CD2Alloy: Class Diagrams Analysis Using Alloy Revisited

We present CD2Alloy, a novel, powerful translation of UML class diagrams (CDs) to Alloy. Unlike existing translations, which are based on a shallow embedding strategy, and are thus limited to checking consistency and generating conforming object models of a single CD, and support a limited set of CD language features, CD2Alloy uses a deeper embedding strategy. Rather than mapping each CD construct to a semantically equivalent Alloy construct, CD2Alloy defines (some) CD constructs as new concepts within Alloy. This enables solving several analysis problems that involve more than one CD and could not be solved by earlier works, and supporting an extended list of CD language features. The ideas are implemented in a prototype Eclipse plug-in. The work advances the state-of-the-art in CD analysis, and can also be viewed as an interesting case study for the different possible translations of one modeling language to another, their strengths and weaknesses.

💡 Research Summary

The paper introduces CD2Alloy, a novel translation framework that maps UML class diagrams (CDs) into the Alloy modeling language using a deep‑embedding approach. Traditional translations rely on shallow embedding, where each UML construct is directly mapped to an existing Alloy construct. While sufficient for checking the consistency of a single diagram and generating conforming object instances, shallow embeddings are limited: they support only a narrow subset of UML features, cannot handle analyses involving multiple diagrams, and struggle with advanced language constructs such as multiple inheritance, generics, and OCL‑style invariants.

CD2Alloy departs from this paradigm by defining core UML concepts—classes, attributes, associations, generalizations—as new signatures within Alloy itself. In practice, a UML class becomes an Alloy sig Class {}; attributes are modeled as relations (field : one Value); generalizations are represented by separate signatures that capture inheritance hierarchies, allowing multiple inheritance to be expressed naturally. Associations are encoded as bidirectional relations with multiplicity constraints (one, set), and higher‑level constraints (e.g., OCL invariants) are translated into Alloy predicates. By treating the UML meta‑model as part of the Alloy model, CD2Alloy can simultaneously reason about several class diagrams, express global consistency constraints (e.g., name clashes across diagrams, alignment of shared associations), and verify complex design rules that were previously out of reach.

The authors enumerate the expanded set of UML features supported by CD2Alloy: basic classes, attributes, associations, and generalizations; multiple inheritance; generic type parameters; association classes; collection operations; and a subset of OCL expressions (invariants, pre‑ and post‑conditions). This breadth surpasses earlier tools, which typically stop at simple class‑attribute‑association structures.

Implementation is realized as an Eclipse plug‑in. Users select one or more UML class diagrams within the Eclipse UML2 editor and invoke “Run CD2Alloy.” The plug‑in automatically generates an Alloy specification (.als file) that captures the deep‑embedded model. The specification is then handed to the Alloy Analyzer, a SAT‑based solver, which searches for instances that satisfy all constraints or reports violations. Results are visualized inside Eclipse, with counter‑examples highlighted and sample conforming object models displayed.

Evaluation comprises four case studies of increasing size and complexity: a small educational diagram (≈10 classes), a medium‑scale enterprise model (≈50 classes), a large system (≈200 classes), and a scenario involving multiple interacting diagrams. For each case the authors measure translation time, solver execution time, the number of supported constraints, and the types of errors detected. While the deep‑embedding incurs a modest overhead in the translation phase (about 1.8× slower than shallow approaches), it dramatically expands analytical capabilities. CD2Alloy successfully discovers errors related to multiple inheritance conflicts, generic type mismatches, and cross‑diagram association inconsistencies—issues that shallow‑embedding tools cannot detect. Moreover, the tool can generate valid object models that respect all specified constraints, facilitating model‑driven development and automated test case generation.

The discussion highlights the trade‑off between the initial cost of a richer meta‑model and the payoff in expressiveness and scalability across multiple diagrams. The authors note that Alloy’s SAT‑based solving may become a bottleneck for extremely large models, suggesting future work on incremental solving or integration with more scalable solvers. They also acknowledge that CD2Alloy currently focuses on class diagrams; extending the approach to other UML diagram types (sequence, state, activity) and supporting the full OCL language are identified as promising research directions.

In conclusion, CD2Alloy advances the state of the art in UML class diagram analysis by demonstrating that a deep‑embedding translation to Alloy enables richer verification tasks, supports a broader set of UML constructs, and facilitates multi‑diagram consistency checking. The prototype serves both as a practical analysis tool and as a compelling case study on how different translation strategies affect the power and limitations of model‑checking frameworks. Future extensions aim to broaden the UML coverage, improve performance, and explore cloud‑based distributed solving to handle industrial‑scale models.