Results 1  10
of
13
Formal Specification: a Roadmap
, 2000
"... Formal specifications have been a focus of software engineering research for many years and have been applied in a wide variety of settings. Their industrial use is still limited but has been steadily growing. After recalling the essence, role, usage, and pitfalls of formal specification, the pa ..."
Abstract

Cited by 48 (0 self)
 Add to MetaCart
Formal specifications have been a focus of software engineering research for many years and have been applied in a wide variety of settings. Their industrial use is still limited but has been steadily growing. After recalling the essence, role, usage, and pitfalls of formal specification, the paper reviews the main specification paradigms to date and discuss their evaluation criteria. It then provides a brief assessment of the current strengths and weaknesses of today's formal specification technology. This provides a basis for formulating a number of requirements for formal specification to become a core software engineering activity in the future.
A Comprehensive Survey of Trends in Oracles for Software Testing
, 2013
"... Testing involves examining the behaviour of a system in order to discover potential faults. Determining the desired correct behaviour for a given input is called the “oracle problem”. Oracle automation is important to remove a current bottleneck which inhibits greater overall test automation; witho ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
Testing involves examining the behaviour of a system in order to discover potential faults. Determining the desired correct behaviour for a given input is called the “oracle problem”. Oracle automation is important to remove a current bottleneck which inhibits greater overall test automation; without oracle automation, the human has to determine whether observed behaviour is correct. The literature on oracles has introduced techniques for oracle automation, including modelling, specifications, contractdriven development and metamorphic testing. When none of these is completely adequate, the final source of oracle information remains the human, who may be aware of informal specifications, expectations, norms and domain specific information that provide informal oracle guidance. All forms of oracle, even the humble human, involve challenges of reducing cost and increasing benefit. This paper provides a comprehensive survey of current approaches to the oracle problem and an analysis of trends in this important area of software testing research and practice.
Compositional Analysis of Dynamical Systems using Predicate Transformers (Summary).
, 1993
"... Introduction We propose a complementary approach to discrete dynamical systems, using predicate transformers. We present general concepts like invariance and attraction, and we propose properties to characterize the structure of invariants. Then we present the concept of composition of dynamical sy ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
(Show Context)
Introduction We propose a complementary approach to discrete dynamical systems, using predicate transformers. We present general concepts like invariance and attraction, and we propose properties to characterize the structure of invariants. Then we present the concept of composition of dynamical systems. We define algebraic operators on systems and we try to discover how dynamical properties of small systems are preserved or transformed when these are composed into more complex systems. Finally, we illustrate this approach on an example. We work with a space E (e.g. N, or R), and extend functions from E to E into functions PE ! PE, which are invertible. Any subset of E can be described by a predicate. For example, an interval [a; b] ` R is defined by the predicate P (x) =
Requirements Engineering: From Craft to Discipline
, 2008
"... Getting the right software requirements under the right environment assumptions is a critical precondition for developing the right software. This task is intrinsically difficult. We need to produce a complete, adequate, consistent, and wellstructured set of measurable requirements and assumptions ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Getting the right software requirements under the right environment assumptions is a critical precondition for developing the right software. This task is intrinsically difficult. We need to produce a complete, adequate, consistent, and wellstructured set of measurable requirements and assumptions from incomplete, imprecise, and sparse material originating from multiple, often conflicting sources. The system we need to consider comprises software and environment components including people and devices. A rich system model may significantly help us in this task. Such model must integrate the intentional, structural, functional, and behavioral facets of the system being conceived. Rigorous techniques are needed for model construction, analysis, exploitation, and evolution. Such techniques should support early and incremental reasoning about partial models for a variety of purposes including satisfaction arguments, property checks, animations, the evaluation of alternative options, the analysis of risks, threats, and conflicts, and traceability management. The tension between technical precision and practical applicability calls for a suitable mix of heuristic, deductive, and inductive forms of reasoning on a suitable mix of declarative and operational specifications. Formal techniques should be deployed only when and where needed, and kept hidden wherever possible. The paper provides a retrospective account of our research efforts and practical experience along this route. Problemoriented abstractions, analyzable models, and constructive techniques were permanent concerns.
Proving the Temporal Properties of the Unique World
, 1999
"... The behavior of concurrent and parallel programs can be specified in a functional style. We introduced a relational model for synthesizing abstract parallel imperative programs earlier. In this paper we investigate the applicability of the specification and verification tools of the model for provin ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
The behavior of concurrent and parallel programs can be specified in a functional style. We introduced a relational model for synthesizing abstract parallel imperative programs earlier. In this paper we investigate the applicability of the specification and verification tools of the model for proving temporal properties of concrete programs written in a pure functional language, in Concurrent Clean. Destructive updates preserving referential transparency are possible by using so called unique types. Clean programs perform I/O by accessing their unique environment. We present a methodology for proving safety and liveness properties of concurrent, interleaved Clean Object I/O processes and show examples for verification of simple Clean programs.
CONCURRENCY WITHOUT TOIL a systematic method for parallel program design
, 1993
"... . Formal tools and methods for the design of concurrent programs can be very similar to their sequential counterparts, but nevertheless concurrent programming seems more difficult than sequential programming. Detailed examples in the literature suggest that this particular difficulty originates ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
. Formal tools and methods for the design of concurrent programs can be very similar to their sequential counterparts, but nevertheless concurrent programming seems more difficult than sequential programming. Detailed examples in the literature suggest that this particular difficulty originates from interaction problems, when a fine grain of parallelism is required. A systematic technique is proposed to transform a coarsegrained version of a concurrent system into a finergrained one, through a series of refinements. This technique is illustrated with a classical but still unproved algorithm for mutual exclusion. The incremental development clearly involves two kinds of steps. "Creative" transformations appear mainly at the beginning; these steps are short but rather subtle. "Technical " transformations are routine steps but involve lengthy formal developments. With a careful separation of creative and technical refinements, developments of concurrent programs become lon...
Relating State Transformation Semantics and Predicate Transformer Semantics for Parallel Programs
, 1993
"... A state transformation semantics and a predicate transformer semantics for programs built from atomic actions, sequential composition, nondeterministic choice, parallel composition, atomisation, and recursion are presented. Both semantic models are derived from some SOSstyle labelled transition sys ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
A state transformation semantics and a predicate transformer semantics for programs built from atomic actions, sequential composition, nondeterministic choice, parallel composition, atomisation, and recursion are presented. Both semantic models are derived from some SOSstyle labelled transition system. The state transformation semantics and the predicate transformer semantics are shown to be isomorphic extending results of Plotkin and Best. AMS Subject Classification (1991): 68Q55 CR Subject Classification (1991): D.3.1, F.3.2 Keywords & Phrases: state transformation, predicate transformer, isomorphism, labelled transition system, parallelism Note: This work was partially supported by the Netherlands Nationale Faciliteit Informatica programme, project Research and Education in Concurrent Systems (REX).
On Composing Problems and Parallel Programs
, 1996
"... We introduce the basic concepts of a relational model of parallel programming. We define the concepts of a problem, an abstract program and a solution. Our approach is functional, problems are given an own semantical meaning. The abstract program is regarded as a relation generated by a set of nonde ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We introduce the basic concepts of a relational model of parallel programming. We define the concepts of a problem, an abstract program and a solution. Our approach is functional, problems are given an own semantical meaning. The abstract program is regarded as a relation generated by a set of nondeterministic conditional assignments similar to the concept of abstract program in UNITY. We introduce the behaviour relation of a parallel program which is easy to compare to the relation which is the interpretation of a problem. This paper covers only a brief summary of the model. For further information see [7]. The main goal of this paper is to introduce some basic composition methods for parallel programs and problems. We define the union, extension and sequence of problems. Similarly we formalize the concept of union, superposition and sequence of parallel programs. We analyze how one can solve a compound problem using the appropriate program construct. Categories and Subject Descripto...
A Completion of the Sinvariance Technique by means of Fixed Point Algorithms
, 1995
"... : In this paper we transform bounded Petri net systems into transition systems in order to have a bridge between Petri nets and temporal logic. We then use structural knowledge of the Petri nets (Sinvariants, traps) to accelerate fixed point calculations in the transition systems. This technique c ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
: In this paper we transform bounded Petri net systems into transition systems in order to have a bridge between Petri nets and temporal logic. We then use structural knowledge of the Petri nets (Sinvariants, traps) to accelerate fixed point calculations in the transition systems. This technique comprises solutions of such problems which are not solvable by Sinvariance technique. By a new concept for a very compact representation of net markings, the ordered natural decision diagrams (ONDDs), we gain a further considerable acceleration of the fixed point calculations. The ONDDs are a generalization of the ordered binary decision diagrams (OBDDs) due to Bryant. Keywords: Petri nets, Sinvariants, traps, transition systems, temporal logic, ordered natural decision diagrams (ONDDs), ordered binary decision diagrams (OBDDs) Table of Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2 Transition Systems and Fixed Point Operators : : : : : : : ...
Atomicity Refinement and Trace Reduction Theorems
, 1996
"... . Assertional methods tend to be useable for abstract, coarsegrained versions of concurrent algorithms, but quickly become intractable for more realistic, finergrained implementations. Various tracereduction methods have been proposed to transfer properties of coarsegrained versions to finergra ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
. Assertional methods tend to be useable for abstract, coarsegrained versions of concurrent algorithms, but quickly become intractable for more realistic, finergrained implementations. Various tracereduction methods have been proposed to transfer properties of coarsegrained versions to finergrained versions. We show that a more direct approach, involving the explicit construction of an (inductive) invariant for the finergrained version, is theoretically more powerful, and also more appropriate for computeraided verification. 1 Introduction Recents improvements in methods and tools for testing the validity of propositional and predicate logic formulas have revived the interest in assertional methods for concurrent system verification. Indeed, at least as far as safety properties are concerned, Hoare's logic and Dijkstra's predicate transformer calculus reduce the correctness problem for programs to the validity problem for logical formulas. However, as soon as loops occur in pro...