State-of-the-practice in knowledge-based system verification and validation

The majority of the work in knowledge-based system verification and validation (KBS V&V) has focused on developing techniques and concepts for performing V&V on expert systems. Little information is available on what V&V practices are currently in use by expert system developers. This article describes the results of a survey whose purpose was to begin documenting some of the experiences and problems KBS developers have encountered. The results of the survey suggest that current practices can be improved and some specific recommendations are included. The recommendations include developing requirements for expert system V&V, addressing common issues, recommending a life cycle for expert systems development, addressing readability and modularity issues, and investigating applicability of analysis tools.     

A Formal Verification Environment for Railway Signaling System Design

A fundamental problem in the design and development of embedded control systems is the verification of safety requirements. Formal methods, offering a mathematical way to specify and analyze the behavior of a system, together with the related support tools can successfully be applied in the formal proof that a system is safe. However, the complexity of real systems is such that automated tools often fail to formally validate such systems.This paper outlines an experience on formal specification and verification carried out in a pilot project aiming at the validation of a railway computer based interlocking system. Both the specification and the verification phases were carried out in the JACK (Just Another Concurrency Kit) integrated environment. The formal specification of the system was done by means of process algebra terms. The formal verification of the safety requirements was done first by giving a logical specification of such safety requirements, and then by means of model checking algorithms. Abstraction techniques were defined to make the problem of safety requirements validation tractable by the JACK environment.     

A survey of approaches for the visual model-driven development of next generation software-intensive systems

Software-intensive systems of the future are expected to be highly distributed and to exhibit adaptive and anticipatory behavior when operating in highly dynamic environments and interfacing with the physical world. Therefore, visual modeling techniques to address these software-intensive systems require a mix of models from a multitude of disciplines such as software engineering, control engineering, and business process engineering. As in this concert of techniques software provides the most flexible element, the integration of these different views can be expected to happen in the software. The software thus includes complex information processing capabilities as well as hard real-time coordination between distributed technical systems and computers.In this article, we identify a number of general requirements for the visual model-driven specification of next generation software-intensive systems. As business process engineering and software engineering are well integrated areas and in order to keep this survey focused, we restrict our attention here to approaches for the visual model-driven development of adaptable software-intensive systems where the integration of software engineering with control engineering concepts and safety issues are important. In this survey, we identify requirements and use them to classify and characterize a number of approaches that can be employed for the development of the considered class of software-intensive systems.     

形式化方法概貌

形式化方法是基于严格数学基础,对计算机硬件和软件系统进行描述、开发和验证的技术.其数学基础建立在形式语言、语义和推理证明三位一体的形式逻辑系统之上.形式化方法已经以不同程度和不同方式愈来愈多地应用在计算系统生命周期的各个阶段.介绍了形式化方法的发展历程和基本方法体系;以形式规约和形式验证为主线,综述了形式化方法的理论、方法、工具和应用的现状,展示了形式化方法与软件学科其他领域的交叉和融合;分析了形式化方法的启示,并展望了其面临的发展机遇和未来趋势.形式化方法的发展和研究现状表明：其应用已经取得了长足的进步,在提高计算系统的可靠性和安全性方面发挥了重要作用.在当今软件日益成为社会基础设施的时代,形式化方法将与人工智能、网络空间安全、量子计算、生物计算等领域和方向交叉融合,得到更加广阔的应用.研究和建立这种交叉融合的理论和方法不仅重要,而且具有挑战性.     

A Knowledge-Based Software Engineering Environment for reusable software requirements and architectures

This paper describes a prototype Knowledge-Based Software Engineering Environment used to demonstrate the concepts of reuse of software requirements and software architectures. The prototype environment, which is application-domain independent, is used to support the development of domain models and to generate target system specifications from them. The prototype environment consists of an integrated set of commercial-off-the-shelf software tools and custom developed software tools.The concept of reuse is prevalent at several levels of the domain modeling method and prototype environment. The environment itself is domain-independent thereby supporting the specification of diverse application domain models. The domain modeling method specifies a family of systems rather than a single system; features characterize the variations in functional requirements supported by the family and individual family members are specified by the features they are to support. The knowledge-based approach to target system generation provides the rules for generating target system specifications from the domain model; target system specifications, themselves, may be stored in an object repository for subsequent retrieval and reuse.     

The KeY tool

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.     

Specifying transaction-based information systems with regularexpressions

The work is about the formal specification of transaction-based, interactive information systems. A transaction is a task that the user can execute independently, and the system can be defined as a partially ordered set of transactions. The general framework is the transformational paradigm, based on the classical Waterfall development model (W.W. Royce, 1970). The stages are systems analysis, software specification, design, and implementation. The systems analysis and software specification stages are covered. An informal, transaction-oriented method for systems analysis is proposed. The resulting system specification involves two parts: a high-level specification of each transaction and a formal specification of the system's control flow, i.e., the order of execution of the transactions. The system's control flow is expressed in a formal language describing concurrent regular expressions built on transaction names. At the software specification stage, some operational requirements, such as connect/disconnect transactions and the application of the all-or-nothing principle, are added to the system specification. Then a serial product automaton (SPA) is used to transform the concurrent expression into a single regular expression. This result is proven to be consistent with the system specification     

A Conceptual and Formal Framework for the Integration of Data Type and Process Modeling Techniques

A conceptual framework for the integration of data type and process modeling techniques, called integration paradigm, has been presented by the authors in previous papers already. The aim of this paper is to give a short review of this conceptual framework and to present a formal model for the integration paradigm. The formal model for the four layers, called data type, data states and transformations, processes and system architecture layers respectively, is based on an integration of abstract data types and structured transition systems. This formal model can be instantiated by all kinds of basic and integrated modeling techniques. Algebraic high-level nets, attributed graph transformation, an integration of Z with statecharts, and some diagram techniques of UML are discussed on the conceptual level. As instantiation of the formal model, a well-known CCS sender specification, place/transition nets, algebraic high-level nets and attributed graph transformation are presented in this paper, while instantiations of other modeling techniques will be discussed elsewhere.     

Testing Formal Specifications to Detect Design Errors

Formal specification and verification techniques are now apused to increase the reliability of software systems. However, these proaches sometimes result in specifying systems that cannot be realized or that are not usable. This paper demonstrates why it is necessary to test specifications early in the software life cycle to guarantee a system that meets its critical requirements and that also provides the desired functionality. Definitions to provide the framework for classifying the validity of a functional requirement with respect to a formal specification tion are also introduced. Finally, the design of two tools for testing formal specifications is discussed.     

Experience on knowledge-based software engineering: A logic-based requirements language and its industrial applications

A formal requirements specification language plays an important role in software development. Not only can such language be used for stating requirements specification, but also can be used in many phases of software development life cycle. The FRORL project started from constructing a language with a solid logical foundation and further expanded to research in verification, validation, requirements analysis, debugging, and transformation. Research in this project aided in some industrial applications in which a code generation tool produced software for embedded systems. This article reports the experiences gained from this project and states the value of research in knowledge-based software engineering.     

Decomposition in Real-Time Safety-Critical Systems

Existing formal techniques for the development of software for use in safety-critical systems do not adequately address non-functional system requirements such as those involving timing. In this paper we describe a formal development method in which specifications may be decomposed into unexceptional programs whilst preserving the functional and timing requirements of the specification. We illustrate the method with a speed monitoring example.     

带OCL约束条件的类图到object—Z规格说明的转换

如何提高软件的可靠性是目前软件研究领域的一个热点。将形式化方法和主流的软件开发方法相结合是一个可行的方法。本文研究UML语言和Object-Z语言相结合的方法，为主流的软件开发人员所使用的图形化规格说明技术与形式方法提供的精确的分析和验证技术架起了一座桥梁。本文定义如何将带0CL约束条件的类图转换到Object-Z规格说明的方法。这样不仅可以通过支持Object-Z语言的工具采对UML语言描述的系统性质进行验证和确认，而且能够帮助规格说明人员方便地构造Object-Z规格说明。     

Formal methods for verification and validation of partial specifications: A case study

This paper describes our work exploring the suitability of formal specification methods for independent verification and validation (IV&V) of software specifications for large, safety-critical systems. An IV&V contractor often has to perform rapid analysis on incomplete specifications, with no control over how those specifications are represented. Lightweight formal methods show significant promise in this context, as they offer a way of uncovering major errors without the burden of full proofs of correctness. We describe a case study of the use of partial formal models for IV&V of the requirements for Fault Detection Isolation and Recovery on the space station. We conclude that the insights gained from formalizing a specification are valuable, and it is the process of formalization, rather than the end product, that is important. It was only necessary to build enough of the formal model to test the properties in which we were interested. Maintenance of fidelity between multiple representations of the same requirements (as they evolve) is still a problem, and deserves further study.     

Realization of distributed system models using code generation extensions

Development of distributed software systems is complex due to the distribution of resources, which complicates validation of system-wide functionality. Such systems include various facets like functionality and distribution, each of which must be validated and integrated in the final software solution. Model-based techniques advocate various abstraction approaches to cope with such challenges. To enhance model-based development, this paper proposes (1) guidelines for development of distributed systems, where the different facets are introduced gradually through systematic modeling extensions, (2) code generation capabilities supporting technology specific realizations, and (3) demonstration of the applicability of our approach using an industrial case study involving the development of a harvest planning system, where the communication infrastructure paradigm changed late in the project. When developing this system, we spent most time validating system-wide functionality. The model extensions allowed an easier change of the underlying communication paradigm and code generation supported realization of the different system representations.     

Formal methods software engineering for the CARA system

This paper discusses the application of formal methods software engineering (FMSE) to the development of the Computer Automated Resuscitation A (CARA) medical device at Walter Reed Army Institute of Research. Because this system is potentially life critical, a high level of quality was required. A formal engineering approach to the software development activities was chosen to satisfy this need. Specifically, a technique called sequence enumeration was applied to elicit and refine requirements while deriving a formal specification. The fundamentals of the specification process that was used on the project are described along with a brief summary of the project experience in the development and testing phases. The project employed recent advances in Cleanroom software engineering methods along with older box-structured development and usage-model-based statistical testing techniques.     

Integration of informal and formal development of object-oriented safety-critical software

The KeY system allows for the integrated informal and formal development of object-oriented Java software. In this paper we report on a major industrial case study involving safety-critical software for the computation of a particular kind of railway timetable used by train conductors. Our case study includes formal specification of requirements both on the analysis and the implementation level. Particular emphasis in our research is placed on the challenge to make authoring and maintenance of formal specifications easier. We demonstrate that the technique of specification patterns as implemented in KeY for the language OCL yields significant improvements.     

Early verification and validation of mission critical systems

Complex software and systems are pervasive in today’s world. In a growing number of fields they come to play a critical role. In order to provide a high assurance level, verification and validation (V&V) should be considered early in the development process. This paper shows how this can be achieved based on a goal-oriented requirements engineering framework which combines complementary semi-formal and formal notations. This allows the analyst to formalize only when and where needed and also preserves optimal communication with stakeholders and developers. For the industrial application of the methodology, a supporting toolbox was developed. It consist of a number of tightly integrated tools for performing V&V tasks at requirements level. This is achieved through the use of (1) a roundtrip mapping between the requirements language and the specific formal languages used in the underlying formal tools (such as SAT or constraint solvers) and (2) graphical views using domain-based representations. This paper will focus on two major and representative tools: the Refinement Checker (about verification) and the Animator (about validation).     

Modeling high assurance agent-based Earthquake Management System using formal techniques

Disaster management systems are complex applications due to their distributed and decentralized nature. Various components execute in parallel with high need of coordination with each other. In such applications, interaction and communication issues are difficult to model and implement. In this paper, we have proposed agent-based Earthquake Management System (EMS) which is modeled and analyzed using formal approach. Traditionally, such systems undergo through various transformations starting from requirement models and specification to analysis, design and implementation. A variety of formal approaches are available to specify systems for analyzing their structure and behavior; however, there are certain limitations in using these techniques due to their expressiveness and behavior requirements. We have adopted combination of Pi-calculus and Pi-ADL formal languages to model EMS from analysis to design. The formal approach helps to enhance reliability and flexibility of the system by reducing the redundant information. It reduces chances of errors by explicitly mentioning working flow of information. Additionally, a prototype application is presented as proof of concept in EMS context. We have also evaluated our formal specification by using ArchWare and ABC tools; also, comparison of prototype application with major existing techniques is highlighted.     

The design and analysis of real-time systems using the ASTRAL software development environment

ASTRAL is a formal specification language for real-time systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A real-time system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the ASTRAL Software Development Environment (SDE), which is an integrated set of design and analysis tools based on the ASTRAL formal framework. The tools that make up the support environment are a syntax-directed editor, a specification processor, a verification condition generator, a browser kit, a model checker, and a mechanical theorem prover. This revised version was published online in June 2006 with corrections to the Cover Date.     

一个基于可视集成界面的软件定义开发环境MHSC/E

软件开发存在着方法论需求．基于作者提出的ＭＨＳＣ方法论思想，本文提出一个支持软件定义开发的可视集成环境ＭＨＳＣ／Ｅ．通过可视界面支持软件定义的变换、求精与仿真．ＭＨＳＣ／Ｅ较好地反映出ＭＨＳＣ的核心思想．本文着重介绍ＭＨＳＣ／Ｅ的环境组成、集成界面以及高层构造技术和支持工具．