185,024 research outputs found
Formally specifying the logic of an automatic guidance controller
The following topics are covered in viewgraph form: (1) the Penelope Project; (2) the logic of an experimental automatic guidance control system for a 737; (3) Larch/Ada specification; (4) some failures of informal description; (5) description of mode changes caused by switches; (6) intuitive description of window status (chosen vs. current); (7) design of the code; (8) and specifying the code
Security Policy Specification Using a Graphical Approach
A security policy states the acceptable actions of an information system, as
the actions bear on security. There is a pressing need for organizations to
declare their security policies, even informal statements would be better than
the current practice. But, formal policy statements are preferable to support
(1) reasoning about policies, e.g., for consistency and completeness, (2)
automated enforcement of the policy, e.g., using wrappers around legacy systems
or after the fact with an intrusion detection system, and (3) other formal
manipulation of policies, e.g., the composition of policies. We present LaSCO,
the Language for Security Constraints on Objects, in which a policy consists of
two parts: the domain (assumptions about the system) and the requirement (what
is allowed assuming the domain is satisfied). Thus policies defined in LaSCO
have the appearance of conditional access control statements. LaSCO policies
are specified as expressions in logic and as directed graphs, giving a visual
view of policy. LaSCO has a simple semantics in first order logic (which we
provide), thus permitting policies we write, even for complex policies, to be
very perspicuous. LaSCO has syntax to express many of the situations we have
found to be useful on policies or, more interesting, the composition of
policies. LaSCO has an object-oriented structure, permitting it to be useful to
describe policies on the objects and methods of an application written in an
object-oriented language, in addition to the traditional policies on operating
system objects. A LaSCO specification can be automatically translated into
executable code that checks an invocation of a program with respect to a
policy. The implementation of LaSCO is in Java, and generates wrappers to check
Java programs with respect to a policy.Comment: 28 pages, 22 figures, in color (but color is not essential for
viewing); UC Davis CS department technical report (July 22, 1998
Declarative Specification
Deriving formal specifications from informal requirements is extremely difficult since one has to overcome the conceptual gap between an application domain and the domain of formal specification methods. To reduce this gap we introduce application-specific specification languages, i.e., graphical and textual notations that can be unambiguously mapped to formal specifications in a logic language. We describe a number of realised approaches based on this idea, and evaluate them with respect to their domain specificity vs. generalit
Attempto - From Specifications in Controlled Natural Language towards Executable Specifications
Deriving formal specifications from informal requirements is difficult since
one has to take into account the disparate conceptual worlds of the application
domain and of software development. To bridge the conceptual gap we propose
controlled natural language as a textual view on formal specifications in
logic. The specification language Attempto Controlled English (ACE) is a subset
of natural language that can be accurately and efficiently processed by a
computer, but is expressive enough to allow natural usage. The Attempto system
translates specifications in ACE into discourse representation structures and
into Prolog. The resulting knowledge base can be queried in ACE for
verification, and it can be executed for simulation, prototyping and validation
of the specification.Comment: 15 pages, compressed, uuencoded Postscript, to be presented at EMISA
Workshop 'Naturlichsprachlicher Entwurf von Informationssystemen -
Grundlagen, Methoden, Werkzeuge, Anwendungen', May 28-30, 1996, Ev. Akademie
Tutzin
Attempto Controlled English (ACE)
Attempto Controlled English (ACE) allows domain specialists to interactively
formulate requirements specifications in domain concepts. ACE can be accurately
and efficiently processed by a computer, but is expressive enough to allow
natural usage. The Attempto system translates specification texts in ACE into
discourse representation structures and optionally into Prolog. Translated
specification texts are incrementally added to a knowledge base. This knowledge
base can be queried in ACE for verification, and it can be executed for
simulation, prototyping and validation of the specification.Comment: 13 pages, compressed, uuencoded Postscript, to be presented at CLAW
96, The First International Workshop on Controlled Language Applications,
Katholieke Universiteit Leuven, 26-27 March 199
Formal Model Engineering for Embedded Systems Using Real-Time Maude
This paper motivates why Real-Time Maude should be well suited to provide a
formal semantics and formal analysis capabilities to modeling languages for
embedded systems. One can then use the code generation facilities of the tools
for the modeling languages to automatically synthesize Real-Time Maude
verification models from design models, enabling a formal model engineering
process that combines the convenience of modeling using an informal but
intuitive modeling language with formal verification. We give a brief overview
six fairly different modeling formalisms for which Real-Time Maude has provided
the formal semantics and (possibly) formal analysis. These models include
behavioral subsets of the avionics modeling standard AADL, Ptolemy II
discrete-event models, two EMF-based timed model transformation systems, and a
modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
- …