Metamodel-based model conformance and multiview consistency checking

Model-driven development, using languages such as UML and BON, often makes use of multiple diagrams (e.g., class and sequence diagrams) when modeling systems. These diagrams, presenting different views of a system of interest, may be inconsistent. A metamodel provides a unifying framework in which to ensure and check consistency, while at the same time providing the means to distinguish between valid and invalid models, that is, conformance. Two formal specifications of the metamodel for an object-oriented modeling language are presented, and it is shown how to use these specifications for model conformance and multiview consistency checking. Comparisons are made in terms of completeness and the level of automation each provide for checking multiview consistency and model conformance. The lessons learned from applying formal techniques to the problems of metamodeling, model conformance, and multiview consistency checking are summarized

JWalk: a tool for lazy, systematic testing of java classes by design introspection and user interaction

Popular software testing tools, such as JUnit, allow frequent retesting of modified code; yet the manually created test scripts are often seriously incomplete. A unit-testing tool called JWalk has therefore been developed to address the need for systematic unit testing within the context of agile methods. The tool operates directly on the compiled code for Java classes and uses a new lazy method for inducing the changing design of a class on the fly. This is achieved partly through introspection, using Java’s reflection capability, and partly through interaction with the user, constructing and saving test oracles on the fly. Predictive rules reduce the number of oracle values that must be confirmed by the tester. Without human intervention, JWalk performs bounded exhaustive exploration of the class’s method protocols and may be directed to explore the space of algebraic constructions, or the intended design state-space of the tested class. With some human interaction, JWalk performs up to the equivalent of fully automated state-based testing, from a specification that was acquired incrementally

IEEE/NASA Workshop on Leveraging Applications of Formal Methods, Verification, and Validation

This volume contains the Preliminary Proceedings of the 2005 IEEE ISoLA Workshop on Leveraging Applications of Formal Methods, Verification, and Validation, with a special track on the theme of Formal Methods in Human and Robotic Space Exploration. The workshop was held on 23-24 September 2005 at the Loyola College Graduate Center, Columbia, MD, USA. The idea behind the Workshop arose from the experience and feedback of ISoLA 2004, the 1st International Symposium on Leveraging Applications of Formal Methods held in Paphos (Cyprus) last October-November. ISoLA 2004 served the need of providing a forum for developers, users, and researchers to discuss issues related to the adoption and use of rigorous tools and methods for the specification, analysis, verification, certification, construction, test, and maintenance of systems from the point of view of their different application domains

Trusted interoperability and the patient safety issues of parasitic health care software

With the proliferation of software systems and products in the healthcare environment, it is increasingly common for such software products to be constructed in a modular design. However, for modular software to be securely interoperable with other software products requires agreed consistent and accountable interfaces. This agreement may take the form of bilateral vendor to vendor arrangements or via a trusted external third-party who coordinates agreed interaction methods, such as a jurisdiction. Standards are a particular form of mutually trusted third party. Unfortunately, this agreed method of interoperability is not always present in vendor software. Where one software product or module interacts with another, in the absence of any agreement, it is referred to as ―bolt-on‖. It is perhaps more descriptive to refer to such software in terms of its potential to cause harm and refer to it using the biological analogy of ―parasitic‖ software and associated ―host‖ software. Analogous to biological systems, parasitic software can operate by data injection into or data extraction from, the associated host database. Both forms of parasitic software exploit access mechanisms or security flaws in the host software independent of the host vendor and in ways not intended or supported by the host vendor. This paper discusses the mechanics of this security vulnerability and more importantly, the potential adverse consequences to patient safety of such susceptibilities. As Australia moves to a national connected e-health system these issues are causes for grave concern. This paper provides a case study of this insecurity to highlight the problem, promote discussion and encourage potential change

Automatic Generation of High-Coverage Tests for RTL Designs using Software Techniques and Tools

Register Transfer Level (RTL) design validation is a crucial stage in the hardware design process. We present a new approach to enhancing RTL design validation using available software techniques and tools. Our approach converts the source code of a RTL design into a C++ software program. Then a powerful symbolic execution engine is employed to execute the converted C++ program symbolically to generate test cases. To better generate efficient test cases, we limit the number of cycles to guide symbolic execution. Moreover, we add bit-level symbolic variable support into the symbolic execution engine. Generated test cases are further evaluated by simulating the RTL design to get accurate coverage. We have evaluated the approach on a floating point unit (FPU) design. The preliminary results show that our approach can deliver high-quality tests to achieve high coverage

Conformance Testing for the AUTOSAR Standard

International audienceThe paper presents why AUTOSAR conformance tests are required, what has been achieved, and how 3 car manufacturers will use conformance tests as part of their vehicle E/E engineering process. Important topics covered are the need for conformance testing when developing a standard, the relationship between conformance and interoperability, the need for interoperability of ECUs in a vehicle, and the need to avoid diverging implementation of a standard

Trusted interoperability and the patient safety issues of parasitic health care software

With the proliferation of software systems and products in the healthcare environment, it is increasingly common for such software products to be constructed in a modular design. However, for modular software to be securely interoperable with other software products requires agreed consistent and accountable interfaces. This agreement may take the form of bilateral vendor to vendor arrangements or via a trusted external third-party who coordinates agreed interaction methods, such as a jurisdiction. Standards are a particular form of mutually trusted third party. Unfortunately, this agreed method of interoperability is not always present in vendor software. Where one software product or module interacts with another, in the absence of any agreement, it is referred to as “bolt-on”. It is perhaps more descriptive to refer to such software in terms of its potential to cause harm and refer to it using the biological analogy of “parasitic” software and associated “host” software. Analogous to biological systems, parasitic software can operate by data injection into or data extraction from, the associated host database. Both forms of parasitic software exploit access mechanisms or security flaws in the host software independent of the host vendor and in ways not intended or supported by the host vendor. This paper discusses the mechanics of this security vulnerability and more importantly, the potential adverse consequences to patient safety of such susceptibilities. As Australia moves to a national connected e-health system these issues are causes for grave concern. This paper provides a case study of this insecurity to highlight the problem, promote discussion and encourage potential change