Towards Domain Refinement For UML/OCL Bounded Verification Robert Claris´o 1 , Carlos A. Gonz´alez 2 , and Jordi Cabot 1,3 1 Universitat Oberta de Catalunya, Spain rclariso@uoc.edu 2 AtlanMod team (Inria, Mines Nantes, LINA), France carlos.gonzalez@mines-nantes.fr 3 ICREA, Spain jordi.cabot@icrea.cat Abstract. Correctness of UML class diagrams annotated with OCL constraints can be checked using bounded verification, e.g. SAT solvers. Bounded verification detects faults efficiently but, on the other hand, the absence of faults does not guarantee a correct behavior outside the bounded domain. Hence, choosing suitable bounds is a non-trivial process as there is a trade-off between the verification time (faster for smaller domains) and the confidence in the result (better for larger domains). Unfortunately, existing tools provide little support in this choice. This paper presents a technique that can be used to (i) automatically infer verification bounds whenever possible, (ii) tighten a set of bounds proposed by the user and (iii) guide the user in the bound selection process. This approach may increase the usability of UML/OCL bounded verification tools and improve the efficiency of the verification process. 1 Introduction Software systems can be described at a high level of abstraction using graphical diagrams such as UML class diagrams. In order to increase their precision and expressiveness, these models can be annotated with textual constraints written in the Object Constraint Language (OCL). UML/OCL models may contain defects [12], e.g. inconsistent or redundant in- tegrity constraints. Checking the correctness of a UML/OCL model is a complex problem, and in general, undecidable [4]. A popular strategy among verification tools for UML/OCL [10] is bounded verification : limiting the search space to a fi- nite domain, e.g. by defining a maximum population for each class and restricting the potential values of attributes. This allows an efficient and automatic analysis without compromising the expressiveness of the modeling language. However, in return the results of the analysis are only meaningful within the defined bounds. Unfortunately, current tools provide little support in the choice of bounds. Inadequate bounds will cause the analysis to miss defects (if they are too narrow) or to become to slow to be practical (if they are too wide). In this paper, we present a technique that can assist users of UML/OCL bounded verification tools