Facilitating formal specification acquisition by using recursive functions on context-free languages

Although formal specification techniques are very useful in software development, the acquisition of formal specifications is a difficult task. This paper presents the formal specification language LFC, which is designed to facilitate the acquisition and validation of formal specifications. LFC uses context-free languages for syntactic aspect and relies on a new kind of recursive functions, i.e. recursive functions on context-free languages, for semantic aspect of specifications. Construction and validation of LFC specifications are machine-aided. The basic ideas behind LFC, the main aspects of LFC, and the use of LFC and illustrative examples are described.     

一个支持规约获取的形式规约语言

该文介绍了形式规约语言LFC设计的一些主要方面，并通过例子说明了LFC的一些特色。形式规约语言LFC是为支持软件形式规约的获取工作而开发的。该语言以一种新的递归函数，即定义在上下文无关语言上的递归函数为基础，以上下文无关语言为数据类型，在语言级支持规约获取。LFC语言已被用作形式规约获取系统SAQ的一部分。使用表明，LFC是一个能力强、易使用的语言，适合软件形式规约获取之用，并且适合其它一些用途。     

An approach to applying SOFL for agile process and its application in developing a test support tool

Structured Object-Oriented Formal Language (SOFL) is a representative formal engineering method for software development. It offers a three-step specification approach to constructing formal specifications, and specification-based inspection and testing for verification and validation. In this paper, we describe a novel approach to applying the SOFL method to achieve agile development process. This approach results from our experience in several collaboration projects with industry, and aims to strike a balance between the fast delivery of software product and the assurance of its quality. We have tested the approach in developing a prototype test support tool.     

Teaching formal methods lite via testing

A new style of formal methods course is described, based on a pragmatic approach that emphasizes testing. The course introduces students to formal specification using Z, and shows how formal specification and testing can benefit each other, in both the validation and verification phases. It uses a tools‐based approach, with practical work that reinforces formal specification techniques as well as traditional software engineering skills, such as unit and system testing, inspection and defensive programming with assertions. The two main results are to identify several practical uses of formal specifications that are not widely practised or taught, and to demonstrate that teaching them results in a more interesting and relevant formal methods course. Copyright © 2001 John Wiley & Sons, Ltd.     

从类树形流程图到Z语言的形式化规格

在软件工程中,使用Z语言形式化规格可以大大提高软件开发质量,提高稳定性,降低开发成本,但要开发出高质量的形式化规格并通过验证,却需要损耗较多的时间和精力.为使软件开发人员能够较快地并且高质量地开发出基于Z语言的形式化规格,提出一种简明的类树形流程图,并以电信服务系统中的呼叫转移功能模块为例子,详细描述如何把类树形流程图应用到Z语言的形式化规格开发当中,以期为开发人员带来便利,节省开发时间,提高形式化规格的质量.     

Integral: Petri-net approach to distributed software development

As the architecture of modern software systems continues to evolve in a distributed fashion, the development of such systems becomes increasingly complex, which requires the integration of more sophisticated specification techniques, tools, and procedures into the conventional methodology. An essential capability of an integrated software development environment is a formal specification method to capture effectively the system's functional requirements as well as its performance requirements. A validation and verification (V&V) system based on a formal specification method is of paramount importance to the development and maintenance of distributed systems.

There has been recent interest in integrating software techniques and tools at the specification level. It is also noted that an effective way of achieving such integration is by using wide-spectrum specification techniques. In view of these points, an integrated V&V system, called Integral, is presented that provides comprehensive and homogeneous analysis capabilities to both specification and testing phases of the life-cycle of distributed software systems. The underlying software model that supports various V&V activities in Integral is primarily based on Petri nets and is intended to be wide spectrum. The ultimate goal of this research is to demonstrate to the software industry, domestic or foreign, the availability and applicability of a new Petri-net-based software development paradigm. Integral is a prototype V&V system to support such a paradigm.     

Z规格说明的前置条件的简化

在软件方法学中，形式方法越来越受到人们的重视，并已被应用于软件开发．Z是一种基于数学表示的软件规格说明方法．前置条件的简化是Z规格说明方法中一种标准的检查，本文讨论了Z规格说明中关于操作的前置条件及其计算．提出了简化过程的终止条件，给出了一个用于简化前置条件的算法，该算法可自动产生简化过程的证据．     

A formal methodology using attributed grammars for multiprocessing-system software development. I. Design representation

With the growing complexity of multiprocessing systems and distributed computing systems, there is an increasing need to provide a formal methodology for deriving a model to represent software design for the software development of these systems. The formal methodology presented in this paper uses attributed grammars, and extends formal methods commonly used in the definition of programming languages and compiler techniques for representing the design specification of software systems and validating the implementation. This model provides a common basis in the software development phases through automated design analysis, test-case generation, and validation of the software system. This paper covers the construction of the model for the design representation using attributed grammar and the analysis of the software system design based on the model.     

Software specification using the special language

This paper presents a tutorial overview of special, a formal specification and assertion language created by SRI International as part of their hierarchical design methodology. The language is based on a formal model of system behavior and is supported by language processors that assist in the interactive development of specifications. special is a strongly typed language that models data and programs as abstract resources known as objects. Collections of modules known as abstract machines are the major building blocks of a software specification in special. The technical foundations of special and the components of a special specification are described. A sample specification is detailed in an appendix.     

Algebraic specifications and sequencing: A defect detection method

One class of program defects results from illegal sequences of otherwise legal operations in software implementations. Explicit statement of sequencing constraints, however, is not a common activity when specifying software even when using formal specification methods. This paper shows that constraints on program execution sequences can be derived directly from algebraic specifications. Results include heuristic methods for generating sequencing constraints and a generalization of these methods into automatable rules. The heuristics can be integrated into a specification methodology such as Larch. Engineers can use the generated sequencing constraints to detect sequencing defects in software even before dynamic testing begins. The method can be used to increase the reliability of software that is specified using algebraic methods.     

Testing Formal Specifications to Detect Design Errors

Formal specification and verification techniques are now apused to increase the reliability of software systems. However, these proaches sometimes result in specifying systems that cannot be realized or that are not usable. This paper demonstrates why it is necessary to test specifications early in the software life cycle to guarantee a system that meets its critical requirements and that also provides the desired functionality. Definitions to provide the framework for classifying the validity of a functional requirement with respect to a formal specification tion are also introduced. Finally, the design of two tools for testing formal specifications is discussed.     

Use of executable formal specifications in user validation

Requirements validation through feedback with users is of paramount importance in producing a high quality requirements specification document. Use of an executable formal specification offers an effective combination of formalism and pragmatism. This allows not only the systematic development of a concise specification of a system, but it also enables developers to execute the specification to receive feedback at an early stage. Executable formal specification languages have traditionally been used as an effective prototyping tool to facilitate developer validation, that is the developer can, via specification execution either individually or in a peer review format, explore the consequences of the specification. However, their use in requirements validation is often not user orientated, which may in turn reduce the effectiveness of the approach. This paper reports on work to facilitate the user validation process based on executable formal specifications. A user orientated process with a systematic framework can maximise the effectiveness of the user validation process. Dialogue management based on scenarios enables an effective communication between a system and its users. Our approach also enables the intertwining of equational specifications in a modular algebraic specification language and conventional implementations in a modular programming language. This introduces a judicious choice of rigour, techniques and tools to support the user dialogue with a prototype system to effectively and explicitly address the user validation process. © 1998 John Wiley & Sons, Ltd.     

Using induction and rewriting to verify and complete parameterized specifications

In software engineering there is a growing demand for formal methods for the specification and validation of software systems. The formal development of a system might give rise to many proof obligations. We must prove the completeness of the specification and the validity of some inductive properties. In this framework, many provers have been developed. However they require much user interaction even for simple proof tasks. In this paper, we present new procedures to test sufficient completeness and to prove or disprove inductive properties automatically in para-meterized conditional specifications. The method has been implemented in the prover SPIKE. Computer experiments illustrate the improvements in length and structure of proofs, due to parameterization. Moreover, SPIKE offers facilities to check and complete specifications.     

Achieving dependability throughout the development process: adistributed software experiment

Distributed software engineering techniques and methods for improving the specification and testing phases are considered. To examine these issues, an experiment was performed using the design diversity approach in the specification, design, implementation, and testing of distributed software. In the experiment, three diverse formal specifications were used to produce multiple independent implementations of a distributed communication protocol in Ada. The problems encountered in building complex concurrent processing systems in Ada were also studied. Many pitfalls were discovered in mapping the formal specifications into Ada implementations     

Formal methods for verification and validation of partial specifications: A case study

This paper describes our work exploring the suitability of formal specification methods for independent verification and validation (IV&V) of software specifications for large, safety-critical systems. An IV&V contractor often has to perform rapid analysis on incomplete specifications, with no control over how those specifications are represented. Lightweight formal methods show significant promise in this context, as they offer a way of uncovering major errors without the burden of full proofs of correctness. We describe a case study of the use of partial formal models for IV&V of the requirements for Fault Detection Isolation and Recovery on the space station. We conclude that the insights gained from formalizing a specification are valuable, and it is the process of formalization, rather than the end product, that is important. It was only necessary to build enough of the formal model to test the properties in which we were interested. Maintenance of fidelity between multiple representations of the same requirements (as they evolve) is still a problem, and deserves further study.     

ASADAL/SIM: an incremental multi-level simulation and analysis tool for real-time software specifications

Despite considerable advancement in software engineering methods during the past three decades, requirements engineering of large and complex software systems still remains a difficult and active research problem. One such difficulty lies in developing correct and useful methods for the validation and verification of real-time software specifications. One way of analyzing and validating/verifying software specifications is to mathematically derive or prove desired system properties based on formal specification languages. A full scale system analysis using such formal methods is limited in practice because of the required mathematical skills and computational costs. Formal methods are often used to check only a few very critical real-time properties. Simulation is a complementary approach to testing various system characteristics and validating user requirements. It is especially good for providing a rough picture of final system behavior. This paper presents ASADAL/SIM, a tool for multi-level simulation and analysis of real-time software specifications. It is a subsystem of a larger computer-aided real-time software development environment called ASADAL, and complements ASADAL/PROVER, another subsystem of ASADAL which is a formal verification module.^1. With ASADAL/SIM, simulation primitives can be added to evolving specifications in order to assign stochastic behaviors to external entities and internal processes, and to build a simulation model. ASADAL/SIM can execute the model and, at the same time, demonstrate the final system behavior by graphically showing internal workings of the system; catch undesirable system behaviors with breakpoints; and present various analytical results and system statistics ASADAL/SIM, following ASADAL's philosophies of hierarchical system modeling and early system validation, allows users to simulate ‘evolving’ specifications at different, mixed, and wide levels of detail. In particular, algorithmic details may be specified for low level behavioral blocks, and simulated with abstract entities yet to be refined to such a level. This facilitates the tracking of critical data values at the specification level, and eases the next transformation into code level implementation. With ASADAL/SIM, ASADAL becomes an effective and comprehensive supporting tool for various existing software engineering approaches, particularly top-down refinement and incremental development practices. © 1998 John Wiley & Sons, Ltd.     

Formal methods software engineering for the CARA system

This paper discusses the application of formal methods software engineering (FMSE) to the development of the Computer Automated Resuscitation A (CARA) medical device at Walter Reed Army Institute of Research. Because this system is potentially life critical, a high level of quality was required. A formal engineering approach to the software development activities was chosen to satisfy this need. Specifically, a technique called sequence enumeration was applied to elicit and refine requirements while deriving a formal specification. The fundamentals of the specification process that was used on the project are described along with a brief summary of the project experience in the development and testing phases. The project employed recent advances in Cleanroom software engineering methods along with older box-structured development and usage-model-based statistical testing techniques.     

Comparison of specification decomposition methods in Event-B

Decomposition is an important phase in the design of medium and large-scale systems. Various architectures of software systems and decomposition methods are studied in numerous publications. Presently, formal specifications of software systems are mainly used for experimental purposes; for this reason, their size and complexity are relatively low. As a result, in the development of a nontrivial specification, different approaches to the decomposition should be compared and the most suitable approach should be chosen. In this paper, the experience gained in the deductive verification of the formal specification of the mandatory entity-role model of access and information flows control in Linux (MROSL DP-model) using the formal Event-B method and stepwise refinement technique is analyzed. Two approaches to the refinementbased decomposition of specifications are compared and the sources and features of the complexity of the architecture of the model are investigated.