Alloy meets the algebra of programming: a case study

Relational algebra offers to software engineering the same degree of conciseness and calculational power as linear algebra in other engineering disciplines. Binary relations play the role of matrices with similar emphasis on multiplication and transposition. This matches with Alloy’s lemma “everything is a relation” and with the relational basis of the Algebra of Programming (AoP). Altogether, it provides a simple and coherent approach to checking and calculating programs from abstract models. In this paper, we put Alloy and the Algebra of Programming together in a case study originating from the Verifiable File System mini-challenge put forward by Joshi and Holzmann: verifying the refinement of an abstract file store model into a journaled (FLASH) data model catering to wear leveling and recovery from power loss. Our approach relies on diagrams to graphically express typed assertions. It interweaves model checking (in Alloy) with calculational proofs in a way which offers the best of both worlds. This provides ample evidence of the positive impact in software verification of Alloy’s focus on relations, complemented by induction-free proofs about data structures such as stores and lists.Fundação para a Ciência e a Tecnologia (FCT

Towards verification of computation orchestration

Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed Web Services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of Web Services or communication and so forth. The semantics of Orc is precisely defined. However, there is no automatic verification tool available to verify critical properties against Orc programs. Our goal is to verify the orchestration programs (written in Orc language) which invoke web services to achieve certain goals. To investigate this problem and build useful tools, we explore in two directions. Firstly, we define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc programs. The practical implication is that existing tool supports for Timed Automata, e.g., Uppaal, can be used to simulate and model check Orc programs. An experimental tool has been implemented to automate this approach. Secondly, we start with encoding the operational semantics of Orc language in Constraint Logic Programming (CLP), which allows a systematic translation from Orc to CLP. Powerful constraint solvers like CLP(R) are then used to prove traditional safety properties and beyond, e.g., reachability, deadlock-freeness, lower or upper bound of a time interval, etc. Counterexamples are generated when properties are not satisfied. Furthermore, the stepwise execution traces can be automatically generated as the simulation steps. The two different approaches give an insight into the verification problem of Web Service orchestration. The Timed Automata approach has its merits in visualized simulation and efficient verification supported by the well developed tools. On the other hand, the CPL approach gives better expressiveness in both modeling and verification. The two approaches complement each other, which gives a complete solution for the simulation and verification of Computation Orchestration

A conceptual model for megaprogramming

Megaprogramming is component-based software engineering and life-cycle management. Magaprogramming and its relationship to other research initiatives (common prototyping system/common prototyping language, domain specific software architectures, and software understanding) are analyzed. The desirable attributes of megaprogramming software components are identified and a software development model and resulting prototype megaprogramming system (library interconnection language extended by annotated Ada) are described

Graph-based software specification and verification

The (in)correct functioning of many software systems heavily influences how\ud we qualify our daily lives. Software companies as well as academic computer\ud science research groups spend much effort on applying and developing techniques for improving the correctness of software systems. In this dissertation\ud we focus on using and developing graph-based techniques to specify and verify\ud the behaviour of software systems in general, and object-oriented systems more\ud specifically. We elaborate on two ways to improve the correctness (and thereby\ud the quality) of such systems.\ud Firstly, we investigate the potential of using the graph transformation tech-\ud nique to formally specify the dynamic semantics of (object-oriented) program-\ud ming languages. Those semantics are typically specified in natural language.\ud Such specifications are often hard to understand or even ambiguous. We show\ud how the graph transformation framework provides formal and intuitive means\ud for their specification.\ud Secondly, we develop techniques to verify systems of which the behaviour is\ud specified as graph production systems. For the verification of such systems, we\ud introduce an algorithm that combines a well-known on-the-\ud y model checking\ud algorithm with ideas from bounded model checking. One of the main prob-\ud lems of model checking is the state-explosion problem. This problem is often\ud tackled using partial order reduction techniques. Unfortunately, many such\ud techniques are based on assumptions that do not hold for graph production sys-\ud tems. Therefore, we develop a new dynamic partial order reduction algorithm\ud based on selecting so-called probe sets and prove its correctness.\ud Most of the techniques developed in this dissertation have been implemented\ud in the graph transformation tool GROOVE