Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 476 2009-10-2
476 Model-Based Design for Embedded Systems
domain model as the input and produces a corresponding TASU model as
output.
A transformation in GReAT is formed by a sequence of rules, each of
which contains a pattern graph [26]. The pattern graph is constructed from
the objects defined in the TDL and TASU metamodels. Each pattern graph
object is assigned an action to perform on matched objects upon execution of
the transformation: bind, createnew,ordelete.
The execution of a transformation rule proceeds by finding matches
between the pattern graph objects annotated with the bind or delete action
and instances in the input and output domain models. Upon the initial dis-
covery of a nonempty set of matches, a boolean expression called a Guard can
be included in the pattern graph to compare the attributes of the returned
matches. Any matches that do not satisfy the Guard condition will not be
included in the returned matches. Finally, the remaining matched objects
marked as delete are removed and objects marked with the createnew action
are created in their respective domain models. Before completion of the rule,
the attribute fields of objects in the updated graph can be modified using
an AttributeMapping object, for example, to correctly instantiate fields of new
objects.
The model transformation between the TDL and TASU metamodels pro-
vides the mapping from the TDL objects that characterize the temporal
behavior of the system to the corresponding TASU structures. The transfor-
mation steps are described using the following syntax:
TDLo
1
; o
2
; ; o
n

→ TASUo
1
; o
2
; ; o
m
(14.48)
Each matched set of n objects from the TDL domain found in the input
graph is mapped to newly created instances of a set of m objects from the
TASU domain. TASU object types in bold font are newly created in the cur-
rent step. Each object can also be appended with relevant attribute values,
for example, clock.id()= “clock1.” The line following the step number gives
a brief description of the object types involved in the transformation step,
and parentheses following an object type indicate their respective container
object. We shorten TimedAutomaton to TA for brevity.
1. Systems: (Top-Level Objects, only one per model):
{System} → {System; clock.id()=" t";}
event.id()="time_ev";
constant.id()="epsilon"
2. Modules (System) to TA (System):
{Module} → {TA}
3. Modes (Modules) to Locations (TA):
{Mode} → {Location; clock.id()=Mode.id() +"_clk"}
where the clock created is local to the automaton of the location. The
value of this clock is used in all transitions concerning the activities of
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 477 2009-10-2
Semantics of Domain-Specific Modeling Languages 477
the mode, and it will be reset by a transition once its counts up to the
mode period value.
4. Transitions and Initial Configuration:

(a) Start Mode (Module) to Initial Location (TA):
{Mode.StartMode()==true} → {initial.reference()
= Location.id()}
{Where Location.id() == Mode.id()}
(b) Mode Period (Mode) to Transition (TA):
{Mode} → {Transition.time_guard()
= Mode.ModePeriod(),
resets() = self.id()+"_clk"}
(c) Mode Switch (Mode) to Transitions (TA):
{ModeSwitch} → {Transition.time_guard() = 0,
src() = Mode.id(),
dst() = ModeSwitch.reference(),
resets() = ModeSwitch.reference() + "_clk"}
(d) Task (Mode) to Transitions (TA):
{Task} n
*
{Transition.id()="R", time_guard()
=n
*
dur;
Transition.id() = "F", time_guard() = (n+1)
*
dur}
Where dur =Mode.ModePeriod/Task.Frequency() and n=Task.
Frequency(). The transition with id =“R” denotes a task release for
execution, and the other transition with id=“F” denotes a task fin-
ishing execution. Notice that we create 2n transitions for each task.
A unique transition for release and finish must be created for each
execution cycle in a given mode period.
(e) Task Reference(Mode) to Transitions (TA):

Repeat step 4.d but use TaskReference.
Figure 14.21 shows the GReAT transformation responsible for anchoring
TDL to the TASU. The first three rules, steps 1–3 above, must be performed in
sequence; however, the remaining steps, creating all of the transitions assign-
ing the initial locations for each automaton are performed in parallel.
Figure 14.22 shows the GReAT transformation rule responsible for creat-
ing the mode switch transitions in the TASU. It is an individual element of
the overall transformation, shown to illustrate the form of individual rules.
The two port objects on the left side of the diagram are bound to Mode
and TimedAutomaton objects indicating these are the input context for the
rule. Bound objects in a GReAT transformation are black and only contain
the small arrow icon in the lower left-hand corner. Objects designated to be
newly created are colored in blue and contain a check mark in the lower
right-hand corner, the Transition object in the diagram. The rule execution
proceeds according to the pseudo-code description in Figure 14.23.
An example TDL model and its corresponding TASU ASML data model
and execution trace are given in Figures 14.24 through 14.26. The TDL model
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 478 2009-10-2
478 Model-Based Design for Embedded Systems
TDL
In
In
In
In
In
In
In
In
In
In

In
In
In
In
In
In
In
In
In
Out
Out
Out
Out
Out Out
Out
TAML
Create_System Module->TA Mode–>Location
Mode_Switches
StartMode->Initial
Mode_Clock_Resets
Task_Events_Constants Task_Transitions
TaskRef_TransitionsTaskRef_Events_Constants
Out
Out
Out
Out
FIGURE 14.21
GReAT Transformation from TDL to TASU (top-level rules).
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 479 2009-10-2
Semantics of Domain-Specific Modeling Languages 479

trigger : String
String
String
String
String
output :
resets :
time_guard :
Loc_src
: Location
Loc_dst
: Location
TA
: TimedAutomaton
In
In
MS_Tran
: Transition
AttributeMapping
Guard
DstTransition
SrcTransition
0
x
0
x
MS
: ModeSwitch
Mode_src
: Mode

MS_reference
: Mode
StartMode : Boolean= false
ModePeriod : Integer
StartMode : Boolean= false
ModePeriod : Integer
Ref
Attribute
Attribute
Old : string
New : string
Priority :
referedbyModeswitch
FIGURE 14.22
GReAT Transformation from TDL to TASU (rule for creating mode switch
transitions).
(Figure 14.24) contains one module, “Count,” two modes, “Up” and “Down,”
with period 4, two tasks per mode, “inc” and “dec,” with a frequency given
by the field “f,” and each mode contains a Mode Switch specified as the dia-
mond shape labeled with the target mode of the switch. The tasks “inc” and
“dec” increment and decrement some system datum by 1 during each exe-
cution cycle. The mode “Up” will execute the task “inc” more often than
“dec”; therefore, the datum will be increasing over time. The converse is
true in mode “Down.” The ASML data model representation (Figure 14.25)
is generated by an XML parser that traverses the TASU model created by
the semantic anchoring transformation. Simulation of this data model using
the behavioral code previously described and the ASML interpreter yields
an execution trace (Figure 14.26).
In the ASML data model code, the transition instantiations are not given
to save space; however, their identifiers are included in the TimedAu-

tomaton constructor, (e.g., "TUp_inc_r_0", "TUp_Down_sw",etc ).The
format of the transition identifier indicates what activity the transition corre-
sponds to: "TUp_inc_r_0" means in mode “Up,” the release of task “inc”
at mode time 0, "TDown_dec_f_2" means in mode “Down,” the finishing
of execution of task “dec” at mode time 2, and "TUp_Down_sw" means the
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 480 2009-10-2
480 Model-Based Design for Embedded Systems
1. Mode_Switches(Mode_src as Mode, TA as TimedAutomaton)
2. // Find TDL matches
3. let match_TDL = {(Mode_src, MS, MS.reference()) | MS in
Mode_src.children()
4. where MS.type() == ModeSwitch}
5. // Find TASU matches
6. let match_TASU = {(TA, Loc_src, Loc_dst) | Loc_src, Loc_dst in
TA.children()
7. where Loc_src.type() == Location
8. and Loc_dst.type() == Location}
9. // Apply Guard to reduce matches
10. let match_Total = {(m_TDL, m_TASU) | m_TDL in match_TDL and
m_TASU in match_TASU
11. where m_TDL.First.id() == m_TASU.Second.id()
12. and m_TDL.Third.id() == m_TASU.Third.id()
13. // Create new transitions and perform attribute mapping
14. forall m in match_Total
15. let MS_Tran = new Transition()
16. MS_Tran.id() = “T” + m.Second.Second.id() + “_” +
m.Second.Third.id()
17. MS_Tran.src() = m.Second.Second
18. MS_Tran.dst() = m.Second.Third
19. MS_Tran.time_guard() = m.First.Second.id() + “_clk” == 0

FIGURE 14.23
Pseudo-code for mode switch rule.
Off
Task
T1
p=4
p=4
f=2
f=2
Out
Out
Out
Inp
Inp
Inp
OutInp
f=1
f=1
dec
inc_mem
inc
dec_mem
dec
inc_mem
inc
dec_mem
Up
Count
Down
MS_UpMS_Down

T1
Task
SwitchInput SwitchrInput
Task
Task
On Off
On
FIGURE 14.24
TDL sample model.
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 481 2009-10-2
Semantics of Domain-Specific Modeling Languages 481
1. enum Clocks
2. t
3. Up_clk
4. Down_clk
6. global_clocks as Set of Clocks = {t}
7. var g_v as Map of Clocks to Integer =
8. {clki −> 0 | clki in global_clocks}
10. Up = new Location(“Up”)
11. Down = new Location(“Down”)
12. Count = new TimedAutomaton(“Count”, {Up, Down}, Up,
13. {TUp_inc_r_0, TUp_inc_r_2, TUp_inc_f_2, TUp_inc_f_4,
14. TUp_dec_r_0, TUp_dec_f_4, TUp_Down_sw, TUp_clk,
15. TDown_inc_r_0, TDown_inc_f_4, TDown_dec_r_0,
16. TDown_dec_r_2, TDown_dec_f_2, TDown_dec_f_4,
17. TDown_Up_sw, TDown_clk}, {Up_clk, Down_clk}}
18. my_sys = new Comp_System({Count})
FIGURE 14.25
TDL sample code.
FIGURE 14.26

TDL sample execution trace.
mode switch transition from mode “Up” to mode “Down.” The execution
trace shows the simulation output for the following event trace:
1. g_v(t), v(m1_clk, m2_clk) = 3 → {}
2. g_v(t), v(m1_clk, m2_clk) = 4 → {Finish "inc"}
3. g_v(t), v(m1_clk, m2_clk) = 4 → {Finish "dec"}
4. g_v(t), v(m1_clk, m2_clk) = 4 → {Reset "m1_clk"}
5. g_v(t), v(m2_clk) = 4; v(m1_clk) = 0 →
{Switch to mode "Down"}
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 482 2009-10-2
482 Model-Based Design for Embedded Systems
14.4.3 Conclusion
The effective application of DSMLs for embedded software design requires
developers to have an unambiguous specification of the semantics of mod-
eling languages. Two key aspects of this problem, specification of structural
and behavioral semantics have been explored in this chapter. Our first con-
clusion is that structural semantics is a deep and hugely important concept
that is frequently neglected. Formal investigations of structural semantics
are the foundation for composing modeling languages, investigating struc-
turally dynamic adaptive systems, and developing model transformations as
well as methods for constructive modeling.
In our proposed semantic anchoring framework, behavioral semantics
are defined using model transformations. Much of the ongoing work con-
cerning the semantic anchoring framework involves topics encountered here
and throughout our previous work: the concrete specification of more funda-
mental models of computation for behavior and interaction, the construction
and derivation of more complex behavioral models through the composi-
tion of multiple semantic units, investigation of mechanisms to model vari-
ous categories of execution semantics of concurrent systems, and integration
of the formalisms throughout the MIC tools to capture the end-to-end pro-

cess of specifying and using domain-specific modeling. Concurrently, we are
investigating approaches to determine the behavioral equivalences between
the “reference traces” generated from an ASML data model of a semantic
unit and the implementation generated from instance models of a DSML
previously anchored to the semantic unit. Our preliminary investigations
have led us to consider integrating a framework for constructing concur-
rency models and their corresponding event traces using POMSETs without
knowledge of the initial state of the system. The observed traces are formed
from an interleaving of the time intervals between observed events and the
event labels. Coupling methods derived from such an approach with the
event structures of POMSETs may produce novel techniques for determin-
ing correct behavior of concurrent system components in deployed real-time
embedded systems.
Acknowledgments
This work is sponsored in part by the National Science Foundation (grants
NSF-CCR-0225610 and NSF-CCF-0820088) and by the Air Force Office of
Scientific Research, USAF (grants/contract numbers FA9550-06-0312 and
FA9550-06-1-0267). The views and conclusions contained herein are those
of the authors and should not be interpreted as necessarily representing the
official policies or endorsements, either expressed or implied, of the Air Force
Office of Scientific Research or the U.S. Government.
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 483 2009-10-2
Semantics of Domain-Specific Modeling Languages 483
References
1. H. Aït-Kaci. Warren’s Abstract Machine: A Tutorial Reconstruction.MIT
Press, Cambridge, MA, 1991.
2. R. Alur. Timed automata. In N. Halbwachs and D. Peled, editors, Pro-
ceedings of the 11th International Conference on Computer Aided Verification,
London, LNCS 1633, pp. 8–22, 1999. Springer-Verlag.
3. R. Alur and D. Dill. A theory of timed automata. Theoretical Computer

Science, 126(2):183–235, April 1994.
4. Basic Research in Computer Science (Aalborg Univ.) / Dept. of Informa-
tion Technology (Uppsala Univ.). Uppaal. />Integrated tool environment for modeling, validation and verification of
real-time systems.
5. A. Basu, M. Bozga, and J. Sifakis. Modeling heterogeneous real-time com-
ponents in BIP. In SEFM ’06: Proceedings of the 4th IEEE International
Conference on Software Engineering and Formal Methods, Washington, DC,
pp. 3–12, 2006. IEEE Computer Society.
6. Marc V. Benveniste. Writing operational semantics in z: A structural
approach. Springer LNCS v. 551: Proceedings of the 4th International Sympo-
sium of VDM Europe on Formal Software Development, 1:164–188, 1991.
7. E. Börger and R. Stärk. Abstract State Machines: A Method for High-Level
System Design and Analysis. Springer-Verlag, Berlin, 2003.
8. L. P. Carloni, F. De Bernardinis, C. Pinello, A. L. Sangiovanni-
Vincentelli, and M. Sgroi. Platform-based design for embedded systems.
In R. Zurawski, editor, The Embedded Systems Handbook. CRC Press, Boca
Raton, FL, 2005.
9. K. Chen, J. Sztipanovits, and S. Abdelwahed. A semantic unit for timed
automata based modeling languages. In Proceedings of RTAS’06,SanJose,
CA, pp. 347–360, 2006.
10. K. Chen, J. Sztipanovits, S. Abdelwahed, and E. Jackson. Semantic
anchoring with model transformations. In Proceedings of European Confer-
ence on Model Driven Architecture-Foundations and Applications (ECMDA-
FA), Nuremberg, Germany, 3748 LNCS, pp. 115–129, November 2005.
Springer-Verlag.
11. K. Chen, J. Sztipanovits, and S. Neema. Compositional specification of
behavioral semantics. In Design, Automation, and Test in Europe: The Most
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 484 2009-10-2
484 Model-Based Design for Embedded Systems
Influential Papers of 10 Years DATE, part III, the Netherlands, pp. 253–265,

2008. Springer.
12. K. Chen, J. Sztipanovits, S. Neema, M. Emerson, and S. Abdelwahed.
Toward a semantic anchoring infrastructure for domain-specific model-
ing languages. In Proceedings of the Fifth ACM International Conference on
Embedded Software (EMSOFT’05), Jersey City, NJ, pp. 35–44, September
2005.
13. E. Dantsin, T. Eiter, G. Gottlob, and A. Voronkov. Complexity and
expressive power of logic programming. ACM Computing, 33(3):374–425,
2001.
14. C. Daws, A. Olivero, S. Tripakis, and S. Yovine. The tool kronos. In
Proceedings of “Hybrid Systems III, Verification and Control”. LNCS 1066,
pp. 208–219. Springer-Verlag, New York, 1996.
15. M. Emerson, S. Neema, and J. Sztipanovits. Metamodeling languages
and metaprogrammable tools. In I. Lee, J. Leung, and S. H. Son, editors,
Handbook of Real-Time and Embedded Systems. CRC Press, Boca Raton, FL,
2006.
16. E. Farcas, C. Farcas, W. Pree, and J. Templ. Transparent distribution of
real-time components based on logical execution time. In Proceedings of
the 2005 ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and
Tools for Embedded Systems (LCTES ’05), New York, pp. 31–39, June 2005.
ACM Press.
17. Y. Gurevich. Evolving algebra 1993: Lipari guide. In Specification and Val-
idation Methods, pp. 9–36. Oxford University Press, New York, 1995.
18. Y. Gurevich, W. Schulte, and M. Veanes. Toward industrial strength
abstract state machines. Technical Report MSR-TR-2001-98, Microsoft
Research, October 2001. Tools available: eplex.
com/AsmL.
19. D. Harel and B. Rumpe. Meaningful modeling: What’s the semantics of
“semantics”? IEEE Computer, 37(10):64–72, 2004.
20. T. A. Henzinger, C. M. Kirsch, M. A. A. Sanvido, and W. Pree. From

control models to real-time code using giotto. Control Systems Magazine,
2(1):50–64, 2003.
21. The MathWorks Inc. Simulink/Stateflow Tools. h-
works.com.
22. Vanderbilt University ISIS. Generic Modeling Environment. http://
www.isis.vanderbilt.edu/projects/gme.
Nicolescu/Model-Based Design for Embedded Systems 67842_C014 Finals Page 485 2009-10-2
Semantics of Domain-Specific Modeling Languages 485
23. E. Jackson and J. Sztipanovits. Formalizing the structural semantics of
domain-specific modeling languages. Journal of Software and Systems Mod-
eling, 4:1–28, 2009.
24. E. K. Jackson and J. Sztipanovits. Towards a formal foundation for
domain specific modeling languages. Proceedings of the Sixth ACM Inter-
national Conference on Embedded Software (EMSOFT’06), Seoul, South
Korea, pp. 53–62, October 2006.
25. E. Jackson, W. Schulte, and J. Sztipanovits. The power of rich syn-
tax for model-based development. Technical Report MSR-TR-2008-86,
Microsoft Research, June 2008.
26. G. Karsai, A. Agrawal, and F. Shi. On the use of graph transformations
for the formal specification of model interpreters. Journal of Universal
Computer Science, 9(11):1296–1321, November 2003.
27. G. Karsai, A. Ledeczi, S. Neema, and J. Sztipanovits. The model-
integrated computing toolsuite: Metaprogrammable tools for embedded
control system design. In Proceedings of the IEEE Joint Conference CCA,
ISIC and CACSD, Munich, Germany, September 2006.
28. G. Karsai, J. Sztipanovits, A. Ledeczi, and T. Bapty. Model-integrated
development of embedded software. Proceedings of the IEEE, 91(1):145–
164, January 2003.
29. Edward A. Lee and Alberto L. Sangiovanni-Vincentelli. A denota-
tional framework for comparing models of computation. Technical

Report UCB/ERL M97/11, EECS Department, University of California,
Berkeley, CA, 1997.
30. S. McConnell. Rapid Development: Taming Wild Software Schedules.
Microsoft Press, Redmond, WA, 1996.
31. Object Management Group. Mda guide version 1.0.1. Technical Report
omg/2003-06-01, 2003.
32. Object Management Group. Unified modeling language: Superstructure
version 2.0, 3rd revised submission to omg rfp. Technical report, 2003.
33. Object Management Group. Object constraint language v2.0. Technical
report, 2006.
34. K. Ogata. Modern Control Engineering. Prentice-Hall, Inc., Englewood
Cliffs, NJ, 1970.
35. D. S. Scott. Outline of a mathematical theory of computation. Technical
Report Technical Monograph PRG
˝
U2, Programming Research Group,
Oxford University, 1970.