A new dialect of SOFL-Syntax formal semantics and tool support

Structured Object Orientated Formal Language (SOFL) is a formal method design methodology that combines data flows diagrams and predicates in order to describe processes that can be refined. This methodology creates a very versatile method of describing a system, which system properties can be proven rigorously. Data flows are grouped by ports that define from which data flows data can be consumed or on which flows data can be generated. For predicates, Logic of Partial Functions (LFP) are used; and an undefined element that is also used to indicate if a data flows do not contain any data. Over time SOFL “evolved organically” and a number of features were added: usability was the main consideration for a feature being added. For a formal language to be useful there must be no uncertainty of a specific design’s meaning. With SOFL, there is a possible contradiction between the requirement that a process's precondition must be true when the process fire, and the fire rules. This contradiction is due to the use of LPF. Semantics (the meaning) of SOFL was not always updated to keep track of the changes made to SOFL which resulted in an outdated and incomplete semantic. The incompleteness of the semantics is a significant factor motivating the work done in this dissertation. In this dissertation, a dialect of SOFL is created to define a semantic. Not all the elements of SOFL are added in order that a simpler semantic can be defined. Elements that were removed include: LPF, Classes, and Non-deterministic broadcast nodes. Semantics of the dialect is created by a two-step process: firstly, an intuitive understanding of the dialect is created, and secondly, both static and dynamic semantics are defined by means of translations. A translation is a mapping from the dialect to a formal language that describes a certain aspect of the dialect. Static semantics defines the meaning of the elements that are “fixed” in their state: SMT-LIB is used as the target language to describe the static semantics of the dialect. Dynamic semantics describes how an element in a design changes over time: the process algebra mCRL2 is used as the formal language which describes the dynamic behaviour of the dialect. The SMT-Solver Z3 and tools included in mCLR2 are used to analyse the translation of the dialect. Use of these tools allows properties that are necessary for a design to have a well defined meaning, to be proven. Properties that can be proven include: a process can fire, a process can fire an infinite number of times, and a predicate that described a property. An Eclipse plug-in is created so that translation is not required to be done manually. After a design is translated the tools Z3 and mCRL2 are run using script files and the results of the analysis are displayed on the screen. The desired properties could be proven but for a moderate size design, but as the size of the design increased the analysis of the translation could not be completed due to computational problem. Usability of the tool can be improved by not only using a textual representation of a design, but also visual representations as in SOFL. As a result, properties that are necessary for a design to have a well-defined meaning, can be proven using these tools.Dissertation (MSc)--University of Pretoria, 2018.Computer ScienceMScUnrestricte

A JML-Based strategy for incorporating formal specifications into the software development process

This thesis presents a JML-based strategy that incorporates formal specifications into the software development process of object-oriented programs. The strategy evolves functional requirements into a “semi-formal” requirements form, and then expressing them as JML formal specifications. The strategy is implemented as a formal-specification pseudo-phase that runs in parallel with the other phase of software development. What makes our strategy different from other software development strategies used in literature is the particular use of JML specifications we make all along the way from requirements to validation-and-verification.Orientador: Néstor Catañ

Employment Models of Platform Companies in Norway: A Distinctive Approach?

The past decade has seen an increase in ‘platform companies’ functioning as the intermediary between workers and customers.The way these companies structure the labour process has significant implications for working conditions. In this article, we ask: In what ways does platform work in Norway differ from standard employment relationships? And do different employment strategies of platform companies put workers in precarious situations? The article builds on qualitative interviews with CEOs of platform companies in Norway, and aims to contribute to the literature by formulating a typology of the employment models of platform companies emerging in the Nordic countries. The platforms’ employment models are compared to the standard employment relationship and precariousness. Finally, the article suggests that institutions matter for why some platform companies adopt elements of the standard employment relationships as they appear in the Nordic labour market models, and discusses the implications of this

Name It and Claim It: Cross-Campus Collaborations for Community-Based Learning

This article describes the value of cross-campus collaborations for community-based learning. We argue that community-based learning both provides unique opportunities for breaking academic silos and invites campus partnerships to make ambitious projects possible. To illustrate, we describe a course Writing for Social Justice that involved created videos for our local YWCA\u27s Racial Justice Program. We begin by discussing the shared value of collaboration across writing studies and librarianship (our disciplinary orientations). We identify four forms of cross-campus collaboration, which engaged us in working with each other, with our community partner, and with other partners across campus. From there, we visualize a timeline, turning from the why of cross-campus collaborations to the how. Finally, we underscore the need to name and claim--to value and cultivate--cross-campus collaborations for community-based learning

Automatic Transformation from SOFL Formal Specifications to Programs for Software Verification and Testing

Abstract— The Structured Object-oriented Formal Language (SOFL) method is developed to overcome the disadvantages of existing formal methods and provide effective techniques for writing formal specifications and carrying out verification and testing. Although it has been applied to system modeling and design in practical and research projects, SOFL has not been widely applied to the industrial software development systems because of the lack of efficient tool support. Aiming at improving the existing SOFL supporting tool and solving the problem that the formal specifications cannot be directly executed, this paper firstly analyzes the relationship between the structures of SOFL formal specifications and C# programs, and then designs and implements the transforming classes for module transformations and data type transformations. Finally, a test is performed to ensure the reliability and validity of the implemented software system. Keywords— SOFL; Formal specifications; Automatic transformations; Programs

Case Study of Municipal Corporation Primary School in Promoting Emotional Development and French Literacy in Students through Josuman French Enrichment Program

This article aims to study the case of a government school which became a pioneer in experimenting new ideas of teaching French to their students which has never happened in the history of the school before. The experiment was an essential move to bring enhancement in the affective attributes of the students by introducing an innovative French Teaching-Learning Method designed by the researcher which is specifically designed for MCD school students studying in Hindi medium of instruction. This paper will be discussing its’ background theories, its’ reasons of creation, its’ outcomes observed. The basis of this method used for the students of grade four and five has been based on the principle of constructivist teaching which defines that learning occurs as learners get actively involved in a process of learning and knowledge construction as opposed to passively receiving information. Employing a qualitative research approach in the pilot project to explore the impact of the constructivist approach used in the teaching practices of Josuman French Enrichment Program and examines the ways students shows enhancement in their affective attributes and provides an insight into the process of adding novel teaching strategies to bring positive emotional development which can reduce students’ absenteeism

A Formal Engineering Approach for Interweaving Functional and Security Requirements of RESTful Web APIs

RESTful Web API adoption has become ubiquitous with the proliferation of REST APIs in almost all domains with modern web applications embracing the micro-service architecture. This vibrant and expanding adoption of APIs, has made an increasing amount of data to be funneled through systems which require proper access management to ensure that web assets are secured. A RESTful API provides data using the HTTP protocol over the network, interacting with databases and other services and must preserve its security properties. Currently, practitioners are facing two major challenges for developing high quality secure RESTful APIs. One, REST is not a protocol. Instead, it is a set of guidelines that define how web resources can be designed and accessed over HTTP endpoints. There are a set of guidelines which stipulate how related resources should be structured using hierarchical URIs as well as how specific well-defined actions on those resources should be represented using different HTTP verbs. Whereas security has always been critical in the design of RESTful APIs, there are no clear formal models utilizing a secure-by-design approach that interweaves both the functional and security requirements. The other challenge is how to effectively utilize a model driven approach for constructing precise requirements and design specifications so that the security of a RESTFul API is considered as a concern that transcends across functionality rather than individual isolated operations.This thesis proposes a novel technique that encourages a model driven approach to specifying and verifying APIs functional and security requirements with the practical formal method SOFL (Structured-Object-Oriented Formal Language). Our proposed approach provides a generic 6 step model driven approach for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. The first step involves generating a flat file with APIs resource listings. In this step, we extract resource definitions from an input RESTful API documentation written in RAML using an existing RAML parser. The output of this step is a flat file representing API resources as defined in the RAML input file. This step is fully automated. The second step involves automatic construction of an API resource graph that will work as a blue print for creating the target API domain model. The input for this step is the flat file generated from step 1 and the output is a directed graph (digraph) of API resource. We leverage on an algorithm which we created that takes a list of lists of API resource nodes and the defined API root resource node as an input, and constructs a digraph highlighting all the API resources as an output. In step 3, we use the generated digraph as a guide to manually define the API’s initial domain model as the target output with an aggregate root corresponding to the root node of the input digraph and the rest of the nodes corresponding to domain model entities. In actual sense, the generated digraph in step 2 is a barebone representation of the target domain model, but what is missing in the domain model at this stage in the distinction between containment and reference relationship between entities. The resulting domain model describes the entire ecosystem of the modeled API in the form of Domain Driven Design Concepts of aggregates, aggregate root, entities, entity relationships, value objects and aggregate boundaries. The fourth step, which takes our newly defined domain model as input, involves a threat modeling process using Attack Defense Trees (ADTrees) to identify potential security vulnerabilities in our API domain model and their countermeasures. aCountermeasures that can enforce secure constructs on the attributes and behavior of their associated domain entities are modeled as domain primitives. Domain primitives are distilled versions of value objects with proper invariants. These invariants enforce security constraints on the behavior of their associated entities in our API domain model. The output of this step is a complete refined domain model with additional security invariants from the threat modeling process defined as domain primitives in the refined domain model. This fourth step achieves our first interweaving of functional and security requirements in an implicit manner. The fifth step involves creating an Ecore metamodel that describes the structure of our API domain model. In this step, we rely on the refined domain model as input and create an Ecore metamodel that our refined domain model corresponds to, as an output. Specifically, this step encompasses structural modeling of our target RESTful API. The structural model describes the possible resource types, their attributes, and relations as well as their interface and representations. The sixth and the final step involves behavioral modeling. The input for this step is an Ecore metamodel from step 5 and the output is formal security aware RESTful API specifications in SOFL language. Our goal here is to define RESTful API behaviors that consist of actions corresponding to their respective HTTP verbs i.e., GET, POST, PUT, DELETE and PATCH. For example, CreateAction creates a new resource, an UpdateAction provides the capability to change the value of attributes and ReturnAction allows for response definition including the Representation and all metadata. To achieve behavioral modelling, we transform our API methods into SOFL processes. We take advantage of the expressive nature of SOFL processes to define our modeled API behaviors. We achieve the interweaving of functional and security requirements by injecting boolean formulas in post condition of SOFL processes. To verify whether the interweaved functional and security requirements implement all expected functions correctly and satisfy the desired security constraints, we can optionally perform specification testing. Since implicit specifications do not indicate algorithms for implementation but are rather expressed with predicate expressions involving pre and post conditions for any given specification, we can substitute all the variables involved a process with concrete values of their types with results and evaluate their results in the form of truth values true or false. When conducting specification testing, we apply SOFL process animation technique to obtain the set of concrete values of output variables for each process functional scenario. We analyse test results by comparing the evaluation results with an analysis criteria. An analysis criteria is a predicate expression representing the properties to be verified. If the evaluation results are consistent with the predicate expression, the analysis show consistency between the process specification and its associated requirement. We generate the test cases for both input and output variables based on the user requirements. The test cases generated are usually based on test targets which are predicate expressions, such as the pre and post conditions of a process. when testing for conformance of a process specification to its associated service operation, we only need to observe the execution results of the process by providing concrete input values to all of its functional scenarios and analyze their defining conditions relative to user requirements. We present an empirical case study for validating the practicality and usability of our model driven formal engineering approach by applying it in developing a Salon Booking System. A total of 32 services covering functionalities provided by the Salon Booking System API were developed. We defined process specifications for the API services with their respective security requirements. The security requirements were injected in the threat modeling and behavioral modeling phase of our approach. We test for the interweaving of functional and security requirements in the specifications generated by our approach by conducting tests relative to original RAML specifications. Failed tests were exhibited in cases where injected security measure like requirement of an object level access control is not respected i.e., object level access control is not checked. Our generated SOFL specification correctly rejects such case by returning an appropriate error message while the original RAML specification incorrectly dictates to accept such request, because it is not aware of such measure. We further demonstrate a technique for generating SOFL specifications from a domain model via model to text transformation. The model to text transformation technique semi-automates the generation of SOFL formal specification in step 6 of our proposed approach. The technique allows for isolation of dynamic and static sections of the generated specifications. This enables our technique to have the capability of preserving the static sections of the target specifications while updating the dynamic sections in response to the changes of the underlying domain model representing the RESTful API in design. Specifically, our contribution is provision of a systemic model driven formal engineering approach for design and development of secure RESTful web APIs. The proposed approach offers a six-step methodology covering both structural and behavioral modelling of APIs with a focus on security. The most distinguished merit of the model to text transformation is the utilization of the API’s domain model as well as a metamodel that the domain model corresponds to as the foundation for generation of formal SOFL specifications that is a representation of API’s functional and security requirements.博士(理学)法政大学 (Hosei University

Modelling Regional Maize Markets for Biogas Production in Germany : The Impact of Different Policy Options on Environment and Transport Emissions

The production of biogas is considered to be a promising candidate for a sustainable energy mix. Accordingly, Germany’s Renewable Energy Act (EEG) promotes electricity production from biogas along with other renewable energies. While overall benefits are seen in terms of climate protection and increased employment in rural areas, for example, biogas production (mainly from maize in Germany) also has the potential to create negative environmental effects on a regional scale. This can be caused by the production of monocultures and increasing transport volumes, to cite two prominent examples. To assess environmental effects arising from bioenergy policies, different types of agricultural models have been applied to determine the effects on competition for primary factors. Generally, these models do not however capture the demand side for crops with high transportation costs such as maize. The production of biogas is considered to be a promising candidate for a sustainable energy mix. Accordingly, Germany’s Renewable Energy Act (EEG) promotes electricity production from biogas along with other renewable energies. While overall benefits are seen in terms of climate protection and increased employment in rural areas, for example, biogas production (mainly from maize in Germany) also has the potential to create negative environmental effects on a regional scale. This can be caused by the production of monocultures and increasing transport volumes, to cite two prominent examples. To assess environmental effects arising from bioenergy policies, different types of agricultural models have been applied to determine the effects on competition for primary factors. Generally, these models do not however capture the demand side for crops with high transportation costs such as maize. Coupling ReSI-M with RAUMIS, a partial supply model which depicts German agriculture based on regionally differentiated processes, adds regional market clearing for a robust impact assessment of biogas production. As a result, policy implications on land use of different policy settings are analysed in this thesis. Furthermore, ReSI-M simulates regionally differing CO2 emissions from transports per kWhel (kilowatt hour electric), as well as the efficiency of subsidies for the policy scenarios. The results show that adding maize demand to an assessment of land use changes improves the representation of regional maize markets since regional demand characteristics such as transport costs and availability of inputs are taken into account. Simulation results indicate that under a scenario adopting feed-in tariffs according to the EEG 2004, less land for maize cultivation per kWhel is used and also less transport emissions are caused compared to the EEG 2008 and the counterfactual scenario. Furthermore, results point out differences in regional maize markets under the applied scenarios: under the EEG 2008 scenario, maize production increases in regions with high livestock densities, which therewith further intensifies maize production in regions where the production level is already high. Applying the counterfactual scenario shows that production increases in regions with low transport costs. However, under the EEG 2008 the greatest amount of energy from biogas is produced and most subsidies per produced kWhel are paid. The efficiency of subsidies is best in the counterfactual scenario, in which feed-in tariffs are paid independent of plant size and technology. Against these results, the thesis concludes with policy recommendations and suggestions for further research. The work provides a tool for policymakers to evaluate distinct regional demand levels for maize and its environmental impacts while the work also contributes to an ongoing political debate of the benefits and drawbacks of bioenergy production.Modellierung regionaler Maismärkte zur Biogasproduktion in Deutschland - Der Einfluss verschiedener Politikoptionen auf die Umwelt und Transportemissionen Die Produktion von Biogas wird als vielversprechende Option innerhalb eines nachhaltigen Energiemixes angesehen, und dementsprechend wird in Deutschland die Produktion von Biogas zusammen mit anderen erneuerbaren Energien durch das Erneuerbare-Energien-Gesetz (EEG) gefördert. Während Vorteile für den Klimaschutz und ländliche Entwicklung gesehen werden, birgt die Produktion von Biogas (in Deutschland hauptsächlich auf der Basis von Silomais) die Gefahr, negative Umwelteffekte wie beispielsweise den Anbau von Mais in Monokulturen und steigende Transportaufkommen auf regionaler Ebene zu verursachen. Zur Bewertung von Umwelteffekten, die durch unterschiedliche Bioenergiepolitiken entstehen, wurden verschiedene agrarökonomische Modelle angewandt, um Auswirkungen auf den Wettbewerb von Einsatzfaktoren zu erfassen. Diese Modelle bilden die Nachfrageseite von Pflanzen mit hohen Transportkosten, wie beispielsweise Silomais, jedoch nicht ab. Basierend auf der Standorttheorie und vor dem Hintergrund bestehender Standortmodelle, wird im Laufe der Dissertation ein neues Modell entwickelt, um Standorte und Größen von Biogasanlagen zu bestimmen und somit deren Maisnachfrage abzuleiten. Das Standortmodell ReSI-M (Regionalsiertes Standortinformationsmodell – Mais) ermöglicht es regionale Nachfrage-funktionen für Silomais als eine Funktion von Silomaispreisen und weiteren Erklärungsvariablen wie Transportkosten und wirtschaftliche Profitabilität von verschieden Biogasanlagentypen abzuleiten. Es simuliert Nachfragefunktionen für drei Politikszenarien: das EEG 2004, das EEG 2008 mit entsprechenden Einspeisevergütungen, und außerdem ein fiktives Szenario („counterfactual scenario―), in dem Einspeisevergütungen unabhängig von Anlagengröße und –technologie gezahlt werden. Das letzere Szenario wird angewandt, um die EEG Szenarien mit einer Situation zu vergleichen, in welcher die resultierende Anlagenstruktur theoretisch einer kostenminimalen Lösung entspricht. Durch das Koppeln von ReSI-M mit RAUMIS, einem partiellen Angebotsmodell, das den deutschen Agrarsektor regional differenziert abbildet, wird eine regionale Markträumung einer Folgenabschätzung der Biogasproduktion hinzugefügt. Somit werden in dieser Dissertation Politikauswirkungen auf Landnutzung und resultierende Umwelteffekte analysiert. So werden mit ReSI-M regional unterschiedliche CO2 Transportemissionen pro kWhel (Kilowattstunden elektrisch) und die Effizienz von Subventionen für die Politikszenarien simuliert. Die Ergebnisse zeigen, dass eine Ergänzung der Maisnachfrage innerhalb einer Bewertung von Landnutzungsänderungen, die Abbildung von regionalen Maismärkten verbessert, da regionale Charakteristika auf der Nachfrageseite, wie Transportkosten und die Verfügbarkeit von Einsatzstoffen, berücksichtigt werden. Simulationsergebnisse weisen darauf hin, dass unter dem EEG 2004 Szenario die geringste Landfläche pro kWhel benötigt wird und weniger Transportemissionen im Vergleich zu dem EEG 2008 und dem fiktiven Szenario verursacht werden. Zudem stellen die Ergebnisse Unterschiede der regionalen Maismärkte bei den verschiedenen Szenarien heraus: unter dem EEG 2008 Szenario steigt die Maisproduktion vor allem in Regionen mit einer hohen Viehdichte an und verstärkt somit den Maisanbau in Regionen, wo er für den Futteranbau bereits hoch ist. Die Anwendung des fiktiven Szenarios zeigt, dass sich die Produktion in Regionen mit geringen Transportkosten ausdehnt. Dabei handelt es sich vornehmlich um Ackerbauregionen. Unter dem EEG 2008 wird jedoch die meiste Energiemenge produziert und die meisten Subventionen pro kWhel gezahlt. Die Effizienz der Subventionen ist hingegen im fiktiven Szenario am besten. Vor dem Hintergrund dieser Ergebnisse, schließt diese Dissertation mit Politikempfehlungen und Vorschlägen für weiteren Forschungsbedarf. Die Arbeit stellt ein Instrument für Entscheidungsträger vor, das dabei hilft, unterschiedliche regionale Maismärkte und deren Umwelteffekte zu bewerten und trägt somit zu der aktuellen politischen Debatte über die Vor- und Nachteile der Förderung von Bioenergie bei

A Review of Software Reliability Testing Techniques

In the era of intelligent systems, the safety and reliability of software have received more attention. Software reliability testing is a significant method to ensure reliability, safety and quality of software. The intelligent software technology has not only offered new opportunities but also posed challenges to software reliability technology. The focus of this paper is to explore the software reliability testing technology under the impact of intelligent software technology. In this study, the basic theories of traditional software and intelligent software reliability testing were investigated via related previous works, and a general software reliability testing framework was established. Then, the technologies of software reliability testing were analyzed, including reliability modeling, test case generation, reliability evaluation, testing criteria and testing methods. Finally, the challenges and opportunities of software reliability testing technology were discussed at the end of this paper

«Do this in remembrance of me...»: The sacrificial aspect of the Eucharist in the systematic theology of Wolfhart Pannenberg and Joseph Ratzinger

This Master's Thesis discusses the nature of the Eucharistic Sacrifice in the systematic theology of two German scholars; Lutheran theologian Wolfhart Pannenberg and Roman Catholic theologian Joseph Ratzinger, the latter perhaps better known as pope (emeritus) Benedict XVI