6,660 results on '"Formal specification"'
Search Results
202. A Software Development Model for the Automatic Generation of Classes
- Author
-
Nancy Zambrano and Eugenio Scalise
- Subjects
Theoretical computer science ,automatic construction of programs ,Computer science ,Programming language ,B-Method ,Algebraic specification ,General Medicine ,Specification language ,formal specifications ,computer.software_genre ,Formal methods ,Data type ,lcsh:QA75.5-76.95 ,Language Of Temporal Ordering Specification ,software development model based on transformations ,data type ,Formal specification ,Programming language specification ,Computer Science::Programming Languages ,lcsh:Electronic computers. Computer science ,class specifications ,computer ,algebraic specifications - Abstract
In this paper it is presented a software development model based on transformations that allows to derive, in an automatic way, classes in object-oriented programming languages (Ada 95, C++, Eiffel and Java) starting from formal specifications. The set of transformations that conforms the software development model are a systematic steps, which starts from the algebraic specification of a type. This algebraic specification describes the abstract behavior of a type (type of interest) by means of other type, previously specified and implemented (representation type). In a progressive way, the transformations steps allow get a program (class) nearby to the initial specification (type of interest). These transformations obtain -in the first step- an intermediate specification (class specification) that it describes the operations of the type of interest by means of pre and post-conditions. Then, the intermediate specification is used to obtain imperative code in language-independent notation (pseudo-class); and finally the pseudo-class is transformed to any object- oriented programming language for which it has been defined transformations.
- Published
- 2018
203. Formalized structured analysis specifications
- Author
-
David L. Coleman
- Subjects
Structured analysis ,Denotational semantics ,Interpretation (logic) ,Computer science ,Programming language ,Formal specification ,Deadlock ,Formal methods ,computer.software_genre ,computer ,Operational semantics ,Syntax (logic) - Abstract
Specifications define systems. The definition of a system can be stated casually or formally. A formal specification is a mathematically precise definition of software functionality. Informal specifications are less precise definitions of software functionality. The benefits of formal specifications are clear. Arguments against the use of formal specifications have been refuted. Several formal specification techniques are available for specifying imperative programs, e.g., Z, VDM, and SPECS. Most specification techniques for distributed/concurrent systems concentrate on low level issues, e.g., deadlock and synchronization. Structured Analysis (SA) specifications are a popular informal specification technique, but they lack a rigorous mathematical semantics. SA specifications are based on a graphical syntax with little underlying formal structure. In this thesis, we identify and formalize those underlying structures that are represented informally, provide a formal definition of a SA specification, develop formal interpretations for those components of SA specifications that are subject to varying interpretation, and define an operational semantics for animating SA specifications. The resulting formalized SA specifications are mathematically precise and can be used to specify distributed/concurrent systems.
- Published
- 2018
204. The Class Validation System
- Author
-
Albert L. Baker and Marybeth Gurski
- Subjects
Class (computer programming) ,Iterative and incremental development ,Correctness ,Test case ,Computer science ,Programming language ,Formal specification ,Component-based software engineering ,computer.software_genre ,Implementation ,computer ,Test (assessment) - Abstract
Formal model-based specifications provide precise descriptions of the behavior of software components. These formal specifications are written using pre- and post-condition assertions. They can serve as a basis for formally verifying the correctness of an implementation. But a formal specification is really only useful when it captures the desired functionality. How can the specifier be confident that the specification is correct? The Abstract Test Tool supports the direct execution of C++ class specifications through the incremental development and automated generation of abstract test cases and the display of abstract results—both in terms of the abstract model used in the specification. The Class Validation System builds upon the Abstract Test Tool to support the automated and extensive testing of C++ class implementations. The Class Validation System provides a potentially one-to-many mapping from abstract test cases to implementation test cases. The results of executing the implementation are automatically compared to the results of executing the specification by mapping the implementation results to the abstract model. Thus, the Class Validation System supports fully automated implementation testing.
- Published
- 2018
205. On the execution of high level formal specifications
- Author
-
Timothy Allen Wahls
- Subjects
Computer science ,Programming language ,business.industry ,Specifier ,Software development ,computer.file_format ,computer.software_genre ,First-order logic ,Formal specification ,Constraint logic programming ,Executable ,business ,Implementation ,computer ,Abstraction (linguistics) - Abstract
Executable specifications can serve as prototypes of the specified system and as oracles for automated testing of implementations, and so are more useful than non-executable specifications. Executable specifications can also be debugged in much the same way as programs, allowing errors to be detected and corrected at the specification level rather than in later stages of software development. However, existing executable specification languages often force the specifier to work at a low level of abstraction, which negates many of the advantages of non-executable specifications. This dissertation shows how to execute specifications written at a level of abstraction comparable to that found in specifications written in non-executable specification languages. The key innovation is an algorithm for evaluating and satisfying first order predicate logic assertions written over abstract model types. This is important because many specification languages use such assertions. Some of the features of this algorithm were inspired by techniques from constraint logic programming.
- Published
- 2018
206. From Object-Z Specification to Groovy Implementation
- Author
-
Eslam Nazemi, Farzin Zaker, and Hassan Haghighi
- Subjects
Class (computer programming) ,Object-oriented programming ,Programming language ,Computer science ,Multiple inheritance ,General Engineering ,Construct (python library) ,computer.file_format ,computer.software_genre ,Formal specification ,Object-Z ,Executable ,computer ,Natural language - Abstract
So far, valuable researches have been conducted on mapping object-oriented specification notations, such as Object-Z, to different object-oriented programming languages, such as C++. However, the results of selecting JVM-based programming languages for mapping have not covered most of basic Object-Z structures. In this paper, the Groovy language, as a dynamic JVM-based language, is selected to overcome some of the existing limitations. As the main contribution, the rules required for mapping Object-Z specifications to executable Groovy code are introduced. The proposed rules cover notions such as multiple inheritance, inverse specification of functions, functions defined on generic definitions, and free type constructors. These notions have not been covered in previous methods for formal program development from object-oriented specifications, regardless of the selected formal specification language and target programming language. In addition, in this paper, the parallel composition construct is mapped to a parallel, executable code to improve the faithfulness of the final code to the initial specification. We also introduce a mapping rule for the class union construct, which has not yet been provided for any JVM-based language. Unlike previous works, instead of presenting the mapping rules in terms of natural languages, we present them in terms of some formal mapping rules.
- Published
- 2018
207. A Comparison of the Declarative Modelling Languages B, Dash, and TLA+
- Author
-
Jose Serna, Amin Bandali, Ali Abbassi, and Nancy A. Day
- Subjects
Model checking ,Object-oriented programming ,Rule-based machine translation ,Relation (database) ,Semantics (computer science) ,Computer science ,Programming language ,Formal specification ,Transition system ,computer.software_genre ,Formal verification ,computer - Abstract
Declarative behavioural modelling is a powerful modelling paradigm that enables users to model system functionality abstractly and concisely. We compare two well-used formal declarative modelling languages, B and TLA+, with a new modelling language called Dash. Dash is an extension of Alloy with explicit syntactic constructs for modelling transition systems, and it includes control state hierarchy and events. Particular topics that we cover in our comparison are: differences in the datatypes and type systems; how the transitions/operations can be described; how the transition relation is a combination of the transitions; and the default choice each language makes regarding permitted variable changes in a transition. Our goal is to discuss the interesting differentiating characteristics of each language to aid users in determining which language is the most suitable for their system.
- Published
- 2018
208. Modelling and Testing Requirements via Executable Abstract State Machines
- Author
-
Chen-Wei Wang and Jonathan S. Ostroff
- Subjects
Finite-state machine ,Computer science ,Programming language ,business.industry ,computer.file_format ,Eiffel ,computer.software_genre ,Software ,Unified Modeling Language ,Formal specification ,Abstract state machines ,Executable ,User interface ,business ,computer ,computer.programming_language - Abstract
We describe a method and tools for deriving specification models from requirements, and for validating that the final software product satisfies the requirements. ETF (Eiffel Testing Framework) is a tool for generating code from an abstract grammar specification of user interface actions derived from the requirements document. Mathmodels extends the classical Eiffel contracting notation with the use of mathematical models (based on sets, sequences, relations, functions, bags). The Mathmodels library has immutable queries (for specifications) as well as relatively efficient mutable commands (for describing executable abstract state machines). Models are developed and validated using the industrial strength Eiffel IDE, and the use of these tools thus scale up to the development of large systems in a way that supports the derivation of specification models from requirements, and seamlessness between models and code.
- Published
- 2018
209. Translating code comments to procedure specifications
- Author
-
Konstantin Kuznetsov, Michael D. Ernst, Alberto Goffi, Sergio Delgado Castellanos, Arianna Blasi, Mauro Pezzè, and Alessandra Gorla
- Subjects
Java ,Computer science ,Programming language ,business.industry ,Software development ,020207 software engineering ,Javadoc ,02 engineering and technology ,computer.file_format ,computer.software_genre ,Test case ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Executable ,business ,computer ,Natural language ,Semantic matching ,computer.programming_language - Abstract
Procedure specifications are useful in many software development tasks. As one example, in automatic test case generation they can guide testing, act as test oracles able to reveal bugs, and identify illegal inputs. Whereas formal specifications are seldom available in practice, it is standard practice for developers to document their code with semi-structured comments. These comments express the procedure specification with a mix of predefined tags and natural language. This paper presents Jdoctor, an approach that combines pattern, lexical, and semantic matching to translate Javadoc comments into executable procedure specifications written as Java expressions. In an empirical evaluation, Jdoctor achieved precision of 92% and recall of 83% in translating Javadoc into procedure specifications. We also supplied the Jdoctor-derived specifications to an automated test case generation tool, Randoop. The specifications enabled Randoop to generate test cases of higher quality.
- Published
- 2018
210. Towards Certified Meta-Programming with Typed Template-Coq
- Author
-
Nicolas Tabareau, Abhishek Anand, Cyril Cohen, Matthieu Sozeau, Simon Boulier, Cornell University [New York], Gallinette : vers une nouvelle génération d'assistant à la preuve (GALLINETTE), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire des Sciences du Numérique de Nantes (LS2N), IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Nantes - UFR des Sciences et des Techniques (UN UFR ST), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS), Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Design, study and implementation of languages for proofs and programs (PI.R2), Université Paris Diderot - Paris 7 (UPD7)-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique Fondamentale (IRIF (UMR_8243)), Université Paris Diderot - Paris 7 (UPD7)-Centre National de la Recherche Scientifique (CNRS)-Université Paris Diderot - Paris 7 (UPD7)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Département Automatique, Productique et Informatique (IMT Atlantique - DAPI), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), This work is supported by the CoqHoTT ERC Grant 64399 and the NSF grants CCF-1407794, CCF-1521602, and CCF-1646417., European Project: 637339,H2020 ERC,ERC-2014-STG,CoqHoTT(2015), Cornell University, GALLINETTE ( GALLINETTE ), Laboratoire des Sciences du Numérique de Nantes ( LS2N ), Université de Nantes ( UN ) -École Centrale de Nantes ( ECN ) -Centre National de la Recherche Scientifique ( CNRS ) -IMT Atlantique Bretagne-Pays de la Loire ( IMT Atlantique ) -Université de Nantes ( UN ) -École Centrale de Nantes ( ECN ) -Centre National de la Recherche Scientifique ( CNRS ) -IMT Atlantique Bretagne-Pays de la Loire ( IMT Atlantique ) -Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique ( Inria ) -Institut National de Recherche en Informatique et en Automatique ( Inria ), Mathematical, Reasoning and Software ( MARELLE ), Inria Sophia Antipolis - Méditerranée ( CRISAM ), Design, study and implementation of languages for proofs and programs ( PI.R2 ), Preuves, Programmes et Systèmes ( PPS ), Université Paris Diderot - Paris 7 ( UPD7 ) -Centre National de la Recherche Scientifique ( CNRS ) -Université Paris Diderot - Paris 7 ( UPD7 ) -Centre National de la Recherche Scientifique ( CNRS ) -Centre National de la Recherche Scientifique ( CNRS ) -Inria de Paris, European Project : 637339,H2020 ERC,ERC-2014-STG,CoqHoTT ( 2015 ), Gallinette : vers une nouvelle génération d'assistant à la preuve (LS2N - équipe GALLINETTE), Université de Nantes - UFR des Sciences et des Techniques (UN UFR ST), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), IMT Atlantique (IMT Atlantique), Université de Nantes - Faculté des Sciences et des Techniques, and Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Nantes - Faculté des Sciences et des Techniques
- Subjects
Correctness ,[INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] ,Syntax (programming languages) ,Semantics (computer science) ,Computer science ,Programming language ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Metaprogramming ,Operational semantics ,Type theory ,TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES ,Formal specification ,[ INFO.INFO-PL ] Computer Science [cs]/Programming Languages [cs.PL] ,TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Parametricity ,computer - Abstract
International audience; Template-Coq is a plugin for Coq, originally implemented by Malecha, which provides a reifier for Coq terms and global declarations , as represented in the Coq kernel, as well as a denotation command. Initially, it was developed for the purpose of writing functions on Coq's AST in Gallina. Recently, it was used in the CertiCoq certified compiler project, as its front-end language, to derive parametricity properties, and to extract Coq terms to a CBV λ-calculus. However, the syntax lacked semantics, be it typing semantics or operational semantics, which should reflect, as formal specifications in Coq, the semantics of Coq's type theory itself. The tool was also rather bare bones, providing only rudimentary quoting and unquoting commands. We generalize it to handle the entire Calculus of Inductive Constructions (CIC), as implemented by Coq, including the kernel's declaration structures for definitions and inductives, and implement a monad for general manipulation of Coq's logical environment. We demonstrate how this setup allows Coq users to define many kinds of general purpose plugins, whose correctness can be readily proved in the system itself, and that can be run efficiently after extraction. We give a few examples of implemented plugins, including a parametricity translation. We also advocate the use of Template-Coq as a foundation for higher-level tools.
- Published
- 2018
211. Reo2PVS: Formal Specification and Verification of Component Connectors
- Author
-
M. Saqib Nawaz and Meng Sun
- Subjects
Computer science ,Programming language ,Component (UML) ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,020206 networking & telecommunications ,020201 artificial intelligence & image processing ,02 engineering and technology ,computer.software_genre ,computer - Published
- 2018
212. A Graph Transformation Approach to Generate Analysable Maude Specifications from UML Interaction Overview Diagrams
- Author
-
Chafika Djaoui, Elhillali Kerkouche, Khaled Khalfaoui, and Allaoua Chaoui
- Subjects
Graph rewriting ,Modeling language ,Semantics (computer science) ,Computer science ,Programming language ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Metamodeling ,Unified Modeling Language ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Rewriting ,Formal verification ,computer ,computer.programming_language - Abstract
Unified modeling language (UML) is a standardized modeling language enabling to specify, construct and document artifacts of a software system based on graphical notations. However, UML lacks a firm semantics which reduces the quality of system models produced and leads to difficulties in automatic analysis and verification. In this paper, we propose an automatic translation from UML 2.0 Interaction Overview Diagrams (IOD) into Maude rewriting logic Language. Maude is used as a formal notation for specifying models and their firm semantics make models analysis and simulation easier. The approach is based on Graph Transformation and the Meta-Modeling tool AToM3 is used. The approach is illustrated through an example.
- Published
- 2018
213. Strong Security Guarantees: From Alloy to Coq (Research Poster)
- Author
-
Salwa Souaf, Frédéric Loulergue, Northern Arizona University [Flagstaff], Laboratoire d'Informatique Fondamentale d'Orléans (LIFO), Institut National des Sciences Appliquées - Centre Val de Loire (INSA CVL), and Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université d'Orléans (UO)
- Subjects
[INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] ,Computer science ,Programming language ,business.industry ,HOL ,Cloud computing ,Context (language use) ,02 engineering and technology ,Formal methods ,Supercomputer ,computer.software_genre ,Range (mathematics) ,TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES ,TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Virtual machining ,business ,computer ,ComputingMilieux_MISCELLANEOUS - Abstract
With the recent discoveries of widespread vulnerabilities, the use of formal methods in the design of system is more and more important, in particular in the context of Cloud computing which can be used for high performance computing applications [1]. Formal methods range from more lightweight method such as the Alloy [2] formal specification language and analyzer to more heavyweight formal methods based on proof assistants such as Isabelle/HOL or Coq [3].
- Published
- 2018
214. From Petri Nets to UML Model: A New Transformation Approach
- Author
-
Lydia Bouzar-Benlabiod, Lila Meziani, and Thouraya Bouabana-Tebibel
- Subjects
Model checking ,Finite-state machine ,Computer science ,Programming language ,Formal semantics (linguistics) ,020207 software engineering ,02 engineering and technology ,Petri net ,Notation ,computer.software_genre ,Unified Modeling Language ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Software design ,020201 artificial intelligence & image processing ,computer ,computer.programming_language - Abstract
UML is a semi-formal notation largely adopted in the industry as the standard language for software design and analysis. Its imprecise semantics prevents any verification task. However, a formal semantics can be given to UML diagrams, for instance, through their transformation to models with a formal semantics, such as Colored Petri Nets (CPN). Colored Petri nets are an efficient language for UML state machine formalization and analysis. In order to assist the UML modeler in understanding the report generated by the Petri net tool, we propose a method to construct UML diagrams from the returned report. A case study is given to illustrate the proposed approach.
- Published
- 2018
215. Event-B expression and verification of translation rules between SysML/KAOS domain models and B system specifications
- Author
-
Régine Laleau, Steve Jeffrey Tueno Fotso, Marc Frappier, Amel Mammar, Laboratoire d'Algorithmique Complexité et Logique (LACL), Université Paris-Est Créteil Val-de-Marne - Paris 12 (UPEC UP12), Groupe de Recherche en Ingénierie du Logiciel [Sherbrooke] (GRIL), Département d'informatique [Sherbrooke] (UdeS), Faculté des sciences [Sherbrooke] (UdeS), Université de Sherbrooke (UdeS)-Université de Sherbrooke (UdeS)-Faculté des sciences [Sherbrooke] (UdeS), Université de Sherbrooke (UdeS)-Université de Sherbrooke (UdeS), Département Informatique (INF), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), and Michael J. Butler and Alexander Raschke and Thai Son Hoang and Klaus Reichl
- Subjects
0209 industrial biotechnology ,Programming language ,Computer science ,Modeling language ,Formal semantics (linguistics) ,System requirements specification ,02 engineering and technology ,Domain model ,[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] ,Ontology (information science) ,computer.software_genre ,Domain modeling ,020901 industrial engineering & automation ,SysML/KAOS ,Systems Modeling Language ,B system ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Ontologies ,Event-B ,020201 artificial intelligence & image processing ,[INFO]Computer Science [cs] ,KAOS ,computer - Abstract
International audience; This paper is about the extension of the SysML/KAOS requirements engineering method with domain models expressed as ontologies. More precisely, it concerns the translation of these ontologies into B System for system construction. The contributions of this paper are twofold. The first one is a formal semantics for the ontology modeling language. The second one is the formal definition of translation rules between ontologies and B system specifications in order to provide the structural part of the formal specification. These translation rules are modeled in Event-B. Their consistency and completeness are proved using Rodin. We show that they are structure preserving (two related elements within the source model remain related within the target model), by proving various isomorphisms between the ontology and the B System specification
- Published
- 2018
216. Modeling the hybrid ERTMS/ETCS level 3 standard using a formal requirements engineering approach
- Author
-
Régine Laleau, Amel Mammar, Marc Frappier, Steve Jeffrey Tueno Fotso, Groupe de Recherche en Ingénierie du Logiciel [Sherbrooke] (GRIL), Département d'informatique [Sherbrooke] (UdeS), Faculté des sciences [Sherbrooke] (UdeS), Université de Sherbrooke (UdeS)-Université de Sherbrooke (UdeS)-Faculté des sciences [Sherbrooke] (UdeS), Université de Sherbrooke (UdeS)-Université de Sherbrooke (UdeS), Laboratoire d'Algorithmique Complexité et Logique (LACL), Université Paris-Est Créteil Val-de-Marne - Paris 12 (UPEC UP12), Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Informatique (INF), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Michael J. Butler and Alexander Raschke and Thai Son Hoang and Klaus Reichl, and Institut Polytechnique de Paris (IP Paris)
- Subjects
Computer science ,02 engineering and technology ,[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] ,Gas meter prover ,computer.software_genre ,Domain (software engineering) ,SysML/KAOS ,Systems Modeling Language ,Formal specification ,0502 economics and business ,0202 electrical engineering, electronic engineering, information engineering ,Ontologies ,[INFO]Computer Science [cs] ,KAOS ,Formal verification ,050210 logistics & transportation ,Requirements engineering ,Programming language ,05 social sciences ,020207 software engineering ,Domain model ,Domain modeling ,B System ,Goal diagrams ,computer ,Software ,Information Systems - Abstract
International audience; This paper presents a specification of the hybrid ERTMS/ ETCS level 3 standard in the framework of the case study proposed for the 6th edition of the ABZ conference. The specification is based on the method and tools, developed in the ANR FORMOSE project, for the modeling and formal verification of critical and complex system requirements. The requirements are specified with SysML/KAOS goal diagrams and are automatically translated into B System specifications, in order to obtain the architecture of the formal specification. Domain properties are specified by ontologies with the SysML/KAOS domain modeling language, based on OWL and PLIB. Their automatic translation completes the structural part of the formal specification. The only part of the specification, which must be manually completed, is the body of events. The construction is incremental, based on the refinement mechanisms existing within the involved methods. The formal specification of the case study is composed of seven refinement levels and all the proofs have been discharged with the Rodin prover
- Published
- 2018
217. A Toolchain for Verifying Safety Properties of Hybrid Automata via Pattern Templates
- Author
-
Simone Schuler, Nikolaos Kekatos, Dejan Nickovic, Matthias Woehrle, Alexander Walsch, Goran Frehse, and Jens Oehlerking
- Subjects
Computer science ,Programming language ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Toolchain ,Automaton ,Workflow ,Reachability ,Formal specification ,Scalability ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer ,Formal verification ,Natural language - Abstract
In this paper, we provide a toolchain that facilitates the integration of formal verification techniques into model-based design. Applying verification tools to industrially relevant models requires three main ingredients: a formal model, a formal verification method, and a set of formal specifications. Our focus is on hybrid automata as the model and on reachability analysis as the method. Much progress has been made towards developing efficient and scalable reachability algorithms tailored to hybrid automata. However, it is not easy to encode rich formal specifications such that they can be interpreted by existing tools for reachability. Herein, we consider specifications expressed in pattern templates which are predefined properties with placeholders for state predicates. Pattern templates are close to the natural language and can be easily understood by both expert and non-expert users. We provide (i) formal definitions for selected patterns in the formalism of hybrid automata and (ii) monitors which encode the properties as the reachability of an error state. By composing these monitors with the formal model under study, the property can be checked by off-the-shelf fully automated verification tools. We illustrate the workflow on an electro-mechanical brake use case.
- Published
- 2018
218. Ontology of Mutation Testing for Java Operators
- Author
-
Sherolwendy Sualim, Radziah Mohamad, and Nor Azizah Saadon
- Subjects
Primitive data type ,Documentation ,Operator (computer programming) ,Java syntax ,Java ,Unary operation ,Programming language ,Computer science ,Formal specification ,Ontology (information science) ,computer.software_genre ,computer ,computer.programming_language - Abstract
Operators are special characters within the Java language to manipulate primitive data type. Java operators can be classified as unary, binary and ternary. The design of Java operator sometimes becomes confusing when it comes to testing tools as they had the same function with different label in every testing tool. Therefore, in order to map the knowledge of operators correctly, this research has proposed ontology that is dedicated to mutation testing as a means to define the formal specification of concepts and documentation of knowledge of Java operators. Existing papers on ontology did not specify further on entities and properties of operators. Some papers only focus on mutation testing but not the operators. Thus, this paper will present the ontology clearly with the aim to ease end user to identify and understand every classes, properties and relations in Java operators.
- Published
- 2018
219. From operational to declarative specifications using a genetic algorithm
- Author
-
Germán Regis, Renzo Degiovanni, Facundo Molina, Marcelo F. Frias, Nazareno Aguirre, and Pablo F. Castro
- Subjects
Formalism (philosophy of mathematics) ,Programming language ,Computer science ,Formal specification ,Genetic algorithm ,0202 electrical engineering, electronic engineering, information engineering ,Test pattern generators ,020207 software engineering ,02 engineering and technology ,Invariant (mathematics) ,computer.software_genre ,Data structure ,computer - Abstract
In specification-based test generation, sometimes having a formal specification is not sufficient, since the specification may be in a different formalism from that required by the generation approach being used. In this paper, we deal with this problem specifically in the context in which, while having a formal specification in the form of an operational invariant written in a sequential pro- gramming language, one needs, for test generation, a declarative invariant in a logical formalism. We propose a genetic algorithm that given a catalog of common properties of invariants, such as acyclicity, sortedness and balance, attempts to evolve a conjunction of these that most accurately approximates an original operational specification. We present some details of the algorithm, and an experimental evaluation based on a benchmark of data structures, for which we evolve declarative logical invariants from operational ones.
- Published
- 2018
220. Towards a verified Lustre compiler with modular reset
- Author
-
Lélio Brun, Marc Pouzet, Timothy Bourke, Parallélisme de Kahn Synchrone ( Parkas), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université Paris sciences et lettres (PSL), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique de l'École normale supérieure (DI-ENS), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)
- Subjects
Verified Compilation ,[INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] ,Lustre (programming language) ,Computer science ,Programming language ,business.industry ,Correctness proofs ,020207 software engineering ,02 engineering and technology ,Modular design ,Formal software verification ,computer.software_genre ,Sketch ,Semantics ,Compilers ,020204 information systems ,Formal specification ,TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS ,0202 electrical engineering, electronic engineering, information engineering ,[INFO.INFO-ES]Computer Science [cs]/Embedded Systems ,Compiler ,business ,computer ,computer.programming_language ,Synchronous Languages (Lustre) - Abstract
International audience; This paper presents ongoing work to add a modular reset construct to a verified Lustre compiler. We present a novel formal specification for the construct and sketch our plans to integrate it into the compiler and its correctness proof.
- Published
- 2018
221. Cypher
- Author
-
Tobias Lindaaker, Andrés Taylor, Paolo Guagliardo, Petra Selmer, Victor Marsault, Leonid Libkin, Alastair Green, Nadime Francis, Stefan Plantikow, Mats Rydberg, Laboratoire d'Informatique Gaspard-Monge (LIGM), Centre National de la Recherche Scientifique (CNRS)-Fédération de Recherche Bézout-ESIEE Paris-École des Ponts ParisTech (ENPC)-Université Paris-Est Marne-la-Vallée (UPEM), Neo4j, Laboratory for the Foundations of Computer Science [Edinburgh] (LFCS), University of Edinburgh, Laboratoire d'Informatique Gaspard-Monge ( LIGM ), Université Paris-Est Marne-la-Vallée ( UPEM ) -École des Ponts ParisTech ( ENPC ) -ESIEE Paris-Fédération de Recherche Bézout-Centre National de la Recherche Scientifique ( CNRS ), Laboratory for the Foundations of Computer Science [Edinburgh] ( LFCS ), and Université Paris-Est Marne-la-Vallée (UPEM)-École des Ponts ParisTech (ENPC)-ESIEE Paris-Fédération de Recherche Bézout-Centre National de la Recherche Scientifique (CNRS)
- Subjects
[ INFO ] Computer Science [cs] ,[INFO.INFO-DB]Computer Science [cs]/Databases [cs.DB] ,Graph database ,Computer science ,Programming language ,02 engineering and technology ,Query language ,computer.software_genre ,Graph ,[ INFO.INFO-DB ] Computer Science [cs]/Databases [cs.DB] ,Named graph ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,[INFO]Computer Science [cs] ,020201 artificial intelligence & image processing ,computer - Abstract
International audience; The Cypher property graph query language is an evolving language, originally designed and implemented as part of the Neo4j graph database, and it is currently used by several commercial database products and researchers. We describe Cypher 9, which is the first version of the language governed by the openCypher Implementers Group. We first introduce the language by example, and describe its uses in industry. We then provide a formal semantic definition of the core read-query features of Cypher, including its variant of the property graph data model, and its " ASCII Art " graph pattern matching mechanism for expressing subgraphs of interest to an application. We compare the features of Cypher to other property graph query languages, and describe extensions, at an advanced stage of development, which will form part of Cypher 10, turning the language into a compositional language which supports graph projections and multiple named graphs.
- Published
- 2018
222. The MINERVA Software Development Process
- Author
-
Anthony Narkawicz, César A. Muñoz, and Aaron Dutle
- Subjects
060201 languages & linguistics ,Theoretical computer science ,Correctness ,Computer science ,Programming language ,Proof assistant ,Functional requirement ,06 humanities and the arts ,02 engineering and technology ,computer.software_genre ,Formal methods ,Software development process ,Test case ,Formal specification ,0602 languages and literature ,Component-based software engineering ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer - Abstract
This paper presents a software development process for safety-critical software components of cyber-physical systems. The process is called MINERVA, which stands for Mirrored Implementation Numerically Evaluated against Rigorously Verified Algorithms. The process relies on formal methods for rigorously validating code against its requirements. The software development process uses: (1) a formal specification language for describing the algorithms and their functional requirements, (2) an interactive theorem prover for formally verifying the correctness of the algorithms, (3) test cases that stress the code, and (4) numerical evaluation on these test cases of both the algorithm specifications and their implementations in code. The MINERVA process is illustrated in this paper with an application to geo-containment algorithms for unmanned aircraft systems. These algorithms ensure that the position of an aircraft never leaves a predetermined polygon region and provide recovery maneuvers when the region is inadvertently exited.
- Published
- 2018
223. An Operational Semantic Basis for Building an OpenMP Data Race Checker
- Author
-
Ganesh Gopalakrishnan and Simone Atzeni
- Subjects
Programming language ,Computer science ,Formal semantics (linguistics) ,Concurrency ,02 engineering and technology ,Semantics ,computer.software_genre ,Operational semantics ,Instruction set ,020204 information systems ,Semantics of logic ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Concurrent computing ,020201 artificial intelligence & image processing ,computer ,Implementation - Abstract
Despite the popularity and growing importance of OpenMP, a formal characterization of its concurrency is lacking. In this paper, we provide such a characterization through an operational semantics. Semantic descriptions of languages are written to serve specific end goals, and hence are abstractions of fully detailed implementations. We have developed our semantics to help with the construction of a novel OpenMP data race checker called Sword that collects execution traces efficiently, and subjects the traces to offline analysis: the semantics are used in the latter phase. Key contributions of this paper are: (1) defining OpenMP's concurrency rigorously through a precise set of rules, (2) helping systematically design Sword's offline analysis phase by ensuring that the OpenMP events mentioned in our semantics are exactly those that can also be collected through OMPT, a standard event collection mechanism for OpenMP, and (3) characterizing the benefits of this design. We conclude with the message that developing formal semantics for concurrent languages must not be viewed as an esoteric diversion, but as standard practice, as such semantics can help clearly define the language, help rigorously analyze proposed future extensions to it, and also help reveal lurking pitfalls, especially in this era where multiple concurrency formalisms are often used together.
- Published
- 2018
224. TESTOR: A Modular Tool for On-the-Fly Conformance Test Case Generation
- Author
-
Lina Marsso, Wendelin Serwe, Radu Mateescu, Construction of verified concurrent systems (CONVECS ), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire d'Informatique de Grenoble (LIG ), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019]), and Grid'5000
- Subjects
Graph rewriting ,business.industry ,Computer science ,Programming language ,White-box testing ,[INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO] ,020207 software engineering ,Context (language use) ,02 engineering and technology ,ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging ,[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] ,Modular design ,computer.software_genre ,Test (assessment) ,ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking ,Test case ,System under test ,Formal specification ,ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,business ,computer - Abstract
International audience; We present TESTOR, a tool for on-the-fly conformance test case generation, guided by test purposes. Concretely, given a formal specification of a system and a test purpose, TESTOR automatically generates test cases, which assess using black box testing techniques the conformance to the specification of a system under test. In this context, a test purpose describes the goal states to be reached by the test and enables one to indicate parts of the specification that should be ignored during the testing process. Compared to the existing tool TGV, TESTOR has a more modular architecture, based on generic graph transformation components , is capable of extracting a test case completely on the fly, and enables a more flexible expression of test purposes, taking advantage of the multiway rendezvous. TESTOR has been implemented on top of the CADP verification toolbox, evaluated on three published case-studies and more than 10000 examples taken from the non-regression test suites of CADP.
- Published
- 2018
225. On the semantics of loop transformation languages
- Author
-
Adilla Susungi, MINES ParisTech - École nationale supérieure des mines de Paris, Université Paris sciences et lettres (PSL), Centre de Recherche en Informatique (CRI), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)
- Subjects
Loop transformation ,For loop ,Computer science ,Programming language ,[INFO.COMP]Computer Science [cs]/domain_info.comp ,Formal semantics (linguistics) ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Metaprogramming ,[INFO.INFO-CL]Computer Science [cs]/Computation and Language [cs.CL] ,meta-programming ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,code generation and optimization ,020201 artificial intelligence & image processing ,computer ,semantics - Abstract
International audience; Languages for loop transformations have been leveraged for different type of tools and frameworks in different application domains, yet they lack formal semantics. As a step towards formal specification, this works intends to clarify the underlying concepts of such languages using a denotational approach.
- Published
- 2018
226. Testing Natural Language Grammars
- Author
-
Inari Listenmaa
- Subjects
060201 languages & linguistics ,Grammar ,Computer science ,Programming language ,media_common.quotation_subject ,06 humanities and the arts ,02 engineering and technology ,computer.software_genre ,Oracle ,Set (abstract data type) ,Rule-based machine translation ,Formal specification ,0602 languages and literature ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Suspect ,Haystack ,computer ,Natural language ,media_common - Abstract
Testing grammars has one big difference from testing software: natural language has no formal specification, so ultimately we must involve a human oracle. However, we can automate many useful subtasks: detect ambiguous constructions and contradictory grammar rules, as well as generate minimal and representative set of examples that cover all the constructions. Think of the whole grammar as a haystack, and we suspect there are a few needles–we cannot promise automatic needle-removal, but instead we help the human oracle to narrow down the search.
- Published
- 2018
227. Description and Specification
- Author
-
Julio Sanchez and Maria P. Canton
- Subjects
Language Of Temporal Ordering Specification ,Computer science ,Programming language ,Formal specification ,Software requirements specification ,Specification language ,computer.software_genre ,computer - Published
- 2018
228. Progress towards flight software hybrid controllers from formal specifications
- Author
-
Leonard J. Reder, Sofie Haesaert, Richard M. Murray, Control Systems, and Cyber-Physical Systems Center Eindhoven
- Subjects
Source code ,business.industry ,Computer science ,Programming language ,Interface (computing) ,media_common.quotation_subject ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Software ,Unified Modeling Language ,Linear temporal logic ,Control theory ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Temporal logic ,State diagram ,business ,computer ,computer.programming_language ,media_common - Abstract
The manual translation of informally defined requirements into statecharts, from which source code can be generated automatically, can be an error-prone, laborintensive process. Design errors sometimes propagate into final implementation code, only to be discovered during testing and verification. However, the requirements that the software needs to satisfy can be formally defined via temporal logics. In this paper, an approach to automatically synthesize flight-software hybrid-controllers for dynamic systems from formal specifications is given. First, specifications for a specific control functionality are defined by a set of linear temporal logic formulas. These, together with a model of the dynamical system, are then used as inputs to the Caltech-developed temporal logic planning toolbox (TuLiP), which searches for a control design. This results in a controller that is hybrid as it combines a finite state controller together with low-level continuous control actions. We map the resulting controller design to UML statecharts, which can be given as input to the Statechart Autocoder (SCA) developed by the Jet Propulsion Laboratory. SCA maps statechart controller designs to software implementation C code suitable for flight applications. By construction, the resulting code will meet the original formal design specifications, thus eliminating latent design errors. This paper describes the new 2nd generation interface developed to specify and convert the TuLiP-produced design to more optimized (e.g., reduced number of states and transitions) input UML (as XML file) for the JPL Statechart Autocoder. By applying intermediate optimization procedures, in which indistinguishable states are merged and transitions are grouped, the size of the statechart and the resulting code is reduced substantially. This is demonstrated by revisiting our 2016 speed-controller example showing reduction by more than 75% of the states synthesized in the original example.
- Published
- 2018
229. Synthesizing an instruction selection rule library from semantic specifications
- Author
-
Sebastian Buchwald, Sebastian Hack, and Andreas Fried
- Subjects
Programming language ,Computer science ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Instruction selection ,Instruction set ,Test case ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,x86 ,020201 artificial intelligence & image processing ,Compiler ,computer ,Machine code ,Program synthesis - Abstract
Instruction selection is the part of a compiler that transforms intermediate representation (IR) code into machine code. Instruction selectors build on a library of hundreds if not thousands of rules. Creating and maintaining these rules is a tedious and error-prone manual process. In this paper, we present a fully automatic approach to create provably correct rule libraries from formal specifications of the instruction set architecture and the compiler IR. We use a hybrid approach that combines enumerative techniques with template-based counterexample-guided inductive synthesis (CEGIS). Thereby, we overcome several shortcomings of existing approaches, which were not able to handle complex instructions in a reasonable amount of time. In particular, we efficiently model memory operations. Our tool synthesized a large part of the integer arithmetic rules for the x86 architecture within a few days where existing techniques could not deliver a substantial rule library within weeks. Using the rule library, we generate a prototype instruction selector that produces code on par with a manually-tuned instruction selector. Furthermore, using 63012 test cases generated from the rule library, we identified 29498 rules that both Clang and GCC miss.
- Published
- 2018
230. Formal Requirements Capturing using VRS system
- Author
-
Oleksandr Letychevskyy, Stepan Potiyenko, Alexander A. Letichevsky, Alexander Kolchin, V. A. Volkov, and Thomas Weigert
- Subjects
Model checking ,Automated theorem proving ,Theoretical computer science ,First-order predicate ,Computer science ,Programming language ,Formal specification ,Postcondition ,Gas meter prover ,computer.software_genre ,Data type ,computer ,Precondition - Abstract
We present system VRS (Verification of Requirements Specifications) designed for develop- ment of formal specification and verification. This system has been developed by VRS Kiev group during last 10 years to support requirements capturing in Motorola and then Uniquesoft projects. As its input language VRS uses parameterized MSCs (Message Sequence Charts) with pre- and postconditions interpreted on the states of an environment with inserted agents. Such small MSC we call : Basic Protocols. Semantically basic protocol can be considered as a statement 8x(� ! �) of some kind of dynamic logic (2). In this statement x is a (typed) list of parameters, � andare precondition and postcondition, correspondingly, and u is a process defined by the MSC diagram. There are three main methods of verification in VRS supported by appropriate tools. The system provides static requirement checking on the base of automatic theorem proving; symbolic and deductive model checking, and generation of traces for testing with different coverage criteria. Concrete trace generator (CTG) of VRS system provide checking the reachability of properties, detecting deadlocks, non-determinisms, safety violations, unreachable requirements, usage of uninitialized attributes and admitted range attribute overflow on a base of a concrete model of formal requirement specification in the form of basic protocols. The problems above are solved by means of generating traces reachable from the initial state of a model. The generated traces can also be used for test generation. Symbolic Trace Generator (STG) deals with the same iput data as for CTG. The difference is that an abstract model of a system specified by a set of basic protocols is considered instead of a concrete one. The state of a model has the form (u1...un) where is a formula over attributes which coincides with the attributed label of the environment state and u1...un are agents inserted into environment. The deductive system is used for checking the applicability of basic protocol and predicate transformer is used to obtain the next state. Static requirement checking (SRC) tools allow to solve verification problems without generating traces and exploring the state space. The deductive system is based on the prover for the first order predicate calculi with equality extended by some special provers and solvers. THe last ones support proving and solving linear numerical constraints for integers (Presburger algorithm) and for reals (Fourier-Motzkin algorithm), proving and solving formulas for enumer- ated and symbolic data types. There is a possibility to generate invariants then SRC technique can be improved by iterative steps in sense that if F is not safety then VRS can generate an invariant G, improve safety property to F&G, and check safety repeatedly. In the last years this approach has been successfully applied to the problems of the veri- fication of requirement specifications (1, 3) for about 30 distributed concurrent systems from different subject domains including Telecommunications, Telematics, distributed computing and others.
- Published
- 2018
231. Hierarchical Specification and Verification of Architectural Design Patterns
- Author
-
Diego Marmsoler
- Subjects
Soundness ,Computer science ,Singleton ,Programming language ,Proof assistant ,Algebraic specification ,HOL ,020207 software engineering ,0102 computer and information sciences ,02 engineering and technology ,Reuse ,Blackboard (design pattern) ,computer.software_genre ,01 natural sciences ,010201 computation theory & mathematics ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,computer - Abstract
Architectural design patterns capture architectural design experience and provide abstract solutions to recurring architectural design problems. Their description is usually expressed informally and it is not verified whether the proposed specification indeed solves the original design problem. As a consequence, an architect cannot fully rely on the specification when implementing a pattern to solve a certain problem. To address this issue, we propose an approach for the specification and verification of architectural design patterns. Our approach is based on interactive theorem proving and leverages the hierarchical nature of patterns to foster reuse of verification results. The following paper presents FACTum, a methodology and corresponding specification techniques to support the formal specification of patterns. Moreover, it describes an algorithm to map a given FACTum specification to a corresponding Isabelle/HOL theory and shows its soundness. Finally, the paper demonstrates the approach by verifying versions of three widely used patterns: the singleton, the publisher-subscriber, and the blackboard pattern.
- Published
- 2018
232. Mechanizing the Denotational Semantics of the Clock Constraint Specification Language
- Author
-
Marc Pantel and Mathieu Montin
- Subjects
060201 languages & linguistics ,Correctness ,Semantics (computer science) ,Programming language ,Computer science ,Agda ,Concurrency ,Proof assistant ,06 humanities and the arts ,02 engineering and technology ,computer.software_genre ,Denotational semantics ,Formal specification ,0602 languages and literature ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer ,Natural language ,computer.programming_language - Abstract
Domain Specific Modelling Languages provide the designers with appropriate languages for the task they must conduct. These dedicated languages play a key role in popular Model Driven Engineering (MDE) approaches. Their semantics are usually written in a semi-formal manner mixing natural language and mathematical notations. The mechanization of these semantics rely on formal specification languages. They are usually conducted in order to assess the correctness of verification and transformation tools for such languages. This contribution illustrates such a mechanization for the Clock Constraint Specification Language (CCSL). This language allows to model the timed concurrency concern in the MARTE UML profile and was designed to be easier to master than temporal logics for the system engineers. Its semantics has been defined in the usual semi-formal manner and implemented in the TimeSquare simulation tool. We discuss the interest of this mechanization and show how it allowed to prove properties about this language and ease the definition of a refinement relation for such models. This work relies on the Agda proof assistant and is presented accordingly.
- Published
- 2018
233. Training Difficulties in Deductive Methods of Verification and Synthesis of Program
- Author
-
Daniela Orozova and Magdalina Todorova
- Subjects
Flowchart ,Loop invariant ,Correctness ,General Computer Science ,business.industry ,Computer science ,Programming language ,Proof assistant ,HOL ,computer.software_genre ,law.invention ,Predicate transformer semantics ,Software ,law ,Formal specification ,Formal language ,business ,Software analysis pattern ,computer - Abstract
The article analyzes the difficulties which Bachelor Degree in Informatics and Computer Sciences students encounter in the process of being trained in applying deductive methods of verification and synthesis of procedural programs. Education in this field is an important step towards moving from classical software engineering to formal software engineering. The training in deductive methods is done in the introductory courses in programming in some Bulgarian universities. It includes: Floyd’s method for proving partial and total correctness of flowchart programs; Hoare’s method of verification of programs; and Djikstra’s method of transforming predicates for verification and synthesis of Algol−like programs. The difficulties which occurred during the defining of the specification of the program, which is subjected to verification or synthesis; choosing a loop invariant and loop termination function; finding the weakest precondition; proving the formulated verifying conditions, are discussed in the paper. Means of overcoming these difficulties is proposed. Conclusions are drawn in order to improve the training in the field. Special attention is dedicated to motivating the use of specific tools for software analysis, such as interactive theorem proving system HOL, the software analyzers Frama−C and its WP plug−in, as well as the formal language ACSL, which allows formal specification of properties of C/C++ programs.
- Published
- 2018
234. Boosting the Reuse of Formal Specifications
- Author
-
César A. Muñoz, Carlos Gustavo López Pombo, Marco A. Feliú, and Mariano M. Moscato
- Subjects
Computer science ,Programming language ,Algebraic specification ,020207 software engineering ,0102 computer and information sciences ,02 engineering and technology ,computer.software_genre ,Mathematical proof ,01 natural sciences ,Formal system ,Automated theorem proving ,010201 computation theory & mathematics ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Prototype Verification System ,Universal algebra ,computer ,Reusability - Abstract
Advances in theorem proving have enabled the emergence of a variety of formal developments that, over the years, have resulted in large corpuses of formalizations. For example, the NASA PVS Library is a collection of 55 formal developments written in the Prototype Verification System (PVS) over a period of almost 30 years and containing more than 28000 proofs. Unfortunately, the simple accumulation of formal developments does not guarantee their reusability. In fact, in formal systems with very expressive specification languages, it is often the case that a particular conceptual object is defined in different ways. This paper presents a technique to establish sound connections between formal definitions. Such connections support the possibility of (partial) borrowing of proved results from one formal description into another, improving the reusability of formal developments. The technique is described using concepts from the field of universal algebra and algebraic specification. The technique is illustrated with concrete examples taken from formalizations available in the NASA PVS Library.
- Published
- 2018
235. Lightweight Interactive Proving inside an Automatic Program Verifier
- Author
-
Sylvain Dailler, Yannick Moy, Claude Marché, Formally Verified Programs, Certified Tools and Numerical Computations (TOCCATA), Laboratoire de Recherche en Informatique (LRI), Université Paris-Sud - Paris 11 (UP11)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université Paris-Sud - Paris 11 (UP11)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Inria Saclay - Ile de France, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), AdaCore (FRANCE), Masci, Paolo, Monahan, Rosemary, and Prevosto, Virgile
- Subjects
FOS: Computer and information sciences ,Computer Science - Logic in Computer Science ,Computer science ,02 engineering and technology ,computer.software_genre ,lcsh:QA75.5-76.95 ,Toolchain ,Computer Science - Software Engineering ,Software ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,computer.programming_language ,Computer Science - Programming Languages ,SIMPLE (military communications protocol) ,business.industry ,Programming language ,lcsh:Mathematics ,[INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO] ,020207 software engineering ,lcsh:QA1-939 ,Formal methods ,Logic in Computer Science (cs.LO) ,Software Engineering (cs.SE) ,SPARK (programming language) ,TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS ,lcsh:Electronic computers. Computer science ,User interface ,business ,computer ,Programming Languages (cs.PL) - Abstract
Among formal methods, the deductive verification approach allows establishing the strongest possible formal guarantees on critical software. The downside is the cost in terms of human effort required to design adequate formal specifications and to successfully discharge the required proof obligations. To popularize deductive verification in an industrial software development environment, it is essential to provide means to progressively transition from simple and automated approaches to deductive verification. The SPARK environment, for development of critical software written in Ada, goes towards this goal by providing automated tools for formally proving that some code fulfills the requirements expressed in Ada contracts. In a program verifier that makes use of automatic provers to discharge the proof obligations, a need for some additional user interaction with proof tasks shows up: either to help analyzing the reason of a proof failure or, ultimately, to discharge the verification conditions that are out-of-reach of state-of-the-art automatic provers. Adding interactive proof features in SPARK appears to be complicated by the fact that the proof toolchain makes use of the independent, intermediate verification tool Why3, which is generic enough to accept multiple front-ends for different input languages. This paper reports on our approach to extend Why3 with interactive proof features and also with a generic client-server infrastructure allowing integration of proof interaction into an external, front-end graphical user interface such as the one of SPARK., In Proceedings F-IDE 2018, arXiv:1811.09014
- Published
- 2018
236. VDM at Large: Modelling the EMV® $$2^{nd}$$2nd Generation Kernel
- Author
-
Leo Freitas
- Subjects
Correctness ,Trademark ,Programming language ,Computer science ,Interoperability ,Code coverage ,0102 computer and information sciences ,02 engineering and technology ,computer.software_genre ,Formal methods ,01 natural sciences ,010201 computation theory & mathematics ,Formal specification ,Kernel (statistics) ,Scalability ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer - Abstract
The EMV® (EMV® is a registered trademark or trademark of EMVCo, LLC in the US and other countries.) organisation specify payment protocols to facilitate worldwide interoperability of secure electronic payments. This paper is about the application and scalability of formal methods to a current and complex industry application. We describe the use of VDM to model EMV® \(2^{nd}\) Generation Kernel (A preliminary version of this paper was presented at the \(16^{th}\) Overture Workshop, Oxford July 2018, where papers became a Newcastle Technical Report.). VDM is useful for both formal specification, as well as simulation, test coverage, and proof obligation generation for functional correctness.
- Published
- 2018
237. Semi-formal Verification with Supporting Tool by Automatic Application of Hoare Logic
- Author
-
Shaoying Liu, Shingo Fukuoka, and Yixiang Chen
- Subjects
Correctness ,Programming language ,business.industry ,Computer science ,Software development ,Boundary testing ,Hoare logic ,computer.software_genre ,Automation ,Software ,Formal specification ,business ,Formal verification ,computer - Abstract
Software development is costly endeavors. In general, the cost can be reduced by checking whether the program meets the specification. Usually, software is composed of several modules so that by checking the correctness of each module, developers can find the causes of errors efficiently. Formal verification and specification-based testing are effective techniques to verify programs. Formal verification based on Hoare logic can establish the correctness of programs from the theoretical point of view. However, it is regarded as an impractical technique for realistic programs, due to some challenges, On the other hand, specification-based testing is able to detect errors, and it is easy to perform. Therefore, it is frequently used for realistic developments. However, in most cases, the testing cannot guarantee the correctness of programs. As we described above, both of these techniques cannot do satisfactory job alone. To solve this problem, a novel verification approach was suggested, which is called testing-based formal verification (TBFV). In this paper, we aim to automate application of Hoare logic to Java programs based on the previously proposed TBFV. At the same time, we try to reveal the feasibility of TBFV through developing a supporting tool for Java programs and conducting a case study. At the same time, to achieve an effective automatic verification, we add the function of automatic boundary testing in the result evaluation step in the supporting tool. As a result, our supporting tool has achieved a semi-formal automation of Hoare logic application, which can help reduce the cost of verification process.
- Published
- 2018
238. Towards Real-Time Semantics for a Distributed Event-Based MOP Language
- Author
-
Luis Daniel Benavides Navarro, Wilmer Garzón Alfonso, Mateo Sanabria, CTG-Informática, and Informática
- Subjects
Event oriented programming ,Computer science ,Event (computing) ,Semantics (computer science) ,Programming language ,Distributed programming ,Elasticity (data store) ,020207 software engineering ,02 engineering and technology ,Explicit time management ,computer.software_genre ,Semantics ,Asynchronous communication ,020204 information systems ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Programming paradigm ,Rewriting logic ,Rewriting ,Implementation ,computer - Abstract
This paper investigates rewriting logic as a suitable means to model the semantics of distributed and concurrent systems implemented using Monitoring Oriented Programming (MOP) frameworks. MOP tools close the gap between specification and implementation, allowing several formal specifications and concrete implementations to be combined into a single executing system. To address real-time monitoring of modern distributed applications, we recently proposed REAL-T, a reactive event-based distributed programming language with explicit support for distributions and time manipulation. REAL-T allows programmers to instrument distributed applications to monitor and enforce specific behavior. It also supports requirements of modern reactive applications (responsiveness, resiliency, elasticity and asynchronous communication). The REAL-T programming model is very flexible, making the semantic specifications very challenging., Este artículo investiga la reescritura de la lógica como un medio adecuado para modelar la semántica de sistemas distribuidos y concurrentes implementados utilizando marcos de Programación Orientada a Monitoreo (MOP). Las herramientas MOP cierran la brecha entre la especificación y la implementación, permitiendo que varias especificaciones formales e implementaciones concretas se combinen en un solo sistema de ejecución. Para abordar el monitoreo en tiempo real de aplicaciones distribuidas modernas, recientemente propusimos REAL-T, un lenguaje de programación distribuida basado en eventos reactivos con soporte explícito para distribuciones y manipulación de tiempo. REAL-T permite a los programadores instrumentar aplicaciones distribuidas para monitorear y hacer cumplir un comportamiento específico. También es compatible con los requisitos de las aplicaciones reactivas modernas (capacidad de respuesta, resiliencia, elasticidad y comunicación asincrónica). El modelo de programación REAL-T es muy flexible, lo que hace que las especificaciones semánticas sean un gran desafío.
- Published
- 2018
239. Context Generation from Formal Specifications for C Analysis Tools
- Author
-
Julien Signoles and Michele Alberti
- Subjects
Context model ,Computer science ,Programming language ,media_common.quotation_subject ,020207 software engineering ,Context (language use) ,Static program analysis ,02 engineering and technology ,Specification language ,Symbolic execution ,computer.software_genre ,Global variable ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Function (engineering) ,computer ,media_common - Abstract
Analysis tools like abstract interpreters, symbolic execution tools and testing tools usually require a proper context to give useful results when analyzing a particular function. Such a context initializes the function parameters and global variables to comply with function requirements. However it may be error-prone to write it by hand: the handwritten context might contain bugs or not match the intended specification. A more robust approach is to specify the context in a dedicated specification language, and hold the analysis tools to support it properly. This may mean to put significant development efforts for enhancing the tools, something that is often not feasible if ever possible.
- Published
- 2018
240. A Correct-by-Construction Model for Attribute-Based Access Control
- Author
-
Hania Gadouche, Abdelkamel Tari, and Zoubeyr Farah
- Subjects
Correctness ,business.industry ,Computer science ,Programming language ,020207 software engineering ,Access control ,02 engineering and technology ,Mathematical proof ,Formal methods ,computer.software_genre ,Set (abstract data type) ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,business ,computer ,Formal verification ,Abstraction (linguistics) - Abstract
In this paper, a formal specification approach of the Attribute-Based Access Control (ABAC) is proposed using the Event-B method. We apply an a-priori formal verification to build a correct model in a stepwise manner. Correctness of the specification model is insured during the construction steps. The model is composed of abstraction levels that are generated through refinement operations. A set of ABAC properties is defined in each level of refinement starting from the highest abstract level to the most concrete one. These properties are preserved by proofs with the behavior specification.
- Published
- 2018
241. How testing helps to diagnose proof failures
- Author
-
Guillaume Petiot, Alain Giorgetti, Nikolai Kosmatov, Bernard Botella, Jacques Julliand, Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC), Laboratoire Sûreté des Logiciels (LSL), Département Ingénierie Logiciels et Systèmes (DILS), Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA)), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Université Paris-Saclay-Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Université Paris-Saclay, Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS), Laboratoire d'Intégration des Systèmes et des Technologies (LIST), and Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)
- Subjects
Computer science ,media_common.quotation_subject ,02 engineering and technology ,[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] ,Gas meter prover ,computer.software_genre ,Theoretical Computer Science ,[INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,Plug-in ,Function (engineering) ,Software analysis pattern ,media_common ,Programming language ,020207 software engineering ,[INFO.INFO-MO]Computer Science [cs]/Modeling and Simulation ,[INFO.INFO-MA]Computer Science [cs]/Multiagent Systems [cs.MA] ,Theory of computation ,020201 artificial intelligence & image processing ,[INFO.INFO-ET]Computer Science [cs]/Emerging Technologies [cs.ET] ,[INFO.INFO-DC]Computer Science [cs]/Distributed, Parallel, and Cluster Computing [cs.DC] ,computer ,Software ,Counterexample - Abstract
Applying deductive verification to formally prove that a program respects its formal specification is a very complex and time-consuming task due in particular to the lack of feedback in case of proof failures. Along with a non-compliance between the code and its specification (due to an error in at least one of them), possible reasons of a proof failure include a missing or too weak specification for a called function or a loop, and lack of time or simply incapacity of the prover to finish a particular proof. This work proposes a methodology where test generation helps to identify the reason of a proof failure and to exhibit a counterexample clearly illustrating the issue. We define the categories of proof failures, introduce two subcategories of contract weaknesses (single and global ones), and examine their properties. We describe how to transform a C program formally specified in an executable specification language into C code suitable for testing, and illustrate the benefits of the method on comprehensive examples. The method has been implemented in StaDy , a plugin of the software analysis platform Frama -C. Initial experiments show that detecting non-compliances and contract weaknesses allows to precisely diagnose most proof failures.
- Published
- 2018
242. AsmetaA: Animator for Abstract State Machines
- Author
-
Atif Mashkoor, Angelo Gargantini, and Silvia Bonfanti
- Subjects
Formal methods ,Abstract state machines ,Animation ,Programming language ,Computer science ,Formal specification ,Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni ,computer.software_genre ,computer - Abstract
In this paper, we present AsmetaA – a graphical animator for Abstract State Machines integrated within the ASMETA framework. The execution of formal specifications through animation provides several advantages, e.g., it provides an immediate feedback about system behavior, it helps understand system evolution, and it increases the overall acceptability of formal methods.
- Published
- 2018
243. Verified Certificate Checking for Counting Votes
- Author
-
Ramana Kumar, Milad K. Ghale, Dirk Pattinson, and Michael Norrish
- Subjects
Scheme (programming language) ,Correctness ,Computer science ,Programming language ,020207 software engineering ,0102 computer and information sciences ,02 engineering and technology ,computer.file_format ,computer.software_genre ,Certificate ,01 natural sciences ,Single transferable vote ,Automated theorem proving ,010201 computation theory & mathematics ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Compiler ,Executable ,computer ,computer.programming_language - Abstract
We introduce a new framework for verifying electronic vote counting results that are based on the Single Transferable Vote scheme (STV). Our approach frames electronic vote counting as certified computation where each execution of the counting algorithm is accompanied by a certificate that witnesses the correctness of the output. These certificates are then checked for correctness independently of how they are produced. We advocate verification of the verifier rather than the software used to produce the result. We use the theorem prover HOL4 to formalise the STV vote counting scheme, and obtain a fully verified certificate checker. By connecting HOL4 to the verified CakeML compiler, we then extract an executable that is guaranteed to behave correctly with respect to the formal specification of the protocol down to machine level. We demonstrate that our verifier can check certificates of real-size elections efficiently. Our encoding is modular, so repeating the same process for another different STV scheme would require a minimal amount of additional work.
- Published
- 2018
244. Runtime Verification - 17 Years Later
- Author
-
Klaus Havelund and Grigore Rosu
- Subjects
Computer science ,Programming language ,Computation ,Runtime verification ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Fault (power engineering) ,Field (computer science) ,Visualization ,Specification mining ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer - Abstract
Runtime verification is the discipline of analyzing program executions using rigorous methods. The discipline covers such topics as specification-based monitoring, where single executions are checked against formal specifications; predictive runtime analysis, where properties about a system are predicted/inferred from single (good) executions; specification mining from execution traces; visualization of execution traces; and to be fully general: computation of any interesting information from execution traces. Finally, runtime verification also includes fault protection, where monitors actively protect a running system against errors. The paper is written as a response to the ‘Test of Time Award’ attributed to the authors for their 2001 paper [45]. The present paper provides a brief overview of what lead to that paper, what has happened since, and some perspectives on the future of the field.
- Published
- 2018
245. Software support for course in semantics of programming languages
- Author
-
Mohamed Ali M. Eldojali, Davorka Radaković, William Steingartner, and Jiri Dostal
- Subjects
Software ,business.industry ,Programming language ,Formal specification ,Formal language ,Software system ,business ,computer.software_genre ,Formal methods ,computer ,Operational semantics ,Abstract machine ,Electronic mail - Abstract
© 2017 IEEE. Nowadays, computer science increasingly uses formal methods to enhance understanding of complex software systems and to reason about their behavior with respect to a formal specification. To let future generations of software developers and engineers profit from these exciting developments, however, it is necessary to adequately educate and train them in the basics of formal logic and formal language semantics. However, preciously few software tools do exist that substantially aid this educational process. Because the semantics is an integral part of a formal definition of a programming language, we have prepared a package of modules, that help us and to students to understand the most popular semantic method - structural operational semantics. The first module translates a program written in a programming language to abstract machine code, the second module makes reverse translation from code to program source text and the third one emulates stepwise execution of abstract machine code. Our package can be easily extended for other semantic methods.
- Published
- 2018
246. Towards Automated Static Verification of GNU C Programs
- Author
-
I. S. Zakharov and Evgeny Novikov
- Subjects
Model checking ,Correctness ,business.industry ,Computer science ,Programming language ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Software ,020204 information systems ,Formal specification ,Bounded function ,0202 electrical engineering, electronic engineering, information engineering ,Leverage (statistics) ,User interface ,business ,computer ,Software verification - Abstract
Static verification based on such methods as Bounded Model Checking and Counterexample-Guided Abstraction Refinement aims at non-interactive formal proving of programs correctness against safety property specifications. To leverage existing tools for verification of a program one should prepare verification tasks first. In addition to a program fragment of a moderate size, each verification task has to contain a rather accurate model of its environment. To achieve high-quality results this model should be incrementally refined in accordance with checked safety properties. For verification of specific software, like Windows or Linux drivers, a few frameworks provide a convenient user interface and perform in an automated way generation of verification tasks, execution of static verification tools and preliminary processing of results. This paper presents a method for automated static verification of any program developed in the GNU C programming language and addresses the ongoing development of the Klever framework.
- Published
- 2018
247. The Pragmatic Dimension of Formal Methods: Towards Building a Sound Synthesiser
- Author
-
Alexandre Mota
- Subjects
Source code ,Computer science ,Programming language ,media_common.quotation_subject ,020207 software engineering ,0102 computer and information sciences ,02 engineering and technology ,Formal methods ,computer.software_genre ,01 natural sciences ,Development (topology) ,Refinement calculus ,010201 computation theory & mathematics ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,Programming constructs ,Dimension (data warehouse) ,computer ,media_common - Abstract
Formal methods are mathematically based languages, tools and techniques for the specification, development and verification of systems [12]. Although most effort is being spent on specifying systems and verifying their properties, a final goal of most formal methods is achieving correct code from formal specifications. In this direction we find two representative strategies: (i) one is based on proposing refinements until a certain concrete design is achieved and then an almost direct mapping from mathematical elements to the source code of some programming language is made [17]; and (ii) another is using some refinement calculus in which specification and programming constructs are available in a single language and code is achieved by removing the specification elements by applying specific refinement rules [9]. Both strategies depend on developers experience.
- Published
- 2018
248. Formal Specification of Memory Coherence Protocol
- Author
-
Muhammad Atif, Muhammad Khurram Zahoor Bajwa, Jahanzaib Khan, Sobia Usman, and Muhammad Sohaib Mahmood
- Subjects
Memory coherence ,Hardware_MEMORYSTRUCTURES ,General Computer Science ,Address space ,Computer science ,Programming language ,Reading (computer) ,Process (computing) ,computer.software_genre ,Constant (computer programming) ,Shared memory ,Formal specification ,Protocol (object-oriented programming) ,computer - Abstract
Memory coherence is the most fundamental re-quirement in a shared virtual memory system where there are concurrent as well as loosely coupled processes. These processes can demand a page for reading or writing. The memory is called coherent if the last update in a page remains constant for each process until the owner of that page does not change it. The ownership is transferred to a process interested to update that page. In [Kai LI, and Paul Hudak. Memory Coherence in Shared Virtual Memory Systems, 1986. Proc. of Fifth Annual ACM Symposium on Principles of Distributed Computing.], algorithms ensuring memory coherence are given. We formally specify these protocols and report the improvements through formal analysis. The protocols are specified in UPPAAL, i.e., a tool for modeling, validation and verification of real-time systems.
- Published
- 2018
249. Programming Language Specification and Implementation
- Author
-
Peter Sestoft
- Subjects
Functional programming ,Relation (database) ,Computer science ,Programming language ,Semantics (computer science) ,business.industry ,020207 software engineering ,02 engineering and technology ,computer.software_genre ,Software ,Formal specification ,Programming language specification ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Special case ,business ,computer ,Underspecification - Abstract
The specification of a programming language is a special case of the specification of software in general. This paper discusses the relation between semantics and implementation, or specification and program, using two very different languages for illustration. First, we consider small fragments of a specification of preliminary Ada, and show that what was considered a specification in VDM in 1980 now looks much like an implementation in a functional language. Also, we discuss how a formal specification may be valuable even though seen from a purely formal point of view it is flawed. Second, we consider the simple language of spreadsheet formulas and give a complete specification. We show that nondeterminism in the specification may reflect run-time nondeterminism, but also underspecification, that is, implementation-time design choices. Although specification nondeterminism may appear at different binding-times there is no conventional way to distinguish these. We also consider a cost semantics and find that the specification may need to contain some “artificial” nondeterminism for underspecification.
- Published
- 2018
250. Formal Verification of a Fuzzy Rule-Based Classifier Using the Prototype Verification System
- Author
-
Albert Esterline, Abdollah Homaifar, Solomon Gebreyohannes, and Ali Karimoddini
- Subjects
Fuzzy rule ,Computer science ,Programming language ,02 engineering and technology ,computer.software_genre ,Fuzzy logic ,Subject-matter expert ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,Prototype Verification System ,020201 artificial intelligence & image processing ,Decision-making ,Formal verification ,Classifier (UML) ,computer - Abstract
This paper presents the formal specification and verification of a Type-1 (T1) Fuzzy Logic Rule-Based Classifier (FLRBC) using the Prototype Verification System (PVS). A rule-based system models a system as a set of rules, which are either collected from subject matter experts or extracted from data. Unlike many machine learning techniques, rule-based systems provide an insight into the decision making process. In this paper, we focus on a T1 FLRBC. We present the formal definition and verification of the T1 FLRBC procedure using PVS. This helps mathematically verify that the design intent is maintained in its implementation. A highly expressive language such as PVS, which is based on a strongly-typed higher-order logic, allows one to formally describe and mathematically prove that there is no contradiction or false assumption in the procedure. We show this by (1) providing the formal definition of the T1 FLRBC in PVS and then (2) formally proving or deducing rudimentary properties of the T1 FLRBC from the formal specification.
- Published
- 2018
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.