Polymorphic scenario-based specification models: semantics and applications

We present polymorphic scenarios, a generalization of a UML2-compliant variant of Damm and Harel??s live sequence charts (LSC) in the context of object-orientation. Polymorphic scenarios are visualized using (modal) sequence diagrams where lifelines may represent classes and interfaces rather than concrete objects. Their semantics takes advantage of inheritance and interface realization to allow the specification of most expressive, succinct, and reusable universal and existential inter-object scenarios for object-oriented system models. We motivate the use of polymorphic scenarios, formally define their trace-based semantics, and present their application for scenario-based testing and execution, as implemented in the S2A compiler developed at the Weizmann Institute of Science. We further discuss advanced semantic issues arising from the use of scenarios in a polymorphic setting, suggest possible extensions, present a UML profile to support polymorphic scenarios, consider the application of the polymorphic semantics to other variants of scenario-based specification languages, and position our work in the broader context of behavioral subtyping.     

Privately Finding Specifications

Buggy software is a reality and automated techniques for discovering bugs are highly desirable. A specification describes the correct behavior of a program. For example, a file must eventually be closed once it has been opened. Specifications are learned by finding patterns in normal program execution traces versus erroneous ones. With more traces, more specifications can be learned more accurately. By combining traces from multiple parties that possess distinct programs but use a common library, it is possible to obtain sufficiently many traces. However, obtaining traces from competing parties is problematic: By revealing traces, it may be possible to learn that one party writes buggier code than another. We present an algorithm by which mutually distrusting parties can work together to learn program specifications while preserving their privacy. We use a perturbation algorithm to obfuscate individual trace values while still allowing statistical trends to be mined from the data. Despite the noise introduced to safeguard privacy, empirical evidence suggests that our algorithm learns specifications that find 85 percent of the bugs that a no-privacy approach would find.     

Polynomial function intervals for floating-point software verification

The focus of our work is the verification of tight functional properties of numerical programs, such as showing that a floating-point implementation of Riemann integration computes a close approximation of the exact integral. Programmers and engineers writing such programs will benefit from verification tools that support an expressive specification language and that are highly automated. Our work provides a new method for verification of numerical software, supporting a substantially more expressive language for specifications than other publicly available automated tools. The additional expressivity in the specification language is provided by two constructs. First, the specification can feature inclusions between interval arithmetic expressions. Second, the integral operator from classical analysis can be used in the specifications, where the integration bounds can be arbitrary expressions over real variables. To support our claim of expressivity, we outline the verification of four example programs, including the integration example mentioned earlier. A key component of our method is an algorithm for proving numerical theorems. This algorithm is based on automatic polynomial approximation of non-linear real and real-interval functions defined by expressions. The PolyPaver tool is our implementation of the algorithm and its source code is publicly available. In this paper we report on experiments using PolyPaver that indicate that the additional expressivity does not come at a performance cost when comparing with other publicly available state-of-the-art provers. We also include a scalability study that explores the limits of PolyPaver in proving tight functional specifications of progressively larger randomly generated programs.     

Incremental mining of information interest for personalized web scanning

Businesses and people often organize their information of interest (IOI) into a hierarchy of folders (or categories). The personalized folder hierarchy provides a natural way for each of the users to manage and utilize his/her IOI (a folder corresponds to an interest type). Since the interest is relatively long-term, continuous web scanning is essential. It should be directed by precise and comprehensible specifications of the interest. A precise specification may direct the scanner to those spaces that deserve scanning, while a specification comprehensible to the user may facilitate manual refinement, and a specification comprehensible to information providers (e.g. Internet search engines) may facilitate the identification of proper seed sites to start scanning. However, expressing such specifications is quite difficult (and even implausible) for the user, since each interest type is often implicitly and collectively defined by the content (i.e. documents) of the corresponding folder, which may even evolve over time. In this paper, we present an incremental text mining technique to efficiently identify the user's current interest by mining the user's information folders. The specification mined for each interest type specifies the context of the interest type in conjunctive normal form, which is comprehensible to general users and information providers. The specification is also shown to be more precise in directing the scanner to those sites that are more likely to provide IOI. The user may thus maintain his/her folders and then constantly get IOI, without paying much attention to the difficult tasks of interest specification and seed identification.     

Synthesis from scenario-based specifications

We consider the problem of the automatic generation of reactive systems from specifications given in the scenario-based language of live sequence charts (LSCs). We start by extending the language so that it becomes more suitable for synthesis. We then translate a system specification given in the language into a two-player game between the system and the environment. By solving the game, we generate a winning strategy for the system, which corresponds to a correct implementation of the specification. We also define two notions of system correctness, and show how each can be synthesized.     

Invariant based programming: basic approach and teaching experiences

Program verification is usually done by adding specifications and invariants to the program and then proving that the verification conditions are all true. This makes program verification an alternative to or a complement to testing. We describe here another approach to program construction, which we refer to as invariant based programming, where we start by formulating the specifications and the internal loop invariants for the program, before we write the program code itself. The correctness of the code is then easy to check at the same time as one is constructing it. In this approach, program verification becomes a complement to coding rather than to testing. The purpose is to produce programs and software that are correct by construction. We present a new kind of diagrams, nested invariant diagrams, where program specifications and invariants (rather than the control) provide the main organizing structure. Nesting of invariants provide an extension hierarchy that allows us to express the invariants in a very compact manner. We have studied the feasibility of formulating specifications and loop invariants before the code itself has been written in a number of case studies. Our experience is that a systematic use of figures, in combination with a rough idea of the intended behavior of the algorithm, makes it rather straightforward to formulate the invariants needed for the program, to construct the code around these invariants and to check that the resulting program is indeed correct. We describe our experiences from using invariant based programming in practice, both from teaching programmers how to construct programs that they prove correct themselves, and from teaching invariant based programming for CS students in class. D. A. Duce, J. Oliveira, P. Boca and R. Boute     

Apriori算法在红外光谱数据挖掘中的应用

简要地介绍了在大规模数据库中挖掘关联规则的Apriori算法 ,给出了红外光谱数据库知识发现的空间表示方法 ,并根据红外光谱数据挖掘的特点改进了Apriori算法中支持度的计算与频繁集的确定过程 ,运用统计方法把挖掘结果形成可视的特征谱带 -化学基团规则式 ,通过具体的挖掘事例对挖掘结果进行分析与评价。挖掘出的规则式和波谱分析理论比较结果证明了挖掘结果的正确性 ,说明改进过的Apriori算法挖掘红外光谱数据库的有效性     

Integrating top-down and scenario-based methods for constructing software specifications

How to achieve a complete and consistent software specification by construction is an important issue for software quality assurance but still remains an open problem. The difficulty lies in the fact that the assurance of the completeness needs user’s judgments and the specification keeps changing as requirements analysis progresses. To allow the user to easily make such judgments and to reduce chances for creating inconsistencies due to frequent specification modifications, in this paper we describe an intuitive, formal, and expressive specification method that integrates top-down decompositional and scenario-based compositional methods. The decompositional method is used at an informal level with the goal of achieving a complete coverage of the user’s functional requirements, while the compositional method is used to precisely define the functionality of each scenario and to construct complex scenarios by composition of simple scenarios in a formal, intuitive language called SOFL. Combination of the decompositional and compositional processes can facilitate the analyst in completing a specification in a hierarchical structure. We present an example to illustrate how the integrated method is used in practice and describe a software support tool for the method.     

Timed Property Sequence Chart

Property Sequence Chart (PSC) is a novel scenario-based notation, which has been recently proposed to represent temporal properties of concurrent systems. This language balances expressive power and simplicity of use. However, the current version of PSC just represents the order of events and lacks the ability to express timing properties. In real-time systems, it is well known that these timing requirements are very important and need to be specified clearly. Thus, in this paper, we define timed PSC (TPSC) and give the semantics of TPSC in terms of Timed Büchi Automaton (TBA). Then, we measure the expressive power of TPSC based on the recently proposed real-time specification patterns. Finally, we illustrate the use of TPSC in the context of a web service application which requires timing requirements.     

A formal approach to scenario integration

The scenario technique is an interesting approach for eliciting requirements. A formal approach to scenario generation has made it even more attractive. The next logical step is to integrate several scenarios into one single, consistent, specification. In this work, a mixed approach, involving formal and informal steps is proposed for performing this task. The system's formal specification is expressed as a finite state machine. The specifications of two interacting scenarios are integrated in a procedure involving formal and informal steps. Then several algorithms based on the properties of the model, are applied to detect three classes of errors: mistakes made by the analyst during the informal steps of the integration, inconsistencies between the scenarios, and incompleteness of both scenarios. Each algorithm detects the corresponding specification errors and in addition, suggests the corrections to apply. The formal techniques applied in this work could be the basis of a CASE tool for scenario‐based requirements engineering.     

Automatically refining partial specifications for heap-manipulating programs

Automatically verifying heap-manipulating programs is a challenging task, especially when dealing with complex data structures with strong invariants, such as sorted lists and AVL/red–black trees. The verification process can greatly benefit from human assistance through specification annotations, but this process requires intellectual effort from users and is error-prone. In this paper, we propose a new approach to program verification that allows users to provide only partial specification to methods. Our approach will then refine the given annotation into a more complete specification by discovering missing constraints. The discovered constraints may involve both numerical and multi-set properties that could be later confirmed or revised by users. We further augment our approach by requiring partial specification to be given only for primary methods. Specifications for loops and auxiliary methods can then be systematically discovered by our augmented mechanism, with the help of information propagated from the primary methods. Our work is aimed at verifying beyond shape properties, with the eventual goal of analysing full functional properties for pointer-based data structures. Initial experiments have confirmed that we can automatically refine partial specifications with non-trivial constraints, thus making it easier for users to handle specifications with richer properties.     

模态顺序图uMSD 的形式语义

UML 2.0顺序图已广泛应用于业界,但其语义模糊,以至于不能有效地加以使用.模态顺序图(modal sequence diagram,简称MSD)是对UML 2.0顺序图的模态扩展,区分了强制场景(用universal MSD表示,简称uMSD)和可能场景(用existential MSD表示,简称eMSD).其中,uMSD具有较强的表达能力,能够用于表示并发系统的时态性质,故主要工作围绕uMSD展开.为了使uMSD用于形式化分析、验证和监控,给出基于自动机的uMSD语义解释,并给出各种操作符的算法,用性质规约模式度量uMSD的表达能力.最后进行了实例研究,并讨论了其应用前景.     

基于场景构件式实时软件设计的一致性检验

在复杂的实时软件系统中使用构件式设计方法,已成为目前软件工程中的研究热点.如何有效地验证实时软件的设计是否满足给定的时间规约,是实时计算领域中的主要挑战之一.通过在接口自动机模型中添加时间区间标记,来扩展其对实时系统接口行为的表达能力;使用实时接口自动机网络来描述实时软件系统的构件式设计模型;使用带布尔不等式时间约束的UML顺序图表示基于场景的需求规约,对系统设计阶段实时软件构件的动态行为进行形式化分析与检验.通过对实时接口自动机网络状态空间的分析,构造了其可兼容的整型状态等价类空间的可达图,并在此基础上给出了验证算法,以检验构件式实时软件系统的设计与带时间约束的场景式规约之间的一致性.     

Towards a formalism to produce a programmer assistant CASE tool

A weak specification method important to the area of computer-aided software engineering (CASE) is introduced. The specification language introduced does not require the specification of control flow information. When given a specification consisting of a formula characterizing input constraints of a function and a formula characterizing output constraints, it is possible to synthesize program functions. The synthesis algorithm is guaranteed to find all functions which satisfy the specification. It is shown that when the algorithm is applied to the specifications, it is capable of producing all program structures, including sequences, selections, and iterations. Therefore, the methodology provides for a formal foundation upon which a CASE programmer assistant tool can be built     

一种基于场景的嵌入式软件设计方法

UML顺序图是一种常用的在软件开发早期阶段用来描述系统基于场景的需求规约的一种可视化建模语言。通过在UML顺序图中加入带时间区间标志的时间约束,得到时间顺序图模板TSDT（Timed Sequence Diagram Template）,用来建立嵌入式软件基于场景的需求规约模型。对消息传递自动机进行实时扩展,得到时间消息传递自动机TMPA（Timed Message Passing Automata）,TMPA以自动机的形式刻画了所建立的需求规约模型,为在需求阶段验证所建立的模型是否满足用户需求奠定了基础。     

协议规范挖掘研究综述

针对网络安全领域中的协议规范挖掘问题,通过对近十年相关文献的研究,将此问题进行了规范的形式化定义,根据协议规范的作用域将其分为两个层面：报文内部的格式、语义规范挖掘与报文之间的协议行为规范挖掘。针对每个层面研究中涉及到的方法与技术,给出了概要的分析介绍、评价及应用场景。针对目前研究的不足与应用需求,对整个协议规范挖掘的研究趋势进行了展望。     

Algebraic–coalgebraic specification in CoCasl

We introduce CoCasl as a light-weight but expressive coalgebraic extension of the algebraic specification language Casl. CoCasl allows the nested combination of algebraic datatypes and coalgebraic process types. Moreover, it provides syntactic sugar for an observer-indexed modal logic that allows e.g. expressing fairness properties. This logic includes a generic definition of modal operators for observers with structured equational result types. We prove existence of final models for specifications in a format that allows the use of equationally specified initial datatypes as observations, as well as modal axioms. The use of CoCasl is illustrated by specifications of the process algebras CSP and CCS.     

First-order temporal pattern mining with regular expression constraints

Previous studies on mining sequential patterns have focused on temporal patterns specified by some form of propositional temporal logic. However, there are some interesting sequential patterns, such as the multi-sequential patterns, whose specification needs a more expressive formalism, the first-order temporal logic. Multi-sequential patterns appear in different application contexts, for instance in spatial census data mining, which is the target application of the study developed in this paper. We extend a well-known user-controlled tool, based on regular expressions constraints, to the multi-sequential pattern context. This specification tool enables the incorporation of user focus into the mining process. We present MSP-Miner, an Apriori-based algorithm to discover all frequent multi-sequential patterns satisfying a user-specified regular expression constraint.