By Topic

Software Specification and Design, 1993., Proceedings of the Seventh International Workshop on

Date Dec. 6 1993-Nov. 7 1993

Filter Results

Displaying Results 1 - 25 of 25
  • Proceedings of 1993 IEEE 7th International Workshop on Software Specification and Design

    Save to Project icon | Request Permissions | PDF file iconPDF (43 KB)  
    Freely Available from IEEE
  • Bridging the requirements gap: policies, goals and domains

    Page(s): 52 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB)  

    A model for requirements engineering is described which uses a taxonomy of goal-types to guide further analysis. Goals are classified according to the desired system state described in requirements statements. Heuristics then prompt further description of functions according to each goal class. Other analyses encourage expansion of goal statements into specification of objects agents, activity and information processes. These link functional decomposition of requirements to object oriented modelling. Implications of the model and supporting tools are briefly reviewed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards extensible graphical formalisms

    Page(s): 69 - 77
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (576 KB)  

    Discusses how to tailor a graphical notation on top of a kernel formal (graphical) specification language. The goal is to allow an environment supporting formal specifications written in a kernel formal notation to be extended to support additional, application domain-oriented graphical notations. The semantics of the newly defined notation is given by a translation scheme into the kernel notation. Our approach is founded on high-level Petri nets, the kernel formalism, and graph grammars, which define the new graphical notations and their translation into target nets. The paper provides examples of the definition of Statecharts on top of the kernel formalism. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An incremental approach to reachability analysis of distributed programs

    Page(s): 141 - 150
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (640 KB)  

    We present an incremental approach to reachability analysis of distributed programs with synchronous communication and mailbox naming. Each process in a distributed program can be modeled as a communicating finite state machine (CFSM). A set of CFSMs is organized into a hierarchy. We present an algorithm that, for a given hierarchy of a set M of CFSMs, incrementally composes and reduces subsets of CFSMs in M. This incremental reachability analysis guarantees the detection of global deadlocks. We provide an algorithm for selecting a hierarchy for a set of CFSMs and show an incremental analysis of the gas station problem. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A taxonomy of inheritance semantics

    Page(s): 194 - 203
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (796 KB)  

    One of the fundamental concepts of the object-oriented paradigm is inheritance. Unfortunately, though, there is not just one semantic definition of inheritance in the object-oriented world; instead, it is used in various languages to represent a number of different kinds of class relationships. This creates several difficulties. One is that language-independent references to inheritance, in specifications for example, are not well-defined. Another is that we cannot apply our understanding of inheritance from one language to another. In some languages, we cannot even apply the same understanding of inheritance from one class to another. This paper identifies three different ways in which inheritance is used, describes the conceptual distinctions among them, and identifies what information we can infer from each. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Related specifications reuse

    Page(s): 152 - 161
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (632 KB)  

    Building a program from an existing one-called design with program reuse-has a number of interesting payoffs but differs from classical program designs. This paper addresses the issue of program reuse in the context in which design is achieved by a transformational development. A design method for making easy the reuse is introduced. The idea is to highlight and exploit the link between two related specifications-the specification for which a program has to be developed and the specification of the program selected to be reused, in order to guide the program reuse. In practice, a set of "reuse schemes" is proposed and the program design is done by applying one or several of them to an initial specification. The use of such schemes allows to partially or completely systematize the program reuse by using first-order theorem proving. A reuse example illustrates the proposed design method. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification and refinement of a message router

    Page(s): 20 - 29
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (824 KB)  

    The paper considers a variant of the message router problem discussed during the Concurrency and Distribution sessions of IWSSD-6 by H.C. Cunningham and J.T. Udding (1992). First, it presents a high-level specification of the router as a reactive system expressed in the UNITY logic. Second, it refines the interface of the router using a new approach called the reactive envelope heuristic. Third, it decomposes the router into a grid of switches. In closing, the paper analyzes the specification and refinement techniques used in the study and proposes future research. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A pragmatic basis for the formal development of distributed systems

    Page(s): 132 - 140
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (636 KB)  

    We present a basis for the formal specification and stepwise development of distributed systems, i.e. programs which are intended (at least conceptually) to run on distributed-memory parallel machines which communicate via synchronized message-passing. Our approach was motivated by the need for a practicable formal complement to the informal "bubbles and arrows" reasoning which is typically used by those who develop such programs for real parallel machines. The approach extends the sequential refinement calculus to allow the introduction of CSP-style concurrency. This extension is achieved by augmenting the language of the sequential calculus with appropriate parallel constructs and by replacing the underlying weakest precondition semantics with an extended failures-divergences semantics originally used to give a denotational semantics to occam. The resulting calculus maintains the laws of the original sequential calculus while allowing the seamless introduction of concurrency. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using design fragments to modularize the design of communications in concurrent systems

    Page(s): 184 - 193
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (780 KB)  

    This paper introduces design fragments as a fundamental component of a design process for strong traceability in the design of concurrent systems. Design fragments represent reusable alternatives for the independent design of the communication requirements in a concurrent system. They are defined with formal relations to segments of communicating state machines, and are applied such that they satisfy the semantics of the communications defined by the specification. This paper introduces the concept of design fragments, the approach to developing and using them, along with an illustrative example. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taking more of the soft out of software engineering

    Page(s): 2 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (536 KB)  

    Conventional engineering disciplines use engineering models which allow the practising engineer to avoid the intricacies and complications of conventional mathematics. These models underpin the everyday work of the engineer and have solid foundations in science and the underlying mathematical theory. We discuss whether software engineering has developed corresponding engineering models and come to the conclusion that this has not yet happened. The reasons turn out to be different for programming in the small and programming in the large. The issue is of crucial importance in redirecting the efforts of researchers and practitioners interested in software engineering joining the brotherhood of mature engineering disciplines. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specifying reactive systems with attributed finite state machines

    Page(s): 90 - 99
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (676 KB)  

    An attributed finite state machine (AFSM) model for the behavioral specification of reactive systems is introduced. The basic idea is to attach attributes to the states of state machines in order to express values of system data and to define attribute computation in a functional way. A specification in an AFSM consists of a collection of state transition rules. Each of these rules specifies three aspects of a reactive system: (1) the dynamic behavior, (2) the data computation and (3) the time constraints of the reactive system. The dynamic behavior is specified by state transitions responding to external stimuli, and the data computation is performed according to functional attribute definitions. The time constraints are specified operationally in terms of the temporal relations that exist between the external stimuli and the system responses. Furthermore, the hierarchy of states based on superstates and the concurrency among independent system components, are introduced according to the method of Statecharts. These mechanisms provide an effective way to decompose and specify complex systems in a structured way. To show the effectiveness of the AFSM model, an assembly system is specified with respect to the abovementioned aspects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An empirical approach to software architectures

    Page(s): 47 - 51
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (416 KB)  

    The research community in the emerging area of software architecture has developed little consensus over the definition of architecture except that architecture is related to the structure of a system and the interaction among its components. Current efforts of building models of architecture have focused on taxonomy, description languages, and verification of architectural properties. What is missing is the focus on the pragmatic role of architecture in software development activities. We describe the state of the practice and the problems faced by architects and engineers. The challenge for the software engineering research community is to address these problems and produce scalable, practical results that will have a real impact on the developers, improving their productivity and the quality of systems they build. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identical tasks and counter variables in an integer programming-based approach to verification

    Page(s): 100 - 109
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (736 KB)  

    Analysis of concurrent systems is plagued by the state explosion problem. The constrained expression analysis technique uses necessary conditions, in the form of linear inequalities, to verify certain properties of concurrent systems without enumerating the system's states. While effective against the state explosion due to interleaving, the technique fails to yield a tractable analysis if the size of the components themselves grow exponentially due to the use of variables in the components. As a partial solution to this problem, we present a technique for representing certain program variables as integer programming variables. We also present a synergistic technique for efficiently representing many identical components in the context of an integer programming analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification approaches express different world hypotheses

    Page(s): 214 - 223
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (820 KB)  

    This paper presents four world views for developing system specifications. Each is described by first revealing its root metaphor, that is, the most primitive starting point for understanding a system. As each world view and its metaphor are described, we show how particular major current approaches to systems analysis and design fall within the view. We discuss how the root metaphor simultaneously provides useful system concepts while limiting their utility. The paper concludes by suggesting how practicing analysts can use world views to guard against missing important system aspects, avoid specification complexity, and ensure greater coverage and completeness. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modular reasoning about open systems: a case study of distributed commit

    Page(s): 30 - 39
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (812 KB)  

    We show how to reason about distributed database management systems, in which a commit protocol is used to coordinate activity of several resource managers. This is an interesting case study of an open system, in which each component is developed independently to operate with many possible environments. We give specifications for each resource manager, and a specification for the commit protocol, and show that the whole system is correct as long as each component has the properties required of it. We then show how to prove that specific examples have these properties. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An active hypertext model for system requirements

    Page(s): 62 - 68
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (628 KB)  

    We are developing tools to support a conversational metaphor for requirements definition and analysis. Our conversational model consists of three components: (1) a hypertextual representation of requirements and their interrelations, (2) an issue-based speech act model, and (3) a typology of changes. These components act together in a model we call the 'inquiry cycle'. We discuss requirements analysis activities supported by the conversational model, including information retrieval and navigation, rationale management, and agenda management. We have implemented a prototype active hypertext system, and we have applied our model and implementation to the requirements for an ATM banking system, an example we use in the paper for illustration. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Predicting operational behaviour of abstract programs during formal developments

    Page(s): 172 - 181
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (836 KB)  

    Several formal approaches for the development of programs have been suggested including the transformational approach which allows to express formal developments as a linear equational proof. These developments lead to produce on the one hand the suited program satisfying its formal initial specifications and, on the other hand, the proof of correctness of this development. In most of the cases, this correctness is concerned with only functional aspects. Operational aspects are taken into account intuitively. This paper deals with nonfunctional correction of software. We suggest a transformational approach which allows the developer to produce cost expressions that can be interpreted in order to evaluate and get the benefit yielded by a given transformation application. These cost expressions are correctly associated to the intermediate objects of the development (abstract programs). We present a classification of the properties which are studied during the development phase and the correct formal transformational process allowing to get a particular evaluator for each kind of nonfunctional properties. Applications are given as well. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Requirements elicitation and formalization through external design and object-oriented specification

    Page(s): 78 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (600 KB)  

    Presents an integrated methodology for deriving the requirements of an information system based on the design of the organizational components external to the computer. This methodology, which is supported by CASE software, results in the definition and formal specification of computer objects that satisfy the information system requirements. Such objects can be executed for requirements validation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fine-grain process modelling

    Page(s): 42 - 46
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (460 KB)  

    We propose the use of fine-grain process modelling as an aid to software development. We suggest the use of two levels of granularity, one at the level of the individual developer and another at the level of the representation scheme used by that developer. The advantages of modelling the software development process at these two levels, we argue, include respectively: the production of models that better reflect actual development processes because they are oriented towards the actors who enact them; and models that are vehicles for providing guidance because they may be expressed in terms of the actual representation schemes employed by those actors. We suggest that the previously published approach (A. Finkelstein et al., 1990; 1992) of using multiple "ViewPoints" to model software development participants, the perspectives that they hold, the representation schemes that they deploy and the process models that they maintain, is one way of supporting the fine-grain modelling we advocate. We point to some simple, tool-based experiments we have performed that support this proposition. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reflective specification: applying a reflective language to formal specification

    Page(s): 204 - 213
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (764 KB)  

    This paper reports on a technique for specifying concurrent systems by using a formal specification language with reflective computation mechanism. We call the specifications written by a reflective language reflective specifications. Our reflective language is an enhanced version of LOTOS (Language of Temporal Ordering Specification). We embedded reflection or reflective computation facilities to behaviour specification part of LOTOS in order to define complex behaviour in a simple and natural way. Reflection in a program is a mechanism to access and modify its execution states which its executor has. Our enhanced version of LOTOS is called RLOTOS, and has two level architecture - object level and meta level. The processes in the meta level, called meta processes, have the computational information and interpret the behaviour expressions of their object level processes. We can define meta processes in the same manner as LOTOS processes to control the behaviour of the object level processes. In this paper, we present a case study of specifying an operating system by using RLOTOS. Furthermore we discuss the method to construct comprehensive formal specifications by using reflective languages and explore the applicability of the reflective language to formal specification. The essential point of comprehensiveness is that the meta properties of the system such as control characteristics can be specified separately from the object level properties. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Petri-net-based approach to real-time program analysis

    Page(s): 56 - 60
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (404 KB)  

    We propose to extend existing Petri-net-based tools for concurrency analysis to real-time analysis. The goal is to create a fully automated system, which starts from code in a higher level language for real-time programming, and answers programmers' queries about timing properties of the code. The key difficulty with all reachability-based approaches is that the state space quickly becomes intractably large. To circumvent this state explosion problem, we propose using a combination of several heuristics for model reduction and state space reduction that have been effective for untimed concurrency analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design and validation of a message-passing system

    Page(s): 10 - 19
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (688 KB)  

    The paper describes a case study for designing and validating the core of a message-passing communication system. The approach is based on the use of the Petri Net Workbench, the protocol validation language, PROMELA, and its simulator/validator, SPIN. By using these tools, a protocol and underlying hardware for communicating between two heterogeneous computer systems is designed and validated. A reachability analysis is performed which includes a check for live- and dead-lock system states. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for program development based on schematic proof

    Page(s): 162 - 171
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (836 KB)  

    Often, calculi for manipulating and reasoning about programs can be recast as calculi for synthesizing programs. The difference involves often only a slight shift of perspective: admitting metavariables into proofs. We propose that such calculi should be implemented in logical frameworks that support this kind of proof construction and that such an implementation can unify program verification and synthesis. The proposal is illustrated with a worked example developed in L.C. Paulson's (1990) Isabelle system. We also give examples of existent calculi that are closely related to the methodology we are proposing and others that can be profitably recast using the approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Merlot: a tool for analysis of real-time specifications

    Page(s): 110 - 119
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (800 KB)  

    Real-time systems are becoming increasingly important in the everyday life. The use of such systems for critical applications requires tools and techniques for increasing correctness and reliability of the final product. In this paper, we describe a toolset (Merlot) for analysing real-time system specifications. Merlot allows the automatic verification of temporal properties for a large set of specifications and requires interaction with the user only when the complexity of the specification overcomes a reasonable automatable level. Merlot has been built with the aim of verifying both the feasibility of the approach and the applicability of the analysis techniques to real problems, that is to identify classes of problems that can be analysed with little or no interaction with the user in a reasonable amount of time. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specifying reactive systems by abstract events

    Page(s): 122 - 131
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (720 KB)  

    Considers the problem of specifying reactive systems at different levels of abstraction and proposes a method for connecting the requirements to the design phase. As in a variety of other approaches, we assume that a process is modelled by a labelled transition system. The requirements phase is supposed to define a class of models, while at the design level (usually via a stepwise refinement), essentially one model is singled out. The connection between the two phases is provided by the notion of an abstract event, with its associated specification language. An abstract event is defined as a set of concrete instances, which are labelled transition sequences and can occur as partial paths over labelled transition trees. Abstract events, which may be non-instantaneous and overlapping, are a flexible tool for expressing abstract requirements and, because of their semantics in terms of labelled transition sequences, provide a rather transparent support to the refinement procedure. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.