By Topic

Theoretical Aspects of Software Engineering (TASE), 2011 Fifth International Symposium on

Date 29-31 Aug. 2011

Filter Results

Displaying Results 1 - 25 of 49
  • [Front cover]

    Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (2131 KB)  
    Freely Available from IEEE
  • [Title page i]

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (29 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (125 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (169 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): v - viii
    Save to Project icon | Request Permissions | PDF file iconPDF (130 KB)  
    Freely Available from IEEE
  • Foreword

    Page(s): ix
    Save to Project icon | Request Permissions | PDF file iconPDF (110 KB)  
    Freely Available from IEEE
  • Programme Committee

    Page(s): x
    Save to Project icon | Request Permissions | PDF file iconPDF (109 KB)  
    Freely Available from IEEE
  • Reviewers

    Page(s): xi
    Save to Project icon | Request Permissions | PDF file iconPDF (94 KB)  
    Freely Available from IEEE
  • Making Program Logics Intelligible

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (119 KB) |  | HTML iconHTML  

    To verify program specifications, rather than generic safety properties, it will be necessary to integrate verification into the process of programming. Program proving is unlike theorem proving in mathematics mathematical conjectures may give no hint as to how they could be proved, but programs are written by programmers, who must understand informally why their programs work. The job of verification is not to explore some immense search space, but to formalize the programmer's intuitions until any faults are revealed. This requires specifications and proofs that are succinct and intelligible which in turn require logics that go be yond predicate calculus (the assembly language of program proving). In this talk, I will recount and illustrate several steps, old and new, towards this goal - particularly in the treatment of arrays. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic Specification-Based Testing: Challenges and Possibilities

    Page(s): 5 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (216 KB) |  | HTML iconHTML  

    Automatic specification-based testing has long been a goal of software engineering, but due to various challenges and difficulties, the goal still remains far from realized. If the specification is informal, full automation would be impossible in general. Formal specification improves the situation, but there are many barriers lying ahead. Automatic test set generation can be difficult to meet high standard, but test result analysis for determining the existence of bugs and debugging for locating the bugs and deciding their nature seem to be even more challenging. This paper systematically discusses all of the major challenges in automatic specification-based testing, and describes some possibilities to deal with the challenges. Some open but interesting problems are presented to inspire future research in the field. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Tagging Protocol for Asynchronous Testing

    Page(s): 11 - 18
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (354 KB) |  | HTML iconHTML  

    Conformance testing has a rich underlying theory popularly called IOCO-test theory. In the realm of IOCO-test theory, this paper addresses the issue of testing a component of an asynchronously communicating distributed system. Testing a system which communicates asynchronously (i.e., through some medium) with its environment is more difficult than testing a system which communicates synchronously (i.e., directly without any medium). What impedes asynchronous testing is that the actual behavior of the implementation under test (IUT) appears distorted and infinite to the tester. This impediment consequently renders the problem of generating a complete test suite, from the given specification of the IUT, infeasible. To this end, this paper contributes by proposing a tagging protocol which when implemented by the asynchronously communicating distributed system will make the problem of generating a complete test suite, from the specification of any of its component, feasible. Further, this paper describes how to generate the test suite from the given specification of the component. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inheritance and Modularity in Specification and Verification of OO Programs

    Page(s): 19 - 26
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (273 KB) |  | HTML iconHTML  

    Specification and verification for object oriented (OO) programs remains a great challenge despite of decades' efforts. To address the problem, we propose a novel specification and verification framework, which supports abstraction and offers modularity via a set of scope and inheritance rules, and a concept calledemph{specification predicate}. The framework covers the most important OO features like encapsulation, inheritance and polymorphism, while only one specification per method is necessary. It can successfully deal with inheritance, keep still modularity in verification, and avoid re-verification of the implementation. We show how the framework can be integrated into an OO language, and use examples to illustrate how the specification and verification can be carried out in our framework following the structures of OO programs in an abstract and modular way. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formalizing Application Programming Interfaces of the OSEK/VDX Operating System Specification

    Page(s): 27 - 34
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB)  

    OSEK/VDX Operating System Specification is a standard in automotive industry with a long history. Dozens of mature industrial operating systems are based on this specification and widely applied in the products of major automotive manufacturers. The verification of the operating system products is always a hard nut to crack. In this paper, we propose a formal specification of OSEK/VDX Operating System based on Hoare Logic, which helps us to get rid of the confusion and ambiguities of the informal specification. In this framework, the formalization of all the Application Programming Interfaces are made. As a case study, we link our framework to the formal verification tool VCC. Some errors are detected in a market-upcoming operating system product based on our framework. We conclude that our framework is feasible in verification of operating system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Refactoring Object-Oriented Specifications with Inheritance-Based Polymorphism

    Page(s): 35 - 41
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (181 KB) |  | HTML iconHTML  

    Specification notations such as JML and Spec# which are embedded into program code provide a promising approach to formal object-oriented software development. If the program code is refactored, however, the specifications need also to be changed. This can be facilitated by specification refactoring rules which allows such changes to be made systematically along with the changes to the code. A set of minimal and complete set of refactoring rules have been devised for the Object-Z specification language. This paper reviews these rules as a basis for a similar approach for languages like JML and Spec#. Specifically, it modifies the rules for introducing and removing inheritance and polymorphism from specifications. While these concepts are orthogonal in Object-Z, they are closely intertwined in the other notations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Focus Game for Projection Temporal Logic

    Page(s): 45 - 51
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (207 KB)  

    Focus game is applied to Prepositional Projection Temporal Logic with infinite models (PPTL) for the satisfiability and model checking of PPTL formulas. To this end, normal form and complete normal form are introduced, and through which sub-formulas are defined for PPTL formulas. Accordingly, focus game G(R) is constructed for checking the satisfiability of PPTL formula R; and G(s,R) is built for checking whether a system with s being the initial state satisfies formula R. Finally, complexity of the decision procedure and the model checking algorithm is analyzed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Automatic Reasoning Mechanism for NFR Goal Models

    Page(s): 52 - 59
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (942 KB) |  | HTML iconHTML  

    Software requirements, especially non-functional requirements, are considered as vital prerequisites for producing software of high quality. As widely accepted, non-functional goal modeling like the NFR Framework usually employs tree modeling style, and presents an interactive process for the analysis of nonfunctional requirements. However, there still exist some problems during the identification of satisficing status. This paper based on the popular NFR goal model reasoning manners, clearly distinguishes the closed world assumption and the open world assumption, and proposes an automatic reasoning mechanism for NFR goal models in order to identify the satisficing statuses of the goal tree roots according to leaves' contributions. Under a specific assumption, goals' satisficing statuses will be transformed to affect satisficing statuses of their parents. Then parents'satisficing statuses will be inferred according to the reasoning rules derived from different decomposition relationships. By alternately adopting these two steps, goal tree root's satisficingstatus can be identified layer by layer. An illustrative example is used to show how our proposed formal approach works. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Efficient Resolution Based Algorithm for SAT

    Page(s): 60 - 67
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (373 KB) |  | HTML iconHTML  

    Propositional satisfiability problem (SAT) is a fundamental problem both in theory and practice. In the area of software engineering, people employ various techniques, such as model checking, theorem proving, automated testing and so on, to ensure the quality of software. Those techniques are usually based on SAT solvers. The efficiency is an important criterion for a good SAT solver. Besides, the ability of producing proofs is also considered to be quite useful because it provides a mechanism that the correctness of checking result is guaranteed. Moreover, proofs can be used when calculating interpolation. In this paper, we investigate a new resolution based algorithm for solving SAT problem. The algorithm combines resolution and search. It resolves certain clauses when necessary and at the same time tries to find a valuation under which the formula evaluates to true. Information found in the process of searching for such a valuation is used to guide the resolution. The algorithm stops whenever a satisfying valuation is found or empty clause is generated. So, it terminates quickly for both satisfiable and unsatisfiable clauses. Compared with other resolution based algorithms, the experiment result shows that the number of resolutions and number of generated clauses are much less than directional resolution. Another major advantage of our algorithm is, once terminates, a proof can be easily generated with very low time complexity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Symbolic Algorithm for Shortest EG Witness Generation

    Page(s): 68 - 75
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (444 KB) |  | HTML iconHTML  

    Witness generation is a fundamental model checker feature, but generating shortest witnesses for an EG CTL formula has long been a difficult problem of both theoretical and practical relevance. We propose a symbolic approach to shortest EG witness generation based on edge-valued multi-way decision diagrams. We employ a fix point symbolic iteration to compute the transitive closure enhanced with distance information, using the saturation algorithm to cope with the high computational complexity of this approach. We also extend this approach to tackling the shortest witness generation for other properties and the shortest fair witness generation. Experimental results show that our approach can generate a shortest witness which could not be found within acceptable time using previous algorithms. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Generative Approach to Searching Algorithmic Programs Development

    Page(s): 76 - 81
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (350 KB) |  | HTML iconHTML  

    Using highly configurable semi-automatic approach to algorithmic programs development can improve correctness and productivity. This paper explores a way to use generative techniques to produce the algorithmic programs for searching problem. Based on PAR method and PAR platform, it is to formally develop generic type component and algorithm components, and to design a formal algorithm generative model that models an invariant behavior in terms of variant behaviors, and then to automatically generate a variety of specialized searching algorithmic programs through replacing the generic identifiers with a few concrete operations. Through the super framework and underlying components, the reliability and productivity of domain specific algorithms are dramatically improved. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Categorical Modeling Approach of Aspect-Oriented Systems

    Page(s): 85 - 92
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (197 KB) |  | HTML iconHTML  

    Aspect Oriented (AO) Technology is a post-object oriented technology emerged to overcome limitations of Object Oriented (OO) Technology, such as the cross-cutting concern problem. Aspect Oriented Programming (AOP) also offers modularity and traceability benefits. Yet, reasoning, specification, and verification of AO systems present unique challenges especially as such systems evolve over time. Consequently, formal modular reasoning of such systems is highly attractive as it enables tractable evolution, otherwise necessitating that the entire system be reexamined each time a component is changed or is added. Besides, the aspect interactions problem is an open issue in aspect-oriented area. To deal with this problem, we choose to use category theory (CT) and algebraic specification(AS) techniques. In this paper, we present an aspect-oriented modeling (AOM) approach and a weaving algorithm. Our approach is expressive and allows for formal modular reasoning. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model Checking Multirate Hybrid Systems with Restricted Convex Polyhedron

    Page(s): 93 - 99
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (305 KB) |  | HTML iconHTML  

    Model checking is a promising and powerful approach to automatic verification of systems. To deal with the model checking issue of multirate hybrid systems, a constraint system called multirate zone is formalized for the representation and manipulation of multirate hybrid automata state-spaces. A multirate zone is a restricted convex polyhedron represented by a conjunction of inequalities comparing either a variable value or a linear expression of two variables to a rational number. Model checking procedures for multirate hybrid systems based on timed computation tree logic are given. The Multirate zone is proved to be closed to the operations required in these model checking procedures, which enables it to be used as the basis for the infinite state-space exploring of multirate hybrid automata. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Behaviour Recognition Using Chronicles

    Page(s): 100 - 107
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (601 KB) |  | HTML iconHTML  

    Chronicles are used to describe behaviours, e.g. when (un) desired behaviours should be detected within an event flow, for instance in aerospace system studies. In this paper we first introduce a language to describe chronicles and event related notions, before defining a denotational semantics of a chronicle recognition within an event flow. We present an operational semantics of chronicle recognitions using coloured Petri nets. This modelling is designed to be modular and composible, and to retrieve information on which events in the flow contributed to the chronicle recognition. We prove on some constructs of the chronicle language that our modelling of the recognition using coloured Petri nets yields the expected recognition. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Approximate Bisimulation for Metric Doubly Labeled Transition System

    Page(s): 108 - 114
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (225 KB) |  | HTML iconHTML  

    Many researchers suggested extending bisimilarity to quantitative versions to avoid the rigidity of classical bisimilarity. To explore the relation between different notions of approximate bisimilarity mentioned in literature, in this paper, we present a quantitative extension of doubly labeled transition systems, MDLTS, where its states and actions form metric spaces. We then introduce two notions of approximate bisimilarity, (η, λ)-bisimilarity and (η, λ, α)-bisimilarity, and discuss their basic property. We also consider the special kind of (η, λ)-bisimilarity, λ-bisimilarity to characterize the branching distance with arbitrary discount α of metric labeled transition system. Finally, we discuss the translation between metric transition system and MDLTS which preserves the approximate bisimilarity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Java Goes TLA+

    Page(s): 117 - 124
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (700 KB) |  | HTML iconHTML  

    This paper introduces the Inverse Implementation method, that augments classical software development processes by a step of formal conformity verification. Our method is based on a formal model of the machine that executes programs of the chosen programming language. The model can automatically be combined with the code of a concrete program to gain a model of the execution of that program. The execution model is expressed in the same language that the program is specified in. This reduces the task of verifying the conformity of the program to finding and proving a refinement relation between two models within the same formalism. We introduce the Inverse Implementation method, show how it fits into classic software engineering processes and discuss how the choice of a suitable formalism can allow to combine manual and automated proof techniques. We further show a prototypical formalization of the Java Virtual Machine in TLA+ and demonstrate how it can be used within an Inverse Implementation workflow to verify the adherence of a simple - yet multithreaded - Java program to a TLA+ specification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Simple Model for Certifying Assembly Programs with First-Class Function Pointers

    Page(s): 125 - 132
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (284 KB) |  | HTML iconHTML  

    First-class function pointers are common in low-level assembly languages. Higher-level features such as closures, virtual functions, and call-backs are all compiled down to assembly code with function pointers. Function pointers are, however, hard to reason about. Previous program logics for certifying assembly programs either do not support first-class function pointers, or follow Continuation-Passing-Style reasoning which does not provide the same partial correctness guarantee as in high-level languages. In this paper, we present a simple semantic model for certifying the partial correctness property of assembly programs with first-class function pointers. Our model does not require any complex domain-theoretical construction, instead, it is based on a novel step-indexed, direct-style operational semantics for our assembly language. From the model, we derive a new program logic named ISCAP (or Indexed SCAP). We use an example to demonstrate the power and simplicity of ISCAP. The semantic model, the ISCAP logic, and the soundness proofs have been implemented in the Coq proof assistant. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.