On the analysis needs when verifying state-based software requirements: an experience report

AbstractIn a previous investigation we formally defined procedures for analyzing hierarchical state-based requirements specifications for two properties: (1) completeness with respect to a set of criteria related to robustness (a response is specified for every possible input and input sequence) and (2) consistency (the specification is free from conflicting requirements and undesired nondeterminism). Informally, the analysis involves determining if large Boolean expressions are tautologies. We implemented the analysis procedures in a prototype tool and evaluated their effectiveness and efficiency on a large real world requirements specification expressed in an hierarchical state-based language called Requirements State Machine Language. Although our initial approach was largely successful, there were some drawbacks with the original tools. In our initial implementation we abstracted all formulas to propositional logic. Unfortunately, since we are manipulating the formulas without interpreting any of the functions in the individual predicates, the abstraction can lead to large numbers of spurious (or false) error reports. To increase the accuracy of our analysis we have continually refined our tool with decision procedures and, finally, come to the conclusion that theorem proving is often needed to avoid large numbers of spurious error reports. This paper discusses the problems with spurious error reports and describes our experiences analyzing a large commercial avionics system for completeness and consistency

Design for validation: An approach to systems validation

Every complex system built is validated in some manner. Computer validation begins with review of the system design. As systems became too complicated for one person to review, validation began to rely on the application of adhoc methods by many individuals. As the cost of the changes mounted and the expense of failure increased, more organized procedures became essential. Attempts at devising and carrying out those procedures showed that validation is indeed a difficult technical problem. The successful transformation of the validation process into a systematic series of formally sound, integrated steps is necessary if the liability inherent in the future digita-system-based avionic and space systems is to be minimized. A suggested framework and timetable for the transformtion are presented. Basic working definitions of two pivotal ideas (validation and system life-cyle) are provided and show how the two concepts interact. Many examples are given of past and present validation activities by NASA and others. A conceptual framework is presented for the validation process. Finally, important areas are listed for ongoing development of the validation process at NASA Langley Research Center

Analyzing Consistency of Behavioral REST Web Service Interfaces

REST web services can offer complex operations that do more than just simply creating, retrieving, updating and deleting information from a database. We have proposed an approach to design the interfaces of behavioral REST web services by defining a resource and a behavioral model using UML. In this paper we discuss the consistency between the resource and behavioral models that represent service states using state invariants. The state invariants are defined as predicates over resources and describe what are the valid state configurations of a behavioral model. If a state invariant is unsatisfiable then there is no valid state configuration containing the state and there is no service that can implement the service interface. We also show how we can use reasoning tools to determine the consistency between these design models.Comment: In Proceedings WWV 2012, arXiv:1210.578

A Bootstrap Theory: the SEMAT Kernel Itself as Runnable Software

The SEMAT kernel is a thoroughly thought generic framework for Software Engineering system development in practice. But one should be able to test its characteristics by means of a no less generic theory matching the SEMAT kernel. This paper claims that such a matching theory is attainable and describes its main principles. The conceptual starting point is the robustness of the Kernel alphas to variations in the nature of the software system, viz. to software automation, distribution and self-evolution. From these and from observed Kernel properties follows the proposed bootstrap principle: a software system theory should itself be a runnable software. Thus, the kernel alphas can be viewed as a top-level ontology, indeed the Essence of Software Engineering. Among the interesting consequences of this bootstrap theory, the observable system characteristics can now be formally tested. For instance, one can check the system completeness, viz. that software system modules fulfill each one of the system requirements.Comment: 8 pages; 2 figures; Preprint of paper accepted for GTSE'2014 Workshop, within ICSE'2014 Conferenc

An environment for object-oriented real-time system design

A concise object-oriented method for the development of real-time systems has been composed. Hardware components are modelled by (software) base objects; base objects are controlled by a hierarchy of coordinator objects, expressed in an organizational diagram. The behaviour of objects is specified by state transition diagrams. This approach considerably promotes requirements analysis and communication with the customer. A CASE tool has been constructed with diagram editors for graphical specifications of real-time systems. The tool can generate executable code for PLCs from these graphical specifications; reuse of previous results is supported by the repository function of the tool. Experiences attained in practice with method and tool show that time spent in system testing and installation is reduced considerabl

Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

First-Order and Temporal Logics for Nested Words

Nested words are a structured model of execution paths in procedural programs, reflecting their call and return nesting structure. Finite nested words also capture the structure of parse trees and other tree-structured data, such as XML. We provide new temporal logics for finite and infinite nested words, which are natural extensions of LTL, and prove that these logics are first-order expressively-complete. One of them is based on adding a "within" modality, evaluating a formula on a subword, to a logic CaRet previously studied in the context of verifying properties of recursive state machines (RSMs). The other logic, NWTL, is based on the notion of a summary path that uses both the linear and nesting structures. For NWTL we show that satisfiability is EXPTIME-complete, and that model-checking can be done in time polynomial in the size of the RSM model and exponential in the size of the NWTL formula (and is also EXPTIME-complete). Finally, we prove that first-order logic over nested words has the three-variable property, and we present a temporal logic for nested words which is complete for the two-variable fragment of first-order.Comment: revised and corrected version of Mar 03, 201