LOTOSphere:software development with LOTOS

LOTOS (Language Of Temporal Ordering Specification) became an international standard in 1989, although application of preliminary versions of the language to communication services and protocols of the ISO/OSI family dates back to 1984. This history of the use of LOTOS made it apparent that more advantages than the pure production of standard reference documents were to be expected from the use of such formal description techniques. LOTOSphere: Software Development with LOTOS describes in depth a five year project that moved LOTOS out of the ISO tower into software engineering practice. LOTOS became a vehicle for efficient, yet formally based industrial software specification, design, verification, implementation and testing. LOTOSphere: Software Development with LOTOS is divided into six parts. The first introduces the reader to LOTOS and the project LOTOSphere. The five remaining each treat an important part of the software development life cycle using LOTOS. This is the first book to give a comprehensive treatment of the use of these formal description techniques in a software engineering environment. It will thus be a valuable reference for researchers and software developers and can also be used as a text for an advanced course on the subject

Visual animation of LOTOS using SOLVE (extended version)

SOLVE (Specification using an Object-based, LOTOS-defined, Visual language) is designed to allow formal requirements capture, particularly for interactive systems. The SOLVE language is object-based, and formally defined using LOTOS (Language Of Temporal Ordering Specification). SOLVE is also a set of software tools that allow direct visual animation of systems specified in this language. Communicating objects control onscreen icons that can be manipulated directly by the user. Animation is supported by translating a SOLVE specification automatically into a LOTOS specification, and then simulating this using standard LOTOS tools. A VCR (Video Cassette Recorder) clock controller is used to illustrate the SOLVE approach. A further application is embodied in the XDILL tool that supports requirements specification and animation of digital logic circuits. The architecture of the SOLVE toolset is described

Testing theory in practice: a simple experiment

In this paper we discuss the experiences gained in conducting a simple testing experiment. The goal of this experiment is to apply the abstract, formal testing framework [8] in a practical setting, and to indicate the critical aspects in its application to realistic testing situations. For that purpose a formal description of the system under test (SUT) is made from which tests are systematically derived. These tests are interpreted and executed by a tester against concrete implementations, thereby giving an indication about the correctness of these implementations

Architectural notes: a framework for distributed systems development

This thesis develops a framework of methods and techniques for distributed systems development. This framework consists of two related domains in which design concepts for distributed systems are defined: the entity domain and the behaviour domain. In the entity domain we consider structures of functional entities and their interconnection, while in the behaviour domain we consider behaviour definition and structuring. An interaction in which we abstract from the particular responsibilities of the participating functional entities is considered as an action. Behaviours consist of actions, interactions and their relationships. Relationships between actions and interactions are defined in terms of causality relations. In each causality relation the conditions and constraints for an action or interaction to occur are defined. Two important behaviour structuring techniques have been identified from the possible ways causality relations can be distributed: causality-oriented behaviour composition and constraint-oriented behaviour composition. Causality-oriented behaviour composition consists of placing some conditions of an action and the action itself in different sub-behaviours. Constraint-oriented behaviour composition consists of placing parts of the conditions and constraints of an action in different sub-behaviours, such that this action is shared by these sub-behaviours. This thesis identifies milestones in the design process of distributed systems, as well as the design steps to move from one milestone to another. These design steps are characterized using the concepts of the entity and the behaviour domain. We identified two crucial design operations of the behaviour domain that support these design steps: behaviour refinement and action refinement. Behaviour refinement consists of introducing (internal) structure in the causality relations of reference actions of an abstract behaviour, but preserving their causality and exclusion relationships and their attribute values. Action refinement consists of replacing abstract actions by activities, such that the completion of these activities correspond to the occurrence of the abstract actions. One important characteristic of action refinement is the possibility of distributing attribute values of the abstract actions over actions of the activities that replace them in the concrete behaviours. The area of research, scope and objectives of this thesis are discussed in Chapter 1. The concept of design culture and its elements is introduced in this chapter in order to provide an overview of the important aspects of the design process. Entity domain, behaviour domain, and design milestones are introduced and discussed in Chapter 2. This chapter also discusses the global objectives of design steps, and the abstraction obtained by considering interactions between cooperating functional entities as actions of the interaction system between these entities. Action, action attributes, causality and exclusion are discussed in Chapter 3. This chapter shows how a behaviour can be defined in terms of the causality relations of its actions in a monolithic form. Causality-oriented behaviour composition is discussed in Chapter 4. Entries and exits of a behaviour are the mechanisms that make it possible to assign parts of a condition of an action and the action itself to different sub-behaviours. Constraint-oriented behaviour composition is discussed in Chapter 5. Decomposition possibilities of monolithic behaviours are systematically studied in this chapter. Behaviour refinement is discussed in Chapter 6. This chapter defines a method to obtain an abstraction of a concrete behaviour. This method can be used to check whether the concrete behaviour corresponds to a certain abstract behaviour. Action refinement is discussed in Chapter 7. This chapter identifies some activity forms, and define the rules for considering these activities as implementations of an abstract action. These rules are used in a method to derive an abstraction of a concrete behaviour in which the abstract actions are implemented as activities. This method can be used to check whether the concrete behaviour corresponds to a certain abstract behaviour. Chapter 8 discusses a design example that is meant to illustrate the use of our design concepts. The example is an interaction server, which is a component that supports the interaction between multiple functional entities. Chapter 9 draws some conclusions and revisits the design milestones of Chapter 2, showing alternatives for the design trajectory which have been created with the use of actions and interactions in a single framework

Rigorous object-oriented analysis

Object-oriented methods for analysis, design and programming are commonly used by software engineers. Formal description techniques, however, are mainly used in a research environment. We have investigated how rigour can be introduced into the analysis phase of the software development process by combining object-oriented analysis (OOA) methods with formal description techniques. The main topics of this investigation are a formal interpretation of the OOA constructs using LOTOS, a mathematical definition of the basic OOA concepts using a simple denotational semantics and a new method for object- oriented analysis that we call the Rigorous Object-Oriented Analysis method (ROOA). The LOTOS interpretation of the OOA concepts is an intrinsic part of the ROOA method. It was designed in such a way that software engineers with no experience in LOTOS, can still use ROOA. The denotational semantics of the concepts of object-oriented analysis illuminates the formal syntactic transformations within ROOA and guarantees that the basic object- oriented concepts can be understood independently of the specification language we use. The ROOA method starts from a set of informal requirements and an object model and produces a formal object-oriented analysis model that acts as a requirements specification. The resulting formal model integrates the static, dynamic and functional properties of a system in contrast to existing OOA methods which are informal and produce three separate models that are difficult to integrate and keep consistent. ROOA provides a systematic development process, by proposing a set of rules to be followed during the analysis phase. During the application of these rules, auxiliary structures are created to help in tracing the requirements through to the final formal model. As LOTOS produces executable specifications, prototyping can be used to check the conformance of the specification against the original requirements and to detect inconsistencies, omissions and ambiguities early in the development process

Contribución a la Formalización de la Fase de Ejecución de Pruebas

En el campo de la Ingeniería de Protocolos es fundamental el papel que han tomado los organismos normalizadores de Servicios y Sistemas de Comunicaciones, como ISO e ITU. En este entorno, las Técnicas de Descripción Formal son un mecanismo clave para el diseño y especificación de dichos protocolos.Esta actividad ha surgido, en gran parte, debida a las necesidades de interconectividad, que está alcanzando niveles difícilmente imaginables hace pocos añoos: se pretende que sistemas heterogéneos y completamente diferentes cooperen y trabajen de forma distribuida o, simplemente, que intercambien volúmenes de información cada vez mayores. Surgen normas y recomendaciones a partir de iniciativas públicas orientadas a proporcionar normas en los servicios y protocolos de comunicaciones; normas que los fabricantes deben cumplir y organismos independientes deben certificar u homologar. Existen dos campos de actuación bien diferentes: por un lado, las normas deben ser precisas y no contener ambigüedades . Por otro, es necesario comprobar que el producto se atiene a la norma. Este proceso se realiza en base a unas pruebas denominadas de Conformidad. l primer campo es el causante directo del desarrollo de las FDTs. El segundo, ha provocado que ISO normalice un entorno específico y una metodología para el desarrollo y ejecución de Pruebas de Conformidad: la norma ISO-9646. En este entorno tiene lugar el desarrollo de la presente tesis. Como objetivos fundamentales se ha trabajado en 1) conceptualización y subsiguiente formalización del proceso de ejecución de Pruebas de Conformidad y elementos integrantes en las arquitecturas de pruebas, y 2) definición de una métrica de cobertura que aproveche la existencia de especificaciones formales como elemento de referencia para la generación de las pruebas de conformidad