By Topic

Formal Engineering Methods, 2000. ICFEM 2000. Third IEEE International Conference on

Date 4-6 Sept. 2000

Filter Results

Displaying Results 1 - 24 of 24
  • Third IEEE International Conference on Formal Engineering Methods

    Page(s): iii - vi
    Save to Project icon | Request Permissions | PDF file iconPDF (159 KB)  
    Freely Available from IEEE
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Page(s): 209
    Save to Project icon | Request Permissions | PDF file iconPDF (36 KB)  
    Freely Available from IEEE
  • A case study in partial specification: consistency and refinement for Object-Z

    Page(s): 177 - 185
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (716 KB)  

    The `viewpoint' approach, in which a system is described by several partial specifications, has been proposed as a way of making complex computing systems more understandable. The ISO's Open Distributing Processing (ODP) framework is an architecture for open distributed systems, involving five named viewpoints. This paper compares two partial specifications of a lending library-from the ODP's Enterprise and Information Viewpoints-and discusses the relation between them. Both specifications are written in Object-Z, an object-oriented variant of Z. Examining how such partial specifications might be unified raises broader issues of refinement and mutual consistency of partial specifications in Object-Z View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal derivation of multilayered hardware/software structures

    Page(s): 5 - 13
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (676 KB)  

    Presents a formal method for synthesising multi-layered regular processor arrays from algorithm specifications. A multi-layered array is a structure where 2D sub-arrays are connected into a 3D array only by one edge, and thus it fits, for example, the structure of a motherboard with FPGA daughter-boards. The synthesis of multi-layerd structures requires the extensive use of algebraic transformations, which is not possible using the classical regular array theory. We apply the iso-plane method which was developed for mapping reductions into regular arrays. In this paper, we further develop the iso-plane method and use it in a more general case - for decomposing a problem into parallel, loosely coupled parts (layered); we provide the conditions for regularly increasing the degree of parallelism in the problem specification; and we introduce partial lexicographic orders for data propagation and provide the conditions for mapping these data propagation structures on to arrays View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Maximally abstract retrenchments

    Page(s): 133 - 142
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (852 KB)  

    The more obvious and well known drawbacks of using refinement as the sole means of progressing from an abstract model to a concrete implementation are reviewed. Retrenchment is presented in a simple partial correctness framework as a more flexible development concept for formally capturing the early and otherwise preformal stages of development, and briefly justified. Given a retrenchment from an abstract to a concrete model, the problem of finding a model at the level of abstraction of the abstract model, but refinable to the concrete one, is examined. A construction is given that solves the problem in a universal manner, there being a canonical factorisation of the original retrenchment, into a retrenchment to the universal system followed by an I/O-filtered refinement. The universality amounts to the observation that the retrenchment component of any similar factorisation, factors uniquely through the universal model. The construction's claim to be at the right level of abstraction is supported by an idempotence property. The consequences of including termination criteria in the formal models is briefly explored View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An integrated CSP-based tool for the visualisation, animation and performance evaluation of message passing algorithms

    Page(s): 189 - 198
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1468 KB)  

    This paper presents ongoing research and development on an integrated tool for the visualisation and animation of message-passing communicating systems described in Hoare's CSP (Communicating Sequential Processes). It introduces major new developments to the original VisualNets implemented in C++ and reported in (Abdallah, 1998). The new tool is implemented partly in Java and partly in the functional programming language Haskell. Not only does the new tool enjoy greater expressive power and a better user interface, it has new capabilities for aiding the user in animating, analysing and reasoning about CSP specifications. These include provisions for nested parallelism within a single node, improved profiling and animation, and the possibility of applying generic timing cost models for performance evaluation. The paper briefly describes the new features, explains the methods by which they have been implemented and illustrates their use with examples View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Filter promotion transformation strategies for deriving efficient programs from Z specifications

    Page(s): 157 - 167
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (732 KB)  

    In recent years there has been growing interest in systematic methods for refining Z specifications into programs. We consider a transformational programming strategy known as filter promotion and examine its use for refining a class of Z specifications into sequential as well as parallel programs. This strategy is particularly useful for transforming specification of generate and test problems into efficient algorithms. We find it convenient to use different notations at different level of abstractions: Z to capture the starting specification, Bird-Meertens functional notation to express algorithms and Hoare's CSP to describe parallelism and communications. The basic ideas are illustrated by systematic transformational developments of sequential and parallel algorithms for sorting and searching problems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mechanical verification of transaction processing systems

    Page(s): 89 - 97
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (768 KB)  

    Concerns the formal specification and mechanical verification of transaction processing systems aimed at distributed databases. In such systems, a standard set of ACID (Atomicity, Consistency, Isolation and Durability) properties must be ensured by a combination of concurrency control and recovery protocols. In the existing literature, these protocols are often studied in isolation, making strong assumptions about each other. The problem of combining them in a formal way has been largely ignored. To study the formal verification of combined protocols, we specify a transaction processing system, integrating strict two-phase locking, undo/redo recovery and two-phase commit. In our method, the locking and undo/redo mechanism at distributed sites is defined by state machines, whereas the interaction between sites according to the two-phase commit protocol is specified by assertions. We have proved, using the interactive proof checker of PVS, that our system satisfies atomicity, durability and serializability properties View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fragmented retrenchment, concurrency and fairness

    Page(s): 143 - 151
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (756 KB)  

    Retrenchment is presented in a simple relational framework as a more flexible development concept than refinement for capturing the early preformal stages of development, and briefly justified. Fragmented retrenchment permits the granularity of actions to decrease across a development step, many concrete steps retrenching a single abstract one. This generates the usual proliferation of interleavings of events at the concrete level. Event structures, particularly flow event structures, help to control these within the retrenchments of a single abstract step, while the concurrent reading of the fragmented retrenchment proof obligation permits acceptable interleavings of retrenchments of different steps. It is observed that retrenchment allows the convenient description of unfair behaviours when fairness is not guaranteed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Highly reliable component-based software development by using algebraic behavioral specification

    Page(s): 35 - 43
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (692 KB)  

    Component-based software development, in which software is developed by combining components and connectors, has gained in popularity because it can increase software productivity. To increase software productivity, components must be re-used, but to do so, we must select a software architecture. We propose a new software architecture called a “tree architecture”. It is represented by a special class of algebraic behavioral specification called “projection-style behavioral specification”. Recently, even component-based enterprise systems have been developed, so the importance of technologies to develop highly reliable component-based software has increased. We propose two such technologies using projection-style behavioral specification. One is a technology that assures the high reliability of connectors. The other is a technology that assures the consistency of software family evolution. The advantages of these technologies are that they can be automated View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal foundations of object-oriented modeling notations

    Page(s): 101 - 110
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (800 KB)  

    Describes and classifies the different solutions that have been proposed to realize the integration of graphic modeling languages, which are known and accepted by software developers, with formal modeling languages having analysis and verification tools. Inspired by that classification, we define a new integration proposal, based on first-order dynamic logic. The principal benefits of the proposed formalization can be summarized as follows. (i) The different views of a system are integrated in a single formal model; this allows us to define compatibility rules between the separate views, on both a syntactic and a semantic level. (ii) Using formal manipulation, it is possible to deduce further knowledge from the specification. (iii) Faults in the specifications, expressed using a user-friendly notation, can be revealed using analysis and verification techniques based on the formal kernel model. The principal difference between this model and other object-oriented formal models is that it integrates both of the levels in the modeling notation architecture into a single conceptual framework. The integration of modeling entities and modeled entities into a single formalism allows us to express both static and dynamic aspects of either the model or the modeled system within a first-order formalism View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Embedding formally proved code in a smart card: converting B to C

    Page(s): 15 - 22
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (604 KB)  

    Smart cards are small embedded devices with strong security requirements. To fulfil those requirements, formal methods appear as promising techniques. The B method has already been used to model smart-card components. However, smart cards have also very strong programming constraints, both for memory usage and computing power. Currently, the code generated from a B specification does not meet those constraints. This paper presents some classical optimisation techniques that are well-suited for B specifications and that need to be included within a code generator to embed this generated code View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • A unified algebraic framework for specifying communication protocols

    Page(s): 57 - 65
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (708 KB)  

    Provides a unified framework for the specification of communication protocols. This framework enables one to integrate different formalisms within algebraic specifications, permitting the description of the dynamic aspects of distributed systems, such as temporal logic, Petri nets and process algebra. These integrations provide different languages, allowing specifications which may include both the data aspects and the behavioral aspects of protocols. In addition, this paper gives a unified semantics for the different languages based on algebra and event structures. Finally, we illustrate our framework by specifying the Alternating Bit Protocol using the different behavioral formalisms View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An animatable operational semantics of the Verilog hardware description language

    Page(s): 199 - 207
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (688 KB)  

    An operational semantics of a significant subset of the Verilog hardware description language (HDL) is presented. The semantics is encoded using the logic programming language Prolog in a literate programming style. This allows the associated documentation to be maintained in step with the semantics, and the printed version to be presented in a standard mathematical operational semantics style. It also enables the semantics to be directly animated using a Prolog interpreter. Using this approach allows the exploration of sometimes subtle behaviours of parallel programs and the possibility of rapid changes or additions to the semantics of the language covered that could be missed otherwise. In addition, it provides and extra check on the validity of the operational semantics View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using use cases in Executable Z

    Page(s): 111 - 119
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (640 KB)  

    Use cases are a widespread informal method for specifying the requirements of a technical system in the early development phase. Z is a formal notation which aims to support, beside others, the specification of early requirements. We develop a representation of use cases in Z and apply it to several examples. Our focus is on instrumenting the formalization for black-box test evaluation in Executable Z, a computation model and implementation for Z based on concurrent constraint resolution View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ClawZ: control laws in Z

    Page(s): 169 - 176
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (480 KB)  

    ClawZ is a prototype tool whose objective is to link the Simulink(R) control engineering tool from MathWorks, with the ProofPower(R) dialect of Z. It provides a bridge between the use of Simulink to define control law diagrams and a tool to formally prove compliance between Ada and Z. The tool has been used as part of the formal proof of a nonlinear dynamic inversion flight control system comprising 37 pages of diagrams, 45 pages of Z and 1200 lines of non-comment Ada View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal treatment of a family of fixed-point problems on graphs by CafeOBJ

    Page(s): 67 - 74
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (432 KB)  

    A family of well-known problems on graphs, including the shortest path problem and the data flow analysis problem, can be uniformly formulated as a fixed-point problem on graphs. We specify this problem and its solution algorithm in a highly abstract manner, fully exploiting the parametrized module construct of CafeOBJ, an algebraic specification language. The objective of our research is to explore the effectiveness of formal methods, applying them not just to specific safety-critical programs but to general problems covering a wide range of applications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SPIN vs. VIS: a case study on the formal verification of the ATMR protocol

    Page(s): 79 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (628 KB)  

    Nowadays, there exist a wide variety of verification tools. Some, like the SPIN model checker, are designed and mainly used for the verification of interleaving software systems, such as communication protocols. Others, like VIS (Verification Interacting with Synthesis), are designed and used for synchronous hardware systems verification. In this paper, we compare and contrast SPIN and VIS. In particular, we devote a special attention to the efficiency of these tools for the verification of communications protocols that can be implemented either in software or hardware. As a basis of our comparison, we formally describe and verify the ATMR (Asynchronous Transfer Mode Ring) medium access protocol using SPIN, and its hardware implementation using VIS. We believe that this study is of particular interest, as more and more protocols, like the ATM protocol stack, are being implemented in hardware in order to match high speed requirements. However, this is not a formal comparison of SPIN and VIS View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Composing specifications in VSPEC

    Page(s): 45 - 53
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (696 KB)  

    As systems become increasingly complex and existing methodologies become insufficient to handle the complexity, the design community is beginning to look at formal methods for a possible solution. Techniques involving a limited use of formal techniques (such as semi-formal methods and equivalence checking) have given a glimpse of what full usage of formal techniques can achieve. For the use of formal methods to be a widely accepted methodology among designers, it must provide the designers with the capabilities of structuring specifications in a manner similar to the structuring they are used to using with programming languages. In this paper, we provide a description of the structuring capabilities of VSPEC (VHDL SPECification), a requirements specification language for VHDL. These capabilities include the use of multiple pre- and post-condition pairs within a single specification and combination of specifications using common Boolean operators View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Translating UAN into CSP

    Page(s): 121 - 129
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (596 KB)  

    We define a translation from the User Action Notation (UAN) to the process algebra Communicating Sequential Processes (CSP). UAN is an informal notation, used for task modeling and design. Translating a UAN task description to CSP provides a base for rigorous development of an interactive system. The resulting CSP description is a suitable abstract starting point for development, as it describes externally visible behaviour with no mention of presented or underlying state. Our translation covers all UAN constructs except for waiting, interruptibility and true concurrency which cannot be expressed in interleaving, un-timed CSP. Our approach integrates task models, typically based on user-oriented concerns, into rigorous development which is typically system-oriented. It provides a bases for a framework for formal development of interactive systems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Legacy code

    Page(s): 75
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (24 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Structuring reactive systems in B AMN

    Page(s): 25 - 33
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (644 KB)  

    B has been widely used for high-integrity systems development, for example in the railway industry. However, there are few published guidelines on how to structure B specifications for particular types of system, such as reactive control systems. In this paper, we describe a method to support the graphical design of systems using the B abstract machine notation (AMN), and we develop guidelines for expressing the structuring requirements of reactive systems in B View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.