By Topic

Automated Software Engineering, 2001. (ASE 2001). Proceedings. 16th Annual International Conference on

Date 26-29 Nov. 2001

Filter Results

Displaying Results 1 - 25 of 70
  • Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001) [front matter]

    Save to Project icon | Request Permissions | PDF file iconPDF (265 KB)  
    Freely Available from IEEE
  • Author index

    Page(s): 441 - 442
    Save to Project icon | Request Permissions | PDF file iconPDF (100 KB)  
    Freely Available from IEEE
  • Automatic test data generation for programs with integer and float variables

    Page(s): 13 - 21
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (868 KB) |  | HTML iconHTML  

    The paper presents a novel approach for automated test data generation of imperative programs containing integer, boolean and/or float variables. Our approach is based on consistency techniques integrating integer and float variables. We handle statement, branch and path coverage criteria. Our purpose is thus to automatically generate test data that will cause the program to execute a statement, to traverse a branch or to traverse a specified path. For path coverage, the specified path is transformed into a path constraint which is solved by an interval-based constraint solving algorithm handling integer, boolean and real variables. A valid test input is then extracted from the interval solutions. For statement (and branch) coverage, a path reaching the specified statement or branch is dynamically constructed. Our algorithm for path coverage is then applied. The search for a suitable path and the solving of path constraints make extensive use of consistency techniques. We propose a simple consistency notion called eBox consistency, for generalizing box consistency to integer and float variables. The eBox consistency is sufficient for our purpose. A prototype has been developed and experimental results show the feasibility of our approach. This work is an extension of work by A. Gotlieb (2000) for float and boolean variables. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Providing early feedback in the development cycle through automated application of model checking to software architectures

    Page(s): 341 - 345
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (605 KB) |  | HTML iconHTML  

    The benefits of evaluating properties of software architectures stem from two important software architecture roles: (1) providing an opportunity to evaluate requirements and correct defects prior to implementation; and (2) serving as a blueprint for system developers. The paper focuses on a new software architecture evaluation tool called Architecture Analysis Dynamic Environment (Arcade) that uses model checking to provide software architecture safety and liveness evaluation during the requirements gathering and analysis phase. Model checking requires expertise not typically held by systems analysts and software developers. Thus, two barriers to applying model checking must be addressed: (1) translation of the software architecture specification to a form suitable for model checking, and (2) interpretation of the results of model checking. Arcade provides an automated approach to these barriers, allowing model checking of software architectures to be added to the list of techniques available to software analysts and developers focusing on requirements gathering and analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TestEra: a novel framework for automated testing of Java programs

    Page(s): 22 - 31
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (900 KB) |  | HTML iconHTML  

    We present TestEra, a novel framework for automated testing of Java programs. TestEra automatically generates all non-isomorphic test cases within a given input size and evaluates correctness criteria. As an enabling technology, TestEra uses Alloy, a first-order relational language, and the Alloy Analyzer. Checking a program with TestEra involves modeling the correctness criteria for the program in Alloy and specifying abstraction and concretization translations between instances of Alloy models and Java data structures. TestEra produces concrete Java inputs as counterexamples to violated correctness criteria. The paper discusses TestEra's analyses of several case studies: methods that manipulate singly linked lists and red-black trees, a naming architecture, and a part of the Alloy Analyzer. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model-checking real-time concurrent systems

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (175 KB)  

    Summary form only given, as follows. A concurrent real-time system is a system of many components, that should deliver the result in a particular time interval. The design of such a system is generally complex, with high possibility of errors. Thus it is very important to be able to verify the correctness of the design itself, before going on to implementation stage. Model-checking is a powerful approach to design verification which provides techniques for automatic determination of whether a design (model) of the system satisfies desired properties expressed in formal logic. Main problems that model-checking algorithms have to address are: state space of any concurrent system grows exponentially with the number of components of the system - state explosion problem; Addition of time (for modeling real-time systems) means that there are infinitely many concrete states of the system. Both of these mean that model-checking takes a long time and a lot of space. There are a number of approaches to model-checking providing partial solutions to these problems. However a lot of improvement is still desired to make practical model-checking of real systems feasible. Moreover, the more expressive the design technique is, and the more expressive the specification language is, the more complex becomes the problem of model-checking. Current state of the art model-checkers have fairly simple modeling means and specification languages, thus restricting developer in their capabilities. In this project a relatively new approach to model checking is taken - the use of abstract game theory, with the model-checking algorithm being implemented as an abstract game. In this approach reasoning is made over sets of states satisfying some properties, not individual states, thus reducing the size of the state-space to be searched. Also in this project the more expressive models of concurrent real-time systems and the more expressive specification logics are to be brought together to allow checking of complex properties of complex systems. A tangible deliverable will be a model-checking tool that should have a number of advantages over current state of the art model-checkers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Higher order function synthesis through proof planning

    Page(s): 307 - 310
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (476 KB) |  | HTML iconHTML  

    The close association between higher order functions and algorithmic skeletons is a promising source of automatic parallelisation of programs. An approach to automatically synthesizing higher order functions from functional programs through proof planning is presented Our work has been conducted within the context of a parallelising compiler for SML, with the objective of exploiting parallelism latent in potential higher order function use in programs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security specification and verification

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (204 KB)  

    Formalizing security requirements has received a significant attention since the 70s. However a general method for specifying security requirements is still missing. Especially, little work has been presented on specifying and verifying that a given application is a secure resource consumer The purpose of this work is to set up a methodology for (1) specifying security requirements of service providers and (2) proving that some application securely uses some resources. The developed theory will be evaluated and applied in two different areas: secure mobile code development and secure COTS-based software development. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated check of architectural models consistency using SPIN

    Page(s): 346 - 349
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (480 KB) |  | HTML iconHTML  

    In recent years the necessity for handling different aspects of the system separately has introduced the need to represent SA (software architectures) from different viewpoints. In particular, behavioral views are recognized to be one of the most attractive features in the SA description, and in practical contexts, state diagrams and scenarios are the most widely used tools to model this view. Although very expressive, this approach has two drawbacks: system specification incompleteness and view consistency. Our work can be put in this context with the aim of managing incompleteness and checking view conformance: we propose the use of state diagrams and scenario models for representing system dynamics at the architectural level; they can be incomplete and we want to prove that they describe, from different viewpoints, the same system behavior. To reach this goal, we use the SPIN model checker and we implement a tool to manage the translation of architectural models in Promela and LTL. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A concurrency test tool for Java monitors

    Page(s): 421 - 425
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (522 KB) |  | HTML iconHTML  

    The Java programming language supports monitors. Monitor implementations, like other concurrent programs, are hard to test due to the inherent non-determinism. This paper presents the ConAn (Concurrency Analyser) tool for generating drivers for the testing of Java monitors. To obtain adequate controllability over the interactions between Java threads, the generated driver contains processes that are synchronized by a clock. The driver automatically executes the calls in the test sequence in the prescribed order and compares the outputs against the expected outputs specified in the test sequence. The method and tool are illustrated on an asymmetric producer-consumer monitor and their application to two other monitors is discussed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification modeling and validation applied to a family of network security products

    Page(s): 71 - 80
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (976 KB) |  | HTML iconHTML  

    A high-bandwidth, always-on Internet connection makes computers in homes and small offices attractive targets for network-based attacks. Network security gateways can protect such vulnerable hosts from attackers, but differing sets of customer needs require different feature mixes. The safest way to address this market is to provide a family of products, each member of which requires little or no end-user configuration. Since the products are closely related, the effort to validate n of them should be much less than n times the effort to validate one; however validating the correctness and security of even one such device is notoriously difficult, due to the oft-observed fact that no practical amount of testing can show the absence of security flaws. One would instead like to prove security properties, even when the products are implemented using off-the-shelf technologies that don't lend themselves to formal reasoning. The author describes how the specification modeling and validation tools of the Interactive Specification Acquisition Tools (ISAT) suite are used to help validate members of a particular family of network security gateway products built using widely available open source technologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design rationale for software maintenance

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (207 KB) |  | HTML iconHTML  

    For a number of years, members of the artificial intelligence (AI) in design community have studied design rationale (DR), the reasons behind decisions made while designing. A record of what decisions were made, and why, is especially valuable for software maintenance. One reason for this is that the software lifecycle is a long one. Large projects may take years to complete and spend even more time out in the field being used (and maintained). The combination of a long lifecycle and the typically high personnel turnover in the software industry increases the probability that the original designer is unlikely to be available for consultation when problems arise. J. Lee's survey (1997) presents an excellent overview of DR research. There has also been work specific to software design, such as Boehm's WinWin (1994). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Generating EDI message translations from visual specifications

    Page(s): 35 - 42
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1473 KB) |  | HTML iconHTML  

    Electronic data interchange (EDI) systems are used in many domains to support inter-organisational information exchange. To get systems using different EDI message formats to communicate, complex message translations (where data must be transformed from one EDI message format into another), are required. We describe a visual language and support environment which greatly simplify the task of the systems integrator by using a domain-specific visual language to express data formats and format translations. Complex message translations are automated by an underlying transformation engine. We describe the motivation for this system, its key visual language and transformation engine features, a prototype environment, and experience translating it into a commercial product. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling class operations in B: Application to UML behavioral diagrams

    Page(s): 289 - 296
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (698 KB) |  | HTML iconHTML  

    An appropriate approach for translating UML to B formal specifications allows one to use UML and B jointly in a unified, practical and rigorous software development. We formally analyze UML specifications via their corresponding B formal specifications. This point is significant because B support tools like AtelierB are available. We can also use UML specifications as a tool for building B specifications, so the development of B specifications become easier In this paper we address the problem of automatic derivation from UML behavioral diagrams into B specifications, which has been so far an open issue. A new approach for modeling class operations in B is presented Each class operation is mapped into a B operation. A class operation and its involved data are mapped into the same B abstract machine (BAM). The class operation calling-called dependency is used to arrange derived B operations into BAMs. For each calling-called pair of class operations, the B operation of the called operation participates in the implementation of the B operation of the calling operation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automating the performance and reliability analysis of enterprise information systems

    Page(s): 350 - 353
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (558 KB) |  | HTML iconHTML  

    Good quality models for the analysis of complex enterprise information systems (EIS) are hard to build and require lots of experience and effort, which are not always available. A possible solution to deal with the previous issue is to build automated procedures for quality model generation. Such procedures will encapsulate previous existing knowledge on quality modeling and their use will reduce the cost of developing quality models. The authors concentrate on the performance and reliability of EIS and investigate the automatic generation of quality models from EIS architectural descriptions comprising additional information related to the aspects that affect the quality of the EIS. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcing business policies through automated reconfiguration

    Page(s): 426 - 429
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (536 KB) |  | HTML iconHTML  

    In this paper, we address dynamic reconfiguration from the point of view of the enforcement of the policies that organisations wish to see imposed through the way information systems support business. We address the process of evolution by proposing a primitive-coordination context-for modelling the circumstances in which reconfiguration can and should take place. The idea is for business policies to emerge as properties of process executions when controlled through the coordination contexts that will have been defined for supporting business activities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementation of specification conjunction and domain interaction in Rosetta

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (209 KB)  

    Summary form only given. System level design is nowadays a complex process due to heterogeneity of domains of components in a single system. The language standard, Rosetta, was proposed as a means to help in such designs. An important feature in Rosetta is known as domain interaction and involves the analysis of interaction between models from domain to domain. The resulting iteration models can then be used to ensure correctness of the system at the design level. The goal of my doctoral dissertation is therefore to implement the semantics of domain interactions in Rosetta and to apply it in the specification of real world examples. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Test purposes: adapting the notion of specification to testing

    Page(s): 127 - 134
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (843 KB) |  | HTML iconHTML  

    Nowadays, test cases may correspond to elaborate programs. It is therefore sensible to try to specify test cases in order to get a more abstract view of these. This paper explores the notion of test purpose as a way to specify a set of test cases. It shows how test purposes are exploited today by several tools that automate the generation of test cases. It presents the major relations that link test purposes, test cases and reference specification. It also explores the similarities and differences between the specification of test cases, and the specification of programs. This opens perspectives for the synthesis and the verification of test cases, and for other activities like test case retrieval. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Better reasoning about software engineering activities

    Page(s): 391 - 394
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (443 KB) |  | HTML iconHTML  

    Software management oracles often contain numerous subjective features. At each subjective point, a range of behaviors is possible. Stochastic simulation samples a subset of the possible behaviors. After many such stochastic simulations, the TAR2 treatment learner can find control actions that have (usually) the same impact despite the subjectivity of the oracle. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated software engineering using concurrent class machines

    Page(s): 297 - 304
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (974 KB) |  | HTML iconHTML  

    Concurrent Class Machines are a novel state-machine model that directly captures a variety of object-oriented concepts, including classes and inheritance, objects and object creation, methods, method invocation and exceptions, multithreading and abstract collection types. The model can be understood as a precise definition of UML activity diagrams which, at the same time, offers an executable, object-oriented alternative to event-based statecharts. It can also be understood as a visual, combined control and data flow model for multithreaded object-oriented programs. We first introduce a visual notation and tool for Concurrent Class Machines and discuss their benefits in enhancing system design. We then equip this notation with a precise semantics that allows us to define refinement and modular refinement rules. Finally, we summarize our work on generation of optimized code, implementation and experiments, and compare with related work. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Combining static analysis and model checking for software analysis

    Page(s): 262 - 269
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (833 KB) |  | HTML iconHTML  

    We present an iterative technique in which model checking and static analysis are combined to verify large software systems. The role of the static analysis is to compute partial order information which the model checker uses to reduce the state space. During exploration, the model checker also computes aliasing information that it gives to the static analyzer which can then refine its analysis. The result of this refined analysis is then fed back to the model checker which updates its partial order reduction. At each step of this iterative process, the static analysis computes optimistic information which results in an unsafe reduction of the state space. However, we show that the process converges to a fixed point at which time the partial order information is safe and the whole state space is explored. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A tool for lazy verification of security protocols

    Page(s): 373 - 376
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (448 KB) |  | HTML iconHTML  

    We present the lazy strategy implemented in a compiler of cryptographic protocols, Casrul. The purpose of this compiler is to verify protocols and to translate them into rewrite rules that can be used by several kinds of automatic or semi-automatic tools for finding flaws, or proving properties. It is entirely automatic, and the efficiency of the generated rules is guaranteed because of the use of a lazy model of intruder behavior. This efficiency is illustrated on several examples. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wins and losses of algebraic transformations of software architectures

    Page(s): 51 - 60
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (867 KB) |  | HTML iconHTML  

    In order to understand, analyze and modify software, we commonly examine and manipulate its architecture. For example, we may want to examine the architecture at different levels of abstraction. We can view such manipulations as architectural transformations, and more specifically, as graph transformations. We evaluate relational algebra as a way of specifying and automating the architectural transformations. Specifically, we examine Grok, a relational calculator that is part of the PBS toolkit. We show that relational algebra is practical in that we are able to specify many of the transformations commonly occurring during software maintenance and, using a tool like Grok, we are able to manipulate, quite efficiently, large software graphs; this is a "win". However, this approach is not well suited to express some types of transforms involving patterns of edges and nodes; this is a "loss". By means of a set of examples, the paper makes clear when the approach wins and when it loses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tailoring a COTS group support system for software requirements inspection

    Page(s): 201 - 208
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1001 KB) |  | HTML iconHTML  

    The inspection of early life-cycle artifacts such as requirement documents promises great benefits. However, research demonstrates that the inspection process is complex and expensive and that tool support would be highly desirable. Existing inspection tools focus largely on the inspection of source code. We have therefore devised groupware support for inspecting requirements. Based on our experience with adopting a group support system (GSS) for requirements negotiation, we decided to tailor this commercial GSS to support inspection of requirements. The paper discusses our concept of a Groupware-supported Requirements Inspection Process (GRIP) and shows that tailoring a COTS GSS works well to automate this process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Monitoring programs using rewriting

    Page(s): 135 - 143
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (870 KB) |  | HTML iconHTML  

    We present a rewriting algorithm for efficiently testing future time Linear Temporal Logic (LTL) formulae on finite execution traces. The standard models of LTL are infinite traces, reflecting the behavior of reactive and concurrent systems which conceptually may be continuously alive. In most past applications of LTL, theorem provers and model checkers have been used to formally prove that down-scaled models satisfy such LTL specifications. Our goal is instead to use LTL for up-scaled testing of real software applications, corresponding to analyzing the conformance of finite traces against LTL formulae. We first describe what it means for a finite trace to satisfy an LTL formula and then suggest an optimized algorithm based on transforming LTL formulae. We use the Maude rewriting logic, which turns out to be a good notation and being supported by an efficient rewriting engine for performing these experiments. The work constitutes part of the Java PathExplorer (JPAX) project, the purpose of which is to develop a flexible tool for monitoring Java program executions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.