Verificación de aplicaciones web dinámicas con Web-TLR

Web-TLR is a software tool designed for model-checking Web applications that is based on rewriting logic. Web applications are expressed as rewrite theories that can be formally verified by using the Maude built-in LTLR model-checker. Whenever a property is refuted, it produces a counterexample trace that underlies the failing model checking computation. However, the analysis (or even the simple inspection) of large counterexamples may prove to be unfeasible due to the size and complexity of the traces under examination. This work aims to improve the understandability of the counterexamples generated by Web-TLR by developing an integrated framework for debugging Web applications that integrates a trace-slicing technique for rewriting logic theories that is particularly tailored to Web-TLR. The verification environment is also provided with a user-friendly, graphical Web interface that shields the user from unnecessary information. Trace slicing is a widely used technique for execution trace analysis that is effectively used in program debugging, analysis and comprehension. Our trace slicing technique allows us to systematically trace back rewrite sequences modulo equational axioms (such as associativity and commutativity) by means of an algorithm that dynamically simpli es the traces by detecting control and data dependencies, and dropping useless data that do not infuence the final result. Our methodology is particularly suitable for analyzing complex, textually-large system computations such as those delivered as counter-example traces by Maude model-checkers. The slicing facility implemented in Web-TLR allows the user to select the pieces of information that she is interested into by means of a suitable pattern-matching language supported by wildcards. The selected information is then traced back through inverse rewrite sequences. The slicing process drastically simpli es the computation trace by dropping useless data that do not influence the nal result. By using this facility, the Web engineer can focus on the relevant fragments of the failing application, which greatly reduces the manual debugging e ort and also decreases the number of iterative verfications.Espert Real, J. (2011). Verificación de aplicaciones web dinámicas con Web-TLR. http://hdl.handle.net/10251/11219.Archivo delegad

Consistency Checking of Natural Language Temporal Requirements using Answer-Set Programming

Successful software engineering practice requires high quality requirements. Inconsistency is one of the main requirement issues that may prevent software projects from being success. This is particularly onerous when the requirements concern temporal constraints. Manual checking whether temporal requirements are consistent is tedious and error prone when the number of requirements is large. This dissertation addresses the problem of identifying inconsistencies in temporal requirements expressed as natural language text. The goal of this research is to create an efficient, partially automated, approach for checking temporal consistency of natural language requirements and to minimize analysts\u27 workload. The key contributions of this dissertation are as follows: (1) Development of a partially automated approach for checking temporal consistency of natural language requirements. (2) Creation of a formal language Temporal Action Language (TeAL), which provide a means to represent natural language requirements precisely and unambiguously. (3) Development of a front end to semi-automatically translate natural language requirements into TeAL. (4) Development of a translator from TeAL to the ASP language. Validation results to date show that the front end tool makes the task of translating natural language requirements into TeAL more accurate and efficient, and the translator generates ASP programs that correctly detect the inconsistencies in the requirements

Design principles for ensuring compliance in business processes

In this thesis, we evaluate the complexity and understandability of compliance languages. First, to calculate the complexity, we apply established software metrics and interpret the results with respect to the languages’ expressiveness. Second, to investigate the languages’ understandability, we use a cognitive model of the human problem-solving process and analyze how efficiently users perform a compliance modeling task. Our results have theoretical and practical implications that give directions for the development of compliance languages, and rule-based languages in general.Diese Arbeit beurteilt die Komplexität und Verständlichkeit von Compliance-Sprachen. Zur Messung der Komplexität wenden wir etablierte Software-Metriken an und interpretieren die Ergebnisse in Hinblick auf die Aussagekraft der Sprachen. Zur Untersuchung der Verständlichkeit verwenden wir ein kognitives Modell und analysieren, wie effizient eine Compliance-Sprache zur Lösung eines Modellierungsproblems eingesetzt wird. Unsere Ergebnisse haben theoretische und praktische Implikationen für die Entwicklung von Compliance-Sprachen und anderen regelbasierten Sprachen

A Framework for Specifying Business Rules Based on Logic with a Syntax Close to Natural Language

The systematic interaction of software developers with the business domain experts that are usually no software developers is crucial to software system maintenance and creation and has surfaced as the big challenge of modern software engineering. Existing frameworks promoting the typical programming languages with artificial syntax are suitable to be processed by computers but do not cater to domain experts, who are used to documents written in natural language as a means of interaction.Other frameworks that claim to be fully automated, such as those using natural language processing, are too imprecise to handle the typical requirements documents written in heterogeneous natural language flavours. In this thesis, a framework is proposed that can support the specification of business rules that is, on the one hand, understandable for nonprogrammers and on the other hand semantically founded, which enables computer processability. This is achieved by the novel language Adaptive Business Process and Rule Integration Language (APRIL). Specifications in APRIL can be written in a style close to natural language and are thus suitable for humans, which was empirically evaluated with a representative group of test persons. A useful and uncommon feature of APRIL is the ability to define reusable abstract mixfix operators as sentence patterns, that can mimic natural language. The semantic underpinning of the mixfix operators is achieved by customizable atomic formulas, allowing to tailor APRIL to specific domains. Atomic formulas are underpinned by a denotational semantics, which is based on Tempura (executable subset of Interval Temporal Logic (ITL)) to describe behaviour and the Object Constraint Language (OCL) to describe invariants and pre- and postconditions. APRIL statements can be used as the basis for automatically generating test code for software systems. An additional aspect of enhancing the quality of specification documents comes with a novel formal method technique (ISEPI) applicable to behavioural business rules semantically based on Propositional Interval Temporal Logic (PITL) and complying with the newly discovered 2-to-1 property. This work discovers how the ISE subset of ISEPI can be used to express complex behavioural business rules in a more concise and understandable way. The evaluation of ISE is done by an example specification taken from the car industry describing system behaviour, using the tools MONA and PITL2MONA. Finally, a methodology is presented that helps to guide a continuous transformation starting from purely natural language business rule specification to the APRIL specification which can then be transformed to test code. The methodologies, language concepts, algorithms, tools and techniques devised in this work are part of the APRIL-framework

Formal Specification Of Design Patterns: A Comparison Of Three Existing Approaches And Proposing Two-Level Grammars As A New Approach

Patterns are Object-Oriented reusable units. The principal idea behind patterns is to capture and reuse the abstractions that have been formed by expert programmers and designers to solve problems that occur in particular contexts. These abstractions capture the valuable experiences of experts in solving problems. Although patterns are currently being used successfully, there is no general agreement among the software community as to how patterns should be formalized or represented. Various formal specification schemes have been proposed to complement the natural language description of patterns in order to alleviate the ambiguities inherent in the natural language description by rigorously reasoning about the structural and behavioral aspects of patterns. Existing formal specification languages of design patterns have generally failed to provide a standard definition, specification, or representation for patterns because there is no general agreement as to how patterns should be formalized. Also, each formal specification is generally based on a different mathematical formalism and when pattern users want to understand a pattern, first they have to understand the respective mathematical formalism. In addition to comparing three existing formal specification schemes, the main objective of this research work was to lay the foundation for developing a formal specification scheme that could be understandable without having to delve into the details of the underlying formalism. This research work attempted to capture and represent the structural aspects of design patterns since capturing the behavioral aspects of design patterns is a semantic issue and is beyond the scope of this work. Two-Level Grammar (TLG) was used to capture and represent the structural aspects of design patterns. This study was conducted using the GoF design patterns [Gamma et al. 1995]. It has already been demonstrated that TLGs have the capability to represent the building blocks of object-oriented software systems. The primary advantage of TLGs in defining design patterns is that specifications written in TLGs are understandable due to their natural-language-like vocabulary [Edupuganty 1987] [Lee 2003] [Maluszynski 1984]. The TLG representation of the observer pattern was developed to gauge the feasibility of the proposed pattern representation scheme. TLGs could help pattern users understand the formalized version of patterns more readily compared to other formal specification methods that are difficult to understand due to their arcane mathematical notations.Computer Science Departmen

A Model-driven Approach to Trace Checking of Temporal Properties with Aggregations

The verification of complex software systems often requires to check quantitative properties that rely on aggregation operators (e.g., the average response time of a service). One way to ease the specification of these properties is to use property specification patterns, such as the ones for “service provisioning”, previously proposed in the literature. In this paper we focus on the problem of performing offline trace checking of temporal properties containing aggregation operators. We first present TemPsy-AG, an extension of TemPsy—an existing pattern-based language for the specification of temporal properties—to support service provisioning patterns that use aggregation operators. We then extend an existing model-driven procedure for trace checking, to verify properties expressed in TemPsy-AG. The trace checking procedure relies on the efficient mapping of temporal properties written in TemPsy-AG into OCL constraints on a meta-model of execution traces. We have implemented this procedure in the TemPsy-Check-AG tool and evaluated its performance: our approach scales linearly with respect to the length of the input trace and can deal with much larger traces than a state-of-the-art tool

Collection and Elicitation of Business Process Compliance Patterns with Focus on Data Aspects

Business process compliance is one of the prevalent challenges for companies. Despite an abundance of research proposals, companies still struggle with manual compliance checks and the understanding of compliance violations in the light of missing root-cause explanations. Moreover, approaches have merely focused on the control flow perspective in compliance checking, neglecting other aspects such as the data perspective. This paper aims at analyzing the gap between existing academic work and compliance demands from practice with a focus on the data aspects. The latter emerges from a small set of regulatory documents from different domains. Patterns are assumed as the right level of abstraction for compliance specification due to their independence of (technical) implementation in (process-aware) information systems, potential for reuse, and understandability. A systematic literature review collects and assesses existing compliance patterns. A first analysis of ten regulatory documents from different domains specifically reveals data-oriented compliance constraints that are not yet reflected by existing compliance patterns. Accordingly, data-related compliance patterns are specified

SeaFlows – A Compliance Checking Framework for Supporting the Process Lifecycle

Compliance-awareness is undoubtedly of utmost importance for companies nowadays. Even though an automated approach to compliance checking and enforcement has been advocated in recent literature as a means to tame the high costs for compliance-awareness, the potential of automated mechanisms for supporting business process compliance is not yet depleted. Business process compliance deals with the question whether business processes are designed and executed in harmony with imposed regulations. In this thesis, we propose a compliance checking framework for automating business process compliance verification within process management systems (PrMSs). Such process-aware information systems constitute an ideal environment for the systematic integration of automated business process compliance checking since they bring together different perspectives on a business process and provide access to process data. The objective of this thesis is to devise a framework that enhances PrMSs with compliance checking functionality. As PrMSs enable both the design and the execution of business processes, the designated compliance checking framework must accommodate mechanisms to support these different phases of the process lifecycle. A compliance checking framework essentially consists of two major building blocks: a compliance rule language to capture compliance requirements in a checkable manner and compliance checking mechanisms for verification of process models and process instances. Key to the practical application of a compliance checking framework will be its ability to provide comprehensive and meaningful compliance diagnoses. Based on the requirements analysis and meta-analyses, we developed the SeaFlows compliance checking framework proposed in this thesis. We introduce the compliance rule graph (CRG) language for modeling declarative compliance rules. The language provides modeling primitives with a notation based on nodes and edges. A compliance rule is modeled by defining a pattern of activity executions activating a compliance rule and consequences that have to apply once a rule becomes activated. In order to enable compliance verification of process models and process instances, the CRG language is operationalized. Key to this approach is the exploitation of the graph structure of CRGs for representing compliance states of the respective CRGs in a transparent and interpretable manner. For that purpose, we introduce execution states to mark CRG nodes in order to indicate which parts of the CRG patterns can be observed in a process execution. By providing rules to alter the markings when a new event is processed, we enable to update the compliance state for each observed event. The beauty of our approach is that both design and runtime can be supported using the same mechanisms. Thus, no transformation of compliance rules in different representations for process model verification or for compliance monitoring becomes necessary. At design time, the proposed approach can be applied to explore a process model and to detect which compliance states with respect to imposed CRGs a process model is able to yield. At runtime, the effective compliance state of process instances can be monitored taking also the future predefined in the underlying process model into account. As compliance states are encoded based on the CRG structure, fine-grained and intelligible compliance diagnoses can be derived in each detected compliance state. Specifically, it becomes possible to provide feedback not only on the general enforcement of a compliance rule but also at the level of particular activations of the rule contained in a process. In case of compliance violations, this can explain and pinpoint the source of violations in a process. In addition, measures to satisfy a compliance rule can be easily derived that can be seized for providing proactive support to comply. Altogether, the SeaFlows compliance checking framework proposed in this thesis can be embedded into an overall integrated compliance management framework

Quality of process modeling using BPMN: a model-driven approach

Dissertação para obtenção do Grau de Doutor em Engenharia InformáticaContext: The BPMN 2.0 specification contains the rules regarding the correct usage of the language’s constructs. Practitioners have also proposed best-practices for producing better BPMN models. However, those rules are expressed in natural language, yielding sometimes ambiguous interpretation, and therefore, flaws in produced BPMN models. Objective: Ensuring the correctness of BPMN models is critical for the automation of processes. Hence, errors in the BPMN models specification should be detected and corrected at design time, since faults detected at latter stages of processes’ development can be more costly and hard to correct. So, we need to assess the quality of BPMN models in a rigorous and systematic way. Method: We follow a model-driven approach for formalization and empirical validation of BPMN well-formedness rules and BPMN measures for enhancing the quality of BPMN models. Results: The rule mining of BPMN specification, as well as recently published BPMN works, allowed the gathering of more than a hundred of BPMN well-formedness and best-practices rules. Furthermore, we derived a set of BPMN measures aiming to provide information to process modelers regarding the correctness of BPMN models. Both BPMN rules, as well as BPMN measures were empirically validated through samples of BPMN models. Limitations: This work does not cover control-flow formal properties in BPMN models, since they were extensively discussed in other process modeling research works. Conclusion: We intend to contribute for improving BPMN modeling tools, through the formalization of well-formedness rules and BPMN measures to be incorporated in those tools, in order to enhance the quality of process modeling outcomes