Model transformation System Design Model System V&V Model Applying design rules Refinement Architecture Design Model Back-annotation Use Architecture V&V Model Applying formal methods Applying design rules Refinement Component Design Model Use Component V&V Model Applying formal methods Applying design rules Code generation Test generation Applying formal methods Source Code and Configuration Test Cases

EAttribute name : EString [1..1] eattributetype EDataType name : EString [0..*] eattributes EClass name : EString [0..*] ereferences EReference name : EString containment : EBoolean = false [0..*] esupertypes [0..1] eopposite

Instance head symbol msc sample diagram Diagram name Instance name Instance axis Instance 1 Instance 2 msg1(x) Parametrized message Message Action Condition msg3 msg4 Coregion Instance end symbol

0 1 m1 A B x < 2 B m2 C B m3 A A y >= 4

Process Cold message Hot condition A B C Location Hot message m1 x < 2 m2 Prechart Simregion y >= 4 m3 Mainchart Cold condition Lifeline L I i I pos(i) = {0, 1,... pmax i } L L = { i, p i I p pos(i)} Σ m = ( i, p, σ, i, p ) L Σ L p i σ i p s (m M) (c C) s (M C) e (M C) : e s m, n M : (m s n s) m = n s, s : e (M C) : (e s e s ) s = s S 2 (M C)

l 1 l 2 l 1 l 2 s S, l, l L : (λ(l) = s) (λ(l ) = s) (l l ) (l l) λ L L c L, l, l L : (l c l l) l c ( i 1, 0, i 2, 0,..., i n, 0 ) i I I = n ( i 1, l 1, i 2, l 2,..., i j, l j + 1,..., i n, l n ) l 1 i 1 i j ( i 1, l 1, i 2, l 2,..., i k, l k + 1,..., i n, l n ) l 1 i 1 i k 2 3 m M : (i, m) i I m {( A, 0, B, 0, C, 0 ), ( A, 1, B, 0, C, 0 ), ( A, 1, B, 1, C, 0 )} {( A, 0, B, 0, C, 0 ), ( A, 1, B, 0, C, 0 ), ( A, 1, B, 1, C, 0 ), ( A, 1, B, 2, C, 0 ), ( A, 1, B, 2, C, 1 ), ( A, 1, B, 3, C, 1 ), ( A, 2, B, 3, C, 1 )}

A B C 0 1 m1 0 1 0 Location sequence number 2 m3 2 3 m2 1 (A, m1), (B, m2), (B, m3)

Synchronous message Asynchronous call Name of Interaction sd sample 1 a: A b: B c: C Lifeline Execution Specification m1 m2() Message Occurence- Specification General Ordering m3 m4 MessageEnd Lost message Found message

sd sample 2 Interaction- OperatorKind a: A b: B c: C Combined- Fragment Interaction- Operand alt [a.m < 10] [else] m1 m2 m3 ref usecsd {c.s > 3} InteractionUse StateInvariant Interaction- Constraint stopstate Gate

<<stereotype>> modal interactionmode : InteractionMode <<enumeration> InteractionMode hot cold <<modal>> InteractionFragment interactionmode : InteractionMode = cold

usd assertsample 1 a: A b: B c: C m1 m2 usd assertsample 2 a: A b: B c: C m1 m2 m3 assert m3 m4 m4 m5 m5 usd negatesample 1 a: A b: B m6 m7 usd negatesample 2 a: A b: B negate m6 m7 FALSE

usd considersample usd loopandalt a: A b: B m13 a: A b: B m8 alt m9 c: C consider m14 m15 m10 m16 loop 5 m11 m17 m12 b.x < 10 b.y!= 10 m16 b a m17 a b b.y = 10 m14 m15

InterfaceRealization realizationmode : RealizationMode = PROVIDED interface : Interface StatechartSpecification [0..*] imports NamedElement name : EString RealizationMode PROVIDED REQUIRED [1..1] interfacerealization [0..*] componentdeclarations Port [0..*] ports ComponentDeclaration [1..1] type [1..1] component ComponentDefinition StatechartDefinition [0..*] portbindings CompositeDefinition [0..*] components variabledeclarations [1..1] compositesystemport [0..*] channels PortBinding Channel ComponentInstance [1..1] instanceportreference BroadcastChannel SimpleChannel [1..*] requiredports [1..1] requiredport [1..1] providedport [1..1] port InstancePortReference [1..1] instance NamedElement name : EString EventDirection IN OUT INOUT Interface [0..*] events Event [1..1] event EventDeclaration direction : EventDirection = IN

RequiredCCW section1: SectionDeclaration section2: SectionDeclaration

Q, Σ, δ, q 0, F Q Σ ϵ Σ δ : Q Σ Q q Q Σ ϵ q 0 Q F Q Q, Σ, δ d, q 0, F Q Σ δ d Q Σ Q s i Q, e j Σ : s i, e j, s i+1 = 1 i [0, n 1] j [0, m 1] n = Q m = Σ ϵ q 0 Q F Q A 1 A 2 A 1 = Q 1, Σ, δ 1, q a1, F 1 A 2 = Q 2, Σ, δ 2, q a2, F 2 Q, Σ, δ, q 0, F Q = Q 1 Q 2 Σ δ : Q Σ Q p, q, e i, p, q δ p, e i, p δ 1 q, e i, q δ 2 p, q, p, q Q p, p Q 1 q, q Q 2 e i Σ q 0 Q q a1 q a2 F = F 1 F 2 A 1 A 2 L(A 1 A 2 ) = L(A 1 ) L(A 2 )

s 0, s 1,..., s n i : s i Q e 1, e 2,..., e n j : e j Σ {ϵ} s i Q, e j Σ s i s i+1 e j s i, e j, s i+1 δ i [0, n 1] j [0, m 1] n = Q m = Σ {ϵ} ϵ Σ s 0 = q 0 s n F M L(M) N D N e 1, e 2,..., e n D N e 1, e 2,..., e n D D N D N ϵ N D ϵclosure(s 0 ) D N N N D N ϵclosure(s 0 ) T T a U = ϵclosure(move(t, a)) U U [T, a] = U Q d D [T, a] δ d T a D move(t, a) T a N i, j : s i, e j+1, s i+1 δ d s i Q e j Σ i [0, n 1] j [0, m 1] n = Q m = Σ

ϵclosure(t ) T ϵclosure(t ) T ϵclosure(t ) T t u t u ϵ u ϵclosure(t ) u ϵclosure(t ) u D δ d s q 0 D Q Σ O( Q 2 ) Q Σ x s i Q s j Q s i s j x i, j : 1 i, j n, i j n = Q s i s j D M D T Q Q T [p, q] = 0 (p F q / F ) (p / F q F ) T T [p, q] a Σ p = δ(p, a) q = δ(q, a) p, q Q T [p, q ] T [p, q] = i T T [p, q] M M δ m D δ δ e Σ

a s 4 b b ϵ s 1 a s 0 s a 2 b a s 3 a s 3 b b a s 0 a s 1 b s 2 a a b a b s b 0 s 1 b δ e Σ s i s i+1 i : s i Q 1 i n n = Q s i+1 s i e δ Σ A 1 A 2 A 1 A 2 a b a s 0 a s 1 b A 1 a s 0 a s 1 b s 2 a b s 0 a s 1 b A 2 b b A 3

Monitor precharts of all universal charts no Does any of them match the trace? Execute maincharts of those universal charts System abort yes Is there a hot violation in any mainchart? Continue executing the active maincharts Quit that chart no no yes Is there a cold violation in any mainchart? no Is any mainchart finished?

Messages, conditions, assigments in charts Object properties External events Formalize universal charts Formalize external events Create transition relation to monitor the progress of active universal charts Run where no universal chart is eventually active no Is always at least one of the universal charts active? yes No superstep exists

} }{{}}{{}

on a specific channel on multiple channels RequiredCCW section1: SectionDeclaration section2: SectionDeclaration on a specific port

LT L CT L

a!a?a?a a?a?b!c?a?b!c?a?b!c?a?b!c?a?b!c?a?b!c?a?a?b!c?d!c?a!b?a?b!c!d?a?a?b?b!d

Interaction ModalityType InteractionDirection [1..*] interactions COLD HOT SEND RECEIVE InteractionFragment InteractionDefinition direction : InteractionDirection = SEND [1..*] fragments Chart [1..1] fragment CombinedFragment Signal interf : Interface event : Event [1..1] interaction ModalInteraction modality : ModalityType = COLD NamedElement Prechart Mainchart UnorderedCombinedFragment ParallelCombinedFragment AlternativeCombinedFragment name : EString [1..1] prechart PortReference ScenarioDefinition [1..1] mainchart port : Port component : ComponentInstance [1..1] port [1..*] scenarios ScenarioDeclaration statechart : StatechartSpecification

ϵ ϵ mi mi mi mi mi mi mi s ϵ ϵ

ϵ

ϵ ϵ Σ Σ\{receive P rotocol.reserve} maincharts1 send P rotocol.cannotgo

S 1 S 2 mainchart_end ɛ initial Σ\{receive Protocol.reserve} receive Protocol.reserve prechart_s1 ɛ send Protocol.cannotGo send Protocol.canGo ɛ mainchart_s1 mainchart_s4 send Protocol.reserve send Protocol.cannotGo mainchart_s2 mainchart_s5 send Protocol.canGo send Protocol.reserve mainchart_s3 mainchart_s6 S 1 mainchart_end ɛ initial Σ\{receive Protocol.reserve} receive Protocol.reserve prechart_s1 ɛ send Protocol.cannotGo send Protocol.canGo ɛ ɛ mainchart_s1 mainchart_s4 send Protocol.reserve send Protocol.canGo send Protocol.cannotGo mainchart_s2 mainchart_s7 mainchart_s5 send Protocol.canGo send Protocol.reserve send Protocol.reserve mainchart_s3 mainchart_s8 mainchart_s6 S 2

BFS traversal synchronous product transformation determinization Scenario 2 Scenario 1 Scenario Definitions Nondeterministic Finite Automata Deterministic Finite Automata Scenario 1 Scenario 2... Scenario n NFA 1 NFA 2... NFA n DFA 1 DFA 2... DFA n back-annotation minimization Traces Synchronous Product Automata Minimal DFA Trace 1 vs 2 Trace 1 vs 3... Trace n vs n-1 MFA 1 X MFA 2 MFA 1 X MFA 3... MFA n X MFA n-1 MFA 1 MFA 2... MFA n

ϵ k k (k 1) 2 =, ErroneousStates ErroneousStates MFA 1 MFA 2 Create synchronous product automaton SFA = MFA 1 X MFA 2 Find states in SFA which were created from accepting states of MFA 1 Calculate the intersection of the previous two result sets Find states in SFA which were created from MAINCHART_HOTVIOLATION state of MFA 2 create Find the shortest path from the inital state of SFA to one of the states in the ERRONEOUSSTATES set set of ERRONEOUS STATES

NamedElement name : EString [0..*] states State [1..1] source [1..1] target [0..*] incomings [0..*] outgoings AcceptingState InitialState [0..*] acceptingstates AutomatonDefinition [0..1] initialstate [0..*] transitions Transition [0..1] trigger InteractionDefinition direction : InteractionDirection = SEND EpsilonTransition

language.ui ui.contribution language.ide model.util language automaton.util.tests transformation automaton.util util automaton.model.validation automaton.model ui model

RequiredCCW section1: SectionDeclaration section2: SectionDeclaration

Scenario A Scenario B Scenario C Scenario D Scenario A Scenario B Scenario C Scenario D

Median runtime (s) Median runtime (s) 140 0.25 120 100 R² = 0.9998 Unfolded model w/o VIATRA 0.2 R² = 0.9999 Unfolded model w/o VIATRA 80 Simpler model w/o VIATRA 0.15 Simpler model w/o VIATRA 60 40 20 0 0 100 200 300 400 500 Number of modal interactions Unfolded model w/ VIATRA Simpler model w/ VIATRA Qubic (Simpler model w/o VIATRA) 0.1 0.05 0 0 100 200 300 400 500 Number of modal interactions altogether Unfolded model w/ VIATRA Simpler model w/ VIATRA Quadratic (Simpler model w/o VIATRA) µ

Direction Direction(d) d {send, receive} i Event Event(e, i) e i m s d k, e k : Direction(d k ) Event(e k, i) d k d e k e d e i s

d k, e k s ModalInteraction(m) Set(m) if ragment D state D state.name source target trigger D transition D

S D S initialstate D lateststate lateststate D P ort S Events Event signal mi lateststate D violationstate mi.modality mi

lateststate D violationstate mi lateststate D ucf lateststate D newstate pcf lateststate D newstate

lateststate D newstate newstates D in state ϵ ϵ

intermediatestates D