基于形式化描述测试用例生成的研究与实现

根据高安全系统实现和评估的需要,提出基于形式化Z描述的测试用例生成方法,并据此实现了测试用例自动生成工具,可进行符合更改条件/判定覆盖准则的测试用例生成,以解决生成测试用例数量与质量间的取舍问题。与相关工作相比,可以降低形式化描述的要求,减少人工参与的成分,提高测试用例生成的有效性和效率。     

Testing real-time systems from compositional symbolic specifications

International Journal on Software Tools for Technology Transfer - Symbolic models for testing real-time systems that abstract both data and time have been investigated. The goal is to address the...     

On the completeness of SLDENF-resolution

SLDENF-resolution combines the negation-as-failure principle for logic programs involving negation, and SLDE-resolution for logic programs with an underlying equational theory. Recently, J. Shepherdson proved the soundness of this resolution principle wrt. an extended completion semantics. In this note, we investigate the particular problems of obtaining completeness which are caused by adding equational theories. As a concrete result we show to what extent the classical result for hierarchical and allowed nonequational programs can be generalized.     

On the B-splines effective completeness

Effective completeness of B-splines, defined as the capability of approaching completeness without compromising the positive definite character of the corresponding superposition matrix, is investigated. A general result on the limit solution of the spectrum of B-splines superposition matrices has been obtained for a large class of knots grids. The result has been tested on finite-dimensional cases using both constant and random knots spacings (uniform distribution in [0,1]). The eigenvalue distribution for random spacings is found not to exhibit any large deviation from that for constant spacings. As an example of system which takes huge advantage of a non-uniform grid of knots, we have computed few hundreds of hydrogen Rydberg states obtaining accuracy comparable to the machine accuracy. The obtained results give solid ground to the recognized efficiency and accuracy of the B-spline sets when used in atomic physics calculations.     

Verifier提高验证完备性

随着集成电路设计技术的不断发展,电路设计中经常出现一些问题。因此,设计验证技术成为了电路设计中不可或缺的部分。如何提高验证完备性,是验证技术的难题之一。本文介绍了Cadence最新发布的适用于模拟设计的ADE Verifier的工具使用流程,以及根据海思业务需求定制的使用方法。该工具整合了验证工具ADE Explorer和ADE Assembler的特性,完善了模拟电路设计验证流程,解决了模拟设计验证完备性中的问题。     

On the completeness of incidence calculus

Incidence calculus is a mechanism for uncertain reasoning originally introduced by Bundy. He suggested a set of inference rules for deriving new incidence bounds from a given set of lower and upper bounds of some propositions. However, it is important to demonstrate that the inference axioms are complete in any axiomatization. It is proved in this paper that inference rules used by Bundy are indeed complete.     

Deriving protocol specifications from service specifications written in LOTOS

Summary.  A complete communication system is broken down into a number of protocol layers each of which provides services to the layer above it and uses services provided by its underlying layer. A service specification defines a particular ordering of the operations that a given layer provides to the layer above it. The active elements in each layer are called entities and they use a protocol in order to implement their service definition. On the basis of this relation between the service and protocol concepts we have developed algorithms for deriving protocol entity specifications from a formal service specification. The derived protocol entities ensure the correct ordering of the service primitives by exchanging synchronization messages through an underlying communication medium. This paper presents an extended version of our earlier derivation algorithms. This version of the algorithm can handle all operators and unrestricted process invocation and recursion as defined by basis LOTOS. The correctness of this derivation algorithm is formally proved. Received: January 1992 / Accepted: February 1996     

Generic case completeness

In this note we introduce a notion of a generically (strongly generically) NP-complete problem and show that the randomized bounded version of the halting problem is strongly generically NP-complete.     

On the algebra of structured specifications

We develop module algebra for structured specifications with model oriented denotations. Our work extends the existing theory with specification building operators for non-protecting importation modes and with new algebraic rules (most notably for initial semantics) and upgrades the pushout-style semantics of parameterized modules to capture the (possible) sharing between the body of the parameterized modules and the instances of the parameters. We specify a set of sufficient abstract conditions, smoothly satisfied in the actual situations, and prove the isomorphism between the parallel and the serial instantiation of multiple parameters. Our module algebra development is done at the level of abstract institutions, which means that our results are very general and directly applicable to a wide variety of specification and programming formalisms that are rigorously based upon some logical system.     

Linear transformations and the preservation of completeness

This paper considers the problem of transformation of functions in L2by linear time-invariant causal systems and the conditions under which this transformation preserves the completeness of sets in L2. The problem is of practical importance in system identification. Two easily applied sufficient conditions are presented.     

Crypt-equivalent algebraic specifications

Summary Equivalence is a fundamental notion for the semantic analysis of algebraic specifications. In this paper the notion of crypt-equivalence is introduced and studied w.r.t. two loose approaches to the semantics of an algebraic specification T: the class of all first-order models of T and the class of all term-generated models of T. Two specifications are called crypt-equivalent if for one specification there exists a predicate logic formula which implicitly defines an expansion (by new functions) of every model of that specification in such a way that the expansion (after forgetting unnecessary functions) is homologous to a model of the other specification, and if vice versa there exists another predicate logic formula with the same properties for the other specification. We speak of first-order crypt-equivalence if this holds for all first-order models, and of inductive crypt-equivalence if this holds for all term-generated models. Characterizations and structural properties of these notions are studied. In particular, it is shown that first order crypt-equivalence is equivalent to the existence of explicit definitions and that in case of positive definability two first-order crypt-equivalent specifications admit the same categories of models and homomorphisms. Similarly, two specifications which are inductively crypt-equivalent via sufficiently complete implicit definitions determine the same associated categories. Moreover, crypt-equivalence is compared with other notions of equivalence for algebraic specifications: in particular, it is shown that first-order cryptequivalence is strictly coarser than abstract semantic equivalence and that inductive crypt-equivalence is strictly finer than inductive simulation equivalence and implementation equivalence.     

Assessment of safety-critical specifications

Formal methods can reduce the ambiguity in specifications and provide a basis for verification later on-especially important for safety-critical systems. The author compares specifications in the software cost reduction method and in the Vienna Definition Method for a safety-critical system and identifies several key assessment issues: understandability, assessment criteria, and semantic capabilities     

Animation of requirements specifications

Requirements analysis has been recognized as one of the most critical and difficult tasks in software engineering. The need for tool support is essential. This paper reports some work done to provide such support for interpretation and validation of requirements specifications by animation. The Animator provides facilities for the selection and execution of a transaction to reflect the specified behaviour of a particular scenario specified in the requirements specification. Actions are described in terms of input-output mappings and or functions with pattern matching. Simple rules can be specified to control the triggering of actions. In addition, facilities are provided to replay and interact with transactions. User interaction during animation includes the ability to change data values or role play selected actions as desired. A full graphical interface is supported. The approach has been tested by the provision of an Animator for the requirements analysis method CORE and an associated ‘Analyst Workstation’. Animation has been tested on a number of small examples and a major case study. This paper describes the Animator, justifies the approach taken and discusses experience and future work.     

Crypt-equivalent algebraic specifications

Summary Equivalence is a fundamental notion for the semantic analysis of algebraic specifications. In this paper the notion of “crypt-equivalence” is introduced and studied w.r.t. two “loose” approaches to the semantics of an algebraic specificationT: the class of all first-order models ofT and the class of all term-generated models ofT. Two specifications are called crypt-equivalent if for one specification there exists a predicate logic formula which implicitly defines an expansion (by new functions) of every model of that specification in such a way that the expansion (after forgetting unnecessary functions) is homologous to a model of the other specification, and if vice versa there exists another predicate logic formula with the same properties for the other specification. We speak of “first-order crypt-equivalence” if this holds for all first-order models, and of “inductive crypt-equivalence” if this holds for all term-generated models. Characterizations and structural properties of these notions are studied. In particular, it is shown that firstorder crypt-equivalence is equivalent to the existence of explicit definitions and that in case of “positive definability” two first-order crypt-equivalent specifications admit the same categories of models and homomorphisms. Similarly, two specifications which are inductively crypt-equivalent via sufficiently complete implicit definitions determine the same associated categories. Moreover, crypt-equivalence is compared with other notions of equivalence for algebraic specifications: in particular, it is shown that first-order cryptequivalence is strictly coarser than “abstract semantic equivalence” and that inductive crypt-equivalence is strictly finer than “inductive simulation equivalence” and “implementation equivalence”.