Relational specification as a testing oracle

Software engineering community is well aware of the usefulness of formal methods for specifying, designing and testing of the software. Despite this testing literature rarely deals with specification based testing. Testing from formal specifications offers a simple, structured and more rigorous approach to the functional tests than testing techniques. An important application of specification in testing is providing test oracles. The rise of use of computers in control safety critical systems, i.e., flight control systems, necessitates that rigorous system testing is performed before the deployment. In flight control systems, requirements are mostly concerned with the safety and maneuverability of an aircraft. In this domain, the use of formal approaches to requirements specification and system verification is strongly encouraged. In our study relational notation was used to model the requirements of generic flight control system. The advantage of relational approach is that the requirements can be partitioned into less complex components. Each component is separately specified with a set a relations. The formal aspect of the relational notation is exploited in a verification framework where the specifications are used as an oracle to test a system implementation

Synthesis of Specifications and Refinement Maps for Real-Time Object Code Verification

Formal verification methods have been shown to be very effective in finding corner-case bugs and ensuring the safety of embedded software systems. The use of formal verification requires a specification, which is typically a high-level mathematical model that defines the correct behavior of the system to be verified. However, embedded software requirements are typically described in natural language. Transforming these requirements into formal specifications is currently a big gap. While there is some work in this area, we proposed solutions to address this gap in the context of refinement-based verification, a class of formal methods that have shown to be effective for embedded object code verification. The proposed approach also addresses both functional and timing requirements and has been demonstrated in the context of safety requirements for software control of infusion pumps. The next step in the verification process is to develop the refinement map, which is a mapping function that can relate an implementation state (in this context, the state of the object code program to be verified) with the specification state. Actually, constructing refinement maps often requires deep understanding and intuitions about the specification and implementation, it is shown very difficult to construct refinement maps manually. To go over this obstacle, the construction of refinement maps should be automated. As a first step toward the automation process, we manually developed refinement maps for various safety properties concerning the software control operation of infusion pumps. In addition, we identified possible generic templates for the construction of refinement maps. Recently, synthesizing procedures of refinement maps for functional and timing specifications are proposed. The proposed work develops a process that significantly increases the automation in the generation of these refinement maps. The refinement maps can then be used for refinement-based verification. This automation procedure has been successfully applied on the transformed safety requirements in the first part of our work. This approach is based on the identified generic refinement map templates which can be increased in the future as the application required

Improving Requirements Specification for Communication Services with Formalised Use Case Models

The challenging task of requirements specification for communication services has not been sufficiently addressed to date. The complexity of communication systems requires a formal approach to requirements capture and analysis, however at the same time the industry does not take well to convoluted formalisms. We suggest improving requirements specification by enhancing the approach that is most popular at the moment - use case modelling. We amend traditional use case models with a formal structure and semantics to make them suitable for automated verification. The enhanced use case modelling technique that we propose is called Susan (”S”ymbolic ”us”e case ”an”alysis) and it facilitates verification of use case models using symbolic model checking. We also developed a software tool called SusanX to construct, manipulate and analyse Susan models. The analysis feature of the tool is implemented using the NuSMV model checker. A number of generic properties for verification are built into SusanX, and the tool additionally allows the user to construct model-specific properties

Building Specifications in the Event-B Institution

This paper describes a formal semantics for the Event-B specification language using the theory of institutions. We define an institution for Event-B, EVT, and prove that it meets the validity requirements for satisfaction preservation and model amalgamation. We also present a series of functions that show how the constructs of the Event-B specification language can be mapped into our institution. Our semantics sheds new light on the structure of the Event-B language, allowing us to clearly delineate three constituent sub-languages: the superstructure, infrastructure and mathematical languages. One of the principal goals of our semantics is to provide access to the generic modularisation constructs available in institutions, including specification-building operators for parameterisation and refinement. We demonstrate how these features subsume and enhance the corresponding features already present in Event-B through a detailed study of their use in a worked example. We have implemented our approach via a parser and translator for Event-B specifications, EBtoEVT, which also provides a gateway to the Hets toolkit for heterogeneous specification.Comment: 54 pages, 25 figure

Utilizing inheritance in requirements engineering

The scope of this paper is the utilization of inheritance for requirements specification, i.e., the tasks of analyzing and modeling the domain, as well as forming and defining requirements. Our approach and the tool supporting it are named RETH (Requirements Engineering Through Hypertext). Actually, RETH uses a combination of various technologies, including object-oriented approaches and artificial intelligence (in particular frames). We do not attempt to exclude or replace formal representations, but try to complement and provide means for gradually developing them. Among others, RETH has been applied in the CERN (Conseil Europeen pour la Rechereche Nucleaire) Cortex project. While it would be impossible to explain this project in detail here, it should be sufficient to know that it deals with a generic distributed control system. Since this project is not finished yet, it is difficult to state its size precisely. In order to give an idea, its final goal is to substitute the many existing similar control systems at CERN by this generic approach. Currently, RETH is also tested using real-world requirements for the Pastel Mission Planning System at ESOC in Darmstadt. First, we outline how hypertext is integrated into a frame system in our approach. Moreover, the usefulness of inheritance is demonstrated as performed by the tool RETH. We then summarize our experiences of utilizing inheritance in the Cortex project. Lastly, RETH will be related to existing work

Improving Requirements Specification: Verification of Use Case Models with Susan

Inadequate requirements specification is one of the main causes of software development project failure today. A major problem is the lack of processes, techniques and automated tool support available for specifying system requirements. We suggest a way to improve requirements specification methodology by enhancing the approach that is most popular at the moment - use case modelling. Despite their popularity, use case models are not formal enough for automated analysis. We amend traditional use case models with a formal structure and semantics to make them suitable for automated verification. The enhanced use case modeling technique that we propose is called Susan (”S”ymbolic ”us”e case ”an”alysis) and it facilitates verification of use case models using symbolic model checking. We also developed a software tool called SusanX to construct, manipulate and analyse Susan models. The analysis feature of the tool is implemented using the NuSMV model checker. A number of generic properties for verification are built into SusanX, and the tool additionally allows the user to construct model-specific properties

A generic operational memory model specification framework for multithreaded program verification

technical reportGiven the complicated nature of modern architectural and language level memory model designs, it is vital to have a systematic ap- proach for specifying memory consistency requirements that can support verification and promote understanding. In this paper, we develop a spec- ification methodology that defines a memory model operationally using a generic transition system with integrated model checking capability to enable formal reasoning about program correctness in a multithreaded environment. Based on a simple abstract machine, our system can be configured to define a variety of consistency models in a uniform nota- tion. We then apply this framework as a taxonomy to formalize several well known memory models. We also provide an alternative specification for the Java memory model based on a proposal from Manson and Pugh and demonstrate how to conduct computer aided analysis for Java thread semantics. Finally, we compare this operational approach with axiomatic approaches and discuss a method to convert a memory model definition from one style to the other

Towards a methodology for rigorous development of generic requirements patterns

We present work in progress on a methodology for the engineering, validation and verification of generic requirements using domain engineering and formal methods. The need to develop a generic requirement set for subsequent system instantiation is complicated by the addition of the high levels of verification demanded by safety-critical domains such as avionics. We consider the failure detection and management function for engine control systems as an application domain where product line engineering is useful. The methodology produces a generic requirement set in our, UML based, formal notation, UML-B. The formal verification both of the generic requirement set, and of a particular application, is achieved via translation to the formal specification language, B, using our U2B and ProB tools

Requirements modelling and formal analysis using graph operations

The increasing complexity of enterprise systems requires a more advanced analysis of the representation of services expected than is currently possible. Consequently, the specification stage, which could be facilitated by formal verification, becomes very important to the system life-cycle. This paper presents a formal modelling approach, which may be used in order to better represent the reality of the system and to verify the awaited or existing system’s properties, taking into account the environmental characteristics. For that, we firstly propose a formalization process based upon properties specification, and secondly we use Conceptual Graphs operations to develop reasoning mechanisms of verifying requirements statements. The graphic visualization of these reasoning enables us to correctly capture the system specifications by making it easier to determine if desired properties hold. It is applied to the field of Enterprise modelling