An approach to applying SOFL for agile process and its application in developing a test support tool

Structured Object-Oriented Formal Language (SOFL) is a representative formal engineering method for software development. It offers a three-step specification approach to constructing formal specifications, and specification-based inspection and testing for verification and validation. In this paper, we describe a novel approach to applying the SOFL method to achieve agile development process. This approach results from our experience in several collaboration projects with industry, and aims to strike a balance between the fast delivery of software product and the assurance of its quality. We have tested the approach in developing a prototype test support tool.     

OOZS：一种面向对象的Z语言扩展

在软件开发过程中，面向对象方法和形式方法的综合使用有助于充分利用这两种方法的优点并克服它们的不足。在Ｚ规格说明语言的基础上，作者设计了一种结构化的面向对象形式规格说明语言ＯＯＺＳ，以提高形式规格说明的层次性及模块化能力。本文简要介绍了ＯＯＺＳ语言的设计思想及其面向对象特征。     

结构化方法、面向对象方法和形式方法的比较与结合

结构化方法、面向对象方法和形式方法是三种不同的软件开发方法。本文对这三种开发方法进行了对照比较,讨论了它们的互相结合,并提出了将其结合在一起的集成方法的设想。     

基于SOFL规范的语义分析

传统的形式化方法局限于严格的证明、对程序员要求较高的教育背景,使其举步维艰.于是作为形式化方法与面向对象的联姻的SOFL(Structured Object-Oriented Fomal Language)便应运而生.在给出语义分析的整体算法后,逐步分析各个阶段遇到的关键问题并给出解决方法,同时在参考其他语言的基础上,定义了SOFL中一些语义规则.     

A formal methodology using attributed grammars for multiprocessing-system software development. I. Design representation

With the growing complexity of multiprocessing systems and distributed computing systems, there is an increasing need to provide a formal methodology for deriving a model to represent software design for the software development of these systems. The formal methodology presented in this paper uses attributed grammars, and extends formal methods commonly used in the definition of programming languages and compiler techniques for representing the design specification of software systems and validating the implementation. This model provides a common basis in the software development phases through automated design analysis, test-case generation, and validation of the software system. This paper covers the construction of the model for the design representation using attributed grammar and the analysis of the software system design based on the model.     

The impacts of quality and productivity perceptions on the use of software process improvement innovations

Numerous software process improvement (SPI) innovations have been proposed to improve software development productivity and system quality; however, their diffusion in practice has been disappointing. This research investigates the adoption of the Personal Software Process on industrial software projects. Quantitative and qualitative analyses reveal that perceived increases in software quality and development productivity, project management benefits, and innovation fit to development tasks, enhance the usefulness of the innovation to developers. Results underscore the need to enrich current technology acceptance models with these constructs, and serve to encourage project managers to adopt formal SPI methods if developers perceive the methods will have positive impacts on their productivity and system quality.     

Managing change in an information systems development organization: understanding developer transitions from a structured to an object‐oriented development environment1

Abstract. Object‐oriented systems development has attracted great interest in the information systems (IS) field because of a belief that using object‐oriented development (OD) makes it easier to develop and maintain software plus achieve software reuse. However, the transition from structured to OD may be especially challenging for IS developers. In fact, some argue that structured development (SD) knowledge may interfere with the ability to learn OD approaches because of a form of proactive interference. To understand how knowledge of SD concepts influences the ability to gain OD knowledge, we assessed a team of IS developers' understanding of structured and object‐oriented concepts at the beginning of their first OD project and repeated our assessment 1 year later. Developers increased their understanding of some object‐oriented concepts, but these changes were associated with increases in understanding of one of the SD concepts. Further, at the beginning and end of the project, developers' mental models were highly consistent with one another and that of an OD expert with regard to most OD concepts. It appears that the formal training that developers received allowed them to attain a good understanding of most object‐oriented concepts. These findings challenge the idea that structured developers must ‘unlearn’ SD to adopt OD approaches. Future research may wish to examine the different types of software development knowledge to ascertain which are amenable to positive transfer and which are more likely to suffer from proactive interference.     

Facilitating construction of safety cases from formal models in Event-B

ContextCertification of safety–critical software systems requires submission of safety assurance documents, e.g., in the form of safety cases. A safety case is a justification argument used to show that a system is safe for a particular application in a particular environment. Different argumentation strategies (informal and formal) are applied to determine the evidence for a safety case. For critical software systems, application of formal methods is often highly recommended for their safety assurance.ObjectiveThe objective of this paper is to propose a methodology that combines two activities: formalisation of system safety requirements of critical software systems for their further verification as well as derivation of structured safety cases from the associated formal specifications.MethodWe propose a classification of system safety requirements in order to facilitate the mapping of informally defined requirements into a formal model. Moreover, we propose a set of argument patterns that aim at enabling the construction of (a part of) a safety case from a formal model in Event-B.ResultsThe results reveal that the proposed classification-based mapping of safety requirements into formal models facilitates requirements traceability. Moreover, the provided detailed guidelines on construction of safety cases aim to simplify the task of the argument pattern instantiation for different classes of system safety requirements. The proposed methodology is illustrated by numerous case studies.ConclusionFirstly, the proposed methodology allows us to map the given system safety requirements into elements of the formal model to be constructed, which is then used for verification of these requirements. Secondly, it guides the construction of a safety case, aiming to demonstrate that the safety requirements are indeed met. Consequently, the argumentation used in such a constructed safety case allows us to support it with formal proofs and model checking results used as the safety evidence.     

Integrating structured OO approaches with formal techniques for the development of real-time systems

The use of formal methods in the development of time-critical applications is essential if we want to achieve a high level of assurance in them. However, these methods have not yet been widely accepted in industry as compared to the more established structured and informal techniques. A reliable linkage between these two techniques will provide the developer with a powerful tool for developing a provably correct system. In this article, we explore the issue of integrating a real-time formal technique, TAM (Temporal Agent Model), with an industry-strength structured methodology known as HRT-HOOD. TAM is a systematic formal approach for the development of real-time systems based on the refinement calculus. Within TAM, a formal specification can be written (in a logic-based formalism), analysed and then refined to concrete representation through successive applications of sound refinement laws. Both abstract specification and concrete implementation are allowed to freely intermix. HRT-HOOD is an extension to the Hierarchical Object-Oriented Design (HOOD) technique for the development of Hard Real-Time systems. It is a two-phase design technique dealing with the logical and physical architecture designs of the system which can handle both functional and non-functional requirement, respectively. The integrated technique is illustrated on a version of the mine control system.     

A high-level requirements engineering methodology for electronic system-level design

Current electronic systems’ complexity severely limits their validation. Even if development frameworks keep improving and are heavily supported by the industry, methods for hardware/software electronic systems co-design are reaching a major crisis. Although the community is heading towards higher abstraction levels, requirements remain out of the validation scope. We therefore present a requirements engineering methodology that intersects formal, linguistic, and scenario views. Modeling consists in abstracting functionalities’ behaviours in terms of actions, expressed in a semi-formal structured language, later automatically translated in a pure formal notation. Such a mix makes the language accessible to designers and permits automation. Validation is then performed using consistency rules. Finally, an elicitation of missing functionalities is achieved using Boolean algebra.     

Ten commandments of formal methods

Producing correct, reliable software in systems of ever increasing complexity is a problem with no immediate end in sight. The software industry suffers from a plague of bugs on a near-biblical scale. One promising technique in alleviating this problem is the application of formal methods that provide a rigorous mathematical basis to software development. When correctly applied, formal methods produce systems of the highest integrity and thus are especially recommended for security- and safety-critical systems. Unfortunately, although projects based on formal methods are proliferating, the use of these methods is still more the exception than the rule, which results from many misconceptions regarding their costs, difficulties, and payoffs. Surveys of formal methods applied to large problems in industry help dispel these misconceptions and show that formal methods projects can be completed on schedule and within budget. Moreover, these surveys show that formal methods projects produce correct software (and hardware) that is well structured, maintainable, and satisfies customer requirements. Through observations of many recently completed and in-progress projects we have come up with ten guidelines that, if adhered to, greatly increase a project's chances for success     

Formal methods reality check: industrial usage

Based on a systematic survey and analysis of the use of formal methods in the development of a dozen industrial applications, we summarize the methods being used, characterize the styles of industrial usage, and provide recommendations for evolutionary enhancements to the technology base of formal methods. The industrial applications ranged from reverse engineering to system certification; code scale ranges from 1 KLOC to 10 KLOC's. Applications included a software infrastructure for oscilloscopes; a shutdown system for a nuclear generating station; a train protection system; an airline collision avoidance system; an engine monitoring system for shipboard engines; attitude control of satellites; security properties of both a smartcard device and a network; arithmetic units; transaction processing; a real-time database for a medical instrument; and a restructuring program for COBOL     

Integrating top-down and scenario-based methods for constructing software specifications

How to achieve a complete and consistent software specification by construction is an important issue for software quality assurance but still remains an open problem. The difficulty lies in the fact that the assurance of the completeness needs user’s judgments and the specification keeps changing as requirements analysis progresses. To allow the user to easily make such judgments and to reduce chances for creating inconsistencies due to frequent specification modifications, in this paper we describe an intuitive, formal, and expressive specification method that integrates top-down decompositional and scenario-based compositional methods. The decompositional method is used at an informal level with the goal of achieving a complete coverage of the user’s functional requirements, while the compositional method is used to precisely define the functionality of each scenario and to construct complex scenarios by composition of simple scenarios in a formal, intuitive language called SOFL. Combination of the decompositional and compositional processes can facilitate the analyst in completing a specification in a hierarchical structure. We present an example to illustrate how the integrated method is used in practice and describe a software support tool for the method.     

Seven more myths of formal methods

New myths about formal methods are gaining tacit acceptance both outside and inside the system-development community. The authors address and dispel these myths based on their observations of industrial projects. The myths include: formal methods delay the development process; they lack tools; they replace traditional engineering design methods; they only apply to software; are unnecessary; not supported; and formal methods people always use formal methods     

从结构化到面向对象程序设计的模型转换

随着软件系统内在复杂性的不断提高，面向对象技术已经取代结构化设计技术成为产业化软件开发的主流技术。本文剖析对象模型与结构化设计瀑布模型队程序设计风格的影响，探讨导致面向对象软件工程失败的主要原因，论证了成功实施面向对象软件工程的关键技术，帮助软件工程师完成从结构化设计实践向面向对象分析和设计实践的进化。     

基于智能论方法学在产品外观设计上的研究应用

智能论方法学是现代设计的核心,随着时代的发展人类社会从长期的手工劳作迈入了机器大生产时代。设计师来说工业产品不仅仅要具备艺术审美功能,还应该在提供创造和传达设计思想的灵感环节设计出符合美学标准的作品。在现代工业设计方法学中运用智能论方法中计算机辅助求解、设计、控制具有搭建理性空间构图和形式美学的突出效果。以Matlab、Rhino等计算机辅助设计软件为例,对函数图形、图像分形进行函数求解,从而得出最优满意度的工业产品外观的基础应用。     

Formal Verification of a Railway Interlocking System using Model Checking

In this paper we describe an industrial application of formal methods. We have used model checking techniques to model and formally verify a rather complex software, i.e. part of the “safety logic” of a railway interlocking system. The formal model is structured to retain the reusability and scalability properties of the system being modelled. Part of it is defined once for all at a low cost, and re-used. The rest of the model can be mechanically generated from the designers' current specification language. The model checker is “hidden” to the user, it runs as a powerful debugger. Its performances are impressive: exhaustive analysis of quite complex configurations with respect to rather complex properties are run in the order of minutes. The main reason for this achievement is essentially a carefully designed model, which exploits all the behaviour evolution constraints. The re-usability/scalability of the model and the fact that formal verification is automatic and efficient are the key factors which open up the possibility of a real usage by designers at design time. We have thus assessed the possibility of introducing the novel technique in the development cycle with an advantageous costs/benefits relation. Received March 1997 / Accepted in revised form July 1998     

基于SOFL形式化方法的需求分析

介绍了形式化方法在需求分析中的运用,并且介绍了SOFL作为一种优秀的形式化工程方法的一些特点.SOFL在需求分析阶段中采用从informal到semi-formal再到formal的逐步过渡和演化,并采用CDFD进行功能分解和数据流的精确定义,有助于精确且逻辑严密地描述需求,消除需求说明文档隐含的不一致性、二义性、不完整性,从而生成高质量的形式化描述的需求文档.