Formal specification based prototyping

Rapid prototyping is an approach to software development which attempts to remedy some of the shortcomings of the linear life cycle model, e.g. its inability to cope with fuzzy requirements and system evolution. This thesis first presents a broad survey of rapid software prototyping. It describes the rationale behind the process, the applications of prototyping, and specific techniques which may be used to achieve them. We then describe a system, called EPROS, together with its methodology, which supports a number of prototyping techniques in a coherent framework. The system is comprehensive in its approach and covers the prototyping and development of both functional and human-computer interface aspects of software systems. The former is based on the execution of VDM-based formal specification notation META-IV; the latter is based on a textual representation of state transition diagrams. Dialogue development is further supported by a rich set of abstractions which allow interaction concepts to be specified and directly executed rather than implemented. EPROS is based on a wide spectrum language which supports the main phases of a software development process, namely specification, design, and implementation. Included in this notation is a meta abstraction facility which facilitates its extension by the programmer. The primary application of EPROS is for evolutionary prototyping, where a system is developed iteratively and gradually from the abstract to the detailed, while it undergoes use and while its capabilities evolve. EPROS copes with all the requirements of evolutionary prototyping, namely rapid development, intermediate deliveries and gradual evolution of the system towards the final product. The thesis also describes a number of case studies where the presented ideas are put in practice, and which provide data in support of the effectiveness of the described system

Symbolic execution and the testing of COBOL programs

The thesis is in two parts. Part one is a review of existing work in the area of software testing and more specifically symbolic execution. Part two is a description of the symbolic execution testing system for COBOL (SYM-BOL). Much of the work presented has been published or accepted for publication. Part one commences by introducing the aims of software testing and is followed by a review of the tools and techniques of software testing that have been developed over the past 25 years. A simple taxonomy of software testing techniques is given. One potentially powerful technique is symbolic execution. The principles of symbolic execution are described followed by the problems in applying symbolic execution. Part one is completed by a review of existing symbolic execution testing systems. No symbolic execution testing system has previously been built for a commercial data processing language such as COBOL. Part two commences by outlining the features of the SYM-BOL system and describes the user strategies that may be employed when using the system. The system generates an intermediate form in stages by transforming the source program into one that contains only a limited number of language constructs. Path selection can be automatic or undertaken by the user. In both cases the results of the symbolic execution already undertaken are available to the path selector to help reduce the likelihood of selecting an infeasible path. A description of how the Nag-library linear optimizer E04MBF is used for feasibility checking is given. Feasible solutions are turned into files of test cases. Simple assertions may be included in the source program which do not affect the normal execution of the software but which can be verified by inclusion in the symbolic execution

Formal Program Verification Using Symbolic Execution

Symbolic execution provides a mechanism for formally proving programs correct. A notation is introduced which allows a concise presentation of rules of inference based on symbolic execution. Using this notation, rules of inference are developed to handle a number of language features, including loops and procedures with multiple exits. An attribute grammar is used to formally describe symbolic expression evaluation, and the treatment of function calls with side effects is shown to be straightforward. Because symbolic execution is related to program interpretation, it is an easy-to-comprehend, yet powerful technique. The rules of inference are useful in expressing the semantics of a language and form the basis of a mechanical verification condition generator