From a B formal specification to an executable code: application to the relational database domain

This paper presents a formal approach for the development of trustworthy database applications. This approach consists of three complementary steps. Designers start by modeling applications using UML diagrams dedicated to database applications domain. These diagrams are then automatically translated into B specifications suitable not only for reasoning about data integrity checking but also for the derivation of trustworthy implementations. In this paper, we present a process based on the B refinement technique for the derivation of a SQL relational implementation, embedded in the JAVA language (JAVA/SQL), from a B specification obtained by the first translation phase.     

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

ContextSecurity in general, and database protection from unauthorized access in particular, are crucial for organizations. Although it has been long accepted that the important system requirements should be considered from the early stages of the development process, non-functional requirements such as security tend to get neglected or dealt with only at later stages of the development process.ObjectiveWe present an empirical study conducted to evaluate a Pattern-based method for Secure Development – PbSD – that aims to help developers, in particular database designers, to design database schemata that comply with the organizational security policies regarding authorization, from the early stages of development. The method provides a complete framework to guide, enforce and verify the correct implementation of security policies within a system design, and eventually generate a database schema from that design.MethodThe PbSD method was evaluated in comparison with a popular existing method that directly specifies the security requirements in SQL and Oracle’s VPD. The two methods were compared with respect to the quality of the created access control specifications, the time it takes to complete the specification, and the perceived quality of the methods.ResultsWe found that the quality of the access control specifications using the PbSD method for secure development were better with respect to privileges granted in the table, column and row granularity levels. Moreover, subjects who used the PbSD method completed the specification task in less time compared to subjects who used SQL. Finally, the subjects perceived the PbSD method clearer and more easy to use.ConclusionThe pattern-based method for secure development can enhance the quality of security specification of databases, and decrease the software development time and cost. The results of the experiment may also indicate that the use of patterns in general has similar benefits; yet this requires further examinations.     

Coupled Transformation of Schemas, Documents, Queries, and Constraints

Coupled transformation occurs when multiple software artifacts must be transformed in such a way that they remain consistent with each other. For instance, when a database schema is adapted in the context of system maintenance, the persistent data residing in the system's database needs to be migrated to conform to the adapted schema. Also, queries embedded in the application code and any declared referential constraints must be adapted to take the schema changes into account. As another example, in XML-to-relational data mapping, a hierarchical XML Schema is mapped to a relational SQL schema with appropriate referential constraints, and the XML documents and queries are converted into relational data and relational queries. The 2LT project is aimed at providing a formal basis for coupled transformation. This formal basis is found in data refinement theory, point-free program calculation, and strategic term rewriting. We formalize the coupled transformation of a data type by an algebra of information-preserving data refinement steps, each witnessed by appropriate data conversion functions. Refinement steps are modeled by so-called two-level rewrite rules on type expressions that synthesize conversion functions between redex and reduct while rewriting. Strategy combinators are used to composed two-level rewrite rules into complete rewrite systems. Point-free program calculation is applied to optimized synthesize conversion function, to migrate queries, and to normalize data type constraints. In this paper, we provide an overview of the challenges met by the 2LT project and we give a sketch of the solutions offered.     

Requirements simulation for early validation using Behavior Trees and Datalog

ContextThe role of formal specification in requirements validation and analysis is generally considered to be limited because considerable expertise is required in developing and understanding the mathematical proofs. However, formal semantics of a language can provide a basis for step-by-step execution of requirements specification by building an easy to use simulator to assist in requirements elicitation, validation and analysis.ObjectiveThe objective of this paper is to illustrate the usefulness of a simulator that executes requirements and captures system states as rules and facts in a database. The database can then be queried to carry out analysis after all the requirements have been executed a given number of timesMethodBehavior Trees (BTs)¹ are automatically translated into Datalog facts and rules through a simulator called SimTree. The translation process involves model-to-model (M2M) transformation and model-to-text (M2T) transformation which automatically generates the code for a simulator called SimTree. SimTree on execution produces Datalog code. The effectiveness of the simulator is evaluated using the specifications of a published case study – Ambulatory Infusion Pump (AIP)².ResultsThe BT specification of the AIP was transformed into SimTree code for execution. The simulator produced a complete state-space for a predetermined number of runs in the form of Datalog facts and rules, which were then analyzed for various properties of interest like safety and liveness.ConclusionQueries of the resultant Datalog code were found to be helpful in identifying defects in the specification. However, probability values had to be manually assigned to all the events to ensure reachability to all leaf nodes of the tree and timely completion of all the runs. We identify optimization of execution paths to reduce execution time as our future work.     

面向数据库模式变更的代码演化推荐方法

许多软件依赖数据库来存储信息。数据库模式的变更可能导致程序代码中与数据库相关的SQL语句代码不能正常执行,因而找出一种能够直接定位到需要修改的SQL语句代码并推荐出这些代码可能的修改方案的方法是十分必要的。提出的面向数据库模式变更的代码演化推荐方法首先自动检测出软件系统数据库模式发生的变更,随后采用程序切片技术得出与数据库操作相关的程序切片;确定受到数据库模式变更影响的程序切片后,利用源程序转换流程图算法将程序切片转化为程序流程图;根据程序流程图的分支条件得出SQL语句所有可能的特定执行路径;最后采用图映射的方法对每条路径的SQL语句进行变更语句推荐,推荐出新数据库模式下可执行的SQL语句。为了验证该方法的可行性,实现了一个用于自动检测数据库模式变更并能推荐出SQL语句演化后代码的插件工具。     

Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation

With the explosion of software size, checking conformance of implementation to specification becomes an increasingly important but also hard problem. Current practice based on ad-hoc testing does not provide correctness guarantees, while highly confident traditional formal methods like model checking and theorem proving are still too expensive to become common practice. In this paper we present a paradigm for combining formal specification with implementation, called monitoring-oriented programming (MoP), providing a light-weighted formal method to check conformance of implementation to specification at runtime. System requirements are expressed using formal specifications given as annotations inserted at various user selected places in programs. Efficient monitoring code using the same target language as the implementation is then automatically generated during a pre-compilation stage. The generated code has the same effect as a logical checking of requirements and can be used in any context, in particular to trigger user defined actions, when requirements are violated. Our proposal is language- and logic- independent, and we argue that it smoothly integrates other interesting system development paradigms, such as design by contract and aspect oriented programming. A prototype has been implemented for Java, which currently supports requirements expressed using past time and future time linear temporal logics, as well as extended regular expressions.     

一种从Z到精化演算的软件开发方法

一、引言形式化方法的研究和应用已有二十多年的历史,源于Dijkstra和Hoare的程序验证以及Scott、stratchey等人的程序语义研究,指为保证复杂系统的可靠性,以数学为基础对其进行精确描述和验证的语言、技术和工具。形式化方法的关键在于形式规约语言。通过语法和语义有严格数学定义的形式规约语言对系统及其各方面性能的描述,产生系统的形式规约,可以帮助开发者获得对所描述系统的深刻理解,并通     

两次数据精化的形式化软件开发方法

提出了一种从数据精化、过程精化、再数据精化的两次数据精化的形式化软件开发方法。传统Z规约数据精化很复杂。该文先采用过程写出初始规范,对模式进行第一次数据精化,然后把它转换为Z模式,再进行过程精化。最后再数据精化到且标代码。以常见动态Web网页脚本语言PHP为例,阐述了该方法。并为此写了一套从过程到Z模式的转化规则,以及精化到PHP的精化规则。     

Object—Z规格说明的SQL动画模拟

软件规格说明的确认在软件开发阶段占有举足轻重的地位。形式规格说明的动画模拟技术是一种规格说明的确认方法。本文研究了Obiect-Z规格说明的SQL动画模拟方法，设计了从Object-Z到SQL的转换规则，并提出了模块封装的思想，即用存储过程表示类、对象和模式等模块，用户通过调用执行存储过程确认规格说明是否满足其需求。     

Temporal-logic property preservation under Z refinement

Formal specification languages such as Z, B and VDM are used in the incremental development of abstract specifications (suitable for establishing required properties) to more concrete specifications (resembling the final implementation). This incremental development process, known as refinement, preserves all observable properties of the original abstract specification. Recent research has looked at applying temporal-logic model checking to such specification languages. While this assists in the establishment of properties of the abstract specification, temporal-logic properties typically refer to state variables which are regarded as non-observable. Hence, such properties are not guaranteed to be preserved by refinement. This paper investigates the classes of temporal-logic properties which are preserved by refinement, and for some of those properties that are not preserved in general, the restrictions on the refinement process under which they are preserved. Results are presented for the temporal logics LTL, CTL and the μ-calculus and the formal specification language Z. They apply equally, however, to related formal specification languages such as B and VDM.     

Modeling and enforcing invariants of dynamic software architectures

In this paper, we propose an “end-to-end” approach that supports dynamic reconfiguration of software architectures taking advantage of graphical modeling, formal methods and aspect-oriented programming. There are three ingredients of the proposal. The specification end of the solution is covered by a new UML profile enabling to specify the desired architectural style (model), its invariants and the intended reconfiguration operations. In order to verify the consistency of the model and the preservation of the invariants after every reconfiguration, we automatically generate formal specifications in Z notation from the defined model. At the runtime enforcing end of the solution, we propose to encode the enforcement logic as aspect in the AspectJ language. The third important ingredient that makes our approach end-to-end is the automatic translation of formal specifications into aspect-based enforcement code.     

Performance analysis of probabilistic action systems

Formal notations like B or action systems support a notion of refinement. Refinement relates an abstract specification A to a concrete specification C that is as least as deterministic. Knowing A and C one proves that C refines, or implements, specification A. In this study we consider specification A as given and concern ourselves with a way to find a good candidate for implementation C. To this end we classify all implementations of an abstract specification according to their performance. We distinguish performance from correctness. Concrete systems that do not meet the abstract specification correctly are excluded. Only the remaining correct implementations C are considered with respect to their performance. A good implementation of a specification is identified by having some optimal behaviour in common with it. In other words, a good refinement corresponds to a reduction of non-optimal behaviour. This also means that the abstract specification sets a boundary for the performance of any implementation. We introduce the probabilistic action system formalism which combines refinement with performance. In our current study we measure performance in terms of long-run expected average-cost. Performance is expressed by means of probability and expected costs. Probability is needed to express uncertainty present in physical environments. Expected costs express physical or abstract quantities that describe a system. They encode the performance objective. The behaviour of probabilistic action systems is described by traces of expected costs. A corresponding notion of refinement and simulation-based proof rules are introduced. Probabilistic action systems are based on discrete-time Markov decision processes. Numerical methods solving the optimisation problems posed by Markov decision processes are well-known, and used in a software tool that we have developed. The tool computes an optimal behaviour of a specification A thus assisting in the search for a good implementation C.Received September 2002 Accepted in revised form January 2004 by E.C.R. Hehner     

Web应用中数据库交互行为验证

采用定理证明和逆向工程的方法,对Web应用中的数据库交互行为进行验证。使用Z规格说明描述需求模型,根据数据库交互的源代码和转换规则得到实现模型。从实现模型中获取Web应用的相关性质,通过Z/EVES定理证明器验证这些性质是否在需求模型的 Z规格说明中得到满足。在此基础上,设计该方法的验证框架,并开发相应的原型系统。通过图书馆数据库管理系统实例证明该方法的有 效性。     

过程和触发器的简单实现

本文介绍了如何利用Delphi与SQLserver2000的结合,通过Delphi组件实现数据库的存储,及编写触发器的过程和方法。     

过程和触发器的简单实现

本文介绍了如何利用Delphi与SQL server2000的结合。通过Delphi组件实现数据库的存储，及编写触发器的过程和方法。     

Abstract Implementation of Algebraic Specifications in a Temporal Logic Language

A formal technique for incorporating two specification paradigms is presented,in which an algebraic specification is implemented by a set of abstract procedures specified in pre and post-condition style.The link between the two level specifications is provided via a translation from terms of algebraic specifications into temporal logic formulae representing abstract programs.In terms of translation,a criterion for an abstract implementation satisfying its specification is given,which allows one to check the consistency between the two levels of specifications.The abstract implementations can be refined into executable code by refining each abstract procedure in it.It is proved that the satisfication relation between a specification and its implementations is preserved by such refinement steps.     

A unit test approach for database schema evolution

Context

The constant changes in today’s business requirements demand continuous database revisions. Hence, database structures, not unlike software applications, deteriorate during their lifespan and thus require refactoring in order to achieve a longer life span. Although unit tests support changes to application programs and refactoring, there is currently a lack of testing strategies for database schema evolution.

Objective

This work examines the challenges for database schema evolution and explores the possibility of using various testing strategies to assist with schema evolution. Specifically, the work proposes a novel unit test approach for the application code that accesses databases with the objective of proactively evaluating the code against the altered database.

Method

The approach was validated through the implementation of a testing framework in conjunction with a sample application and a relatively simple database schema. Although the database schema in this study was simple, it was nevertheless able to demonstrate the advantages of the proposed approach.

Results

After changes in the database schema, the proposed approach found all SELECT statements as well as the majority of other statements requiring modifications in the application code. Due to its efficiency with SELECT statements, the proposed approach is expected to be more successful with database warehouse applications where SELECT statements are dominant.

Conclusion

The unit test approach that accesses databases has proven to be successful in evaluating the application code against the evolved database. In particular, the approach is simple and straightforward to implement, which makes it easily adoptable in practice.