Discovering Models of Software Processes from Event-Based Data ; CU-CS-819-96

Many software process methods and tools presuppose the existence of a formal model of a process. Unfortunately, developing a formal model for an on-going, complex process can be dicult, costly, and error prone. This presents a practical barrier to the adoption of process technologies, which would be lowered by automated assistance in creating formal models. To this end, we have developed a data analysis technique that we term process discovery. Under this technique, data describing process events are rst captured from an on-going process and then used to generate a formal model of the behavior of that process. In this paper we describe a Markov method that we developed specically for process discovery, as well as describe two additional methods that we adopted from other domains and augmented for our purposes. The three methods range from the purely algorithmic to the purely statistical. We compare the methods and discuss their application in an industrial case study

Enhancing Workflow with a Semantic Description of Scientific Intent

Peer reviewedPreprin

Mechanising and evolving the formal semantics of WebAssembly: the Web's new low-level language

WebAssembly is the first new programming language to be supported natively by all major Web browsers since JavaScript. It is designed to be a natural low-level compilation target for languages such as C, C++, and Rust, enabling programs written in these languages to be compiled and executed efficiently on the Web. WebAssembly’s specification is managed by the W3C WebAssembly Working Group (made up of representatives from a number of major tech companies). Uniquely, the language is specified by way of a full pen-and-paper formal semantics. This thesis describes a number of ways in which I have both helped to shape the specification of WebAssembly, and built upon it. By mechanising the WebAssembly formal semantics in Isabelle/HOL while it was being drafted, I discovered a number of errors in the specification, drove the adoption of official corrections, and provided the first type soundness proof for the corrected language. This thesis also details a verified type checker and interpreter, and a security type system extension for cryptography primitives, all of which have been mechanised as extensions of my initial WebAssembly mechanisation. A major component of the thesis is my work on the specification of shared memory concurrency in Web languages: correcting and verifying properties of JavaScript’s existing relaxed memory model, and defining the WebAssembly-specific extensions to the corrected model which have been adopted as the basis of WebAssembly’s official threads specification. A number of deficiencies in the original JavaScript model are detailed. Some errors have been corrected, with the verified fixes officially adopted into subsequent editions of the language specification. However one discovered deficiency is fundamental to the model, an instance of the well-known "thin-air problem". My work demonstrates the value of formalisation and mechanisation in industrial programming language design, not only in discovering and correcting specification errors, but also in building confidence both in the correctness of the language’s design and in the design of proposed extensions.2019 Google PhD Fellowship in Programming Technology and Software Engineering Peterhouse Research Fellowshi

State-Based Techniques For Designing, Verifying And Debugging Message Passing Systems

Message passing systems support the applications of concurrent events, where independent or semi-independent events occur simultaneously in a nondeterministic fashion. The nature of independence, random interactions and concurrency made the code development of such applications complicated and error-prone. Conventional code development environments or IDEs, such as Microsoft Visual Studio, provide little programming support in this regard. Furthermore, ensuring the correctness of a message passing system is a challenge. Typically, it is important to guarantee that a system meets its desired specifications along its construction process. Model checking is one of the techniques used in software verification which has proven to be effective in discovering hidden design and implementation errors. The required advanced knowledge of formal methods and temporal languages is one of the impediments in adopting model checking by software developers. To integrate model checking environments and conventional IDEs, this dissertation proposes a multi-phase development framework that facilitates designing, verifying, implementing and debugging state-based message passing systems. The techniques and design principles of the proposed framework focus on improving and easing the software development experience. In the first phase, a two-level design methodology is proposed through using abstract high-level communication blocks and hierarchical state-behavioral descriptions that were developed in this research. In the second phase, a new method based on choosing from a pre-determined set of patterns in concurrent communication properties is proposed to facilitate collecting the essential specifications of the system where the atomic propositions are linked with the system design. A complex property can be attained by hierarchically nesting some of these patterns. A procedure to automatically generate formal models in a model checker (MC) language is proposed. Once the model that contains both the design and the properties of the system are generated, a model checker is used to verify the correctness of the proposed system and ensure its compliance with specifications. To help in locating the source of an undesired specification, if any, a procedure to map a counter example generated by the MC to the original design is presented. In the third phase, a skeleton code of the design specification is generated in a general programming language such as Microsoft C\#, Java, etc. moreover, the ability to debug the generated code using a conventional IDE while tracing the debugging process back to the original design was established. Finally, a graphical software tool that supports the proposed framework is developed where SPIN MC is used as a verifier. The tool was used to develop and verify several case studies. The proposed framework and the developed software tool can be considered a key solution for message passing systems design and verification

An LTL Semantics of Business Workflows with Recovery

We describe a business workflow case study with abnormal behavior management (i.e. recovery) and demonstrate how temporal logics and model checking can provide a methodology to iteratively revise the design and obtain a correct-by construction system. To do so we define a formal semantics by giving a compilation of generic workflow patterns into LTL and we use the bound model checker Zot to prove specific properties and requirements validity. The working assumption is that such a lightweight approach would easily fit into processes that are already in place without the need for a radical change of procedures, tools and people's attitudes. The complexity of formalisms and invasiveness of methods have been demonstrated to be one of the major drawback and obstacle for deployment of formal engineering techniques into mundane projects

Context constraint integration and validation in dynamic web service compositions

System architectures that cross organisational boundaries are usually implemented based on Web service technologies due to their inherent interoperability benets. With increasing exibility requirements, such as on-demand service provision, a dynamic approach to service architecture focussing on composition at runtime is needed. The possibility of technical faults, but also violations of functional and semantic constraints require a comprehensive notion of context that captures composition-relevant aspects. Context-aware techniques are consequently required to support constraint validation for dynamic service composition. We present techniques to respond to problems occurring during the execution of dynamically composed Web services implemented in WS-BPEL. A notion of context { covering physical and contractual faults and violations { is used to safeguard composed service executions dynamically. Our aim is to present an architectural framework from an application-oriented perspective, addressing practical considerations of a technical framework