Professional Documents
Culture Documents
Selic Pragmatics
Selic Pragmatics
Selic Pragmatics
model-driven development
The Pragmatics of
Model-Driven Development
Bran Selic, IBM Rational Software
from using models and modeling techniques. with all new technologies, MDD’s success re-
However, for historical reasons, models in lies on carefully introducing it into the existing
software engineering are infrequent and, even technological and social mix. To that end, I
when used, they often play a secondary role. cite several pragmatic criteria—all drawn
Yet, as we shall see, the potential benefits of from industrial experience with MDD.
using models are significantly greater in soft-
ware than in any other engineering discipline. The challenge
Model-driven development methods were Software engineering is in the unfortunate
devised to take advantage of this opportunity, position of being a new and relatively imma-
and the accompanying technologies have ma- ture branch of engineering of which much is
tured to the point where they are generally expected. Seduced by the relative ease of writ-
useful. A key characteristic of these methods ing code—there is no metal to bend or heavy
is their fundamental reliance on automation material to move—and compelled by relentless
and the benefits that it brings. However, as market pressures, software users and develop-
ers are demanding systems whose complexities
often exceed our abilities to construct them.
This situation is not without precedent in
Model-driven development holds promise of being the first true the history of technology; similar situations
generational leap in software development since the introduction of occurred when the Industrial Revolution in-
the compiler. The key lies in resolving pragmatic issues related to the troduced new technologies such as steam and
artifacts and culture of previous generations of software technologies. electrical power.1 What seems to be unique,
20 IEEE SOFTWARE h t t p : / / c o m p u t e r. o r g / s o f t w a r e
nologies have matured and industry-wide the development cycle, because this is when
standards have emerged. software designers make most of the funda-
Automation technologies
mental design decisions. Despite all the
The techniques and tools for doing this suc-
Automation is by far the most effective cessfully have now reached a degree of matu- benefits of
technological means for boosting productivity rity where this is practical even in large-scale automation and
and reliability. However, most earlier attempts industrial applications. Modern code genera-
at applying automation to software modeling tors and related technologies can produce
standardization,
were limited to “power-assist” roles, such as code whose efficiency is comparable to (and model-driven
diagramming support and skeletal code gener-
ation. These are often not substantive enough
sometimes better than) hand-crafted code.
Even more importantly, we can seamlessly in-
methods are
to make a significant difference to productivity. tegrate such code generators into existing soft- only as good as
For example, once the code is generated, the ware production environments and processes. the models they
models are abandoned because, like all soft- This is critical because it minimizes the dis-
ware documentation, they require scarce and ruption that occurs when MDD is deployed.
help us
expensive resources to maintain. This is why construct.
solutions based on so-called round-trip engi- Standards
neering, which automatically converts code The last decade has seen the emergence of
back into model form, are much more useful. widely supported industry standards, such as
One drawback here, though, is that an auto- those that the Object Management Group
mated conversion from code to model usually provides. The OMG is a consortium of soft-
can’t perform the kind of abstraction that a ware vendors and users from industry, govern-
human can. Therefore, we can attain MDD’s ment, and academia. It recently announced its
full benefits only when we fully exploit its po- Model-Driven Architecture initiative, which
tential for automation. This includes offers a conceptual framework for defining a
set of standards in support of MDD (see
■ Automatically generating complete pro- www.omg.org/mda/index.htm). A key MDA
grams from models (as opposed to just standard is the Unified Modeling Language,
code skeletons and fragments) along with several other technologies related
■ Automatically verifying models on a com- to modeling.3–5 In addition, other formal and
puter (for example, by executing them) de facto standards, such as various Web stan-
dards (XML, SOAP, and so forth) are also ma-
Complete code generation simply means jor enablers of MDD.
that modeling languages take on the role of Standardization provides a significant im-
implementation languages, analogous to the petus for further progress because it codifies
way that third-generation programming lan- best practices, enables and encourages reuse,
guages displaced assembly languages. With and facilitates interworking between comple-
complete code generation, there is rarely, if mentary tools. It also encourages specializa-
ever, a need to examine or modify the gener- tion, which leads to more sophisticated and
ated program directly—just as there is rarely a more potent tools.
need to examine or modify the machine code Still, with all the benefits of automation and
that a compiler produces. standardization, model-driven methods are only
Automatically verifying models means using as good as the models they help us construct.
a computer to analyze the model for the pres-
ence of desirable properties and the absence of The quality of models
undesirable ones. This can take many different Models and modeling have been an essential
forms, including formal (mathematical) analy- part of engineering from antiquity (Vitruvius, a
ses such as performance analysis based on Roman engineer from the first century B.C., dis-
queuing theory or safety-and-liveness property cusses the effectiveness of models in the world’s
checking. Most often, though, it means execut- oldest known engineering textbook6). Engineer-
ing (simulating) models on a computer as an ing models aim to reduce risk by helping us bet-
empirical approach to verification. In all cases, ter understand both a complex problem and its
it is critical to be able to do this on highly ab- potential solutions before undertaking the ex-
stract and incomplete models that arise early in pense and effort of a full implementation. In
22 IEEE SOFTWARE h t t p : / / c o m p u t e r. o r g / s o f t w a r e
are no conceptual discontinuities that preclude This is a particularly important factor to
backtracking. This unique property of soft- consider for model-driven systems that are
ware models is another cornerstone of MDD. based on the notion of customizable transfor- Experience
mation “templates.” Such templates capture
The pragmatics rules for translating models into correspon- with MDD in
Many software practitioners, when first ding code. By exposing these to developers, it industrial
faced with the notion of MDD, express con- is possible to streamline the generated code for
cern about the technical difficulties involved in specific target environments. This is a highly
settings
translating models into code. Will the code be appealing and useful capability, but it must be indicates
fast enough and compact enough? Will it be a
correct rendering of design intent? These, of
matched by a similar facility for specifying in-
verse transformations, or model observability
that code
course, are the very same questions that were will most certainly be an issue. efficiency and
asked when compilers were introduced more Also related to model-level observability are correctness
than 40 years ago. Although they were valid two other critical facilities: model mergers and
questions to ask at the time, it is worth noting model difference tools. These tools are typically
are not the
that hardly anyone questions compiler tech- an integral part of configuration management primary
nology these days because it is quite mature
and extensively proven in practice.
systems that help us track different versions of
the same model. Model merging tools merge
challenges
In fact, experience with MDD in industrial two or more possibly overlapping models into of MDD.
settings indicates that code efficiency and cor- one. In contrast to source-code merging used
rectness, although very important, are not the for traditional text-based programming lan-
top-priority or even the most technically chal- guages, a model-level merge is much more com-
lenging issues associated with MDD. In fact, plex because it requires a deeper understanding
most standard techniques used in compiler of the more complex semantics of the modeling
construction can also be applied directly to language. The result must be a well-formed
model-based automatic code generation. model. Furthermore, the tools must report any
problems in a form that is meaningful to the
Model-level observability modeler. Model difference tools identify the dif-
Like all compilers, automatic code genera- ference between two models (usually two dif-
tors are idiosyncratic and often generate pro- ferent versions of the same model). They too
gram code that, as a result of various internal must work at a semantically meaningful level.
optimizations, is not easily traceable to the
original model. Thus, if an error is detected in Model executability
the generated program, finding the place in the One of the fundamental ways that we learn
model that must be fixed either at compile time is through experimentation—that is, through
or runtime might be difficult. In traditional model execution (David Harel compares mod-
programming languages, we expect compilers els that can’t be executed to cars without en-
to report errors in terms of the original source gines). One important advantage of executable
code and, for runtime errors, we now expect a models is that they provide early direct experi-
similar capability from our debuggers. ence with the system being designed. (When
The need for such facilities for models is learning a new programming language, we are
even greater because the semantic gap between always inspired by the successful run of our
the modeling language’s high-level abstrac- first trivial “hello world” program. Simple as it
tions and the implementation code is wider. is, that experience raises our confidence level
This means that model-level error reporting and gives us a reference point for further explo-
and debugging facilities (in essence, “decom- ration.) The intuition gained through experi-
pilers”) must accompany practical automatic mentation is the difference between mere for-
code generators. Otherwise, the practical diffi- mal knowledge and understanding.
culties encountered in diagnosing problems A common experimental scenario with exe-
could be significant enough to nullify much of cutable models involves refining some high-
MDD’s advantage. Programmers faced with risk aspect of a candidate solution down to a
fixing code that they don’t understand will relatively fine level of detail, while other parts
easily break it and will likely be discouraged of the model remain sketchy or even unde-
from relying on models in the future. fined. This means that even incomplete models
24 IEEE SOFTWARE h t t p : / / c o m p u t e r. o r g / s o f t w a r e
but also of leveraging previous (usually signifi- About the Author
cant) investments into such processes and envi-
Bran Selic is principal engineer at IBM Rational Software in Kanata, Ontario, Canada. He
ronments. For example, a useful MDD tool is also cochair of the OMG task force that is finalizing the UML 2.0 modeling language stan-
should be able to exploit a range of different dard. He received his Magister Ing. Degree in systems theory and Dipl. Ing. Degree in electri-
compilers, build utilities, debuggers, code ana- cal engineering from the University of Belgrade, Yugoslavia. He is a member of the IEEE and
ACM. Contact him at IBM Rational Software, 770 Palladium Dr., Kanata, Ontario, Canada K2V
lyzers, and software versioning control systems 1C8; bselic@ca.ibm.com.
rather than requiring the purchase of new ones.
Furthermore, this type of integration should
work “out of the box” and should generally
not require custom “glue” code and tool ex-
2. P. Kruchten, The Rational Unified Process, Addison-
pertise. Fortunately, most legacy development Wesley, 1999.
tools have evolved along similar lines, support- 3. Unified Modeling Language, ver. 1.4, Object Manage-
ment Group, 2002.
ing similar usage paradigms so that it is usually
4. Meta-Object Facility (MOF), ver. 1.4, Object Management
possible to construct MDD tools that can ac- Group, 2002; www.omg.org/cgi-bin/doc?formal/2002-
cess these capabilities in a generic fashion. 04-03.
Last but not least, an MDD project must be 5. Common Warehouse Metamodel (CWM) Specification,
ver. 1.1, Object Management Group, 2003; www.omg.org/
able to take advantage of legacy code libraries cgi-bin/doc?formal/03-03-02.
and other legacy software. These often capture 6. Vitruvius, The Ten Books on Architecture, Dover Publi-
cations, 1960.
domain-specific knowledge garnered over
7. B. Selic, G. Gullekson, and P.W. Ward, Real-Time Ob-
many years and often represent an organiza- ject-Oriented Modeling, John Wiley & Sons, 1994.
tion’s prime intellectual property. This can be
accomplished either using customizable code
For more information on this or any other computing topic, please visit our
generators or by allowing direct calls to such Digital Library at http://computer.org/publications/dlib.
utilities from within the model. For example, a
model that uses Java to specify the details of
actions along a statechart transition can sim-
ply make the appropriate Java calls without
any intervening translation or having to go New from The MIT Press
through a layer interface.
Software Ecosystem
M
Understanding an Indispensable
DD’s success is not predicated only Technology and Industry
on resolving obvious technical is- David G. Messerschmitt
and Clemens Szyperski
sues such as defining suitable mod-
“Required reading for any serious
eling languages and automatic code genera- student of the computer industry and
tion. Our experience with these methods in its effects on business, innovation,
industrial environments on large-scale soft- and economic growth.”
ware projects clearly indicates that solving the — Nicholas Economides, New York
University, and Director, NET Institute
unique pragmatic issues described in this arti- 432 pp., 49 illus. $45
cle is at least equally, if not more, important.7
Unless the experience of applying MDD is ac-
ceptable from the day-to-day perspective of the
Software
individual practitioner and project manager, it Development Failures
will be rejected despite its obvious potential for Kweku Ewusi-Mensah
yielding major productivity and reliability ben- “Makes a compelling argument for
learning from software development
efits. Fortunately, over the past decade, numer- failures, so that the same mistakes
ous commercial vendors have developed tools aren’t repeated in future projects.”
that address these issues successfully. The time — Mark Keil, Georgia State University
288 pp., 5 illus. $35
for MDD has come.