Advances in Applications of Object Constraint Language for Software Engineering
Atif A. Jilani; Muhammad Z. Iqbal; Muhammad U. Khan; Muhammad Usman Quest Laboratory, FAST-National University of Computer & Emerging Sciences, Islamabad, Pakistan
Abstract
Object Constraint Language (OCL) is a standard language defined by Object Management Group for specifying constraints on models. Since its introduction as part of Unified Modeling Language, OCL has received significant attention by researchers with works in the literature ranging from temporal extensions of OCL to automated test generation by solving OCL constraints. In this chapter, we provide a survey of the various works discussed in literature related to OCL with the aim of highlighting the advances made in the field. We classify the literature into five broad categories and provide summaries for various works in the literature. The chapter also provides insights and highlights the potentials areas of further research in the field.
Keywords
Object Constraint Language; Model-driven engineering; Secondary study; Software engineering
1 Introduction
Model-driven engineering (MDE) over the last decade has emerged as a successful and a widely used approach for developing software systems where models act as the key development artifact [1]. Modeling languages ranging from the standardized Unified Modeling Language (UML) [2] to domain-specific languages (DSLs) and profiles, such as the SysML [3], are being used under the MDE umbrella. MDE has been successfully applied in a number of domains, including information systems [4], embedded systems [5,6], product-line engineering [7,8], mobile application development [9], communications [10], and games [11]. Modeling languages allow modeling of different aspects of systems, including the structural and behavioral aspects, using well-defined modeling constructs. With the use of models, the design of systems can be visualized early on in the development, errors can be minimized, early testing can be initiated, and maintenance is made easier [12,13].
A major challenge in MDE is the specification of constraints in a manner that is precise and readable from a pragmatic perspective. Object Constraint Language (OCL) [14] is a constraint specification language introduced to support writing constraints on models. OCL was initially developed by IBM [15] primarily for business modeling, however, now it is being widely used to specify constraints on models. OCL was introduced as a part of Object Management Group's (OMG) UML standard as the recommended language for specifying constraints on UML models. Currently, it is released and managed by OMG as a separate standard for specifying constraints on models and meta-models. OCL has a syntax that is relatively closer to programming languages and is therefore easier for software engineers to apply as compared to the traditional formal specification languages.
OCL has been utilized by researchers to solve a number of industrial and scientific problems, such as test data generation [16–18], model verification and validation [19–24], and constraint solving [17,25]. Extensions to OCL have also been proposed to allow writing domain-specific constraints, e.g., temporal logic extensions for time-critical systems [26,27], and extensions to specify topological constraints on spatial objects [28].
OCL has also been successfully used in industry as a part of UML standard for specifying constraints on models [29] and is supported by both open-source and proprietary tools, such as Dresden [30], Eclipse OCL [31], and IBM Rational Software Architect [32]. These tools allow a number of features for modeling OCL constraints, such as (i) syntax checking, (ii) semantic checking (i.e., type and consistency checking) [33], (iii) dynamic modeling [34,35], and (iv) test automation [36]. OCL is also integrated in most of the modeling tools to facilitate in writing specifications and validation during UML modeling [32,37,38].
In this chapter, we report the various works on OCL in the literature, its applications in industry and scientific settings, works on empirical evaluations of OCL, and various tools that support OCL. Keeping in view the broad usage of OCL in different domains, we classify the literature on OCL in various categories: verification and validation, experiences and empirical evaluations, OCL tools, extensions to OCL, and other works category covering diverse works that do not naturally fit in previous categories. The purpose of this chapter is to provide a comprehensive, though not exhaustive, survey of current state of the art research and advances in OCL. We highlight the areas and domains where OCL has been successfully applied and identify potential direction of future research in the field.
The chapter is divided as follows: Section 2 presents background information for researchers newly introduced to OCL and presents the language constructs with an example demonstrating constraint writing in OCL. Section 3 covers classification of works on OCL and its subsections present the survey of existing literature on OCL. Section 4 presents some insights based on authors’ experiences and from the conducted survey. Finally, Section 5 concludes the chapter and provides future directions.
2 Background
This section covers the background of the OCL and briefly describes the various OCL constructs.
OCL is a standard language defined by OMG for specifying constraints on models. OCL can be used to write constraints at various modeling levels defined in OMG's Meta-Object Facility (MOF), including the meta-model level and model level. At meta-model level, OCL is used to define constraints on elements of the language, for example, OCL is used in the OMG's document defining UML to define the constraints on various elements. At this level, OCL is important for specifying the rules of language, either for a language which is defined using a new meta-model and for a profile defined using a lightweight extension. At the model level, OCL is largely used as an integral part of modeling languages, including UML, to specify constraints on the various modeling elements.
OCL is a strongly typed and side effect-free specification language in which expressions are written in a declarative form [14]. In OCL, constraints are represented as expressions [39] that restrict the various modeling elements. Each OCL expression indicates a value or object within the model that conforms to a type, e.g., “5 + 7” is a valid OCL expression of type Integer, which represents the integer value “12.” The primitive types supported in OCL are Boolean, Integer, Real, String, and Unlimited Natural [14]. Table 1 shows the OCL types and the various OCL operations that can manipulate them. For example, the Boolean OCL type supports logical operators, i.e., and, xor, and not. There are some generic type operations that are also supported by OCL for all types, such as OclInvalid and OclVoid. For example, when an OCL expression is evaluated to “undefined” then it returns OclVoid type. All types in OCL are subtypes of class OCLAny.
Table 1
OCL Type | Supported Operations |
---|---|
Boolean | Equal (=), Not-Equal (<>), OR (or), AND (and), Exclusive-OR (xor), NOT (not), IMPLIES (implies), and If-then-else |
Integer and Real | Equal (=), Not-Equal (<>), Less (<), Greater (>), Less-or-Equal (≤),Greater-or-Equal (≥), Add (+), Subtract (−), Multiply (*), and divide (/) |
String | Equal (=), Not-Equal (<>), concat(), size(), toLower(), toUpper(), and substring(start, end) |
Collections (Bag, Set, Sequence, and OrderedSet) | Equal (=), Not-Equal (<>), size(), count(), excludes(variable), excludesAll(collection), includes(variable), includesAll(collection), isEmpty(), notEmpty(), sum(), first(), last(), at(index), and flatten() |
OCL expression comprises of four parts: (i) a context that defines the situation in which the statement is valid (syntactic description for a context is presented in Table 2), (ii) a property that represents characteristics of the context (e.g., if the context is a class then a property can be an attribute), (iii) an operation (e.g., arithmetic, set-oriented) that manipulates or qualifies a property, and (iv) keywords (e.g., if, then, else, and, or, not, implies) that are used to specify conditional expressions. For example, the OCL expression in Listing 1 shows an invariant on the Business class (shown in Fig. 1). As per the definition of the OCL expression in Listing 1, the context is Business, there are two properties of Business class that are used as: amount and isActive, the operations are: greater-than (>) and equal (=), and the keyword is implies.
Table 2
OCL expressions are categorized as, invariant, precondition, postcondition, and guard. In the following, we discuss each of them in detail.
Invariant. An invariant is a Boolean constraint that should hold true throughout the lifetime of all instances of the invariant's context class. Table 2 presents the syntax for the invariant definition in OCL.
Precondition. A precondition is defined on operations as a constraint that must hold true before the execution of an operation. The precondition syntax for definition is shown in Table 2.
Postcondition. A postcondition is a constraint that must hold true after the execution of an operation. Table 2 demonstrates the definition syntax for postcondition.
Guard. It is a kind of an invariant that is applicable on the transition from one state to another in a state machine.
OCL constraints are also inherited between modeling elements, however, depending on the kind of constraints it can either be further strengthened or weakened. For example, an invariant for a super class is also applicable to a subclass. A subclass may strengthen the invariant but it cannot make it weaker. A precondition may be weakened but not be strengthened in the redefinition of the operation in the subclass. A postcondition can be strengthened but cannot be weakened in the redefinition of the operation in the subclass. Relationship attributes are used to navigate from one object to another in the relationship based on its navigability. The dot (.) operator is used for this purpose. For example, consider a class diagram of a banking system shown in Fig. 1, to validate whether the associated Account with the Customer is active or not, Table 3 shows the “Navigation” example. Collections are also used for referencing more than one object in the relationships as shown in “Reference in Collection” example in Table 3. OCL also offers the iteration operations (such as any(expr), collect(expr), exists(expr), forAll(expr), isUnique(expr), and select(expr)) to facilitate iteration on a list of object, e.g., shown in “Iterator in Collection” example in Table 3. OCL allows initialization of the object value, as shown in “Initialization Value” example in Table 3. OCL also supports query operations on model that do not change the state of the system, e.g., as shown in the example of “Query Language” in Table 3.
Table 3
OCL expressions can be used in many ways as part of models (as shown in Table 3): (i) to specify the initial value of an attribute, (ii) to specify the body of an operation, (iii) to indicate an instance, (iv) to indicate a condition, and (v) to indicate actual parameter values. Fig. 1 presents the UML class diagram of a banking system as an example to demonstrate the use of OCL expressions. The diagram represents various classes (such as Bank, Branch, Account, Employee, and Customer) and their relationships. The definition of banking system is incomplete without the specification of the business rules, for example, (i) amount cannot be credited in an account if it is inactive and (ii) the amount should be greater than zero to execute the deposit and withdraw methods to ensure safe and consistent operation of the system. The OCL expression in Listing 1 shows an invariant on the Account class (shown in Fig. 1) for the business rule, i.e., if the amount in the account is greater than zero than it the account is active. As per the definition of the OCL expression in Listing 1, the context is Business class, there are two properties of Account class used as: amount and isActive, the operations are: greater-than (>) and equal (=), and the keyword is implies.
OCL can be used for writing query operations, specifying operation contracts, and as a model manipulations/query language as shown in “Query language” example in Table 3. In query operations as the name indicates, OCL expression is used to query the models and returns the results. Queries are side effect-free operations that do not change the state of the system. Operation contracts use OCL expression to specify the effects of an operation. In literature, operation effects are specified by following imperative or declarative approaches [40]. In imperative approach, the designer explicitly defines the set of structural events, for example, insert, update, or delete, that need to be applied during the execution of an operation. However, in declarative approach as is the case of OCL, a contract comprises a set of pre- and postconditions. A precondition describes a set of conditions on operation input and the system state that must hold when an operation is invoked, whereas a postcondition describes a set of conditions that must be satisfied by the system state at the end of operation. Among many other applications, OCL is also used in model transformations, where it is used to manipulate models and as a query/transformation language. In writing transformation, OCL expressions are used as a part of source and target patterns in transformation rules, such as in Atlas Transformation language (ATL) [41] and MofScript [42].
3 Survey on Advances in OCL
This section discusses the works in literature on OCL. Keeping in view the diverse nature of works on OCL, we provide a high-level classification of works on OCL. Our classification places the literature in five broad categories: (i) Verification and Validation using OCL that includes test data generation and model verification and validation; (ii) Experiences and Empirical Reports on OCL that discuss the empirical evaluations aim to provide evidence on applicability and effectiveness of OCL usage in experimental and real settings; (iii) OCL Tools containing the works related to various OCL Tools; (iv) OCL Extensions that include the works that are focusing on extending OCL with new language constructs; and (v) Other works that do not fit in the above categories and apply OCL in diverse areas. Following we discuss the classification and the various papers covering the advances in OCL.
3.1 Verification and Validation Using OCL
A major area of research related to OCL has been verification and validation of systems and models using OCL. Given the nature of works, we have further classified the works on verification and validation in two broad categories: works dealing with test generation and works dealing with model verification and validation. Following we discuss the various works in these categories.
3.1.1 Test Generation From OCL Constraints
As the constraint specification language on models, OCL is widely used for test data generation during model-based testing (MBT). In MBT, the constraints on the models (for example, guards on the state machines, invariants) need to be resolved in order to generate test cases from models. As an example, consider the simple state machine shown in Fig. 2 containing two states. During testing, a test case triggers the call event operation: markAccountDormat with the goal of transitioning from the Active state to Dormant state. For the transition to successfully complete, the guard on the transition written as an OCL constraint: amount < minBalance and isActive = false has to be satisfied. The test case to be executed should contain the data that satisfies the target guard condition. Similarly other OCL constraints written as pre- and postconditions of operations, class invariants, and guards in states also need to be satisfied during testing.
A number of works have specifically targeted test data generation from OCL constraints that can be used during MBT. Following we discuss these techniques.
One of the earlier works in this area is by Benattou et al. [18] which discusses an approach of test data generation from OCL specifications that is inspired from existing works in the area for test generation from VDM formal specification. The approach uses partition analysis of OCL expressions written as invariants and pre- and postconditions. The expressions are converted into disjunctive normal form to identify disjoint partitions for test generation. The work is one of the initial works to deal with test generation from static structure models and OCL.
Salas et al. [43,44] present a fault-based test case generation approach for OCL pre- and postconditions. The OCL expressions are mutated with faults and test cases are generated using partition analysis and constraint solving to kill these mutants. To automate the process, a prototype test case generator tool is developed that supports OCL.
Li et al. [45] present a test case generation approach from UML sequence diagrams and OCL expressions. The input sequence diagram is converted into a tree, which is used to extract the various condition predicates. The approach generates test data from the condition predicates by applying function minimization technique. The generated test cases successfully achieves message path and constraint attribute coverage of all the objects related to a message in the sequence diagram. The effectiveness of the approach is evaluated on an order ticketing system case study.
Bouquet et al. [36] present a functional testing approach that generate and manage test generated from UML/OCL models. The approach describes a MBT process from the functional requirements till the generation and execution of test case. Currently, three models including class diagram, object diagram, and state machine diagram are used for test generation. The approach describes modeling and automated test generation of a particular functionality of the StarUML project management framework.
Wießleder et al. [46,47] present an automatic test case generation approach for UML state machine, UML class diagram, and OCL expressions to satisfy boundary-based coverage criteria. OCL expressions on operations as pre- and postconditions and guard conditions of state machines are correlated to generate input partitions. From the input partitions, test suites are generated to satisfy boundary coverage criteria. To achieve boundary coverage, multiple coverage criterion including MC/DC is used. The authors use mutation testing to evaluate the effectiveness of the approach for the above coverage criteria and use part of a model of an elevator control example for explanation.
Noikajana et al. [48] present an approach for generating test cases for web services. The contracts are written in web service semantic language (WSDL-S) which is an extension of the web service description language, and OCL is used for describing services rules. From service rules specified in web service descriptions, pre- and postconditions of the various operations are extracted. A pairwise testing technique is used to generate test cases utilizing specific expressions of pre- and postcondition. To evaluate the effectiveness of the approach mutation testing is used on two web service examples. The generated test cases achieve desired coverage and kill all introduced mutants.
Brucker et al. [49] present an extension for specification-based testing. UML and OCL are used to represent specifications formally. In specifications, object graphs are described as states and state transitions are described using class model and state charts. The work uses deductive theorem prover for generating test cases from specifications written in OCL. The approach widely supports OCL language features, including recursive query operations. Equivalence relations are used for representing object identity instead of object graphs. The technique complies with HOL test generation system. The approach is demonstrated on various Linked list examples.
Cheon et al. [50] present an automated testing approach for Java programs that use OCL constraints as test oracles. The approach uses random algorithms for test generation. The work uses OCL constraints as test oracles by translating OCL into run-time checks using AspectJ.
Ascari et al. [51] present a mutation-based testing approach for class testing using OCL specifications and aspect-oriented programming. The paper focuses on specification faults by allowing validation of the implemented code according to the specifications. The approach is illustrated on a case study. A controlled experiment is also conducted to ensure the applicability of the proposed approach.
Jalila et al. [52,53] present an automated fault-based system specification testing framework. The specification is written in OCL. Based on OCL predicate-based fault classes, possible faults in the specification are anticipated and mutated in system under test. For the generation of test cases genetic algorithms with simulated annealing technique are used. To evaluate the generated data, a fitness function based on OCL predicate is defined. The branch coverage adequacy criterion is used for test generation. The experimental results indicate that the proposed methodology provides more coverage with minimum number of generated tests.
Ali et al. [16,54,55] present a search-based test data generation approach by solving OCL constraints. Authors formulate the test data generation approach as a search problem and uses various search heuristics to guide the search to solve OCL constraints. Solving of OCL constraints using search heuristics not only supports OCL collections, but also generates test data efficiently. To evaluate the search heuristics, multiple experiments on artificial and industrial case studies have been conducted for three search algorithms: Genetic Algorithms (GA), Evolutionary Algorithms (1 + 1(EA)), and Alternating variable algorithms (AVM). The empirical evaluations suggest that approach is significantly better than the existing OCL solvers. The approach is automated and fully supported by a tool.
Ali et al. [56] present a test data generation approach by generating boundary values from OCL constraints. The authors extended their previous works [16,54,55] by generating test data at the boundaries of each of the variable in a constraint. The authors discuss various cases involving different types of variable where authors rewrite the constraints for the generation of boundary values. For automated generation of boundary values ESOCL tool is created. Empirical evaluations on industrial case studies are conducted, which show that among the three search algorithms (AVM, (1 + 1) EA, and GA) the performance of AVM in terms of success rate is significantly higher than the other two in finding all the boundary values of constraints in fewer generations.
Chunhui et al. [57] present a use case modeling approach for system tests generation (UMTG) that automatically generates executable system test cases from use case specifications and a domain model. Authors combine natural language processing (NLP) with constraints for automated identification of test scenarios and test inputs. To extract behavioral information from use case specifications by means of NLP, their approach relies on use case specifications expressed in a restricted format. OCL is used to refine guard, pre-, and postconditions which are automatically identified by NLP. An algorithm is designed that builds path conditions that capture the constraints under which alternative flows are executed. The algorithm automatically identifies test inputs by solving such path conditions with the aid of an OCL constraint solver. The approach is demonstrated on industrial case study which shows that UMTG works well with use case specifications for an automotive sensor system.
As presented in Table 4, OCL constraints on the models need to be satisfied during MBT. The approaches in literature vary from converting OCL into some sort of formalism (e.g., VDM) and then applying the existing set of tools for data generation to more sophisticated strategies specifically targeting OCL constructs. A major challenge when converting OCL to the formal approach is state explosion problem, especially when dealing with collections (e.g., OCL Bag). On the other hand, the latter approaches, including search-based test data generation approaches that solve OCL constraints, show very promising results [16,25,52,54,56,58].
Table 4
Paper | Domain | Strategy Used | OCL Coverage | OCL Transformation/Conversion | Case Study Type Description |
---|---|---|---|---|---|
Benattou et al. [18] | Test data generation | Partition analysis | Invariants, pre- and postconditions | VDM–DNF | Process scheduler |
Salas et al.[43,44] | Test case generation | Partition analysis and constraint solving | Pre- and postconditions | CSP | Triangle example and grant object privilege |
Li et al.[45] | Test case generation | Tree function minimization technique | Pre- and postconditions | — | Order ticketing system |
Bouquet et al. [36] | Functional testing | Model-based testing | OCL expressions | — | Project management framework |
Wießleder et al. [46,47] | Boundary coverage | Mutation testing | Invariants, pre- and postconditions | — | Elevator control |
Noikajana et al. [48] | Test case generation | Pairwise testing | OCL expression | — | Rectangle type and increase date services |
Brucker et al. [49] | Specification testing | Graph traversing | OCL expression | HOL | Linked list |
Cheon et al. [50] | Java program testing | Assertions-random testing | Pre- and postconditions | Aspect J | Loyalty program |
Ascari et al. [51] | Unit testing | Mutation-based testing | OCL expression | XMI | Collections |
Jalila et al. [52,53] | Specification testing | Search-based testing | OCL expression | Boolean expressions | Patient monitoring and blood bank management system |
Ali et al. [16,54,55] | Test data generation | Search-based software testing | OCL expression | — | Video conferencing system |
Ali et al. [56] | Boundary values generation | Search-based software testing | OCL expression | Rewriting of constraints | Video conferencing system |
Chunhui et al. [57] | Use case modeling for test generation | Natural language processing | OCL expression | Guards, pre- and postconditions | Automotive sensor system |
3.1.2 Model Verification and Validation
This section summarizes the existing literature on OCL-based verification and validation approaches for UML models. The use of OCL in model verification and validation ensures consistency between various UML models and their specification as per the requirements. Following, we present the OCL-based model validation and verification techniques.
Chiorean et al. [59] show the use of OCL in checking UML model consistency. The paper discusses a tool Object Constraint Language Environment (OCLE) that allows specification of OCL constraints, both at model and meta-model level. The OCLE tool uses the rules specified on the models to check for inconsistencies. The work is demonstrated on two examples, where the OCLE is used to specify rules related to UML. The models for the examples are then validated using OCLE. The work is an earlier work in the area and demonstrates the usefulness of OCL in identifying inconsistencies during modeling.
Richter et al. [60,61] present UML-based Specification Environment (USE) tool to validate models and OCL constraints. The authors formally define UML class diagram and provide precise definition of OCL language such that ambiguous interpretation for both the OCL and UML class diagram are avoided. On the basis of formal specifications, the tool was developed that support analysis, simulation, transformation, and validation of UML models with OCL constraints. The developed tool was used to validate well-formedness rules in UML class diagram.
Ziemann et al. [62] discuss an application of USE tool to validate OCL specification of industrial case study of advanced automatic train control system of Bay Area Rapid Transit (BART) system. The specifications of BART are validated by specifying using OCL constraints. The OCL specification expresses train speed, acceleration, and updated positions. The OCL specifications are validated with several test scenarios using USE tool by generating object diagram for a command file comprising of object creation and link creation instructions. The generated object diagram shows violation along with some inconsistencies for a particular constraint specified in OCL.
Richter et al. [63] present an aspect-oriented approach that helps in validating and testing of software program against the constraints specified on UML models. The focus of the approach is on defining monitors that observe the behavior of program and maps it to the model. For defining monitors aspect orientation is used that instruments the program without making any change in the application code. The monitoring approach provides mapping that ensures clear separation of abstraction level between the program behavior and the model behavior. The approach is applied on multiple examples.
Gogolla et al. [64–66] propose an automated snapshot generation-based validation approach for UML and OCL models. A snapshot represents system states that consist of objects having attributes’, values, and links. A language ASSL (A Snapshot Sequence Language) is also proposed for constructing snapshots. The USE tool is extended to support ASSL and automated generation of consistent snapshots. The approach is also applied on multiple case studies and is successfully able to generate various snapshots.
Sohr et al. [67] proposed an approach to specify and validate authorization constraints. Authorization constraints are used to express high-level security policies for an organization. The paper focuses on nontemporal and history-based authorization constraints which are specified using OCL. The paper addresses the challenges for identification of conflicting and missing constraints. The paper also demonstrates how role-based access control (RBAC) constraints are validated using the USE tool.
Gogolla et al. [68] describe how USE tool can be utilized for ensuring consistency, independence, and checking of UML and OCL models using test scenarios. A test scenario used in the approach is a test case comprising of UML object or sequence diagram. To achieve consistency, a positive test case is created such that all invariants on model must hold. To achieve independence, a test case keeps UML models small such that no single invariant can be concluded from other stated invariants. For drawing conclusions (consequence) only basic properties are formulated as invariants. OCL plays key role in the approach since it is used for formulating constraints, reducing the test search space, and formulating search space properties.
Kuhlmann et al. [69–71] present a lightweight validation approach that uses model instances and relational logic for performing model validation. The existence or nonexistence of certain properties in model instances is used to draw conclusion about various model properties. The approach translates UML and OCL model to a relational logic and the USE tool is used for SAT solving. The approach uses bidirectional transformation in which UML class diagram and OCL concepts are transformed to and from relational logic. A uniform representation for OCL collection and string operations is also provided that helps in automated model validation [70]. Various OCL collections kinds such as set, bag, ordered set, sequence, and string-based operations are successfully represented in relational form to be used for the purpose of validation. The approach is implemented and applied on several examples.
Gogolla et al. [72] present an approach that performs automatic checking of features in UML and OCL model. The approach relies on USE tool and targets invariant independence. The approach is applied on a model transformation case study. The model transformation used as an example is a transformation from an entity relationship (ER) to relational database schema. The approach uses UML and OCL models for describing system structures. The approach is able to provide proof for the properties like model constraint independence and checking of redundancy absence in invariant sets.
Clavel et al. [73] present a rewriting-based automated UML class diagram validation tool. The tool validates the UML class diagram with respect to OCL constraints. The tool implementation is based on the equational specification of UML and OCL models which are written in Maude. Maude is a reflective programming language that implements membership equational logic and rewriting logic.
Chae et al. [74] propose an OCL-based approach for validating constraints written on class diagrams. The approach detect potential problem by performing analysis on constraint specified at class diagram. The approach is applied on four case studies related to information systems. The classes used in the case studies are classified as boundary classes, entity classes, and control classes to show the diversity. The approach is integrated in a UML modeling tool that generates warning at design time whenever a change made in analysis class.
Rull et al. [75] present a tool called AuRUS that analyze UML/OCL conceptual schemas to ensure their correctness. The tool instantiates a sample conceptual schema representing a particular situation and ensures that the required property in a schema does hold. The tool also provides explanation for unsatisfiability when a property is contradicting.
Czarnecki et al. [76] present an automated model verification technique for product lines. The technique uses feature-based model templates against the well formedness of OCL constraints. The methodology aims to ensure that no nonconforming template instance will be generated from a correct configuration. The OCL constraints are mapped to propositional formulas, which are solved by using SAT solver. The approach is implemented as a plug in to IBM Rational Software Modeler. The methodology ensures that no nonconforming template instance is generated from a correct configuration. OCL constraints are mapped to propositional formulas, which are solved by using SAT solver.
Cabot et al. [23,24,77] present an automated constraint programming methodology to verify UML models extended with OCL and operation contracts. Both the dynamic and static aspect of the system were successfully translated into constraint satisfaction problem (CSP) using UML to CSP tool and formally verified. Their methodology transforms a UML class diagram annotated with OCL constraints into a CSP. The resulting CSP is able to be verified against the original UML/OCL properties.
Demuth et al. [30] present use of Dresden OCL toolkit for model verification. Dresden toolkit is typically extended by the developer and designers to provide OCL support. The applications show how precise semantics are specified on both the model and the meta-models using OCL for verification. Authors have classified and discussed several OCL use cases supported by Dresden including model verification, testing design by contract, model transformation, code generation, etc.
Soeken et al. [78] present a Boolean satisfiability-based approach for verifying UML/OCL models. Authors describe how various states of UML model along with OCL constraint and respective verification task are encoded as SAT instance and automatically solved using off the shelf SAT solver. Furthermore, the authors perform an experiment to evaluate SAT-based UML/OCL model verification. The results show that SAT-based verification is faster when compared with other approaches.
Shaikh et al. [22] present a slicing technique that partitions the model into slices and verifies each slice independently. During slicing the property under verification is preserved. However, the approach is applicable only on class diagram which is annotated with unrestricted OCL constraints and other specific properties required to be verified.
Hilken et al. [20] present the idea of a base model that can be used in automatic verification. The base model represents core elements that can be used to express the important aspects of the system. Authors use transformations for expressing complex language constructs into relatively smaller one. This transformation enables the base model to be used with various verification engines.
Hilken et al. [21] present a comparison of two verification approaches for UML and OCL behavioral model and highlight their advantages and disadvantages. The approaches used for the comparison are filmstrip and unrolling. In filmstrip, UML/OCL descriptions which represent all the behavioral model elements are represented as static description and afterward are checked for interesting properties. In unrolling the dynamic behavior of the UML model is represented as skeleton and verification tasks are directly applied using Satisfiability Modulo Theory (SMT) and solving engines.
Przigoda et al. [79] present a methodology that translates UML behavioral and structural models enriched with OCL constraints into symbolic formulation. The authors also discuss how the symbolic formulation helps to perform various verification tasks such as consistency, reachability, etc. The authors proposed approach is almost fully automatable with limited human intervention. The presented framework used SMT solver to solve the symbolic formulation efficiently.
Anwar et al. [19] present a model verification technique for embedded systems. The authors use model-based software engineering and system verilog assertions (SVA) to handle the design verification aspect of embedded system. They have proposed an extension for system verilog as system verilog OCL (SVOCL) to represent the design verification requirements by means of SVA’s. Transformation engine is also developed to ensure automation. The approach is evaluated on multiple case studies.
Fu et al. [80] present an approach that translates OCL invariants into web ontology language (OWL) axioms for inconsistency checking. The approach is evaluated using the TUCO prototype tool. The approach translates wide range of OCL expression into OWL axioms. The authors present the semantics and other preliminaries of OCL for proving correctness of the translation. To prove the correctness, induction on OCL structure is used. The TUCO tool successfully translates the OCL constraints and performed consistency checking on example study.
As presented in Table 5, OCL is extensively used for the verification and validation of systems and models. The USE tool [60] is widely used by researchers [61–66] for validating UML models. There are also numerous applications of model verification such as verifying configurations of the feature model with OCL constraints in product lines [76], design verification of embedded systems using SVA [19], transformation of OCL constraints to CSP [77], slicing of UML models for verification using OCL constraints [22], and translation of UML models into symbolic formulation using SMT solvers [79]. An important benefit of using OCL for verification and validation is tool support for automation. Most of the approaches related to model validation and verification convert OCL to some sort of formalism and a number of these only support a limited subset of OCL.
Table 5
Paper | Domain | Strategy Used | OCL Transformation/Conversion | Case Study Type Description | Tool Used |
---|---|---|---|---|---|
Chiorean et al. [18,59] | Model checking | Specification-based inconsistencies | — | Order system model, crash course model | OCLE |
Richter et al. [60,61] | Model validation | Validation of well-formedness rule | — | Company model | USE |
Ziemann et al. [62] | Constraints validation | Specification validation | — | Automated train control system | USE |
Richter et al. [63] | Model validation | Aspect-oriented approach | — | Java application | — |
Gogolla et al. [64–66] | Model validation | Snapshot generation | ASSL | Boss worker person | USE |
Sohr et al. [67] | Constraints validation | Authorization constraints | — | Separation of duty, prerequisite role | USE |
Gogolla et al. [68] | Model checking | Test scenarios | — | Model of train and wagon | USE |
Kuhlmann et al. [69–71] | Model validation | Model instances and relational logic | Relational logic | UML class to relational model | SAT solver |
Gogolla et al. [72] | Model checking | Invariants independence | — | ER to relational database schemata | — |
Clavel et al. [73] | Model validation | Equational specification | Maude | Train wagon | — |
Chae et al. [74] | Constraint validation | Structural constraint analysis | — | Analysis class model | OCLE |
Rull et al. [75] | Model analysis | Conceptual schemas | — | Hiking events model | AuRUS |
Czarnecki et al. [76] | Model verification | Feature-based models | Prepositional formulas | e-Commerce business model | SAT solver |
Cabot et al. [23,24,77] | Model verification | Constraint programming | CSP | Paper researcher class model | UML to CSP |
Demuth et al. [30] | Model verification | Dresden OCL toolkit | — | Plugin modeling language | Dresden OCL 2 |
Soeken et al. [78] | Model verification | Boolean satisfiability | Alloy | Person and company model | MFERT |
Shaikh et al. [22] | Model verification | Partition analysis | — | Coach model | — |
Hiken et al. [20] | Model verification | Base model | Constraint rewriting | Toll collect system | — |
Hiken et al. [21] | Model verification | Filmstrip and unrolling | Symbolic formulation | Dinning philosopher model | SMT solver |
Przigoda et al. [79] | Model verification | Symbolic formulation | Symbolic formulation | Traffic light model | SMT solver |
Anwar et al. [19] | Model verification | System verilog assertion | SVOCL | Traffic light controller, arbiter, and car collision avoidance system | — |
Fu et al. [80] | Inconsistency checking | Translation into OWL axioms | OWL axioms | University model | TUCO |
3.2 Experiences and Empirical Reports on OCL
This section summarizes the works that discuss empirical evaluation of OCL and report experiences of applying OCL in practice.
One of the initial works on empirical analysis of OCL is by Briand et al. [81,82]. The work focuses on evaluating the impact of OCL on UML-based development environment. The paper reports controlled experiment on two case studies. In the experiments final year undergraduate students and industry professionals were asked to develop UML models (UML class diagrams, state machines, and sequence diagrams) containing OCL to specify the system. The experiments were conducted to study model comprehension and maintainability. The results show that OCL was useful in specifying the modeling constraints; however, there was a learning curve when using OCL language for writing constraints specification on UML diagrams.
Correa et al. [83] present a controlled experiment that evaluates the impact of OCL expression structure on understandability of the OCL constraints. The controlled experiment is conducted to evaluate the impact of five OCL smells on understandability. The experiment involved 23 professionals who were given OCL constraints with and without smells and were asked to answer a questionnaire evaluating the understandability of the constraints. The results show that the constraints which were refactored were significantly easier to understand.
Pandey et al. [84] highlight the evolution of OCL and discuss various areas of OCL usage. The authors discuss the usage of OCL to overcome the limitations of UML modeling in absence of well-define semantics and provide formal semantics of UML. OCL not only provides required degree of precision to UML models, but it also helps in performing verification and validation of UML models. The paper also highlights limitations of OCL that may have affected its applicability in industry.
Ali et al. [29] present their experiences of applying OCL on six industrial case studies. The case studies belong to diverse industrial domains including communication and control, energy equipment and services, Recycling, and Oil and Gas Production. In these case studies, OCL was applied to solve industrial problems including safety certification and automated product configuration. The result of the industrial case studies shows that a well-selected subset of OCL notations was sufficient for the selected problems for constraint evaluation, solving, and querying. It was observed that OCL constraint specification and enforcement works similarly at meta-levels of MOF. The paper also presents guidelines for practitioners that can help them to choose an appropriate use of OCL at different meta-levels.
In a recent work on empirical analysis of OCL, Yue et al. [85] compare OCL with Java for specifying constraints on models. The paper reports a controlled experiment to evaluate the applicability of OCL in the industrial settings. The control experiment compares OCL with Java and empirically answers the applicability challenges related to extensive training, slow learning curve, and significant effort to use the constraint language. The result shows that both OCL and Java are equally good in terms of learnability, however, OCL is better in modeling complicated constraints. Similarly, the constraints written in Java contain more errors as compared to OCL.
Ali et al. [86] present a controlled experiment to assess the OCL specification in industrial settings. The experiment involves modeling OCL specifications for Cancer Registry of Norway (CRN) by four industry participants and four researchers. On the basis of challenges in writing OCL specification authors have presents an easy to use OCL specification validation and evaluation tool (iOCL).
Though there are some works reporting empirical evaluations of using OCL in practice as shown in Table 6, however, there is still a room for further research in this area. Analysis of using OCL in large projects, issues in maintaining OCL specifications, comparative analysis of various tools supporting OCL, and further reports on successful industrial applications of OCL will be useful for both practitioners and researchers.
Table 6
Paper | Domain | Strategy Used | Objective of the Study | Subjects Used |
---|---|---|---|---|
Briand et al. [81,82] | Empirical evaluation | Controlled experiment | Evaluating the impact of OCL on UML-based development environment | Two-case studies |
Correa et al. [83] | Empirical evaluation | Controlled experiment | Evaluating the impact of OCL expression structure on understandability | 23-professionals |
Pandey et al. [84] | Experiences | Study | Areas of OCL usage | — |
Ali et al. [29] | Experiences | OCL usage | Experiences of applying OCL on diverse domains | Six-industrial studies |
Yue et al. [85] | Empirical evaluation | Controlled experiment | Comparison of OCL and Java for specifying constraints | 29-graduate students |
Ali et al. [86] | Controlled experiment | OCL modeling | Assessing OCL specification in real setting | Eight participants (four each from industry and researchers) |
3.3 OCL Tools
As discussed earlier, there has been considerable research related to OCL. To make the language useful for the practitioners and researchers, tools supporting OCL are necessary to help the modeler specify, validate, and evaluate the constraints in an easy and user-friendly manner. This section describes in detail various tools that are developed to help the modelers in various stages of OCL specification.
USE tool [60,61] as discussed earlier is a widely used tool for validation of models and OCL constraints. USE allows textual and graphical modeling at both model and meta-model level. The goal of the USE tool is to support definition, validation and run-time checking of OCL invariants, and pre- and postconditions. USE tool allows writing of precise definition of OCL constraints such that ambiguous interpretation for both the OCL and UML diagrams could be avoided. The tool also supports analysis, simulation, transformation, and validation of UML models with OCL constraints.
Dresden OCL toolkit [87] is a mature, widely used set of libraries used by the practitioners to provide OCL support in their tools. As discussed earlier, Dresden OCL library provides support to parse and evaluate OCL constraints on various models including UML and EMF. It can be used as library or as an Eclipse plug-in project. Using Dresden OCL practitioners can specify constraints on both model and meta-model level and can even generate code. Dresden toolkit has been successfully used in model verification, testing design by contract, model transformation, code generation, and other projects [30].
Eclipse OCL [31] is an open-source implementation of the OMG OCL standard for EMF-based models including Ecore and UML on eclipse platform. The core component provides OCL integration by providing API support for parsing and evaluating OCL constraints. It also defines Ecore and UML implementation of OCL abstract syntax model and a visitor API for analyzing and transforming the abstract syntax tree model of OCL expressions. The extensibility API provided by eclipse OCL allows the developer to customize the parsing and evaluation environment of the parser.
OCLE [88] is a tool build to provide full OCL support to both UML model and meta-model. The tool not only provides support for checking well-formedness rules specified in OCL, but it also support compiling and debugging of OCL specifications. It generates Java programming language code to support dynamic checking. A graphical interface is also provided for modelers ease.
Dzidek et al. [89] discuss the lessons learned while developing a dynamic OCL constraint enforcement tool for Java language. The tool ocl2j automatically instruments OCL constraints represented as contracts in Java programs using aspect-oriented programming technique. The instrumentation performed by ocl2j is nonintrusive as aspect orientation helps to separate the assertions from the source code. The technique allows parallel development for Java as long as the class diagram and contract are stable. The tool successfully instrumented OCL constraints on Royal and Loyal case study. The authors also discuss various nontrivial issues related to instrumentation of @pre keyword and oclIsNew() expression that require significant work to address.
Hammad et al. [90] present an interactive tool iOCL, for specifying, validating, and evaluating OCL constraints. The tool helps the practitioners and researchers with the OCL syntax and presents only those details of OCL that are valid at a given step of constraint specification process. The goal of the tool is to reduce modeler effort requires for specifying constraints. Tool iOCL is provided as a web-based tool and is integrated with Eclipse OCL.
EsOCL [16,17] is a search-based constraint solver for OCL specifications. EsOCL uses evolutionary algorithms to generate data satisfying given constraints, based on heuristics defined for OCL constructs. EsOCL has been successfully used to generate test data for industrial scale software systems.
As shown in Table 7, there are some existing open-source and commercial tools such as IBM Rational Software Architect [32] and Papyrus [91] that provide modeling environment for the designers and practitioners to specify constraints on UML models using OCL. Addition to that Magic-Draw [37], Enterprise-Architect [38], and Argo-UML [92] are modeling tools that also provide facility of specifying and validating OCL constraints.
Table 7
Tool Name | Domain | Interface Support | OCL Support | Usage |
---|---|---|---|---|
USE tool [60,61] | Model validation | Textual and graphical modeling | Writing, validation, and run-time checking of OCL expression | Analysis, simulation, transformation, and validation of UML models |
Dresden OCL toolkit [87] | Development library | Eclipse plug-in | Writing OCL constraints | Model verification, testing by contract, model transformation, code generation |
Eclipse OCL [31] | Open-source OCL standard | API | Provide programmers classes and libraries | Parsing and evaluating OCL constraint |
OCLE [88] | Model checking | Textual and graphical | Compiling and debugging of OCL specification | Static and dynamic checking of models, code generation |
OCL2J [89] | OCL assertions | GUI | Instruments OCL in Java programs | Aspect-oriented programming |
iOCL [90] | Writing and evaluation | Web-based graphical | Specifying validating and evaluating OCL constraints | Constraint specification |
ESOCL [16,17] | OCL solver | Textual | Specifying, solving, and evaluating OCL constraint | Test data generation and constraint solving |
As highlighted by Briand et al. [81,82], there is a learning curve for practitioners in writing OCL constraints. The current set of tools can be significantly improved to ease writing of constraints. The tool presented in Ref. [90] is a step in the direction.
3.4 Extensions to OCL
While OCL has been applied successfully in a range of studies across various domains, the standard language is at times not sufficient to address certain domain-specific requirements, for example, requirement of modeling temporal constraints. Consequently, a number of extensions to the standard OCL have been proposed. The extensions bring new constructs language to OCL and extend its applicability to application domains not covered by the standard. In the following, we discuss some of the well-known extensions to OCL language. These include OCL extension specify temporal constraint OCL extension for temporal, spatial, and specifying actions.
Standard OCL language does not support specifying temporal constraints. A number of domains require such kind of constraint modeling, specifically when modeling real-time embedded systems or modeling nonfunctional performance properties of systems. Following we discuss the various extensions to OCL dealing with modeling temporal constraints.
Ziaman et al. [93] extend OCL with elements of finite linear temporal logic and introduces past and future timing concepts as part of TOCL (temporal OCL) language. The semantics of the invariants are formally defined and constraints on the system structure and system behavior are specified as temporal invariants and pre- and postconditions of operations.
Bilal et al. [27] propose an extension to the OCL language to support pattern-based modeling of temporal constraints. A pattern provides the behavior that needs to be modeled along with a scope that limits the execution trace on which the pattern is to be applied. The proposed approach enables modeling of temporal constraints without relying on knowledge of formalisms that are typically found in temporal domains. The behavior to be tested is expressed as a temporal OCL expression which is then translated into regular expressions using formal semantics provided by the language extension. The approach is supported as an extension to Eclipse/MDT OCL plugin.
Another extension to support temporal expressions in OCL is proposed by Dou et al. [26]. The OCLR extension to OCL allows the designer to write temporal constraints based on the property specification patterns. The extension also adds support for referring to a specific event and temporal lapse between events. The syntax of the proposed extension is close to natural language to encourage wider use by industry practitioners. The results of using OCLR on industry case studies show the feasibility of the approach.
Bradfield et al. [94] extend the OCL for modeling temporal properties by providing a template-based extension using mu-calculus. The specifications are written at two levels of logic, with mu-calculus constraints specifying the high-level logic, whereas OCL is being used to specify domain-specific low-level logic.
An extension of OCL to support specification of integrity constraints to control topological relations of objects in spatial databases has been proposed by Pinet et al. [28]. The authors propose formalism based on OCL, referred as the Spatial OCL. While Spatial OCL can be used to specify integrity constraints, it cannot be used to define topological constraints involving objects with vague shapes, a common occurrence in spatial objects. To overcome the limitations of Pinet et al. [28], Bejaoui et al. [95] propose an extension to Spatial OCL. The proposed extension allows specification of constraints on regions with broad boundaries such as forests and lakes.
Robinson et al. [96] present a variant of OCL, OCL™ to represent properties derived from requirements to monitor them at runtime. OCL™ is proposed in the context of a goal-monitoring framework for requirements. The proposed extension supports pattern-based specification of constraints in addition to standard temporal operators and timeouts.
Actions in MDE represent units of fundamental executions that typically correspond to some processing. OCL, by definition, is a side effect-free language. However, researchers have also extended OCL to model actions. Kleppe et al. [97] introduce an extension to OCL to express dynamic requirements such as events or signals that have been received or will be received in future. Such a support is often required during business modeling, for example, to model stimulus and response rules. The authors introduce a new type of clause to OCL, the action clause which gives semantics to a model by presenting its dynamic requirements.
The ECL extension to OCL proposed by Deantoni et al. [98] provide extension to OCL for modeling concurrency and timed behavior. The authors extend OCL to allow explicit specification of events in a model and to support specifying behavior invariants that govern partial ordering of event occurrences in a model. The presented extension semantics are based on Clock Constraints Specification Language (CCSL), which is defined as part of UML profile for Modeling and Analysis of Real-time Embedded Systems (MARTE).
Table 8 summarizes the results of the survey for OCL extensions. As it can be observed, a number of approaches in the literature add new concepts and constructs to OCL. This is done primarily by adding new elements in the OCL meta-model or new constructs in the OCL grammar. A major challenge with such extensions is their alignment with OCL semantics. We did not find any study evaluating this aspect of OCL extensions. A number of such extensions have been proposed to support writing of temporal constraints in OCL. Similarly, researchers have extended OCL to allow specification of dynamic behavior using actions. Given the importance of specifying temporal constraints as highlighted by a number of works in literature, the constructs can be included as part of the standard OCL.
Table 8
Paper | Target Feature | Proposed Constructs | Formalism Used | Evaluation Method | Compatibility With Standard OCL |
---|---|---|---|---|---|
Ziaman et al. [93] | Temporal constraints | Temporal invariants, pre- and postconditions | Liner temporal logic (LTL) | Academic example | No |
Bilal et al. [27] | Temporal constraints | Pattern-based language, events | NA | Industry case study | Yes |
Dou et al. [26] | Temporal constraints | Pattern-based language, events | NA | Industry case study | Partial |
Bradfield et al. [94] | Temporal constraints | After, eventually pattern template | Observational mu-calculus | Academic example | No |
Pinet et al. [28] | Spatial constraints for environmental information systems | Disjoint, contains, inside, equal, meet, cover, covered by, overlap | NA | Academic example | No |
Bejaoui et al. [95] | Spatial constraints for environmental information systems | Weakly, fairly, strongly, and completely constructs | Region connection calculus | Case study | No |
Robinson et al. [96] | Run-time goal monitoring from requirements | Pattern-based constraints, temporal operators, timeouts | NA | Case study | No |
Kleppe et al. [97] | Business rule modeling | Actions | NA | Academic example | No |
Deantoni et al. [98] | Causal and times relationships in models | Events (clocks) | Clock constraint specification language (CCL) | Academic example | No |
3.5 Other Works
There are a number of other research areas in software engineering where OCL is actively used. Following we discuss the works on formalizing OCL, use of OCL in the area of model transformations, and instance generation of meta-models.
3.5.1 Formalizing OCL
Since OCL is considered as a semiformal constraint specification language, a number of research works have focused on formalization of semantics of OCL. The formalization helps in automation and removes ambiguities in syntax and semantics of OCL.
Rickters et al. [99] highlight early efforts in formalizing the semantics for OCL. The paper describes and defines the syntax and semantics of OCL expressions and provides examples for their evaluations. The authors identify basic syntactic structures and assign semantics to them based on the set theory. The authors also provide solution to implicit flattening of complex results. The paper also discusses various issues resulting in an illegal expression evaluation and suggests various language improvements.
Brucker et al. [100] present a new formal model of OCL by embedding it into Isabelle/HOL language. The work provides automated reasoning support to OCL using a formal calculus to encode OCL semantics. The work also discusses an automated deduction technique based on derived rules from OCL semantics. The proposed methodology is applied on the application of test case generation for the triangle problem.
Roe et al. [101] present a mapping of UML models having OCL constraints to Object Z. The mapping uses the modeling constructs and generates Class skeleton in Object Z. The OCL constraints are also converted to Object Z schema. The authors also discuss the tool developed and the comparison of the proposed mapping with the existing approaches.
Kyas et al. [102] present a prototype tool that analyzes the syntax and semantics of OCL constraints together with UML model and translates them to the Prototype Verification System (PVS) theorem prover language. The UML class diagrams and state machines are translated to PVS. The translation process has successfully been applied on multiple industrial case studies.
Formalization of OCL has been an active area of research in which syntax and semantics of the OCL language are converted into a formal language for better reasoning. Formalization also helps in the extraction of illegal expressions. As presented in Table 9, the literature addresses numerous approaches [24,77,95] that focuses on the conversion of OCL semiformal syntax and semantics into more formal models. Formalizing OCL is still an open research direction to remove ambiguities and allow automated reasoning on OCL constraints. The major challenge in this regard is to introduce formalism without significantly complicating the syntax of the language.
Table 9
Paper | OCL Coverage | Strategy Used | Formal Model Used | Addition Support | Case Study Description |
---|---|---|---|---|---|
Richter et al. [99] | OCL expression | Formal syntax and semantic | NA | Implicit flattening of complex result | Rental system |
Brucker et al. [100] | OCL expressions | Formal model | Isabelle/HOL | Automated reasoning and deduction | Triangle problem |
Roe et al. [101] | OCL constraints | Mapping | Object Z | Generation of class skeleton | Person and bank accounts |
Kyas et al. [102] | OCL constraints | Conversion | PVS theorem prover language | State machine and class diagram only | Sieve of Eratosthenes |
3.5.2 Use of OCL in Model Transformations
Transformations are a fundamental part of MDE that deals with transforming models from one representation to another. Transformations take as input a source model that conforms to a source meta-model as input and generate a target model that conforms to a target meta-model based on a set of rules that map the source meta-model elements to target meta-model elements. The meta-models typically comprise of a large set of elements, which are restricted by a number of constraints usually written in OCL. In addition to constraints at meta-level, OCL is also used as a part of transformation language. In the following, we discuss the use of OCL in the area of model transformation.
Schürr et al. [103] describe the challenges associated with use of OCL as a graph transformation language. The OCL is compared with a graph transformation, PROGRESS, which is a path expression-based language. The PROGRESS language is similar to OCL in many ways, for example, operation manipulation in both works on class diagrams, both languages support collections and single object path expressions. However, in contrast with OCL, PROGRESS path expression supports functional abstraction and offers additional operators for conditions that are required for a graph transformation language.
Cariou et al. [104] present a method to verify transformation results with respect to the transformation specification. The work focuses on transforming contracts written in OCL for the verification of target transformation. A transformation contract represents expected transformation behavior using pre- and postcondition and invariants on transformation rules. A precondition of a transformation contract specifies state of a model before a transformation and postcondition contract specifies the state of a model after transformation. The proposed verification method is generic and can be applied on both manual and automatic transformations.
Cabot et al. [105] present an automated transformation approach from UML to SBVR (semantics of business vocabulary and rules) specification. The approach is able to extract OCL expressions used in the UML. The SBVR specification is used to describe business policies and rules in a language models that is closer to natural language. The proposed transformation aims to reduce the communication gap between modelers and business managers.
Bajwa et al. [106] present rule-based transformation approach to translate SBVR business rules into OCL. The automated transformation from SBVR rules to OCL constraints reduces the manual effort which is complex and time-consuming. The approach is implemented in SBVR2OCL prototype tool. The transformation is based on rules that are derived from the abstract syntax of SBVR and OCL. The approach is fully automated and requires business rules and target UML model as input.
González et al. [107] present a test data generation approach for model transformations by combining the partition and constraint analysis. For the generation of test data, the approach analyzes the OCL constraints in the source meta-model to fine-tune the partitions. The approach provides support of various OCL constructs and offers three different test model generation modes: a simple mode, multiple partition mode, and unique partition mode. A supporting tool is also implemented that can be used with other model generation approaches.
Jilani et al. [108] present a search-based test data generation approach for model transformation testing. The proposed approach uses search-based algorithms for test data generation. The approach is able to solve OCL constraints which are specified at meta-model level. The search algorithms used for generation are based on meta-heuristics (such as adoptive random testing). The approach also provides structural coverage of the transformation code and assures that generated test models achieve desired transformation code coverage. MOTTER tool is developed and successfully applied on Class to Relation database transformation example.
In the area of model transformations, Table 10 shows the approaches that used OCL as a transformation specification language as well as for verification and test generation of model transformations. A number of model transformation languages follow an OCL-like syntax for model query operations, which shows the acceptance of OCL by practitioners.
Table 10
Paper | Use of OCL | Strategy Used | Support Provide by OCL | Addition Support | Case Study Description |
---|---|---|---|---|---|
Schürr et al. [103] | Graph transformation language | Comparison with PROGRESS | Collection, single object path expression, combination of expression | — | — |
Cariou et al. [104] | Transformation contract | Verification of target model | Expected behavior pre- and postcondition, invariants on rules | Support both manual and automated transformation | Class to RDBMS transformation |
Cabot et al. [105] | Constraints on models | UML2SBVR transformation | OCL expression on models | Business policies and rules | — |
Bajwa et al. [106] | Transformation Target model | Mapping of SBVR2OCL | Mapping pf SBVR rules to OCL | Support Constraints on models | SBVR to OCL transformation |
González et al. [107] | Source model constraints | Partition and constraint analysis | OCL expressions for test generation | Test generation for model transformation | Team submission |
Jilani et al. [108] | Source model constraint and rules in transformation | Constraint solving using search-based algorithms | OCL expressions for transformation testing | Structural coverage of transformation code | Class to RDBMS transformation |
3.5.3 Instance Generation of Models
The OCL constraints at modeling language definition level (meta-model) typically define the well-formedness rules. These rules define the restrictions that the models developed in the modeling language should follow. A common task during model manipulation is automated generation of models from meta-models (i.e., instances of meta-models). This is typically referred to as instance generation. Following we discuss the works dealing with instance generation of models by resolving OCL constraints on meta-models.
Winkelmann et al. [109] present an instance generation approach. The approach is based on graph grammar and provides translation of restricted OCL constraints into graph grammar constraints. The approach automatically creates a graph grammar from a given meta-model. The grammar ensures typing and cardinality constraints. A restricted set of OCL constraints is also translated into the grammar that is checked during the process of instance generation. The approach is demonstrated on a state chart example.
Francisco et al. [110] present an approach for automated generation of test models following property-based testing. Property-based testing uses properties for specifying constraints written in OCL and generating tests based on it. The approach uses properties to generate test suites. For automated generation of test cases, QuickCheck tool is used. QuickCheck is an automatic property-based testing tool that allows test case generation, execution, and result analysis. The paper also shows advantages and disadvantages of the proposed approach as compared with the manual test suite generation.
Wu et al. [111] present a SMT-based approach for generating coverage-oriented meta-model instances. The approach uses two techniques for generating the instances. The first technique relies on a standard UML class diagram coverage criterion, while the second technique focuses on satisfying graph-based coverage criterion. Both the criteria defined in the techniques are translated to SMT formula, which are solved using an SMT solver.
Since OCL constraints allow specifying restrictions on UML models, these constraints need to be satisfied during instance generation. Table 11 summarizes the existing instance generation approaches [109–111] satisfy the OCL constraints during the instance generation process. Some of the works transform the applied OCL constraints into an intermediate model, e.g., graphs for better verification and generation of the correct instance. The examples of UML class diagram and state charts are typically used in the literature to demonstrate the results. The OCL constraint solving is a fundamental activity in such approaches. Although the challenge of meta-model instance generation from complex meta-models has not been completely resolved, the existing approaches have potential to be extended for this purpose. There is a vital need for a scalable and efficient approach for automated instance generation from models.
Table 11
Paper | Use of OCL | Strategy Used | Addition Support | Case Study Description | Tool Support |
---|---|---|---|---|---|
Winkelmann et al. [109] | Transformation of OCL into graph grammar | Graph grammar | Generation of graph models | State chart model | — |
Francisco et al. [110] | Properties written in OCL | Property-based testing | Automated generation of test suites | Process scheduler class model | QuickCheck |
Wu et al. [111] | Constraints on model | SMT-based approach | UML class diagram coverage criteria and coverage-oriented meta-model instances | Department manager meta-model | SMT solver |
3.5.4 Refactoring and Simplifying OCL Constraints
OCL has been introduced with the intention of being the standard language for specifying constraints on models. Ease of use and understandability are important factors in acceptance of the language by practitioners. While OCL aims to be an easier to use language than the other formalisms, at times OCL expressions and constraints can be quite complex and difficult to understand [112]. Consequently, there have been a number of efforts aimed at making OCL simpler to understand and apply.
Correa et al. [112] proposed a number of refactoring to improve understandability of OCL specifications. The work discusses a number of “OCL smells,” similar to code smells and propose corresponding refactoring. An experimental study is presented to evaluate the impact of OCL smells and refactoring on the understandability of OCL expressions. The results of the study show that the presence of OCL smells has a negative impact on the understandability of OCL expressions. OCL specifications containing OCL smells take longer to understand and are less correct than specifications without them. The work provides useful guidelines for writing OCL constraints in more readable way.
Opoka et al. [113] present a set of OCL libraries, with the aim of simplifying the writing of OCL expressions. The libraries provide a set of useful and reusable OCL expressions. The developed libraries have been successfully used in sample projects demonstrating the feasibility of the approach. The libraries provide reusability, validation support, and documentation support.
Giese et al. [114] discuss the problem of redundancies in OCL specification. Such redundancies reduce the readability of the OCL specifications. The paper presents an approach to transform OCL expressions to simpler forms in the context of constraints expressing requirements. A prototype OCL simplifier is implemented to automate the simplification process.
Aspect orientation has emerged as widely used practice to avoid redundancies in software artifacts. Aspects allow the designers to separate core design elements from various crosscutting behaviors. The crosscutting behaviors are modeled separately in the form of aspects. Khan et al. [115] present an extension to OCL that bring the benefits of aspect orientation to constraint specification. The proposed approach allows the designer to specify core constraints separately from crosscutting constraints. The crosscutting constraints are written separately as constraint aspects, which are then woven in the core constraints using as aspect weaver. One benefit of the approach is that while at design time the crosscutting aspect is written separately, the woven output is a standard OCL specification. This allows the approach to remain compatible with the existing tools and API developed for OCL. The results show that AspectOCL language can be effectively used to capture constraints in industry-scale case studies and can significantly reduce the constraint modeling effort.
Over the years, researchers and practitioners have faced challenges in applying OCL to particular domains due to a lack of constructs in the standard language. To overcome such challenges, new constructs have been added in the form of language extensions. Table 12 summarizes the refactoring techniques presented earlier. The works discussing code smells and libraries can be useful in making OCL more useable and easy to comprehend. However, significant empirical evaluations are further required to evaluate their effectiveness.
Table 12
Paper | Technique | Evaluation | Case Study Description |
---|---|---|---|
Correa et al. [112] | OCL smells | Experimental study | Bank system |
Opoka et al. [113] | Extension of OCL | — | — |
Giese et al. [114] | Transformation | Case study | Observer design pattern |
Khan et al. [115] | Aspect orientation | Case study | EU-rental study |
4 Insights on Advances in OCL
OCL has been used in a number of industrial and academic projects. A large body of works in literature focuses on software verification and validation. The works range from test generation to model verification and validation using OCL.
Test generation from OCL specifications is significant for MBT. Recent trend in the area is the use of search-based strategies and constraint satisfaction for test generation. The search-based strategies have shown promising results with the works showing the scalability of the approach to industrial applications. The existing constraint satisfaction approaches either do not support complete OCL specification or they only provide a limited support (few constructs of OCL are supported). Even with a limited OCL support, the constraint solving approaches (based on SAT/SMT) require translation of OCL construct into intermediate languages, which make the process more complicated. Similarly, in CSP-based approaches, the OCL constructs are first translated to form a CSP problem and are then solved. The existing CSP solvers do not support a number of OCL constructs, such as collections, association, and three-order logic, which are commonly used in industry [16].
One benefit of the model verification through OCL is that it is automatable, and is well supported by UML modeling tools. Similar to verification, OCL has also been applied to validate models for their correct definition. Tools such as USE [60] are used by a large number of works [61,62] for validation of UML models using OCL. Researchers have extended the USE tool as per their requirements for model validation. For example, USE tool is extended for the generation of consistent snapshots [64,65], aspect-oriented-based constraint validation [63], and for the integration of role-based access control constraints [67]. The support provides by the USE tool helps the designers to achieve automated model validation using various techniques.
The OCL model validation has benefited the larger software industry and implementation of large systems such as advanced automated train control systems [62]. OCL is also used to perform analysis on UML class diagram through structural constraints [74], validating UML models transformed to relation logic and vice versa through equational specifications written in Maude [69–71], and AuRUS tool that analyzes UML/OCL conceptual schemas to ensure their correctness [75]. Model checking is another important aspect for which OCL has been used. The existing literature presents the use of model checking for various purposes, such as checking UML model consistency and identifying inconsistencies through OCLE tool [59], using USE tool [60] for ensuring consistency and independence, automated checking of UML and OCL model features in model transformation [72], and translation of OCL invariants into OWL axioms for inconsistency checking [80].
Though there are a few controlled experiments, empirical evaluations, and surveys conducted in the area, there is a significant room for further empirical investigation. The presented studies focus on writing specification and evaluating their impact on model comprehension, comparative analysis, maintainability, and applicability. Further empirical evaluations are required to evaluate use of OCL on large projects, scalable approaches for OCL constraint solving and instance generation from complex meta-models, and comparative tool analysis for OCL.
Even though there exists many commercial tools, such as Software Architect [32], Papyrus [91], Magic-Draw [37], Enterprise-Architect [38], Argo-UML [92], and Eclipse OCL [31] that help designers and practitioners to specify, validate, and evaluate OCL constraints, but still practitioner find it challenging to specify OCL constraints. Recently, a tool iOCL [90] was developed that guides the practitioners in writing constraints interactively. However, there is still room for improvement in tools that further ease the process of writing OCL specification and helps the modelers in validating and evaluating OCL constraints.
Another research area in the domain is the formalization of OCL as a language. A number of approaches in the literature focus on defining formal notations and removing semantic ambiguities of OCL. Formalization of OCL syntax into set theory, formal calculus, Object Z, CSP, PVS theorems provides formal reasoning and help in OCL constraints solving. But the problems in all such formalism, including partial OCL language support, computation expensive operation due to combinatorial explosion still require further investigation.
OCL has seen acceptance in industry and there have been some reports on successful usage of OCL in industrial and academic projects [29]. However, over the years, researchers have identified some limitations of the existing OCL standard. Often these limitations relate to a lack of support for constructs required to accomplish domain-specific tasks. Real-time and time-critical applications represent one such domain. One requirement of the domain is to model temporal constraints. The standard OCL specification does not provide constructs that can specify temporal properties and constraints. A number of researchers have addressed the problem and provided their own language extensions that allow designers to specify temporal constraints on system models. Similarly, other researchers have sought to extend the OCL language to incorporate new emerging practices, such as aspect orientation. The aspect-oriented extensions to OCL aim to bring the benefits of aspect orientation to constraint specification by allowing the designers to separate core constraints from crosscutting constraints. One fundamental challenge to wider adaption of such extensions, however, is the requirement of learning new nonstandard constructs on top of basic OCL constructs. This is further complicated by lack of industry-scale tool support for such extensions. Consequently, while the extensions may be successfully applied in academic studies and in the scope of the project where they are developed, wide scale adaption remains a challenge. On the other hand, extensions where the final output is always standard OCL [115] seems more feasible.
5 Conclusion and Future Directions
MDE has seen a gradual increase in industry adaption since its inception. OCL is an OMG standard language for specifying constraints at model and meta-model levels.
With the increase in industrial usage of MDE, OCL as standard constraint language has also seen a rapid increase in use at various modeling levels. From the earlier definition of OCL as a part of UML, the OCL is now a standalone standard and has its applications beyond UML. For instance, OCL is being widely used for specifying language rules at meta-level while defining domain-specific languages and language profiles. The UML profile for MARTE uses the OCL constraint to specify language semantic rules. Similarly, the language rules Generic Modeling Environment (GME) are defined using OCL. Apart from its use at meta-level, it is also used as a constraint specification language for domain-specific languages and as a model query language. OCL has also received significant attraction from researchers. In this chapter, we reported a survey of various works in literature targeting OCL. The works were broadly classified into five categories: (i) verification and validation using OCL, (ii) experiences and empirical reports on OCL, (iii) OCL tools, (iv) OCL extensions, and (v) other works applying OCL in diverse areas. Among these areas verification and validation, using OCL has the largest number of research works. The tool support is there for basic tasks; however, there is a significant room for improvement in terms of their usability and scalability. However, there are certain work that report empirical studies on OCL, especially on evaluation of usability of OCL. However, this area still requires further studies on evaluating various aspects of OCL usage. Similarly, more industry experience reports on OCL will further support the industrial adoption of the language.
OCL has also recently seen an increased support by a number of industrial tools. The modern OCL tools provide sophisticated features for querying OCL models and evaluating constraints on the provided models. Additionally, the modern modeling tools, such as IBM Rational Software Architect, allow the engineers to specify OCL constraints and support model validation based on these constraints. These tools also allow writing constraints at meta-level (for example, while defining a profile) and enforcing the constraints at instance level. The support of tools has made writing and maintaining constraint specifications relatively less complicated than earlier. With the increase in tool support, OCL along with MDE has now a better chance to be used in more domains. For instance, we are already seeing the use of the OCL in domains other than software modeling (e.g., modeling business rules and modeling internet of things). However, the tool support of OCL still requires significant improvements. For instance, the current debugging support for OCL is very limited and is a major obstacle in large-scale adaption of OCL. This is a promising future research and development direction for the language. A provision of tool support with efficient debuggers for OCL will significantly increase the adoption of the language. Similarly, the provision of scalable OCL solvers and evaluators will also play a significant part in language adoption by industry.
Another criticism on OCL has been its complexity and the initial learning curve involved in learning and using the language constructs. There have been some attempts at proposing easier to use languages, including visual constraint modeling languages, to replace OCL, however, despite these attempts, OCL remains the only standard language for modeling constraints. Other formalisms for constraint specification purposes tend to be even more complex and difficult to comprehend for engineers who are not familiar with formal languages. OCL for now remains the simpler and often more practical alternative for constraint specification purposes.
The key challenge while writing constraints lies not only with complexity of OCL but also with complexity of constraint specification process itself. Identifying and writing constraints on models is a challenging task and requires thorough understanding of the domain and requirements, which is typically lacking.
Another evidence of increasing acceptance of OCL as a language is the number of languages that have been inspired by the syntax of OCL. A large number of model transformation languages use an OCL-like syntax, it allows easy mechanism for model query and manipulation as compared to programming and formal languages. For example, ATL has syntax that is very similar to OCL.
In our experience of using OCL for various industrial problems and our study of literature, we identify that during constraint specification only a small subset of OCL is required. A large part of OCL typically remains unused. For a novice engineer identifying the subset of OCL that will be used and focusing on learning that portion is not trivial. For instance, UML already allows selective usage of the language through language profiles. Provision of a similar mechanism in the language to define usage specific subset of OCL can greatly help in reducing the learning curve. Similarly, a number of researchers have proposed temporal extensions to OCL. Given the applicability of MDE in real-time embedded systems domain, perhaps a useful addition will be to provide a standard support for modeling time-related constraints in OCL. Such an extension will allow increased used in more domains and help improve the industry acceptance of the language. These can be interesting improvements in OCL as a language.
Overall, due to wide usage and support of modern tools, OCL as a language is poised to have wide spread acceptance in industry. The language has been applied successfully on various projects across multiple domains for different purposes. The purposes range from constraint specification at model level, language rule definition at meta-model level to model query and manipulation. None of the other proposed constraint specification language or formal languages enjoy other wide support from industry or standard organizations. Though there are some limitations in terms of tool support, the OCL is a pivotal part of MDE and will continue its growth with greater industry acceptance.