By Topic

Software Engineering and Formal Methods (SEFM), 2010 8th IEEE International Conference on

Date 13-18 Sept. 2010

Filter Results

Displaying Results 1 - 25 of 44
  • [Front cover]

    Publication Year: 2010 , Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (1562 KB)  
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2010 , Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2010 , Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (340 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2010 , Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (109 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010 , Page(s): v - vii
    Save to Project icon | Request Permissions | PDF file iconPDF (155 KB)  
    Freely Available from IEEE
  • Preface

    Publication Year: 2010 , Page(s): viii - ix
    Save to Project icon | Request Permissions | PDF file iconPDF (79 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2010 , Page(s): x
    Save to Project icon | Request Permissions | PDF file iconPDF (48 KB)  
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2010 , Page(s): xi
    Save to Project icon | Request Permissions | PDF file iconPDF (50 KB)  
    Freely Available from IEEE
  • Adaptive Software Needs Continuous Verification

    Publication Year: 2010 , Page(s): 3 - 4
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (190 KB) |  | HTML iconHTML  

    Extended abstract of keynote presentation View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • "Fly Me to the Moon": Verification of Aerospace Systems

    Publication Year: 2010 , Page(s): 5 - 11
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (421 KB) |  | HTML iconHTML  

    Aerospace systems are typically made up of several communicating components.Such systems must be verified extensively before being introduced in industry.In this paper, we present two inherently different approaches towards achieving this goal.The first approach aims at scaling exhaustive verification techniques by applying divide-and-conquer principles.It involves automated compositional verification algorithms for model checking both finite and infinite-state software components.The second approach uses a model checker to automatically generate tests for aerospace algorithms and only requires knowledge of the types of inputs that the algorithms process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Unreasonable Ineffectiveness of Security Engineering: An Overview

    Publication Year: 2010 , Page(s): 12 - 18
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (358 KB) |  | HTML iconHTML  

    In his 1960 essay, Eugene Wigner raised the question of ”the unreasonable effectiveness of mathematics in natural sciences”. After several decades of security research, we are tempted to ask the opposite question: Are we not unreasonably ineffective? Why are we not more secure from all the security technologies? I sketch a conceptual landscape of security that may provide some answers, on the background of ever increasing dynamics and pervasiveness of software and computation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Behavior Trees: From Systems Engineering to Software Engineering

    Publication Year: 2010 , Page(s): 21 - 30
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (783 KB) |  | HTML iconHTML  

    Geoff Dromey's Behavior Engineering method provides a vital link between systems engineering processes and software engineering processes. It has proven particularly effective in industry when applied to large complex systems, to help understand the problem space and clarify system and software requirements. In this paper we compare the method with some of the most widely used system design methods, including State Transition Diagrams, Functional Flow Block Diagrams, Object Oriented Design, IDEF0, UML and SysML. The comparison draws on the Design-Methods Comparison Project undertaken by Bahill et al in 1998, and uses their Traffic Lights case study. We show that the methods are roughly equivalent in terms of what they can express, but that Behavior Trees come closest to natural language specification, which we contend makes them easier for non-formal methods experts to understand. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Behavior Engineering - A Scalable Modeling and Analysis Method

    Publication Year: 2010 , Page(s): 31 - 40
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (630 KB) |  | HTML iconHTML  

    The impact of failing to develop a shared understanding of the requirements describing and constraining large, complex projects and programs with many, possibly distributed, stakeholders and suppliers is enormous. Traditional engineering methods provide little in the way of taming complexity when synthesising, analysing and communicating the requirements of such projects. The Behavior Engineering method, developed at Griffith University, and employed on a number of large, complex and nationally critical defence, aerospace, transport and government projects and programs addresses the problems of scale and complexity head on. The Behavior Engineering method is presented in this paper as an efficient and effective method for modeling, analysing, evaluating and communicating large requirements specifications comprising thousands of requirements as well as a method that facilitates the synthesis of requirements from operational scenarios. It is demonstrated through analysis of industry data, that Behavior Engineering facilitates the development and communication of a deep, accurate and holistic understanding of the system needs, significantly reducing the risk of failure to capture and preserve intent in the development of large and complex systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating Requirements: The Behavior Tree Philosophy

    Publication Year: 2010 , Page(s): 41 - 50
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (273 KB) |  | HTML iconHTML  

    Behavior Trees were invented by Geoff Dromey as a graphical modelling notation. Their design was driven by the desire to ease the task of capturing functional system requirements and to bridge the gap between an informal language description and a formal model. Vital to Dromey's intention is the idea of incrementally building the model out of its building blocks, the functional requirements. This is done by graphically representing each requirement as its own Behavior Tree and incrementally merging the trees to form a more complete model of the system. In this paper we investigate the essence of this constructive approach to creating a model in general notation-independent terms and discuss its advantages and disadvantages. The result can be seen as a framework of rules and provides us with a semantic underpinning of requirements integration. Integration points are identified by examining the (implicit or explicit) preconditions of each requirement. We use Behavior Trees as an example of how this framework can be put into practise. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Non-local Choice and Implied Scenarios

    Publication Year: 2010 , Page(s): 53 - 62
    Cited by:  Papers (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (319 KB) |  | HTML iconHTML  

    A number of issues, such as non-local choice and implied scenarios, that arise in Message Sequence Charts (MSCs) have been investigated in the past. However, existing research on these two issues show disagreements regarding how they are related. In this paper, we analyse the relations among existing conditions for non-local choice free and Closure Conditions (CCs) for implied scenarios. On the basis of this, we propose a new definition for non-local choice and a non-local choice free condition derived from CCs of implied scenarios. Compared to existing conditions, we argue that the new condition covers more non-local choices that satisfy the informal idea of non-local choice. We formally show that the existence of non-local choices in an MSC specification results in implied scenarios and the appearance of implied scenarios according to corresponding CCs means there are non-local choices in the specification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • temporaljmlc: A JML Runtime Assertion Checker Extension for Specification and Checking of Temporal Properties

    Publication Year: 2010 , Page(s): 63 - 72
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (281 KB) |  | HTML iconHTML  

    Most mainstream specification languages primarily deal with a program's functional behavior. However, for many common problems, besides the system's functionality, it is necessary to be able to express its temporal properties, such as the necessity of calling methods in a certain order. We have developed temporaljmlc, a tool that performs runtime assertion checking of temporal properties specified in an extension of the Java Modeling Language (JML). The benefit of temporaljmlc is that it allows succinct specification of temporal properties that would otherwise be tedious and difficult to specify. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • User Queries for Specification Refinement Treating Shared Aspect Join Points

    Publication Year: 2010 , Page(s): 73 - 82
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (275 KB) |  | HTML iconHTML  

    We present an interactive semi-automatic procedure to help users refine their requirements formally and precisely, using knowledge the user possesses but does not notice as relevant and has difficulty formalizing. Questions in natural language are presented to the user, and augmentations to specifications, written in Linear Temporal Logic, are automatically created according to the answers. We apply our approach to a case study on specifying the desired aspect behavior in a delicate case when multiple aspects can share a join-point, i.e., be applied at the same state of base program computation. The questions used in the case study are derived from an in-depth analysis of semantics and mutual influence of aspects at a shared join-point. Aspects sharing a join-point might, but do not have to, semantically interfere. Our analysis and specification refinement enables programmers to distinguish between potential and actual interference among aspects at shared join-points, when aspects are modeled as state transition diagrams, and specifications are given as LTL assumptions and guarantees. The refined aspect specification, obtained from the procedure we describe, enables modular verification and interference detection among aspects even in the presence of shared join-points. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assessing the Quality of B Models

    Publication Year: 2010 , Page(s): 83 - 90
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (219 KB) |  | HTML iconHTML  

    This paper proposes to define and assess the notion of quality of B models aiming at providing an automated feedback on a model by performing systematic checks on its content. We define and classify classes of automatic verification steps that help the modeller in knowing whether his model is well-written or not. This technique is defined in the context of ``behavioral models'' that describe the behavior of a system using the generalized substitutions mechanism. From these models, verification conditions are automatically computed and discharged using a dedicated tool. This technique has been adapted to the B notation, especially on B abstract machines, and implemented within a tool interfaced with a constraint solver that is able to find counter-examples to unvalid verification conditions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assertion-based Slicing and Slice Graphs

    Publication Year: 2010 , Page(s): 93 - 102
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (481 KB) |  | HTML iconHTML  

    This paper revisits the idea of slicing programs based on their axiomatic semantics, rather than using criteria based on control/data dependencies. We show how the forward propagation of preconditions and the backward propagation of post conditions can be combined in a new slicing algorithm that is more precise than the existing specification-based algorithms. The algorithm is based on (i) a precise test for removable statements, and (ii) the construction of a slice graph, a program control flow graph extended with semantic labels. It improves on previous approaches in two aspects: it does not fail to identify removable commands; and it produces the smallest possible slice that can be obtained (in a sense that will be made precise). The paper also reviews in detail, through examples, the ideas behind the use of preconditions and post conditions for slicing programs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture Recovery Using Latent Semantic Indexing and K-Means: An Empirical Evaluation

    Publication Year: 2010 , Page(s): 103 - 112
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (594 KB) |  | HTML iconHTML  

    A number of clustering based approaches and tools have been proposed in the past to partition a software system into subsystems. The greater part of these approaches is semiautomatic, thus requiring human decision to identify the best partition of software entities into clusters among the possible partitions. In addition, some approaches are conceived for software systems implemented using a particular programming language (e.g., C and C++). In this paper we present an approach to automate the partitioning of a given software system into subsystems. In particular, the approach first analyzes the software entities (e.g., programs or classes) and then using Latent Semantic Indexing the dissimilarity between these entities is computed. Finally, software entities are grouped using iteratively the k-means clustering algorithm. The approach has been implemented in a prototype of a supporting software system as an Eclipse plug-in. Finally, to assess the approach and the plug-in, we have conducted an empirical investigation on three open source software systems implemented using the programming languages Java and C/C++. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Method for Testing Software Systems Based on State Design Pattern Using Symbolic Execution

    Publication Year: 2010 , Page(s): 113 - 117
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (283 KB) |  | HTML iconHTML  

    The paper reports a new testing method working with state pattern designed software systems. The tests are performed in terms of symbolic execution aiming to identify conditions and values of some input parameters that violate assertions at runtime. The state based architecture of such systems allows a direct mapping of the methods to the transitions of the underlying finite state machine (FSM). In order to identify the methods that contain failing assertions, the Java Path Finder Symbolic Execution framework extension (JPF-SE) is used for an out of context execution of each method. We propose a new algorithm to compute a transition path from the initial state of the system to each faulty transition. The computation is carried out using a backward traversal scheme of the FSM support graph where the JPF-SE symbolically executes each transition of the path. The transition execution performed by JPF-SE yields to the backward propagation of the conditions imposed on the input parameters. The overall capabilities of the proposed algorithm are illustrated with an example. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Toolkit for Generating Sentences from Context-Free Grammars

    Publication Year: 2010 , Page(s): 118 - 122
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (331 KB) |  | HTML iconHTML  

    Producing sentences from a grammar, according to various criteria, is required in many applications. It is also a basic building block for grammar engineering. This paper presents a toolkit for context-free grammars, which mainly consists of several algorithms for sentence generation or enumeration and for coverage analysis for context-free grammars. The toolkit deals with general context-free grammars. Besides providing implementations of algorithms, the toolkit also provides a simple graphical user interface, through which the user can use the toolkit directly. The toolkit is implemented in Java and is available at http://lcs.ios.ac.cn/zhiwu/toolkit.php. In the paper, the overview of the toolkit and the description of the GUI are presented, and experimental results and preliminary applications of the toolkit are also contained. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Time and Data-Aware Analysis of Graphical Service Models in Reo

    Publication Year: 2010 , Page(s): 125 - 134
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (685 KB) |  | HTML iconHTML  

    Reo is a graphical channel-based coordination language that enables the modeling of complex behavioral protocols using a small set of channel types with well-de ned behavior. Reo has been developed for the coordination of standalone components and services, which makes it suitable for the modeling of service-based business processes. The formal semantic models for Reo lay the grounds for computer-aided analysis of different aspects of Reo diagrams, including their animation, simulation and veri cation of control ow and data ow by means of model checking techniques. In this paper, we discuss the veri cation of data aware Reo process models using the mCRL2 model checking toolset including time analysis. We also show how behavior abstraction can be used to minimize Reo process models and generate smaller mCRL2 speci cations. A detailed auction example illustrates our approach to timeaware modeling and veri cation of data-centric service models. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Formal Model for Work Flows

    Publication Year: 2010 , Page(s): 135 - 144
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (551 KB) |  | HTML iconHTML  

    Within this paper, we present a structured, formal model for the specification and analysis of work flows. The model provides a graphical representation supporting a modular description of work flows together with a formal semantics accurately reflecting their execution and laying the foundation for tool support. Methodically relevant concepts such as hierarchy, refinement, model analysis, and model transformation are supported. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Back-annotation of Simulation Traces with Change-Driven Model Transformations

    Publication Year: 2010 , Page(s): 145 - 155
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (747 KB) |  | HTML iconHTML  

    Model-driven analysis aims at detecting design flaws early in high-level design models by automatically deriving mathematical models. These analysis models are subsequently investigated by formal verification and validation (V&V) tools, which may retrieve traces violating a certain requirement. Back-annotation aims at mapping back the results of V&V tools to the design model in order to highlight the real source of the fault, to ease making necessary amendments. Here we propose a technique for the back-annotation of simulation traces based on change-driven model transformations. Simulation traces of analysis models will be persisted as a change model with high-level change commands representing macro steps of a trace. This trace is back-annotated to the design model using change-driven transformation rules, which bridge the conceptual differences between macro steps in the analysis and design traces. Our concepts will be demonstrated on the back-annotation problem for analyzing BPEL processes using a Petri net simulator. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.