Synthesizing Finite-state Protocols from Scenarios and Requirements

Scenarios, or Message Sequence Charts, offer an intuitive way of describing the desired behaviors of a distributed protocol. In this paper we propose a new way of specifying finite-state protocols using scenarios: we show that it is possible to automatically derive a distributed implementation from a set of scenarios augmented with a set of safety and liveness requirements, provided the given scenarios adequately \emph{cover} all the states of the desired implementation. We first derive incomplete state machines from the given scenarios, and then synthesis corresponds to completing the transition relation of individual processes so that the global product meets the specified requirements. This completion problem, in general, has the same complexity, PSPACE, as the verification problem, but unlike the verification problem, is NP-complete for a constant number of processes. We present two algorithms for solving the completion problem, one based on a heuristic search in the space of possible completions and one based on OBDD-based symbolic fixpoint computation. We evaluate the proposed methodology for protocol specification and the effectiveness of the synthesis algorithms using the classical alternating-bit protocol.Comment: This is the working draft of a paper currently in submission. (February 10, 2014

The Oracle Problem When Testing from MSCs

Message Sequence Charts (MSCs) form a popular language in which scenario-based specifications and models can be written. There has been significant interest in automating aspects of testing from MSCs. This paper concerns the Oracle Problem, in which we have an observation made in testing and wish to know whether this is consistent with the specification. We assume that there is an MSC specification and consider the case where we have entirely independent local testers (local observability) and where the observations of the local testers are logged and brought together (tester observability). It transpires that under local observability the Oracle Problem can be solved in low-order polynomial time if we use sequencing, loops and choices but becomes NP-complete if we also allow parallel components; if we place a bound on the number of parallel components then it again can be solved in polynomial time. For tester observability, the problem is NP-complete when we have either loops or choices. However, it can be solved in low-order polynomial time if we have only one loop, no choices, and no parallel components. If we allow parallel components then the Oracle Problem is NP-complete for tester observability even if we restrict to the case where there are at most two processes

Highly analysable, reusable, and realisable architectural designs with XCD

Connector-Centric Design (XcD) is a new approach to specifying software architectures. XcD views complex connectors as highly significant in architectural designs, as it is the complex connectors that non-functional quality properties in systems can emanate from. So, XcD promotes in designs a clean separation of connectors (interaction behaviours) from components (functional behaviours). Designers can then specify connectors in detail explicitly thus easing the analysis of system designs for quality properties. Furthermore, XcD separates control behaviour from connectors as control strategies. Architectural designs in XcD thus become highly modular with re-usable components, connectors, and control strategies (representing design solutions for quality properties). The end result is the eased architectural experimentation with different design solutions by re-using components/connectors and formal analysis of these solutions to find out the optimal ones

Controllability problems in MSC-based testing

This is a pre-copyedited, author-produced PDF of an article accepted for publication in The Computer Journal following peer review. The definitive publisher-authenticated version [Dan, H and Hierons, RM (2012), "Controllability Problems in MSC-Based Testing", The Computer Journal, 55(11), 1270-1287] is available online at: http://comjnl.oxfordjournals.org/content/55/11/1270. Copyright @ The Authors 2011.In testing systems with distributed interfaces/ports, we may place a separate tester at each port. It is known that this approach can introduce controllability problems which have received much attention in testing from finite state machines. Message sequence charts (MSCs) form an alternative, commonly used, language for modelling distributed systems. However, controllability problems in testing from MSCs have not been thoroughly investigated. In this paper, controllability problems in MSC test cases are analysed with three notions of observability: local, tester and global. We identify two types of controllability problem in MSC-based testing. It transpires that each type of controllability problem is related to a type of MSC pathology. Controllability problems of timing are caused by races but not every race causes controllability problems; controllability problems of choice are caused by non-local choices and not every non-local choice causes controllability problems. We show that some controllability problems of timing are avoidable and some controllability problems of choice can be overcome when testers have better observational power. Algorithms are provided to tackle both types of controllability problems. Finally, we show how one can overcome controllability problems using a coordination service with status messages based on algorithms developed in this paper.EPSR

Formal development and evaluation of narrow passageway system operations

This study applies a new intelligent transportation methodology for transforming informal operations concepts for narrow passageway systems into system-level designs, which will formal enough to support automated validation of anticipated component- and system-level behaviours. Models and specifications of behaviour are formally designed as labelled transition systems. Each object is the management system is assumed to have behaviour that can be defined by a finite state machine; thus, the waterway management system architecture is modelled as a network of communicating finite state machines. Architecture-level behaviours are validated using the Labelled Transition System Analyzer (LTSA). We exercise the methodology by working step by step through the synthesis and validation of a high-level behaviour model for a vessel passing through a waterway network (i.e., canal)

Translating Message Sequence Charts to other Process Languages Using Process Mining

Message Sequence Charts (MSCs) are often used by software analysts when discussing the behavior of a system with different stakeholders. Often such discussions lead to more complete behavioral models in the form of, e.g., Event-driven Process Chains (EPCs), Unified Modeling Language (UML), activity diagrams, Business Process Modeling Notation (BPMN) models, Petri nets, etc. Process mining on the other hand, deals with the problem of constructing complete behavioral models by analyzing event logs of information systems. In contrast to existing process mining techniques, where logs are assumed to only contain implicit information, the approach presented in this paper combines the explicit knowledge captured in individual MSCs and the techniques and tools available in the process mining domain. This combination allows us to discover high-quality process models. To constructively add to the existing work on process mining, our approach has been implemented in the process mining framework ProM (www.processmining.org)

Realizable, Connector-Driven Software Architectures for Practising Engineers

Despite being a widely-used language for specifying software systems, UML remains less than ideal for software architectures. Architecture description languages (ADLs) were developed to provide more comprehensive support. However, so far the application of ADLs in practice has been impeded by at least one of the following problems: (i) advanced formal notations requiring a steep learning curve, (ii) lack of support for user-defined, complex connectors, and (iii) potentially unrealizable architectural designs. This paper proposes Xcd, a new ADL that aims at supporting user-defined, complex connectors to help increase architectural modularity. It also aims to help increase the degree of reusability, as now components need not specify interaction protocols, as these can be specified independently by connectors (which increases protocol reusability too). Connector support requires to ensure that architectural designs are always realizable, as it is currently extremely easy to obtain unrealizable ones. Xcd eliminates potentially unrealizable constructs in connector specifications. Finally, Xcd employs a notation and notions from Design-by-Contract (DbC) for specifying software architecture behaviour. While DbC promotes a formal and precise way of specifying system behaviours, it is not as challenging for practising developers as process algebras that are usually employed by ADLs