J. Fiadeiro and P. Inverardi (Eds.): FASE 2008, LNCS 4961, pp. 97–100, 2008. c  2008 Springer-Verlag. This is the author’s version of the work.It is posted at http://www.brucker. ch/bibliography/abstract/brucker.ea-hol-ocl-2008 by permission of Springer-Verlag for your per- sonal use. The definitive version was published with doi: 10.1007/978-3-540-78743-3_8. HOL-OCL A Formal Proof Environment for UML/OCL Achim D. Brucker 1 and Burkhart Wolff 2 1 SAP Research, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany achim.brucker@sap.com 2 Information Security, ETH Zurich, 8092 Zurich, Switzerland bwolff@inf.ethz.ch Abstract We present the theorem proving environment HOL-OCL that is integrated in a Model-driven Engineering (MDE) framework. HOL-OCL allows to reason over UML class models annotated with OCL specifica- tions. Thus, HOL-OCL strengthens a crucial part of the UML to an object- oriented formal method. HOL-OCL provides several derived proof calculi that allow for formal derivations establishing the validity of UML/OCL formulae. These formulae arise naturally when checking the consistency of class models, when formally refining abstract models to more concrete ones or when discharging side-conditions from model-transformations. Key words: HOL-OCL, UML, OCL, Formal Method, Theorem Proving 1 Introduction The HOL-OCL system (http://www.brucker.ch/projects/hol-ocl/) is an in- teractive proof environment for UML [5] and OCL [4] specifications that we devel- oped as a conservative, shallow embedding into Isabelle/HOL. This construction ensures the consistency of the underlying formal semantics as well as the correct- ness of the derived calculi. Together with several automated proof-procedures, we provide an effective logical framework supporting object-oriented modeling and reasoning with a particularly clean semantic foundation. 2 The Architecture and its Components 2.1 Overview HOL-OCL [1, 2] is integrated into a framework [3] supporting a formal, model- driven software engineering process (see Figure 1). Technically, HOL-OCL is based on a repository for UML/OCL models, called su4sml, and on Isabelle/HOL; both are written in SML. HOL-OCL is based on the SML interface of Isabelle/HOL. Moreover, HOL-OCL also reuses and extends the existing Isabelle front-end called Proof General well as the Isabelle documentation generator. Figure 2 gives an overview of the main system components of HOL-OCL, namely: