An axiom system for sequence-based specification

AbstractThis paper establishes an axiomatic foundation and a representation theorem for the rigorous, constructive process, called sequence-based specification, of deriving precise specifications from ordinary (informal) statements of functional requirements. The representation theorem targets a special class of Mealy state machines, and algorithms are presented for converting from the set of sequences that define the specification to the equivalent Mealy machine, and vice versa. Since its inception, sequence-based specification has been effectively used in a variety of real applications, with gains reported in quality and productivity. This paper establishes the mathematical foundation independently of the process itself

Productivity Analysis and Use of Sequence-Based Specification in a Web-Development Environment

This study evaluates the productivity of a software team in a web-development company and assesses the effects of the sequence-based specifications process on productivity and software accuracy in this environment. This study compares two software projects completed at GoTrain Corporation in 2001 and 2002. GoTrain is an application service provider and delivers environmental, safety and health (ES&H) training courses to a variety of clients through an Internet-based learning management system (LMS), called the Academy. GoTrain was established in 1999 through the merger of two small companies – a training services organization and a web design group. Because neither of the parent companies specialized in software development, the new GoTrain programming team began creating the first Academy applications without the structure of a formal software process. This study evaluates the productivity of the GoTrain programming team at the time formal software processes were introduced into the development environment. The first project evaluated was an upgrade of the GoTrain Academy to provide Spanish support for the end-used and was performed using the Microsoft Solutions Framework ™ (MSF) Process Model. The second project was an upgrade to the Academy software to support new employee training, enhanced reporting functionality, and improved administrative features. For this project, the MSF Process Model was again used but with sequence-based specification applied to selected Academy features during the design phase. Sequence-based specification is typically used in Cleanroom software engineering to create consistent and complete product requirements through enumeration of system inputs. Focusing on active server pages (ASPs), productivity analyses were based on the total lines of code (LOC) generated during the project and the number of hours required to create the code. The count of errors discovered during testing and the hours required for rework after the Academy release were used to evaluate the accuracy and correctness of the software. A productivity increase is seen between the first and second projects. The second project had higher LOC per man-hour than the first, which is likely a result of the software team becoming more experienced with the software process, developing cohesion among the team members, and improving communication among the project group. The files utilizing the sequence-based specification process in the second project had similar LOC and man-hour values as other files modified during this development effort. Files utilizing sequence-based specification required no modification after the versioned release of the Academy, whereas 68% of the files, similar in LOC and man-hours, created using existing specification processes required modification and re-deployment following the initial release

Sequence-Based Specification of Embedded Systems

Software has become integral to the control mechanism of modern devices. From transportation and medicine to entertainment and recreation, embedded systems integrate fundamentally with time and the physical world to impact our lives; therefore, product dependability and safety are of paramount importance. Model-based design has evolved as an effective way to prototype systems and to analyze system function through simulation. This process mitigates the problems and risks associated with embedding software into consumer and industrial products. However, the most difficult tasks remain: Getting the requirements right and reducing them to precise specifications for development, and providing compelling evidence that the product is fit for its intended use. Sequence-based specification of discrete systems, using well-chosen abstractions, has proven very effective in exposing deficiencies in requirements, and then producing precise specifications for good requirements. The process ensures completeness, consistency, and correctness by tracing each specification decision precisely to the requirements. Likewise, Markov chain based testing has proven effective in providing evidence that systems are fit for field use. Model-based designs integrate discrete and continuous behavior; models have both hybrid and switching properties. In this research, we extend sequence-based specification to explicitly include time, continuous functions, nondeterminism, and internal events for embedded real-time systems. The enumeration is transformed into an enumeration hybrid automaton that acts as the foundation for an executable model-based design and an algebraic hybrid I/O automaton with valuable theoretical properties. Enumeration is a step-wise problem solving technique that complements model-based design by converting ordinary requirements into precise specifications. The goal is a complete, consistent, and traceably correct design with a basis for automated testing

A Framework for File Format Fuzzing with Genetic Algorithms

Secure software, meaning software free from vulnerabilities, is desirable in today\u27s marketplace. Consumers are beginning to value a product\u27s security posture as well as its functionality. Software development companies are recognizing this trend, and they are factoring security into their entire software development lifecycle. Secure development practices like threat modeling, static analysis, safe programming libraries, run-time protections, and software verification are being mandated during product development. Mandating these practices improves a product\u27s security posture before customer delivery, and these practices increase the difficulty of discovering and exploiting vulnerabilities. Since the 1980\u27s, security researchers have uncovered software defects by fuzz testing an application. In fuzz testing\u27s infancy, randomly generated data could discover multiple defects quickly. However, as software matures and software development companies integrate secure development practices into their development life cycles, fuzzers must apply more sophisticated techniques in order to retain their ability to uncover defects. Fuzz testing must evolve, and fuzz testing practitioners must devise new algorithms to exercise an application in unexpected ways. This dissertation\u27s objective is to create a proof-of-concept genetic algorithm fuzz testing framework to exercise an application\u27s file format parsing routines. The framework includes multiple genetic algorithm variations, provides a configuration scheme, and correlates data gathered from static and dynamic analysis to guide negative test case evolution. Experiments conducted for this dissertation illustrate the effectiveness of a genetic algorithm fuzzer in comparison to standard fuzz testing tools. The experiments showcase a genetic algorithm fuzzer\u27s ability to discover multiple unique defects within a limited number of negative test cases. These experiments also highlight an application\u27s increased execution time when fuzzing with a genetic algorithm. To combat increased execution time, a distributed architecture is implemented and additional experiments demonstrate a decrease in execution time comparable to standard fuzz testing tools. A final set of experiments provide guidance on fitness function selection with a CHC genetic algorithm fuzzer with different population size configurations

Formal aspects of component software

This is the pre-proceedings of 6th International Workshop on Formal Aspects of Component Software (FACS'09)