From English to formal specifications

Formal methods provide an approach in which design steps can be shown to satisfy a specification. However, if a formal specification is wrong, then although the design steps may satisfy the formal specification, they are unlikely to satisfy the requirements of the system. Since most users are unfamiliar with formal methods, requirements specifications are often written in English. Such requirements, expressed in English, are then somehow translated to formal specifications. This transition has some potential for introducing errors and inconsistencies. In this paper we propose an interactive approach to proceeding from an informal specification to a formal specification in a systematic manner. The approach uses research in the area of natural language understanding to analyse English specifications in order to detect ambiguities and to generate an entity relationship model. The entity relationship model is then used as a basis for producing VDM data types and the specifications of some common operations. We illustrate the effectiveness of our approach by applying it to the specification of part of a route planning database system

Validating specifications of dynamic systems using automated reasoning techniques

In this paper, we propose a new approach to validating formal specifications of observable behavior of discrete dynamic systems. By observable behavior we mean system behavior as observed by users or other systems in the environment of the system. Validation of a formal specification of an informal domain tries to answer the question whether the specification actually describes the intended domain. This differs from the verification problem, which deals with the correspondence between formal objects, e.g. between a formal specification of a system and an implementation of it. We consider formal specifications of object-oriented dynamic systems that are subject to static and dynamic integrity constraints. To validate that such a specification expresses the intended behavior, we propose to use a tool that can answer reachability queries. In a reachability query we ask whether the system can evolve from one state into another without violating the integrity constraints. If the query is answered positively, the system should exhibit an example path between the states; if the answer is negative, the system should explain why this is so. An example path produced by the tool can be used to produce scenarios for presentations of system behavior, but can also be used as a basis for acceptance testing. In this paper, we discuss the use of planning and theoremproving techniques to answer such queries, and illustrate the use of reachability queries in the context of information system development

A Systematic Inspection Approach to Verifying and Validating Formal Specifications based on Specification Animation and Traceability

Writing formal specifications has been suggested to be effective in helping developers understand user’s requirements and in enhancing the quality of the requirements documentation.However, like the other activities in software development, the construction of formal specifications is usually error-prone in practice. In order to effectively detect the defects in the formal specification, in this paper, we propose a novel and practical inspection approach for specification verification and validation.In this approach, an animation method is adopted as a reading technique to guide the reviewer to read the specification. It dynamically presents the specification to the inspector by means of “executing” it in a step-by-step manner. In each step of the animation, the inspector is required to check a group of formal specification items related to the ”execution” based on a traceability-based checklist.The traceability is presented by relations between the formal specification items and their original requirements described in the informal specification, which is used to document the user’s requirements using a structured natural language. In the checklist, the relations are used to raise specific questions to examine each formal specification item to check the consistency between the informal and formal specifications. A prototype supporting tool it built to support specifications construction and the inspection process. An experiment is conducted to evaluate the performance of our inspection approach, and the experiment results indicate that our inspection approach can help inspector find more bugs than the traditional checklist-based animation, especially the bugs that affect the consistency between the informal and formal specifications due to the usage of traceability-based checklist

Applying Formal Verification Methods to Pure Rule-Based Programs

Reliability, defined as the guarantee that a program satisfies its specifications, is an important aspect of many applications for which rule-based expert systems are suited. Verification refer to the process used to determine the reliability of the rule-based program. Because past approaches to verification are informal, guarantees of reliability cannot fully be made without severely restricting the system. On the other hand, by constructing formal specifications for a program and showing the program satisfies those specifications, guarantees of reliability can be made. This paper presents an assertional approach to the verification of rule-based programs. The proof logical needed for verification is adopted from one already in use by researchers in concurrent programming. The approach involves using a language called Swarm, and requires one to express program specifications as assertions over the Swarm representation of the program. Among models the employ rule-based notation, Swarm is the first to have an axiomatic proof logic

From English to formal specifications

Specifications provide the foundation upon which a system can be formally developed. If a specification is wrong, then no matter what method of design is used, or what quality assurance procedures are in place, they willnot result in a system that meets the requirements.The specification of a system involves people of different profiles who favour different representations. At the beginning natural language is used because the specification document acts as a contract between the user and the developers. Most of the time, the only representation that users understand and agree on is natural language. At the other end, developers findnatural language specifications ambiguous and incomplete and may therefore prefer formal specifications. The transition from informal specifications to formal ones is an error prone and time consuming process. This transitionmust be supported to ensure that the formal specifications are consistent with the informal ones.In this research we propose an interactive approach for producing formal specifications from English specifications. The approach uses research in the area of natural language understanding to analyse English specifications in order to detect ambiguities. The method used for analysing natural language text is based on McCord’s approach. This method consists oftranslating natural language sentences into a logical form language representation.This helps to identify ambiguities present in natural language specifications and to identify the entities and relationships. These entities and relationships are used as a basis for producing VDM data types.We also investigate the production of data type invariants for restricted sentences and the production of some common specifications.We test our approach by implementing it in Prolog-2 and apply it to an independent case study

IELE: An Intermediate-Level Blockchain Language Designed and Implemented Using Formal Semantics

Most languages are given an informal semantics until they are implemented, so the formal semantics comes later. Consequently, there are usually inconsistencies among the informal semantics, the implementation, and the formal semantics. IELE is an LLVM-like language for the blockchain that was specified formally and its implementation, a virtual machine, generated from the formal specification. Moreover, its design was based on problems observed formalizing the semantics of the Ethereum Virtual Machine (EVM) and from formally specifying and verifying EVM programs (also called “smart contracts”), so even the design decisions made for IELE are based on formal specifications. A compiler from Solidity, the predominant high-level language for smart contracts, to IELE has also been implemented, so Ethereum contracts can now also be executed on IELE. The virtual machine automatically generated from the semantics of IELE is shown to be competitive in terms of performance with the state of the art and hence can stand as the de facto implementation of the language in a production setting. Indeed, IOHK, a major blockchain company, is currently experimenting with the IELE VM in order to deploy it as its computational layer in a few months. This makes IELE the first practical language that is designed and implemented as a formal specification. It took only 10 man-months to develop IELE, which demonstrates that the programming language semantics field has reached a level of maturity that makes it appealing over the traditional, adhoc approach even for pragmatic reasons.Ope

Congruent Weak Conformance

This research addresses the problem of verifying implementations against specifications through an innovative logic approach. Congruent weak conformance, a formal relationship between agents and specifications, has been developed and proven to be a congruent partial order. This property arises from a set of relations called weak conformations. The largest, called weak conformance, is analogous to Milner\u27s observational equivalence. Weak conformance is not an equivalence, however, but rather an ordering relation among processes. Weak conformance allows behaviors in the implementation that are unreachable in the specification. Furthermore, it exploits output concurrencies and allows interleaving of extraneous output actions in the implementation. Finally, reasonable restrictions in CCS syntax strengthen weak conformance to a congruence, called congruent weak conformance. At present, congruent weak conformance is the best known formal relation for verifying implementations against specifications. This precongruence derives maximal flexibility and embodies all weaknesses in input, output, and no-connect signals while retaining a fully replaceable conformance to the specification. Congruent weak conformance has additional utility in verifying transformations between systems of incompatible semantics. This dissertation describes a hypothetical translator from the informal simulation semantics of VHDL to the bisimulation semantics of CCS. A second translator is described from VHDL to a broadcast-communication version of CCS. By showing that they preserve congruent weak conformance, both translators are verified

A Formal Basis for Safety Case Patterns

By capturing common structures of successful arguments, safety case patterns provide an approach for reusing strategies for reasoning about safety. In the current state of the practice, patterns exist as descriptive specifications with informal semantics, which not only offer little opportunity for more sophisticated usage such as automated instantiation, composition and manipulation, but also impede standardization efforts and tool interoperability. To address these concerns, this paper gives (i) a formal definition for safety case patterns, clarifying both restrictions on the usage of multiplicity and well-founded recursion in structural abstraction, (ii) formal semantics to patterns, and (iii) a generic data model and algorithm for pattern instantiation. We illustrate our contributions by application to a new pattern, the requirements breakdown pattern, which builds upon our previous wor