Object oriented concepts identification from formal B specifications

This paper addresses the graphical representation of static aspects of B specifications, using UML class diagrams. These diagrams can help understand the specification for stakeholders who are not familiar with the B method, such as customers or certification authorities. The paper first discusses some rules for a preliminary derivation of a class diagram. It then studies the consistency of the concepts preliminarily identified from an object oriented point of view. A formal concept analysis technique is used to distinguish between consistent classes, attributes, associations and operations. The proposed technique is to incrementally add operations to the formal specification which automatically result in evolutions of the class diagram.     

Comparison of specification decomposition methods in Event-B

Decomposition is an important phase in the design of medium and large-scale systems. Various architectures of software systems and decomposition methods are studied in numerous publications. Presently, formal specifications of software systems are mainly used for experimental purposes; for this reason, their size and complexity are relatively low. As a result, in the development of a nontrivial specification, different approaches to the decomposition should be compared and the most suitable approach should be chosen. In this paper, the experience gained in the deductive verification of the formal specification of the mandatory entity-role model of access and information flows control in Linux (MROSL DP-model) using the formal Event-B method and stepwise refinement technique is analyzed. Two approaches to the refinementbased decomposition of specifications are compared and the sources and features of the complexity of the architecture of the model are investigated.     

Automated Prototyping of User Interfaces Based on UML Scenarios

User interface (UI) prototyping and scenario engineering have become popular techniques. Yet, the transition from scenario to formal specifications and the generation of UI code is still ill-defined and essentially a manual task, and the two techniques lack integration in the overall requirements engineering process. In this paper, we suggest an approach for requirements engineering that generates a user interface prototype from scenarios and yields a formal specification of the application. Scenarios are acquired in the form of collaboration diagrams as defined by the Unified Modeling Language (UML), and are enriched with user interface (UI) information. These diagrams are automatically transformed into UML Statechart specifications of the UI objects involved. From the set of obtained specifications, a UI prototype is generated that is embedded in a UI builder environment for further refinement. Based on end user feedback, the collaboration diagrams and the UI prototype may be iteratively refined, and the result of the overall process is a specification consisting of the Statechart diagrams of all the objects involved, together with the generated and refined prototype of the UI. The algorithms underlying this process have been implemented and exercised on a number of examples. This research was mainly conducted at University of Montreal, where the first two authors were PhD students and the third author a full-time faculty member. Funding was provided in part by FCAR (Fonds pour la formation des chercheurs et l'aide à la recherche au Québec) and by the SPOOL project organized by CSER (Consortium Software Engineering Research) which is funded by Bell Canada, NSERC (Natural Sciences and Research Council of Canada), and NRC (National Research Council Canada).     

Computing with words in formal methods

Formal methods are used to improve the quality of complex computer software by means of documenting system specifications in a precise and structured manner, the most popular specification language for formal methods is Z. However, based on classical set theory and classical logic, this mathematical language can only deal effectively with well‐defined problems. This is a disadvantage that classical set operators and classical predicate logic can offer to formal methods. In this paper, the theory of fuzzy information granulation is discussed with an attempt to build toward flexible formal software specifications in which many aspects of human reasoning and natural language can be effectively addressed in mathematical terms. In other words, the tolerance of imprecision necessarily required in many real‐life software systems can be represented in the clear and structured mathematics of the fuzzy information granulation theory within the extended framework of formal methods. © 2000 John Wiley & Sons, Inc.     

Computer-aided discovery of formal specification behavioral requirements and requirement to implementation mappings

This paper presents two computer-aided techniques for discovering formal specification behavioral requirements and for mapping components and methods within an implementation to their driving requirements. The first technique is an informal technique while the second technique is formal. The first technique uses a system reference model abstraction and a set of existing formal specifications to discover implementation components that are not well covered by the formal specification set. This technique also provides a mapping between requirements and code segments driven by those requirements. The second technique uses a bounded constraint solver to match a set of tests with a generic formal specification taken from a small library.     

From a B formal specification to an executable code: application to the relational database domain

This paper presents a formal approach for the development of trustworthy database applications. This approach consists of three complementary steps. Designers start by modeling applications using UML diagrams dedicated to database applications domain. These diagrams are then automatically translated into B specifications suitable not only for reasoning about data integrity checking but also for the derivation of trustworthy implementations. In this paper, we present a process based on the B refinement technique for the derivation of a SQL relational implementation, embedded in the JAVA language (JAVA/SQL), from a B specification obtained by the first translation phase.     

Dynamic graphical UML views from formal B specifications

This paper addresses the graphical representation of the behaviour of B specifications, using state transition diagrams. These diagrams can help understand the specification for stakeholders who are not familiar with the B method, such as customers or certification authorities. The paper first discusses the principles of the graphical representation on a deterministic example, featuring a small set of states. It then discusses the representation of specifications which feature a large or infinite set of states, or which are non-deterministic. Abstraction techniques are used to overcome these difficulties. They result in a variety of possible representations. Finally, three techniques, based on animation and proof, are presented to help construct the diagrams.     

基于设计演算的形式化用例分析建模框架

提出一种形式化用例分析建模框架,引入类图、用例顺序图、用例状态图、功能规约函数和系统不变式从多个角度为需求建模.通过定义这些视图的形式化语义,为需求的各个方面定义了准确的形式化描述.利用该框架,可以从方法的交互行为规约和功能规约合成描述方法全部行为的全规约;也可以定义用例模型的性质,并通过设计演算中的证明来分析验证这些性质.作为应用,研究了检查用例模型一致性的规则.给出一个实例说明建模框架的可行性.     

User interface specification with sequence diagrams: an application to the AIRBUS A380 Datalink system

The development of user interfaces for safety critical systems is driven by requirements specifications. Because user interface specifications are typically embedded within complex systems requirements specifications, they can be intractable to manage. Proprietary requirements specification tools do not support the user interface designer in modelling and specifying the user interface. In this paper, a new way of working with embedded user interface specifications is proposed, exploiting sequence diagrams with a hypertext structure for representing and retrieving use cases. This new tool concept is assessed through an application to the requirements specification for the Airbus A380 air traffic control Datalink system; engineers involved in the development of the Airbus cockpit used a prototype of the tool concept to resolve a set of user interface design anomalies in the requirements specification. The results of the study are positive and indicate the user interface to requirements specification tools which user interface designers themselves need.     

A Formal and Tool-Equipped Approach for the Integration of State Diagrams and Formal Datatypes

Separation of concerns or aspects is a way to deal with the increasing complexity of systems. The separate design of models for different aspects also promotes a better reusability level. However, an important issue is then to define means to integrate them into a global model. We present a formal and tool-equipped approach for the integration of dynamic models (behaviors expressed using state diagrams) and static models (formal data types) with the benefit to share advantages of both: graphical user-friendly models for behaviors, formal and abstract models for data types. Integration is achieved in a generic way so that it can deal with both different static specification languages (algebraic specifications, Z, B) and different dynamic specification semantics     

Specification of realtime systems using ASTRAL

ASTRAL is a formal specification language for real-time systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A real-time system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL's design. ASTRAL's specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications     

Towards formal open standards: formalizing a standard’s requirements

Open standardization seems to be very popular among software developers as it simplifies the standard’s adoption by the software engineering. Formal specification methods, while very promising, are being adopted slowly as the industry seems to have little motivation to move into this territory. In this paper the authors present (1) the idea of applying formal specification techniques to open standards’ specifications, and (2) an example of a formal specification of the Rich Site Summary (RSS) v2.0 open standard. The authors provide evidence for the advantages of the open standards formal specification over natural language documentations: formal specifications are more concise, less ambiguous, more complete with respect to the original documentation and, when using certain kinds of specification languages, executable and reusable as they support module inheritance. The merging of formal specification methods and open standards allows (1) a more concrete standard design; (2) an improved understanding of the environment under design; (3) an enforced certain level of precision into the specification, and also (4) provides software engineers with extended property checking/verification capabilities, especially if they opt to use any algebraic specification language. The authors showcase how the RSS standard can be formally specified using an algebraic specification language and demonstrate how can that be beneficial.     

航空机载嵌入式控制软件需求建模的形式化工程方法

嵌入式控制软件是现代航空飞行器的核心部件之一。构建软件需求的形式化规约精确地刻画人们对软件期望的功能和运行场景,是确保此类安全攸关软件质量的根本途径。在工业界,形式化需求建模的大规模应用尽管有成功的案例,但仍面临众多的困难。其根本性难点在于缺少一种系统化的工程方法来引导工业界软件实践者,从原始需求开始最终完成形式化需求规约,并能确认该规约真实、充分地反映了人们对软件期望的功能。针对上述挑战,提出了一种面向机载控制软件需求建模的形式化工程方法ACSDL-MV,以形式化方法为理论基础,结合软件需求工程的基本原理,引导工程人员从原始需求出发以演化式的过程逐步完成需求规约的构建;定制了航空控制软件的形式化描述语言ACSDL,用以构建形式化规约;为了确认软件需求规约准确、充分地描述了人们对软件期望的功能,该方法给出了基于图形的静态审查和基于模型的动态模拟技术。在航空发动机公司中的实验结果表明,该方法相比传统方法探测到了更多的潜在错误。     

A decomposition of a formal specification: an improvedconstraint-oriented method

In this paper, the authors propose a decomposition method for a formal specification that divides the specification into two subspecifications composed by a parallel operator. To make these specification behaviors equivalent before and after decomposition, the method automatically synthesizes an additional control specification, which contains the synchronization information of the decomposed subspecifications. The authors prove that a parallel composition of the decomposed subspecifications synchronized with the control specification is strongly equivalent with the original (monolithic) specification. The authors also write formal specifications of the OSI application layer's association-control service and decompose it using their method as an example of decomposition of a practical specification. Their decomposition method can be applied to top-down system development based on stepwise refinement     

Formal Verification of `Programming to Interfaces' Programs

This paper presents a formal approach to specify and verify object-oriented programs written in the `programming to interfaces'' paradigm. In this approach, besides the methods to be invoked by its clients, an interface also declares a set of abstract and polymorphic function/predicate symbols, together with a set of constraints about these symbols. The methods declared in this interface are specified using these abstract symbols. A class implementing this interface can give its own definitions to the abstract symbols, as long as all the constraints are satisfied. This class implements all the methods declared in the interface such that the method specification declared in the interface are satisfied w.r.t. the function symbol definitions in this class. Based on the constraints about the abstract symbols, client code using the interfaces can be specified and verified precisely without knowing what classes implement the interfaces. Given more information about the implementing classes, the specifications of the client code can be specialized into more precise ones without re-verifying the client code.     

Reusing analogous components

Using formal specifications to represent software components facilitates the determination of reusability because they more precisely characterize the functionality of the software, and the well-defined syntax makes processing amenable to automation. This paper presents an approach, based on formal methods, to the search, retrieval, and modification of reusable software components. From a two-tiered hierarchy of reusable software components, the existing components that are analogous to the query specification are retrieved from the hierarchy. The specification for an analogous retrieved component is compared to the query specification to determine what changes need to be applied to the corresponding program component in order to make it satisfy the query specification     

Specifications are necessarily informal or: Some more myths of formal methods

We reconsider the concept of specification in order to bring new insights into the debate of formal versus non-formal methods in computer science. In our view, the correctness of a useful program corresponds to an objective fact, which must have a simple, precise, and understandable formulation. As a consequence, a specification can (and must) only make precise the link existing between the program (formality) and its purpose (informality). Moreover, program correctness can be argued only by means of non-formal reasonings, which should be as explicit as possible. This allows us to explain why specifications cannot be written in a strictly formal language. Our view of specifications does not imply a rejection of all ideas put forward in the literature on formal methods. On the contrary, we agree with the proponents of formal methods on most of their arguments, except on those following from the assumption that specifications could (or should) be formal. Finally, we examine why the role and nature of specifications are so often misunderstood.