This paper describes methods for automatically analyzing formal, state-based requirements specifications for completeness and consistency. The approach uses a low-level functional formalism, simplifying the analysis process. State space explosion problems are eliminated by applying the analysis at a high level of abstraction; i.e, instead of generating a reachability graph for analysis, the analysis is performed directly on the model. The method scales up to large systems by decomposing the specification into smaller, analyzable parts and then using functional composition rules to ensure that verified properties hold for the entire specification. The analysis algorithms and tools have been validated on TCAS II, a complex, airborne, collisionavoidance system required on all commercial aircraft with more than 30 passengers that fly in U.S. airspace. 1 Introduction This paper describes methods and tools for automatically analyzing software requirements for completeness and consistency. C...

The motivation for this paper, the first in a planned series of three parts, is the multitude of concepts surrounding the proper definition of complex modeling languages for systems and software, and the confusion that this often causes.

. This paper provides a formal foundation for distributed workflow executions. The state chart formalism is adapted to the needs of a workflow model in order to establish a basis for both correctness rea- soning and run--time support for complex and large--scale workflow applications. To allow for the distributed execution of a workflow across different workflow servers, which is required for scalability and organizational decentralization, a method for the partitioning of workflow specifications is developed. It is proven that the partitioning preserves the original state chart's behavior. 1 Introduction Workflow management is a rapidly growing research and development area of very high practical relevance [GHS95, Mo96, VB96, WfMC95, Sh96]. Typical examples of (semi--automated) workflows are the processing of a credit request in a bank, the edito- rial handling and refereeing process for papers in an electronic journal, or the medical treatment of patients in a hospital. Informa...

Hierarchical graphs and clustered graphs are useful non-classical graph models for structured relational information. Hierarchical graphs are graphs with layering structures; clustered graphs are graphs with recursive clustering structures. Both have applications in CASE tools, software visualization, and VLSI design. Drawing algorithms for hierarchical graphs have been well investigated. However, the problem of straight-line representation has not been solved completely. In this paper, we answer the question: does every planar hierarchical graph admit a planar straight-line hierarchical drawing? We present an algorithm that constructs such drawings in linear time. Also, we answer a basic question for clustered graphs, that is, does every planar clustered graph admit a planar straight-line drawing with clusters drawn as convex polygons? We provide a method for such drawings based on our algorithm for hierarchical graphs.

Introduction This paper presents a reference semantics for a verification tool currently under development allowing to verify temporal properties of embedded control systems modelled using the StateMate system. The semantics reported differs from others reported in the literature [24] by faithfully modelling the semantics as supported in the StateMate simulation tool. It differs from the recent paper by Harel and Naamad [8] by providing a compositional semantics, a prerequisite for the support of compositional verification methods, and by the degree of mathematical rigour. We use a variant of synchronous transition systems introduced by Manna and Pnueli [18] as base model for our semantics. The StateMate modelling language constructs covered in this paper are Activity charts , modelling the functional decomposition of a design into subunits called activities

The graph topo-visual formalism has been shown to be well-suited to the task of visualizing complex relations on a set of elements. Unfortunately, most visual formalisms do not scale very well. This observation is particularly true of graphs, which even when hand-drawn by an artist, are seldom meaningful when the number of nodes or links exceeds a very modest threshold -- typically only a few hundred elements. This severe limitation has prompted many researchers to seek alternative visualization techniques that may eliminate, or, at the very least, raise this threshold. In this paper we analyze these recent efforts, describe an abstract space of presentation emphasis techniques, and locate the current approaches within this space. The contributions of this paper are several: (1) a significant portion of recent work is collected and reviewed; (2) a common set of criteria and a taxonomy of graph views are proposed; these, (3) permit a more direct comparison of previous work; which helps ...

Permission is hereby granted to make and distribute verbatim copies of this document without royalty or fee. Permission is granted to quote excerpts from this documented provided the original source is properly cited. ii When separately written programs are composed so that they may cooperate, they may instead destructively interfere in unanticipated ways. These hazards limit the scale and functionality of the software systems we can successfully compose. This dissertation presents a framework for enabling those interactions between components needed for the cooperation we intend, while minimizing the hazards of destructive interference. Great progress on the composition problem has been made within the object paradigm, chiefly in the context of sequential, single-machine programming among benign components. We show how to extend this success to support robust composition of concurrent and potentially malicious components distributed over potentially malicious machines. We present E, a distributed, persistent, secure programming language, and CapDesk, a virus-safe desktop built in E, as embodiments of the techniques we explain.

Enterprise--wide workflow management where workflows may span multiple organizational units require particular consideration of scalability, heterogeneity, and availability issues. The Mentor project which is introduced in this paper aims to reconcile a rigorous workflow specification method with a distributed middleware architecture as a step towards enterprise--wide solutions. The project uses the formalism of state and activity charts and a commercial tool, Statemate, for workflow specification. A first prototype of Mentor has been built which allows executing specifications in a distributed manner. A major contribution of this paper is the method for transforming a centralized state chart specification into a form that is amenable to a distributed execution and to incorporate the necessary synchronization between different processing entities. Fault tolerance issues are addressed by coupling Mentor with the Tuxedo TP monitor. 1 Introduction The competitiveness of many enterprises...

This paper describes the SHriMP visualization technique for seamlessly exploring software structure and browsing source code, with a focus on effectively assisting hybrid program comprehension strategies. The technique integrates both pan+zoom and fisheye-view visualization approaches for exploring a nested graph view of software structure. The fisheye-view approach handles multiple focal points, which are necessary when examining several subsystems and their mutual interconnections. Source code is presented by embedding code fragments within the nodes of the nested graph. Finer connections among these fragments are represented by a network that is navigated using a hypertext link-following metaphor. SHriMP combines this hypertext metaphor with animated panning and zooming motions over the nested graph to provide continuous orientation and contextual cues for the user. The SHriMP tool is currently being evaluated in several user studies. Observations of users performing program understanding tasks with the tool are discussed.

Abstract. Abstraction identification is named as a key problem in requirements analysis. Typically, the abstractions must be found among the large mass of natural language text collected from the clients and users. This paper motivates and describes a new approach, based on traditional signal processing methods, for finding abstractions in natural language text and offers a new tool, AbstFinder as an implementation of this approach. The advantages and disadvantages of the approach and the design of the tool are discussed in detail. Various scenarios for use of the tool are offered. Some of these scenarios were used in case study of the effectiveness of the tool on an industrial-strength example of finding abstractions in a request for proposals.