Formal specification based prototyping

Rapid prototyping is an approach to software development which attempts to remedy some of the shortcomings of the linear life cycle model, e.g. its inability to cope with fuzzy requirements and system evolution. This thesis first presents a broad survey of rapid software prototyping. It describes the rationale behind the process, the applications of prototyping, and specific techniques which may be used to achieve them. We then describe a system, called EPROS, together with its methodology, which supports a number of prototyping techniques in a coherent framework. The system is comprehensive in its approach and covers the prototyping and development of both functional and human-computer interface aspects of software systems. The former is based on the execution of VDM-based formal specification notation META-IV; the latter is based on a textual representation of state transition diagrams. Dialogue development is further supported by a rich set of abstractions which allow interaction concepts to be specified and directly executed rather than implemented. EPROS is based on a wide spectrum language which supports the main phases of a software development process, namely specification, design, and implementation. Included in this notation is a meta abstraction facility which facilitates its extension by the programmer. The primary application of EPROS is for evolutionary prototyping, where a system is developed iteratively and gradually from the abstract to the detailed, while it undergoes use and while its capabilities evolve. EPROS copes with all the requirements of evolutionary prototyping, namely rapid development, intermediate deliveries and gradual evolution of the system towards the final product. The thesis also describes a number of case studies where the presented ideas are put in practice, and which provide data in support of the effectiveness of the described system

On the execution of high level formal specifications

Executable specifications can serve as prototypes of the specified system and as oracles for automated testing of implementations, and so are more useful than non-executable specifications. Executable specifications can also be debugged in much the same way as programs, allowing errors to be detected and corrected at the specification level rather than in later stages of software development. However, existing executable specification languages often force the specifier to work at a low level of abstraction, which negates many of the advantages of non-executable specifications. This dissertation shows how to execute specifications written at a level of abstraction comparable to that found in specifications written in non-executable specification languages. The key innovation is an algorithm for evaluating and satisfying first order predicate logic assertions written over abstract model types. This is important because many specification languages use such assertions. Some of the features of this algorithm were inspired by techniques from constraint logic programming

The Direct Execution of SPECS-C++: A Model-Based Specification Language for C++ Classes

Executable specification languages may be the key to more widespread use of formal methods in software production. However, the expressiveness of executable specification languages is typically much less than that of non-executable specification languages such as VDM or Z. Thus, specifiers are forced to work at a lower level of abstraction to gain the advantage of executability. Additionally, specifications are typically made executable by translating them to a programming language, so errors in the specification can only be detected as errors in the resulting code. This paper presents a technique for directly executing specifications written in SPECS-C++, a model-based specification language for C++ classes. As SPECS-C++ has much in common with the implicit subset of VDM, this technique is equally applicable to implicit VDM specifications. Standard ML code for the interpreter and the example used in the paper appear in the appendices

Executing Formal Specifications with Constraint Programming

We have implemented a technique for execution of formal, model-based specifications. The specifications we can execute are written at a level of abstraction that has not previously been supported in executable specification languages. The specification abstractions supported by our execution technique include quantified assertions that reference post-state values, and indirect definitions of post-state values (definitions that do not use equality). Our approach is based on translating specifications to the concurrent constraint programming language AKL. While there are, of course, expressible assertions that are not executable, our technique is amenable to any formal specification language based on a finite number of intrinsic types and pre- and postcondition assertions

A Formal Methodology for Deriving Purely Functional Programs From Z Specifications via the Intermediate Specification Language FunZ.

In recent years, both formal methods and software reuse have been increasingly advocated as a means of alleviating the ills of the software crisis. During this same time period, purely functional programming languages, which have a long history in the realm of rapid prototyping, have emerged as a viable medium for real-world applications. Since these trends are likely to continue, this work describes a methodology that facilitates the derivation of purely functional programs from existing Z specifications. A unique aspect of the methodology is its incorporation of an intermediate specification language (FunZ) during the design phase of software development. Most of the previous techniques for translating Z specifications to functional programs were designed primarily to expedite rapid prototyping. In contrast, the FunZ methodology, which is an adapted form of the IBM Hursley method, is a comprehensive approach, spanning the software life cycle from specification through design to final implementation. Due to its greater scope, the FunZ methodology offers several advantages over existing approaches. First, the specification language integrates features from Z with those of the functional programming paradigm to provide a bridge between Z specifications and functional implementations. Since FunZ is expressly designed to target functional languages, the implementor\u27s job is simplified. In fact, a FunZ document looks like extended Haskell code, so an obvious effect in applying FunZ is that the distance from design to code is reduced. Second, the methodology provides a framework for recording design decisions, which is useful for future maintenance. Within this framework, users may select a development path ranging from an intuitive style to a fully formal approach that includes the proofs of functional refinement. Furthermore, FunZ allows software developers to prove properties about a system design within the realm of Z or Haskell. This means that proofs can be performed throughout software development and the designer is free to select the most appropriate notation. In summary, the intermediate specification language FunZ and its related methodology provide software developers with a complete, formal approach for translating Z specifications to Haskell implementations. Previously, such extensive methods were only available for traditional, imperative languages

From Verified Models to Verifiable Code

Declarative specifications of digital systems often contain parts that can be automatically translated into executable code. Automated code generation may reduce or eliminate the kinds of errors typically introduced through manual code writing. For this approach to be effective, the generated code should be reasonably efficient and, more importantly, verifiable. This paper presents a prototype code generator for the Prototype Verification System (PVS) that translates a subset of PVS functional specifications into an intermediate language and subsequently to multiple target programming languages. Several case studies are presented to illustrate the tool's functionality. The generated code can be analyzed by software verification tools such as verification condition generators, static analyzers, and software model-checkers to increase the confidence that the generated code is correct

A comparison of languages which operationalise and formalise {KADS} models of expertise

In the field of Knowledge Engineering, dissatisfaction with the rapid-prototyping approach has led to a number of more principled methodologies for the construction of knowledge-based systems. Instead of immediately implementing the gathered and interpreted knowledge in a given implementation formalism according to the rapid-prototyping approach, many such methodologies centre around the notion of a conceptual model: an abstract, implementation independent description of the relevant problem solving expertise. A conceptual model should describe the task which is solved by the system and the knowledge which is required by it. Although such conceptual models have often been formulated in an informal way, recent years have seen the advent of formal and operational languages to describe such conceptual models more precisely, and operationally as a means for model evaluation. In this paper, we study a number of such formal and operational languages for specifying conceptual models. In order to enable a meaningful comparison of such languages, we focus on languages which are all aimed at the same underlying conceptual model, namely that from the KADS method for building KBS. We describe eight formal languages for KADS models of expertise, and compare these languages with respect to their modelling primitives, their semantics, their implementations and their applications. Future research issues in the area of formal and operational specification languages for KBS are identified as the result of studying these languages. The paper also contains an extensive bibliography of research in this area

An editor and transformation system for a Z animation case tool.

In order to remain competitive, modem systems developers are increasingly under pressure to produce software solutions to complex problems faster and cheaper, whilst at the same time maintaining a high level of quality in the delivered product. One of the key quality measures is the delivery of a system that meets the customer's requirements. Failure to meet the customer's requirements may engender significant re-design, which in turn will cost money, delay product introduction and may seriously damage the developer's credibility. For these reasons, the problem of developing a precise and unambiguous statement of requirements for a proposed system is perhaps one of the most challenging problems within software engineering today. Formal, model-based specification languages such as the Z notation have been widely adopted within the context of requirements engineering, to provide a vehicle for the development of precise and unambiguous specifications. However, the mathematical foundation upon which these notations are based often makes them unapproachable and difficult to assimilate by a non-specialist reader. The problem then faced is that if the customer cannot understand the semantics of the specification, how can the customer agree that the specification is indeed a true reflection of the requirements for the desired system? Several researchers have proposed that rapid prototyping and animation of specifications can be used to increase the customer's understanding of the formal specification. This is achieved by executing specification components on candidate data and observing that the behaviour is as expected. However this requires that the original formal specification be reliably transformed into a representation capable of being executed within a computer system. To achieve this aim requires the support of computer-based tools able to assist the requirements engineer in capturing, manipulating and transforming the formal specification in an efficient and consistent manner. This thesis describes the research and development of the TranZit tool, which is a Z notation editor, checker and transformation system. TranZit supports the efficient capture and maintenance of Z notation specifications using the Windows Graphical User Interface, supported by a suite of powerful language-driven features. In addition TranZit contains a highly integrated and optimised syntax and type checker, combining traditional compiler design techniques with innovative use of object-oriented data structures and methods, to assist the requirements engineer in ensuring the internal consistency of the captured specification. Most importantly, TranZit contains a novel transformation engine, which is capable of transforming a captured Z specification into an executable representation based on extensions to LISP, suitable for direct execution in an animation environment. This process is supported by an eclectic strategy combining automated transformation with user assistance, to overcome many of the well-documented problems associated with transforming non-executable clauses in formal specifications

Introduction to the Literature on Semantics

An introduction to the literature on semantics. Included are pointers to the literature on axiomatic semantics, denotational semantics, operational semantics, and type theory