Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer’s property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose.

💡 Research Summary

**
The paper addresses the growing complexity of embedded software, where both architectural structure and control behavior must be modeled together. Existing modeling languages typically focus on either structural aspects (e.g., class diagrams) or behavioral aspects (e.g., state machines, sequence charts) and often require separate notations for variability (feature models). This separation leads to fragmented models, consistency problems, and increased development effort.

To overcome these limitations, the authors introduce Clafer, a lightweight modeling language that integrates structural modeling, behavioral modeling, and variability in a single, unified syntax and semantics. The core of Clafer’s semantics is a combination of first‑order logic (FOL) for describing entities, relationships, inheritance, and multiplicities, and linear temporal logic (LTL) for expressing temporal constraints and state transitions. By merging these two logical foundations, Clafer can represent both static architecture and dynamic behavior within the same model.

The language provides a concise set of constructs:

• Class declarations (including abstract and final modifiers) to define hierarchical structures.
• Associations with explicit multiplicities using a directional arrow syntax.
• Constraints expressed in FOL inside constraint blocks.
• Automata (state machines) defined with state and transition keywords; transition guards can be LTL formulas, and an initial keyword marks the start state.
• Scenarios that capture concrete execution traces by enumerating events in a scenario block.
• Property patterns based on Dwyer’s patterns (always, eventually, until, etc.) for common safety, liveness, and response properties.

Clafer’s compiler translates models into SAT/SMT problems. Structural constraints become Boolean formulas for a SAT solver, while temporal constraints are encoded into LTL‑to‑SAT or bounded model‑checking formulas for an SMT solver. This unified verification pipeline enables simultaneous checking of configurability, behavioral feasibility, and feature variability without the need for separate model transformations.

The authors evaluate Clafer using a power‑window case study, a typical automotive embedded system that includes a motor, sensors, a controller, and several optional features (manual/express operation, pinch‑protection, etc.). They model the system in Clafer by:

1. Defining the structural hierarchy of components and their associations.
2. Declaring a feature model that captures optional capabilities and constraints among them.
3. Specifying the dynamic behavior of the window (opening, closing, stopping on obstacle detection) with an automaton.
4. Writing scenarios that illustrate particular usage sequences, such as “open window, detect obstacle, stop.”

The Clafer model is compared against models written in SysML, AADL, Temporal OCL, and Live Sequence Charts. The comparison highlights several advantages of Clafer:

• Expressiveness in a single notation – all three concerns (structure, behavior, variability) are captured in one file, reducing model fragmentation.
• Concise syntax – the language’s minimalistic constructs avoid the verbosity of traditional UML or AADL profiles.
• Integrated verification – the same model can be fed directly to SAT/SMT solvers for consistency checking, eliminating the need for separate verification tools.
• Support for Dwyer patterns – common safety and liveness properties can be embedded directly in the model, simplifying property specification.

The evaluation also notes some challenges. While Clafer’s compactness benefits experienced users, newcomers may find the logical foundations (FOL/LTL) steep at first. For very large systems, the underlying SAT/SMT solvers can become performance bottlenecks, suggesting the need for incremental solving or modular verification strategies.

Key contributions of the paper are:

1. A unified semantic foundation that merges first‑order and temporal logic, allowing simultaneous structural and behavioral modeling.
2. A lightweight, domain‑agnostic syntax that supports hierarchical modeling, associations, multiplicities, constraints, automata, scenarios, and property patterns.
3. Variability integration through feature modeling expressed directly in the same logical framework.
4. An automated verification pipeline based on SAT/SMT solving, enabling early detection of inconsistencies across all model aspects.

Future work outlined includes scaling the approach to larger industrial systems, developing richer IDE support (e.g., graphical editors, auto‑completion), and extending Clafer to other domains such as cyber‑physical systems and safety‑critical avionics. The authors also propose exploring optimization techniques for the underlying solvers and investigating compositional verification methods to improve scalability.

In summary, Clafer demonstrates that a compact, logically grounded language can effectively bridge the gap between structural, behavioral, and variability modeling, offering a promising alternative to the fragmented toolchains currently prevalent in embedded systems engineering.