Applying formal methods to standard development: The open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for ODP.     

Formal methods integration for the specification of dependable distributed systems

This paper describes a real-world case study in the specification and analysis of dependable distributed systems. The case study is an automated transport system with safety requirements. In order to manage the complexity of the problem of specifying the dynamic behavior of the whole system, a compositional approach is used, based on the integration of the trace logic of the Communicating Sequential Processes (CSP) theory, and stochastic Petri nets (SPNs). It is argued that the integration of different formal methods is a useful approach in the definition of practical engineering methodologies for the specification, design and analysis of complex dependable distributed systems.     

Formal timing analysis of distributed systems

Although a large number of formal methods have been reported in the literature, most of them are applicable only at the initial stages of software development. A major reason for this situation is that those formalisms lack expressiveness to describe the behavior of systems with respect to their underlying configurations. On the other hand, recent experience has shown that the complex nature of distributed systems is conveniently described, constructed and managed in terms of their configuration. In this context, with the twin objectives of accurately modelling the real-timed behavior of distributed systems and supporting the analysis of timing behavior with respect to their underlying configurations, we formulate a logic language called distributed logic (DL). DL is a first-order logic augmented with temporal and spatial modalities. The semantics of DL are based on ideas drawn from both the interleaving and partial order models. In addition to the syntax and semantics of the logic, a formal proof scheme for a distributed programming model is also presented. Finally, use of the proof method is illustrated through the analysis of the real-time properties of a sample problem.     

Object-Z: A specification language advocated for the description of standards

The importance of formalising the specification of standards has been recognised for a number of years. This paper advocates the use of the formal specification language Object-Z in the definition of standards. Object-Z is an extension to the Z language specifically to facilitate specification in an object-oriented style. First, the syntax and semantics of Object-Z are described informally. Then the use of Object-Z in formalising standards is demonstrated by presenting a case study based on the ODP Trader. Finally, a formal semantics is introduced that suggests an approach to the standardisation of Object-Z itself. Because standards are typically large complex systems, the extra structuring afforded by the Object-Z class construct and operation expressions enables the various hierarchical relationships and the communication between objects in a system to be succinctly specified.     

A model for specification and synchronization of data for distributed multimedia applications

As network technology provides the capability to handle multimedia traffic and the demand of multimedia services increases, protocols are required for effective communication of multimedia data in a distributed environment. Synchronization is one of the key issues in a multimedia system. Most of the current approaches do not support an integrated solution to the problem of synchronization. In this paper we propose a mechanism for synchronization of multimedia data in distributed environment where the accuracy of the protocol can be tailored to the application. The system model supports live and video-on-demand service. We present a scheme where the specification of the temporal requirements provided by the application can be directly mapped to obtain the information necessary to enforce the synchronization required. We present two examples of specifying the temporal requirements and process of obtaining the information and present performance results of our simulation studies.     

Integrating predicate transition nets with first order temporal logic in the specification and verification of concurrent systems

This paper presents some results of integrating predicate transition nets with first order temporal logic in the specification and verification of concurrent systems. The intention of this research is to use predicate transition nets as a specification method and to use first order temporal logic as a verification method so that their strengths — the easy comprehension of predicate transition nets and the reasoning power of first order temporal logic can be combined. In this paper, a theoretical relationship between the computation models of these two formalisms is presented; an algorithm for systematically translating a predicate transition net into a corresponding temporal logic system is outlined; and a special temporal refutation proof technique is proposed and illustrated in verifying various concurrent properties of the predicate transition net specification of the five dining philosophers problem.     

Formal specification and integration of distributed security policies

We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a denotational semantics that is a generic semantics, i.e., which is independent of any evaluation environment. We prove the completeness of SePL with respect to set theory. Furthermore, we provide a formalization of a large subset of the eXtensible Access Control Markup Language (XACML), which is the well-known standard informal specification language of Web security policies. We also provide a semantics for XACML policy combining algorithms.     

安全数据库顶层规范中SQL操作的形式化分析与验证

介绍了安全数据库形式化顸层规范,定义了顶层规范中SQL操作的描述,在此基础上给出简单SQL操作的定义,并对其进行分析验证,最后将一般SQL操作的分析验证转换为多个简单SQL操作的分析验证.验证过程表明,该方法既对SQL操作作了完整清晰的描述,又简化了证明.     

Formal models for the description of timed behaviors of multimedia and hypermedia distributed systems

This paper presents two modeling approaches that can be used as a formal basis for designing distributed multimedia and hypermedia systems. Using these approaches, users and designers are able to express formally their multimedia and hypermedia synchronization and time requirements. The two different models considered are Hierarchical Time Stream Petri Nets and RT-LOTOS. It will be shown that both models, starting from a different formal basis, are of interest as they possess complementary advantages and can then be used at different stages of the system life cycle. For instance, HTSPN provides an user-friendly graphical specification framework, whereas RT-LOTOS offers an extensive simulation and validation framework applicable to specifications derived from HTSPN.     

Formal test specifications in IEEE POSIX

The role of formal methods is examined in the context of the process of developing and adopting open standards. Against the broad backdrop of concerns for improving the quality of standards, issues of conformance assessment, test specification, and test methodology guidelines are considered. The experience gained from the attempts to formalize the test specifications for POSIX 2003.5 is presented as lessons learned. The tradeoffs associated with the various formal methods are considered in terms of the properties of common semantic model for assertions languages. The intent here is to collect the common features in a form that provides insights on issues such as encapsulation and inheritance of specifications, inter-operation semantics, state and control structures for assertions, and name space management conventions.     

Formal analysis of the Shlaer-Mellor method: Towards a toolkit of formal and informal requirements specification techniques

In this paper, we define a number of tools that we think belong to the core of any toolkit for requirements engineers. The tools are conceptual and hence, they need precise definitions that lay down as exactly as possible what their meaning and possible use is. We argue that this definition can best be achieved by a formal specification of the tool. This means that for each semi-formal requirements engineering tool we should provide a formal specification that precisely specifies its meaning. We argue that this mutually enhances the formal and semi-formal technique: it makes formal techniques more usable and, as we will argue, at the same time simplifies the diagram-based notations.At the same time, we believe that the tools of the requirements engineer should, where possible, resemble the familiar semi-formal specification techniques used in practice today. In order to achieve this, we should search existing requirements specification techniques to look for a common kernel of familiar semi-formal techniques and try to provide a formalisation for these.In this paper we illustrate this approach by a formal analysis of the Shlaer-Mellor method for object-oriented requirements specification. The formal specification language used in this analysis is LCM, a language based on dynamic logic, but similar results would have been achieved by means of another language. We analyse the techniques used in the information model, state model, process model and communication model of the Shlaer-Mellor method, identify ambiguities and redundancies, indicate how these can be eliminated and propose a formalisation of the result. We conclude with a listing of the tools extracted from the Shlaer-Mellor method that we can add to a toolkit that in addition contains LCM as formal specification technique.     

基于Z规格的UML模型形式化转换及验证

统一建模语言(UML)所建立的模型的正确性无法通过其本身进行形式化验证,为解决这个问题,根据UML模型的静态性质和动态模块行为两个方面提出结合形式化规格说明语言的模型形式化方案,以此为基础提出将UML目标模型转化为Z规格说明的形式化方法,并用Z-EVES工具形式化检测Z规格描述的正确性.通过实例分析验证了该方法的可行性.     

Transformation and exchange of multimedia objects in distributed multimedia systems

One of the challenges in the design of a distributed multimedia system is devising suitable specification models for various schemas in different levels of the system. Another important research issue is the integration and synchronization of heterogeneous multimedia objects. In this paper, we present our models for multimedia schemas and transformation algorithms. They transform high-level multimedia objects into schemas that can be used to support the presentation and communication of the multimedia objects. A key module in the system is the Object Exchange Manager (OEM). In this paper, we present the design and implementation of the OEM module, and discuss in detail the interaction between the OEM and other modules in a distributed multimedia system.     

Requirements specification of real-time systems: temporal parameters and timing-constraints

The development of high-quality real-time systems depends on their correct requirements specification, which includes the analysis and specification of timing issues. This paper focuses on requirements specification of real-time systems, presenting a set of temporal parameters and timing-constraints related to the execution of systems processes. Timing-constraints are expressed by formulas, being useful for defining, representing, and validating the system temporal behavior, particularly in hard real-time systems specifications. The primary contribution over previous studies is the proposal of a more generic and complete set of timing-constraints, applied to the area of requirements engineering for real-time systems, which has not been sufficiently explored.     

Design and verification of fault tolerant systems with CSP

Summary By means of an example, we present a formal method based on CSP to design fault tolerant systems. This method combines algebraic and assertional techniques to achieve complete formal verification of the fault tolerant system's correctness properties. Verification steps are executed in parallel with top-down design, so that correctness proofs can be clearly structured and their completeness easily checked. In this way formal verification is applicable not only to small examples but to reasonably large systems. Jan Peleska was born in 1958 in Hamburg, received his Diploma in Mathematics from the University of Hamburg in 1981 and a Ph.D. in Mathematics in 1982. From 1981 to 1984 he worked in research and software development projects in the field of accoustics. Since 1984 he has been working with Philips and DST in Kiel in the field of distributed information systems. Peleska's current research interests include fault tolerant systems, distributed database systems and formal design and verification methods.