpilers to Semantic Libraries 6 • Engineering models can

   be seen as knowledge-bases – Process and extract data for design decisions • Behavioral engineering languages are traditionally operational – Programming languages, UML, SysML v1 (except sequence diagrams) • New trend: Ontological behavior modeling – Behaviors classify executions in 4D space-time (3 spatial + 1 temporal) – Example: KerML and SysML v2 • Ontological behavior modeling vs. Formal verification – Unexplored challanges Can we still apply our existing tools? Ontological Engineering Languages

7. From Transpilers to Semantic Libraries CH1: Ontological Behavior Modeling B

   D C E A B D C E Execute when token is here Send token on all outgoing edges Wait for all incoming tokens A → B → C → D → E A → C → B → D → E Valid traces Succession-based Token-based A → D → C → B → E A → C → B → E → D Invalid traces … Succession relationship 11 Step classification A Operational Declarative SysML v1 SysML v2 Produces Constrains

8. From Transpilers to Semantic Libraries 12 CH1: Ontological Behavior Modeling

   Model Trace Operational Declarative ✓Semantics is an algorithm – Executes the input model ✓For each step determines the next step – Produces the execution trace Difficult to check conformance ✓Semantics is an axiomatic check ✓Determines whether a trace conforms to the model – Constrains the execution trace Difficult to execute model 𝜹, 𝜻, 𝜽 𝜶 = 𝜷 Model Trace ⊤ or ⊥ CH3: Equivalence?

9. From Transpilers to Semantic Libraries 13 CH1: Ontological Behavior Modeling

   Model Trace Operational Declarative ✓Semantics is an algorithm – Executes the input model ✓For each step determines the next step – Produces the execution trace Difficult to check conformance ✓Semantics is an axiomatic check ✓Determines whether a trace conforms to the model – Constrains the execution trace Difficult to execute model 𝜹, 𝜻, 𝜽 𝜶 = 𝜷 Model Trace ⊤ or ⊥ CH3: Equivalence? RQ1: How can we operationalize the (temporal) declarative semantics of an ontology-based language and keep the two semantics synchronized?

10. From Transpilers to Semantic Libraries 14 S1: Operational Semantic Library

    System Model Core Language Library 4D Instance Model conforms to instance of refines Core Operational Library conforms to Execution Trace Back-annotation Analysis Model Model unfolding Model checking E.g., KerML Core Layer Modeled in the knowledge-base

11. From Transpilers to Semantic Libraries 15 • Extend Ontologies with

    operational constructs as first-class citizens – Model the behavioral semantics in Operational Libraries • Model unfolding to an operational representation along the ontology • Benefits: – Semantics is modeled instead of hardcoded – Explicit operational semantics S1: Operational Semantic Library

12. From Transpilers to Semantic Libraries 16 CH2: Detailed Ontological Trace

    Model S1 S2 toggle / reset exit / x := x + 1 entry / x := x + 1 Action. S1.entry Action S1.exit StateAction S1 AcceptAction toggle Action reset StateTransitionAction Action S2.entry Action S2.exit StateAction S2 Occur. S1.entry Occur. S1.middle Assign. Action Occur. accept toggle Occur. reset Assign. Action Occur. S2.middle Occur. S2.exit State space explosion++

13. From Transpilers to Semantic Libraries 17 CH2: Detailed Ontological Trace

    Model S1 S2 toggle / reset exit / x := x + 1 entry / x := x + 1 Action. S1.entry Action S1.exit StateAction S1 AcceptAction toggle Action reset StateTransitionAction Action S2.entry Action S2.exit StateAction S2 Occur. S1.entry Occur. S1.middle Assign. Action Occur. accept toggle Occur. reset Assign. Action Occur. S2.middle Occur. S2.exit State space explosion++ RQ2: How can we optimize the operationalization based on the domain-specific information encoded in the high-level model?

14. From Transpilers to Semantic Libraries 18 S2: Domain-specific Operational Libraries

    System Model Core Language Library 4D Instance Model conforms to instance of refines Domain Language Library refines Core Operational Library conforms to Execution Trace Back-annotation Domain-specific Operational Library Optimised Analysis Model Analysis Model Execution Trace conforms to Model unfolding Model checking Model checking congruent E.g., SysML v2 Semantic refinement

15. From Transpilers to Semantic Libraries 19 • Refine the Core

    operational semantics – Domain-specific abstractions – Tool-specific assumptions – Generic symmetry reduction • Analysis models must encode congruent execution traces S2: Domain-specific Operational Libraries Core Operational Library • Steps • Successions Action Model Library • Expressions • Actions • Control/data flow State Model Library • Regions, States, … • Do-activities • Transitions • Events, triggers, …

16. From Transpilers to Semantic Libraries 20 • Two different semantics

    = Trouble ☺ – Prove equivalence? → Might be too hard – Prove inclusion? → At least • Operational semantics must conform to the ontological one – Inclusion: Do not produce invalid traces – Equivalence: Also produce all valid traces • Even in the presence of semantic abstractions – Congruence: trace equivalence modulo projection CH3: Semantic Conformance RQ3: How can we prove the conformance of the declarative and operationalized semantics?

17. From Transpilers to Semantic Libraries 21 S3: Semantic Conformance Validation

    System Model Core Language Library 4D Instance Model conforms to instance of refines Domain Language Library refines Core Operational Library conforms to Execution Trace Back-annotation Domain-specific Operational Library Optimised Analysis Model Analysis Model Execution Trace congruent conforms to Model unfolding Model checking Axiomatic conformance validation (for inclusion) Doerr et al., Verifying Executability of SysML Behavior Models Using Alloy Analyzer Trace Checker

18. From Transpilers to Semantic Libraries • We implemented the approach

    via a new Ontological- Operational Modeling Language: OXSTS • Inspired by KerML – Extended with Operational elements – Ontological: types, composition, references, polymorphism, graph-pattern support – Operational: variables, explicit steps, operational semantics • Elements of this approach have been proposed to the SysML v2 Semantics Working Group to enhance KerML Proof of Feasibility – Implementation 24

19. From Transpilers to Semantic Libraries 25 Proof of Feasibility –

    Implementation Semantifyr OXSTS Szemantikai könyvtár Szemantikai könyvtár Szemantikai könyvtár Operational library OXSTS mapping Operational Model Model Processing Choosing the appropriate library Simple mapping along the Ontology A képen Betűtípus, embléma, Grafika, szimbólum látható Automatikusan generált leírás Engineering model Model unfolding along the Ontology Model Checking Code Generation Model Simulation

20. From Transpilers to Semantic Libraries Spacecraft Station Communication 26 Proof

    of Feasibility – Validation • We demonstrated the approach and its implementation on a case study model • OpenMBEE – Space Mission model – SysML v1 – State Machines – Activity Diagrams • OXSTS representation: – State Machine Operational Library – Space Mission OXSTS model • 40 semantic formal verification cases to validate the approach

21. From Transpilers to Semantic Libraries 27 • Concretized open challenges

    in the context of Ontological Behavioral Models – Operationalization, Detailed execution traces, Conformance • Proposed an approach addressing these challenges – Model operationalized semantics directly in the knowledge-base – Allows the definition and refinement of the semantics as a model • Demonstrated feasibility through a prototype implementation • Future work: – Model the semantics of SysML v2 behavior models Summary and Conclusion

22. Domain Language Library Domain Language Library Domain-specific Operational Library Domain-specific

    Operational Library From Transpilers to Semantic Libraries 28 Vision Overview System Model Core Language Library 4D Instance Model conforms to instance of refines Domain Language Library refines Core Operational Library conforms to Execution Trace Back-annotation Domain-specific Operational Library Optimised Analysis Model Analysis Model Execution Trace congruent conforms to Model unfolding Model checking E.g., SysML v2 E.g., KerML Modeling and refinement of Operational Semantics Axiomatic conformance validation (for inclusion) Trace Checker