Executable Structural Operational Semantics in Maude

This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2.0. We validate this technique using it in several case studies: a functional language Fpl (evaluation and computation semantics, including an abstract machine), imperative languages WhileL (evaluation and computation semantics) and GuardL with nondeterminism (computation semantics), Kahn’s functional language Mini-ML (evaluation or natural semantics), Milner’s CCS (with strong and weak transitions), and Full LOTOS (including ACT ONE data type specifications). In addition, on top of CCS we develop an implementation of the Hennessy-Milner modal logic for describing local capabilities of processes, and for LOTOS we build an entire tool where Full LOTOS specifications can be entered and executed (without user knowledge of the underlying implementation of the semantics). We also compare this method based on transitions as rewrites with another one based on transitions as judgements

Compositional Performance Modelling with the TIPPtool

Stochastic process algebras have been proposed as compositional specification formalisms for performance models. In this paper, we describe a tool which aims at realising all beneficial aspects of compositional performance modelling, the TIPPtool. It incorporates methods for compositional specification as well as solution, based on state-of-the-art techniques, and wrapped in a user-friendly graphical front end. Apart from highlighting the general benefits of the tool, we also discuss some lessons learned during development and application of the TIPPtool. A non-trivial model of a real life communication system serves as a case study to illustrate benefits and limitations

Visual animation of LOTOS using SOLVE (extended version)

SOLVE (Specification using an Object-based, LOTOS-defined, Visual language) is designed to allow formal requirements capture, particularly for interactive systems. The SOLVE language is object-based, and formally defined using LOTOS (Language Of Temporal Ordering Specification). SOLVE is also a set of software tools that allow direct visual animation of systems specified in this language. Communicating objects control onscreen icons that can be manipulated directly by the user. Animation is supported by translating a SOLVE specification automatically into a LOTOS specification, and then simulating this using standard LOTOS tools. A VCR (Video Cassette Recorder) clock controller is used to illustrate the SOLVE approach. A further application is embodied in the XDILL tool that supports requirements specification and animation of digital logic circuits. The architecture of the SOLVE toolset is described

Behavioural Models for Distributed Fractal Components

This paper presents a formal behavioural specification framework together with its applications in different contexts for specifying and verifying the correct behaviour of distributed Fractal components. Our framework allows us to build behavioural models for applications ranging from sequential Fractal components, to distributed objects, and finally distributed components. Our models are able to characterise both functional and non-functional behaviours, and the interaction between the two concerns. Finally, this work has resulted in the development of tools allowing the non-expert programmer to specify the behaviour of his components, and automatically, or semi-automatically verify properties of his application

SPDL Model Checking via Property-Driven State Space Generation

In this report we describe how both, memory and time requirements for stochastic model checking of SPDL (stochastic propositional dynamic logic) formulae can significantly be reduced. SPDL is the stochastic extension of the multi-modal program logic PDL.\ud SPDL provides means to specify path-based properties with or without timing restrictions. Paths can be characterised by so-called programs, essentially regular expressions, where the executability can be made dependent on the validity of test formulae. For model-checking SPDL path formulae it is necessary to build a product transition system (PTS)\ud between the system model and the program automaton belonging to the path formula that is to be verified.\ud In many cases, this PTS can be drastically reduced during the model checking procedure, as the program restricts the number of potentially satisfying paths. Therefore, we propose an approach that directly generates the reduced PTS from a given SPA specification and an SPDL path formula.\ud The feasibility of this approach is shown through a selection of case studies, which show enormous state space reductions, at no increase in generation time.\u

Formal verification: further complexity issues and applications

Prof. Giacomo Cioffi (Università di Roma "La Sapienza"), Prof. Fabio Panzieri (Università di Bologna), Dott.ssa Carla Limongelli (Università di Roma Tre)

Testing data types implementations from algebraic specifications

Algebraic specifications of data types provide a natural basis for testing data types implementations. In this framework, the conformance relation is based on the satisfaction of axioms. This makes it possible to formally state the fundamental concepts of testing: exhaustive test set, testability hypotheses, oracle. Various criteria for selecting finite test sets have been proposed. They depend on the form of the axioms, and on the possibilities of observation of the implementation under test. This last point is related to the well-known oracle problem. As the main interest of algebraic specifications is data type abstraction, testing a concrete implementation raises the issue of the gap between the abstract description and the concrete representation. The observational semantics of algebraic specifications bring solutions on the basis of the so-called observable contexts. After a description of testing methods based on algebraic specifications, the chapter gives a brief presentation of some tools and case studies, and presents some applications to other formal methods involving datatypes

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing