SlideShare a Scribd company logo

Featherweight OCL: A study for the consistent semantics of OCL 2.3 in HOL

Achim D. Brucker
Achim D. Brucker

At its origins, OCL was conceived as a strict semantics for undefinedness, with the exception of the logical connectives of type Boolean that constitute a three-valued propositional logic. Recent versions of the OCL standard added a second exception element, which, similar to the null references in programming languages, is given a non-strict semantics. In this paper, we report on our results in formalizing the core of OCL in higher-order logic (HOL). This formalization revealed several inconsistencies and contradictions in the current version of the OCL standard. These inconsistencies and contradictions are reflected in the challenge to define and implement OCL tools (e.g., interpreters, code-generators, or theorem provers) in a uniform manner.

TechnologyEducation
1 of 21
Download to read offline
Featherweight OCL A study for the consistent semantics of OCL 2.3 in HOL Achim D. Brucker1 Burkhart Wolff2 1 SAP AG, SAP Research, Germany achim.brucker@sap.com 2 Université Paris-Sud, France wolff@lri.fr September 30, 2012
Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
Motivation Semantics in the OCL 2.3 Standard The semantics of OCL 2.3 is spread over several places: Chapter 7 “OCL Language Description” (informative): introduces OCL informally using examples, Chapter 10 “Semantics Described using UML” (normative): presents an “evaluation” environment, Chapter 11 “The OCL Standard Library” (normative): describes the requirements (pre-/post-style) of the library, Appendix A “Semantics” (informative): presents a formal semantics (textbook style), based on the work of Richters. And all that needs to be aligned with all other UML (sub-)standards A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 4
Motivation History: A Singe Undefined Value (invalid) OCL was equipped with a single exception element: invalid (previously called oclUndefined) invalid is used to model all exceptional situations division by zero, e. g., 1/0 accessing elements of a empty list, e. g., Seq{}->first() representation of “absence of a value” . . . Most operations are strict, e. g., self.x->including(invalid) = invalid Exception: Boolean operations, e. g., invalid or true = true A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 5
Motivation Adding a New “Undefinedness” Motivation and Intuition Main Motivation: Alignment with the UML standard. Action Taken by OMG: Introduction of a second exception element: null. Intuition: null represents absence of value. null is a potentially non-strict exception element. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 6
Motivation Adding a New “Undefinedness” Observation In OCL 2.2, his extension has been done in an ad hoc manner, e.g., Both invalid and null conform to all classifiers. In particular null conforms to invalid and vice versa. The conforms relationship is antisymmetric, thus invalid and null are indistinguishable. Contradiction to: null being non-strict and invalid being strict. Our Contribution: At the OCL Workshop 2009, we presented a “paper and pencil” integration of null into the semantics of OCL 2.0 Featherweight OCL formalizes this semantics in Isabelle/HOL (following the tradition of HOL-OCL) A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 7
Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
Featherweight OCL Featherweight OCL Formalizing the Core of OCL Embedding into Isabelle/HOL Shallow embedding Strongly typed Any Featherweight OCL type contains at least invalid and null All objects are represented in an object universe Featherweight OCL types may be arbitrarily nested Support for infinite sets Support for equational reasoning and congruence reasoning A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 9
Featherweight OCL Semantics of Strict Operations OCL 2.0: Strict Operations Example: Addition of integers The interpretation of “X+Y” for Integers: I X + Y τ ≡    I X τ + I Y τ if I X τ = ⊥ and I Y τ = ⊥, ⊥ otherwise . This is a strict version of the addition of Integers. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 10
Featherweight OCL Semantics of Strict Operations OCL 2.3: Strict Operations and Null We define I X + Y τ ≡    x + y if x = ⊥, y = ⊥, x = ⊥ and y = ⊥ ⊥ otherwise where x = I X τ and y = I Y τ. (x = ⊥ ⇐⇒ “x is not invalid” and x = ⊥ ⇐⇒ “x is not null” ) Note: 3 + nullInteger = invalid A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 11
Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.0: Boolean Operations (Non-strict Operations) The interpretation of “X and Y” for Booleans: I X and Y τ ≡    x ∧ y if x = ⊥ and y = ⊥, false if x = false or y = false , ⊥ otherwise . where x = I X τ and y = I Y τ. The OCL standard demands a Strong Kleene Logic. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 12
Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: Challenges in the Standard The standard defines not (null) = invalid With the consequence, that not (not X) = X does not hold for all values of X: not (not null) = invalid Similarly: null and null = invalid A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 13
Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: Boolean Operations (Non-strict Operations) We recommend:1 I X and Y τ ≡    x ∧ y if x = ⊥ and y = ⊥ or x = ⊥ and y = ⊥, false if x = false or y = false , ⊥ if x = ⊥ and y = ⊥ or x = true and y = ⊥ or x = ⊥ and y = true , ⊥ otherwise . where x = I X τ and y = I Y τ. Note: ⊥ represents null and ⊥ represents invalid. This definition deviates from the current OCL 2.3.1 standard. 1 modified for simplifying the presentation A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 14
Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: The Boolean Operations “and” We formally prove the following core properties of “and”: (invalid and true) = invalid (invalid and false) = false (invalid and null) = invalid (invalid and invalid) = invalid (null and true) = null (null and false) = false (null and null) = null (null and invalid) = invalid (false and true) = false (false and false) = false (false and null) = false (false and invalid) = false (true and true) = true (true and false) = false (true and null) = null (true and invalid) = invalid As well as: (X and X) = X X and true = X X and false = false (X and Y) = (Y and X) (X and (Y and Z)) = (X and Y and Z) A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 15
Featherweight OCL Boolean Operations (Non-strict Operations) Demo A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 16
Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
Conclusion and Further Work Conclusions We understand OCL as a specification language Should be more abstract than a programming language The usual algebraic laws should hold Four-valued Kleene-Logic (lattice like organization of values) Formalizing the core of OCL Helps to clarify the semantics Helps to preserve consistency while extending the language Can provide input for updating ”Annex A” Many new interesting extensions are discussed, e.g., λ-expression . . . A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 18
Conclusion and Further Work Personal Opinion Status of the standard OCL 2.2 was a total mess with respect to null OCL 2.3 is an improvement, still many glitches The OMG standardization process where members vote on changes is maybe not best process to achieve a consistent standard Technical standards should use authoring systems that ensure the syntactical correctness semantical consistency A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 19
Thank you for your attention! Any questions or remaks?
Conclusion and Further Work Related Publications Achim D. Brucker, Matthias P. Krieger, and Burkhart Wolff. Extending OCL with null-references. In Sudipto Gosh, editor, Models in Software Engineering, number 6002 in LNCS, pages 261–275. Springer, 2009. http://www.brucker.ch/bibliography/abstract/brucker.ea-ocl-null-2009. Selected best papers from all satellite events of the MoDELS 2009 conference. Achim D. Brucker and Burkhart Wolff. Featherweight OCL: A study for the consistent semantics of OCL 2.3 in HOL. In Workshop on OCL and Textual Modelling (OCL 2012). 2012. http://www.brucker.ch/bibliography/abstract/brucker.ea-featherweight-2012. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 21

Recommended

How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeAchim D. Brucker
 
Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareAchim D. Brucker
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetAchim D. Brucker
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsAchim D. Brucker
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your BrowserAchim D. Brucker
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorAchim D. Brucker
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 

Recommended

How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeAchim D. Brucker
 
Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareAchim D. Brucker
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetAchim D. Brucker
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsAchim D. Brucker
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your BrowserAchim D. Brucker
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorAchim D. Brucker
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantAchim D. Brucker
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...Achim D. Brucker
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedAchim D. Brucker
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service CompositionAchim D. Brucker
 
Extending Access Control Models with Break-glass
Extending Access Control Models with Break-glassExtending Access Control Models with Break-glass
Extending Access Control Models with Break-glassAchim D. Brucker
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Achim D. Brucker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

More from Achim D. Brucker

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantAchim D. Brucker
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...Achim D. Brucker
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedAchim D. Brucker
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service CompositionAchim D. Brucker
 
Extending Access Control Models with Break-glass
Extending Access Control Models with Break-glassExtending Access Control Models with Break-glass
Extending Access Control Models with Break-glassAchim D. Brucker
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Achim D. Brucker
 

More from Achim D. Brucker (16)

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof Assistant
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security Properties
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service Composition
 
Extending Access Control Models with Break-glass
Extending Access Control Models with Break-glassExtending Access Control Models with Break-glass
Extending Access Control Models with Break-glass
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development Process
 
Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...Security in the Context of Business Processes: Thoughts from a System Vendor'...
Security in the Context of Business Processes: Thoughts from a System Vendor'...
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Featherweight OCL: A study for the consistent semantics of OCL 2.3 in HOL

  • 1. Featherweight OCL A study for the consistent semantics of OCL 2.3 in HOL Achim D. Brucker1 Burkhart Wolff2 1 SAP AG, SAP Research, Germany achim.brucker@sap.com 2 Université Paris-Sud, France wolff@lri.fr September 30, 2012
  • 2. Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
  • 3. Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
  • 4. Motivation Semantics in the OCL 2.3 Standard The semantics of OCL 2.3 is spread over several places: Chapter 7 “OCL Language Description” (informative): introduces OCL informally using examples, Chapter 10 “Semantics Described using UML” (normative): presents an “evaluation” environment, Chapter 11 “The OCL Standard Library” (normative): describes the requirements (pre-/post-style) of the library, Appendix A “Semantics” (informative): presents a formal semantics (textbook style), based on the work of Richters. And all that needs to be aligned with all other UML (sub-)standards A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 4
  • 5. Motivation History: A Singe Undefined Value (invalid) OCL was equipped with a single exception element: invalid (previously called oclUndefined) invalid is used to model all exceptional situations division by zero, e. g., 1/0 accessing elements of a empty list, e. g., Seq{}->first() representation of “absence of a value” . . . Most operations are strict, e. g., self.x->including(invalid) = invalid Exception: Boolean operations, e. g., invalid or true = true A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 5
  • 6. Motivation Adding a New “Undefinedness” Motivation and Intuition Main Motivation: Alignment with the UML standard. Action Taken by OMG: Introduction of a second exception element: null. Intuition: null represents absence of value. null is a potentially non-strict exception element. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 6
  • 7. Motivation Adding a New “Undefinedness” Observation In OCL 2.2, his extension has been done in an ad hoc manner, e.g., Both invalid and null conform to all classifiers. In particular null conforms to invalid and vice versa. The conforms relationship is antisymmetric, thus invalid and null are indistinguishable. Contradiction to: null being non-strict and invalid being strict. Our Contribution: At the OCL Workshop 2009, we presented a “paper and pencil” integration of null into the semantics of OCL 2.0 Featherweight OCL formalizes this semantics in Isabelle/HOL (following the tradition of HOL-OCL) A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 7
  • 8. Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
  • 9. Featherweight OCL Featherweight OCL Formalizing the Core of OCL Embedding into Isabelle/HOL Shallow embedding Strongly typed Any Featherweight OCL type contains at least invalid and null All objects are represented in an object universe Featherweight OCL types may be arbitrarily nested Support for infinite sets Support for equational reasoning and congruence reasoning A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 9
  • 10. Featherweight OCL Semantics of Strict Operations OCL 2.0: Strict Operations Example: Addition of integers The interpretation of “X+Y” for Integers: I X + Y τ ≡    I X τ + I Y τ if I X τ = ⊥ and I Y τ = ⊥, ⊥ otherwise . This is a strict version of the addition of Integers. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 10
  • 11. Featherweight OCL Semantics of Strict Operations OCL 2.3: Strict Operations and Null We define I X + Y τ ≡    x + y if x = ⊥, y = ⊥, x = ⊥ and y = ⊥ ⊥ otherwise where x = I X τ and y = I Y τ. (x = ⊥ ⇐⇒ “x is not invalid” and x = ⊥ ⇐⇒ “x is not null” ) Note: 3 + nullInteger = invalid A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 11
  • 12. Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.0: Boolean Operations (Non-strict Operations) The interpretation of “X and Y” for Booleans: I X and Y τ ≡    x ∧ y if x = ⊥ and y = ⊥, false if x = false or y = false , ⊥ otherwise . where x = I X τ and y = I Y τ. The OCL standard demands a Strong Kleene Logic. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 12
  • 13. Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: Challenges in the Standard The standard defines not (null) = invalid With the consequence, that not (not X) = X does not hold for all values of X: not (not null) = invalid Similarly: null and null = invalid A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 13
  • 14. Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: Boolean Operations (Non-strict Operations) We recommend:1 I X and Y τ ≡    x ∧ y if x = ⊥ and y = ⊥ or x = ⊥ and y = ⊥, false if x = false or y = false , ⊥ if x = ⊥ and y = ⊥ or x = true and y = ⊥ or x = ⊥ and y = true , ⊥ otherwise . where x = I X τ and y = I Y τ. Note: ⊥ represents null and ⊥ represents invalid. This definition deviates from the current OCL 2.3.1 standard. 1 modified for simplifying the presentation A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 14
  • 15. Featherweight OCL Boolean Operations (Non-strict Operations) OCL 2.3: The Boolean Operations “and” We formally prove the following core properties of “and”: (invalid and true) = invalid (invalid and false) = false (invalid and null) = invalid (invalid and invalid) = invalid (null and true) = null (null and false) = false (null and null) = null (null and invalid) = invalid (false and true) = false (false and false) = false (false and null) = false (false and invalid) = false (true and true) = true (true and false) = false (true and null) = null (true and invalid) = invalid As well as: (X and X) = X X and true = X X and false = false (X and Y) = (Y and X) (X and (Y and Z)) = (X and Y and Z) A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 15
  • 16. Featherweight OCL Boolean Operations (Non-strict Operations) Demo A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 16
  • 17. Outline 1 Motivation 2 Featherweight OCL 3 Conclusion and Further Work
  • 18. Conclusion and Further Work Conclusions We understand OCL as a specification language Should be more abstract than a programming language The usual algebraic laws should hold Four-valued Kleene-Logic (lattice like organization of values) Formalizing the core of OCL Helps to clarify the semantics Helps to preserve consistency while extending the language Can provide input for updating ”Annex A” Many new interesting extensions are discussed, e.g., λ-expression . . . A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 18
  • 19. Conclusion and Further Work Personal Opinion Status of the standard OCL 2.2 was a total mess with respect to null OCL 2.3 is an improvement, still many glitches The OMG standardization process where members vote on changes is maybe not best process to achieve a consistent standard Technical standards should use authoring systems that ensure the syntactical correctness semantical consistency A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 19
  • 20. Thank you for your attention! Any questions or remaks?
  • 21. Conclusion and Further Work Related Publications Achim D. Brucker, Matthias P. Krieger, and Burkhart Wolff. Extending OCL with null-references. In Sudipto Gosh, editor, Models in Software Engineering, number 6002 in LNCS, pages 261–275. Springer, 2009. http://www.brucker.ch/bibliography/abstract/brucker.ea-ocl-null-2009. Selected best papers from all satellite events of the MoDELS 2009 conference. Achim D. Brucker and Burkhart Wolff. Featherweight OCL: A study for the consistent semantics of OCL 2.3 in HOL. In Workshop on OCL and Textual Modelling (OCL 2012). 2012. http://www.brucker.ch/bibliography/abstract/brucker.ea-featherweight-2012. A.D. Brucker and B. Wolff Featherweight OCL September 30, 2012 21