Automating test by adding formal specification: an experience for database bound applications

This article describes a method and a generalised tool for the automatic generation of functional testcases. The test generator is part of a more comprehensive product that also includes an interpreter which is able to determine the expected results of the generated tests. The study starts from the functional specifications of a software product, based on a traditional development model, and provides a system decomposition methodology. A general formal way to describe functional specification is given, obtaining the criteria to follow in choosing the language to produce functional tests. The general approach, the tool structure and some examples are shown in this article.     

A decomposition of a formal specification: an improvedconstraint-oriented method

In this paper, the authors propose a decomposition method for a formal specification that divides the specification into two subspecifications composed by a parallel operator. To make these specification behaviors equivalent before and after decomposition, the method automatically synthesizes an additional control specification, which contains the synchronization information of the decomposed subspecifications. The authors prove that a parallel composition of the decomposed subspecifications synchronized with the control specification is strongly equivalent with the original (monolithic) specification. The authors also write formal specifications of the OSI application layer's association-control service and decompose it using their method as an example of decomposition of a practical specification. Their decomposition method can be applied to top-down system development based on stepwise refinement     

Towards the formal specification of an OPS5 production system architecture

The article presents a formal specification for many important aspects of the OPS5 production systems framework. the article illustrates how an abstract formal specification of a production system can be created and the benefits this provides to those involved in the development of knowledge-based systems. the formal specification is preceded by an informal specification of a production system upon which the formal model is based and the development is illustrated through the use of concrete examples. the notation used is that of “Z” (J. M. Spivey, The Z Notation, Prentice-Hall, Englewood Cliffs, NJ, 1990), a language based upon typed set theory. This language has been used to success in the specification of critical conventional software systems (I. Hayes, Technical Monograph PRG-46, Oxford University Computing Laboratory, Oxford, England, 1985) and which is formal enough to allow for the creation of rigorous specifications, yet is of a form that makes these specifications “readable.” the aim of the article is to show that formal techniques can be applied to areas of knowledge-based system development, thus promoting correctness, reliability, and understanding. © 1994 John Wiley & Sons, Inc.     

Applying formal methods to standard development: The open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for ODP.     

From a B formal specification to an executable code: application to the relational database domain

This paper presents a formal approach for the development of trustworthy database applications. This approach consists of three complementary steps. Designers start by modeling applications using UML diagrams dedicated to database applications domain. These diagrams are then automatically translated into B specifications suitable not only for reasoning about data integrity checking but also for the derivation of trustworthy implementations. In this paper, we present a process based on the B refinement technique for the derivation of a SQL relational implementation, embedded in the JAVA language (JAVA/SQL), from a B specification obtained by the first translation phase.     

Combining UML, ASTD and B for the formal specification of an access control filter

Combination of formal and semi-formal methods is more and more required to produce specifications that can be, on the one hand, understood and thus validated by both designers and users and, on the other hand, precise enough to be verified by formal methods. This motivates our aim to use these complementary paradigms in order to deal with security aspects of information systems. This paper presents a methodology to specify access control policies starting with a set of graphical diagrams: UML for the functional model, SecureUML for static access control and ASTD for dynamic access control. These diagrams are then translated into a set of B machines. Finally, we present the formal specification of an access control filter that coordinates the different kinds of access control rules and the specification of functional operations. The goal of such B specifications is to rigorously check the access control policy of an information system taking advantage of tools from the B method.     

Talos: no more ransomware victims with formal methods

Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).     

Bases for the development of LAST: a formal method for business software requirements specification

This paper proposes a possible approach to IS requirements specification. It relies on the application of standard (i.e. conventional) discrete mathematics, more precisely, it uses a fairly limited number of concepts from the fields of linear algebra and set theory (hence its name, LAST). The use of LAST for data definition and query–answer are discussed in some detail, given the data-rich quality of Business IS and the fact that a solid data-model is therefore essential to their specification. The proposed approach implies integration with other semiformal specification methods, two of the possibilities being integration with UML–OCL and with the Entity Relationship Model, which are discussed in this paper. Finally, mapping of LAST specifications to the Relational Model is also addressed; this possibility having an interest both, for (partial) implementation and for model simulation.     

State architecture notation and simulation: A formal technique for the specification and testing of protocol systems

The increasing practical importance of data communications, computer networking and distributed data processing has increased the benefits to be gained from a systematic approach to the design, specification, validation, implementation and testing of these kind of systems.This paper presents an introduction to the State Architecture approach to protocol system specification and also describes an important companion simulation tool.State Architecture concepts and definitions are presented. Complex protocol systems are built up of interconnections of state-system primitives; specifically, combinational functions, finite-state machines, queues, clocks, delays and derivatives. Aspects of component state and input/output behavior are treated explicitly.State Architecture Notation (SAN), a formal machine-readable language for specifying protocol systems, is outlined.The State Architecture Simulator (SAS), a general purpose SAN model simulator is described and example SAS runs on a model of the ADCCP protocol (similar to HDLC and SDLC) are included.A preliminary evaluation of the State Architecture approach is presented along with a brief comparison to other methods of formal specification.     

Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods

Formal specification combined with mechanical verification is a promising approach for achieving the extremely high levels of assurance required of safety-critical digital systems. However, many questions remain regarding their use in practice: Can these techniques scale up to industrial systems, where are they likely to be useful, and how should industry go about incorporating them into practice? This paper discusses a project undertaken to answer some of these questions, the formal verification of the microcode in the AAMP5 microprocessor. This project consisted of formally specifying in the PVS language a Rockwell proprietary microprocessor at both the instruction-set and register-transfer levels and using the PVS theorem prover to show the microcode correctly implemented the instruction-level specification for a representative subset of instructions. Notable aspects of this project include the use of a formal specification language by practicing hardware and software engineers, the integration of traditional inspections with formal specifications, and the use of a mechanical theorem prover to verify a portion of a commercial, pipelined microprocessor that was not explicitly designed for formal verification.     

Formal analysis of the Shlaer-Mellor method: Towards a toolkit of formal and informal requirements specification techniques

In this paper, we define a number of tools that we think belong to the core of any toolkit for requirements engineers. The tools are conceptual and hence, they need precise definitions that lay down as exactly as possible what their meaning and possible use is. We argue that this definition can best be achieved by a formal specification of the tool. This means that for each semi-formal requirements engineering tool we should provide a formal specification that precisely specifies its meaning. We argue that this mutually enhances the formal and semi-formal technique: it makes formal techniques more usable and, as we will argue, at the same time simplifies the diagram-based notations.At the same time, we believe that the tools of the requirements engineer should, where possible, resemble the familiar semi-formal specification techniques used in practice today. In order to achieve this, we should search existing requirements specification techniques to look for a common kernel of familiar semi-formal techniques and try to provide a formalisation for these.In this paper we illustrate this approach by a formal analysis of the Shlaer-Mellor method for object-oriented requirements specification. The formal specification language used in this analysis is LCM, a language based on dynamic logic, but similar results would have been achieved by means of another language. We analyse the techniques used in the information model, state model, process model and communication model of the Shlaer-Mellor method, identify ambiguities and redundancies, indicate how these can be eliminated and propose a formalisation of the result. We conclude with a listing of the tools extracted from the Shlaer-Mellor method that we can add to a toolkit that in addition contains LCM as formal specification technique.     

FLAME: a formal framework for the automated analysis of software product lines validated by automated specification testing

In a literature review on the last 20 years of automated analysis of feature models, the formalization of analysis operations was identified as the most relevant challenge in the field. This formalization could provide very valuable assets for tool developers such as a precise definition of the analysis operations and, what is more, a reference implementation, i.e., a trustworthy, not necessarily efficient implementation to compare different tools outputs. In this article, we present the FLAME framework as the result of facing this challenge. FLAME is a formal framework that can be used to formally specify not only feature models, but other variability modeling languages (VML s) as well. This reusability is achieved by its two-layered architecture. The abstract foundation layer is the bottom layer in which all VML-independent analysis operations and concepts are specified. On top of the foundation layer, a family of characteristic model layers—one for each VML to be formally specified—can be developed by redefining some abstract types and relations. The verification and validation of FLAME has followed a process in which formal verification has been performed traditionally by manual theorem proving, but validation has been performed by integrating our experience on metamorphic testing of variability analysis tools, something that has shown to be much more effective than manually designed test cases. To follow this automated, test-based validation approach, the specification of FLAME, written in Z, was translated into Prolog and 20,000 random tests were automatically generated and executed. Tests results helped to discover some inconsistencies not only in the formal specification, but also in the previous informal definitions of the analysis operations and in current analysis tools. After this process, the Prolog implementation of FLAME is being used as a reference implementation for some tool developers, some analysis operations have been formally specified for the first time with more generic semantics, and more VML s are being formally specified using FLAME.     

Clock constraint specification language: specifying clock constraints with UML/MARTE

The Object Management Group (OMG) unified modeling language (UML) profile for modeling and analysis of real-time and embedded systems (MARTE) aims at using the general-purpose modeling language UML in the domain of real-time and embedded (RTE) systems. To achieve this goal, it is absolutely required to introduce inside the mainly untimed UML an unambiguous time structure which MARTE model elements can rely on to build precise models amenable to formal analysis. The MARTE Time model has defined such a structure. We have also defined a non-normative concrete syntax called the clock constraint specification language (CCSL) to demonstrate what can be done based on this structure. This paper gives a brief overview of this syntax and its formal semantics, and shows how existing UML model elements can be used to apply this syntax in a graphical way and benefit from the semantics.     

User interface specification with sequence diagrams: an application to the AIRBUS A380 Datalink system

The development of user interfaces for safety critical systems is driven by requirements specifications. Because user interface specifications are typically embedded within complex systems requirements specifications, they can be intractable to manage. Proprietary requirements specification tools do not support the user interface designer in modelling and specifying the user interface. In this paper, a new way of working with embedded user interface specifications is proposed, exploiting sequence diagrams with a hypertext structure for representing and retrieving use cases. This new tool concept is assessed through an application to the requirements specification for the Airbus A380 air traffic control Datalink system; engineers involved in the development of the Airbus cockpit used a prototype of the tool concept to resolve a set of user interface design anomalies in the requirements specification. The results of the study are positive and indicate the user interface to requirements specification tools which user interface designers themselves need.     

MPGS: an interactive tool for the specification and generation ofmultimedia presentations

Multimedia presentations are composed of objects belonging to different data types such as video, audio, text and image. An important aspect is that, quite often, the user defining a presentation needs to express sophisticated temporal and spatial constraints among the objects composing the presentation. We present a system (called MPGS-Multimedia Presentation Generator System) which supports the specification of constraints among multimedia objects and the generation of multimedia presentations according to the specified constraints. The constraint model provided by MPGS is very flexible and powerful in terms of the kinds of object constraints it can represent. A large number of innovative features are supported including: asynchronous and simultaneous spatial constraints; components of interest and priority levels; motion functions. Obviously, the flexibility provided to the users requires the development of nontrivial techniques to check constraint consistency and to generate a presentation satisfying the specified constraints. We illustrate the solutions we have devised in the framework of MPGS     

Exploring students’ learning experience in an international online research seminar in the Synchronous Cyber Classroom

The development of computer-mediated communication enables teaching and learning to take place across geographical boundaries. An online synchronous learning environment with cyber face-to-face features affords students the sense of learning together online. This study reports a novel design of organizing a 16-week seminar for doctoral students across Canada, Italy, New Zealand, and Taiwan in the Synchronous Cyber Classroom, an online synchronous learning environment. Students’ learning experiences were explored from the perspective of students’ interactions with students, instructors, and the content, based on which the perception of being in a learning community was formed. This article reports how this international online research seminar was organized, how students’ learning experience was analyzed, and what we learned about students’ learning in this international online research seminar.     

Parallelising large irregular programs: an experience with Naira

Naira is a compiler for Haskell, written in Glasgow parallel Haskell. It exhibits modest, but irregular, parallelism that is determined by properties of the program being compiled, e.g. the complexity of the types and of the pattern matching. We report four experiments into Naira's parallel behaviour using a set of realistic inputs: namely the 18 Haskell modules of Naira itself. The issues investigated are:

• Does increasing input size improve sequential efficiency and speedup?

• To what extent do high communications latencies reduce average parallelism and speedup?

• Does migrating running threads between processors improve average parallelism and speedup at all latencies?