Applying formal methods to standard development: the open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for OD

Animating formal specifications : a telephone simulation case study

Colloque avec actes sans comité de lecture.We believe that a more rigorous method of specification and validation can be achieved by first developing a {\it specification architecture} whose high-level semantics are based on object oriented concepts. This architecture promotes the construction of new functionality in a formal manner using rigorous notions of composition and inheritance. An object oriented approach will also facilitate incremental approaches to validation and verification. We present our first steps towards producing such an architecture for the Plain Old Telephone Service (POTS), which is specified and validated using a formal object oriented language based on LOTOS. The method by which the formal model is derived from the informal understanding of the requirements is examined. Validation based on meta-analysis of the problem structure is elucidated

Rigorous object-oriented analysis

Object-oriented methods for analysis, design and programming are commonly used by software engineers. Formal description techniques, however, are mainly used in a research environment. We have investigated how rigour can be introduced into the analysis phase of the software development process by combining object-oriented analysis (OOA) methods with formal description techniques. The main topics of this investigation are a formal interpretation of the OOA constructs using LOTOS, a mathematical definition of the basic OOA concepts using a simple denotational semantics and a new method for object- oriented analysis that we call the Rigorous Object-Oriented Analysis method (ROOA). The LOTOS interpretation of the OOA concepts is an intrinsic part of the ROOA method. It was designed in such a way that software engineers with no experience in LOTOS, can still use ROOA. The denotational semantics of the concepts of object-oriented analysis illuminates the formal syntactic transformations within ROOA and guarantees that the basic object- oriented concepts can be understood independently of the specification language we use. The ROOA method starts from a set of informal requirements and an object model and produces a formal object-oriented analysis model that acts as a requirements specification. The resulting formal model integrates the static, dynamic and functional properties of a system in contrast to existing OOA methods which are informal and produce three separate models that are difficult to integrate and keep consistent. ROOA provides a systematic development process, by proposing a set of rules to be followed during the analysis phase. During the application of these rules, auxiliary structures are created to help in tracing the requirements through to the final formal model. As LOTOS produces executable specifications, prototyping can be used to check the conformance of the specification against the original requirements and to detect inconsistencies, omissions and ambiguities early in the development process

Distributed systems : architecture-driven specification using extended LOTOS

The thesis uses the LOTOS language (ISO International Standard ISO 8807) as a basis for the formal specification of distributed systems. Contributions are made to two key research areas: architecture-driven specification and LOTOS language extensions. The notion of architecture-driven specification is to guide the specification process by providing a reference-base of pre-defined domain-specific components. The thesis builds an infra-structure of architectural elements, and provides Extended LOTOS (XL) definitions of these elements. The thesis develops Extended LOTOS (XI.) for the specification of distributed systems. XL- is LOTOS enhanced with features for the formal specification of quantitative timing. probabilistic and priority requirements. For distributed systems, the specification of these ‘performance’ requirements, ran be as important as the specification of the associated functional requirements. To support quantitative timing features, the XL semantics define a global, discrete clock which can be used both to force events to occur at specific times, and to measure Intervals between event occurrences. XL introduces time policy operators ASAP (as soon as possible’ corresponding to “maximal progress semantics") and ALAP (late as possible'). Special internal transitions are introduced in XL semantics for the specification of probability, Conformance relations based on a notion of probabilization, together with a testing framework, are defined to support reasoning about probabilistic XL specifications. Priority within the XL semantics ensures that permitted events with the highest priority weighting of their class are allowed first. Both functional and performance specification play important roles in CIM (Computer Integrated Manufacturing) systems. The thesis uses a CIM system known as the CIM- OSA lntegrating Infrastructure as a case study of architecture-driven specification using XL. The thesis thus constitutes a step in the evolution of distributed system specification methods that have both an architectural basis and a formal basis

Protocol validation and implementation: A design methodology using LOTOS and ROOM.

Formal methods have been proposed as a means of expediting the creation of reliable software. The use of formal methods allows for clear and unequivocal specification of a system's design, and makes possible a form of prototyping that allows for formal validation against system requirements. However, the adoption of formal methods by industry has so far been slow. It is proposed that one of the obstacles to the adoption of formal methods is the difficulty of bridging the gap between a formally-specified system and a working implementation. If this gap is too wide, the advantages of formal specification will be lost in the transition to implementation. The methodology described in this thesis attempts to close this gap by demonstrating how a system may be described using LOTOS (Language Of Temporally-Ordered Specifications) and validated against requirements using two techniques: composition with agent scenarios and temporal logic model checking. The methodology then allows for the derivation of a model in the ROOM (Real-Time Object-Oriented Modelling) notation, which may be automatically converted to an implementation in the C++ programming language. The methodology is illustrated with two small case studies. The first is the GPRS Tunnelling Protocol, used for transmitting protocol data units within the network of the General Packet Radio Service. The second study concerns authentication of users of the POP3 Internet mail protocol and demonstrates inheritance in LOTOS. Together, these case studies illustrate the salient points of the design methodology