On the Suitability of Estelle for Multimedia Systems

Formal Description Techniques have been widely used for the specification of traditional networked applications. They have not been applied to the specification of new applications such as multimedia systems yet. In this paper, we examine the FDT Estelle with respect to its suitability for multimedia system specification and automatic derivation of efficient implementations. We show that it is possible to specify certain aspects of multimedia systems, but that Estelle is not sufficient for others. The derived implementations often perform badly. We show the reasons and propose to use a slightly modified Estelle syntax and semantics to solve the problems. The implemented solution was tested successfully

Design of a Formal Estelle Semantics for Verification

One main purpose for the use of formal description techniques (FDTs) is formal reasoning and verification. This requires a formal calculus and a suitable formal semantics of the FDT. In this paper, we discuss the basic verification requirements for Estelle, and how they can be supported by existing calculi. This leads us to the redefinition of the standard Estelle semantics using Lamport's temporal logic of actions and Dijkstra's predicate transformers. Keyword Codes: F.3.2; D.2.1; C.2.4 Keywords: Semantics of Programming Languages; Requirements/Specifications; Distributed Systems 1 Introduction Formal description techniques (FDTs) serve two main purposes (see, e.g., [ISO88, ISO89]). Firstly, specifications written in an FDT shall be precise and unambiguous. This requires the semantics of the FDT to be defined in a mathematical way. Secondly, an FDT shall support formal reasoning and, in particular, the formal verification (i.e., exhaustive proof) that a specification meets its (more ..

Specification, Detection and Resolution of IN Feature Interactions with Estelle

We present an approach for the treatment of Feature Interactions in Intelligent Networks (IN). It is based on the formal description technique (FDT) Estelle and consists of three steps. 1) A specification style supporting the integration of additional features into a basic service is introduced. 2) Feature interactions are detected which result from the integration of additional features (before their deployment). 3) Previously detected feature interactions are resolved. We emphasize that these three aspects interfere and therefore have to be treated together. In particular, the FDT and the specification style have a strong influence on the detection criteria and on the resolution of feature interactions. Several authors have proposed classifications of feature interactions in telecommunication systems. In [DaNa93], a distinction is made between technical interference and policy interference. T

CityMobil: Human Factor Issues Regarding Highly-automated Vehicles on an eLane

In the European project ‘CityMobil’ the human factors aspects of (semi) autonomous driving are investigated. Systems in the car and in the driving environment enable the driver to drive (semi) automatically in a driving lane (eLane). One of the issues is the optimal interface for the change from automated to manual control and vice versa. Therefore, we conducted a driving simulator experiment with the aim to design and test the difference between a vocal and acoustic user interface, for a vehicle driven both manually and automatically. In the experiment the behavior of 24 drivers was observed, focusing on the transition of control and the occurrence of system errors. The performance of the transition of control was adequate for both interfaces at the beginning and ending of an eLane. In case of system failure, 15% of drivers failed to take timely control of the car for both interfaces. However if drivers regained control, they had a shorter response time to initiated the transfer of control to a manual mode with the vocal interface. Moreover, a subjective questionnaire showed that the vocal interface had a higher acceptance and perceived usability, than the acoustic interface. This study suggests that the vocal interface was preferred by the participants and can be recommended for the HMI of (semi) automated vehicles, especially when providing warnings about the system’s malfunctionin

Improving the Efficiency of Automated Protocol Implementation Using Estelle

Correctness and runtime efficiency are essential properties of software in general and of high-speed protocols in particular. Establishing correctness requires the use of FDTs during protocol design, and to prove the protocol code correct with respect to its formal specification. Another approach to boost confidence in the correctness of the implementation is to generate protocol code automatically from the specification. However, the runtime efficiency of this code is often insufficient. This has turned out to be a major obstacle to the use of FDTs in practice. One of th

On Feature Orientation and on Requirements Encapsulation Using Families of Requirements

Naive feature orientation runs into problems with large software systems, such as telephone switching systems. With naive feature orientation, a feature extends a base system by an arbitrary increment of functionality. Information hiding helps to structure a large software system design into modules such that it can be maintained. We focus on the requirements of a software system. Requirements can be structured analogously to design modules. Naive feature orientation can violate requirements encapsulation. We survey approaches with improved encapsulation, and we show how and when families of requirements can help

Testing Autonomous Cars for Feature Interaction Failures using Many-Objective Search

Complex systems such as autonomous cars are typically built as a composition of features that are independent units of functionality. Features tend to interact and impact one another’s behavior in unknown ways. A challenge is to detect and manage feature interactions, in particular, those that violate system requirements, hence leading to failures. In this paper, we propose a technique to detect feature interaction failures by casting this problem into a search-based test generation problem. We define a set of hybrid test objectives (distance functions) that combine traditional coverage-based heuristics with new heuristics specifically aimed at revealing feature interaction failures. We develop a new search-based test generation algorithm, called FITEST, that is guided by our hybrid test objectives. FITEST extends recently proposed many-objective evolutionary algorithms to reduce the time required to compute fitness values. We evaluate our approach using two versions of an industrial self-driving system. Our results show that our hybrid test objectives are able to identify more than twice as many feature interaction failures as two baseline test objectives used in the software testing literature (i.e., coverage-based and failure-based test objectives). Further, the feedback from domain experts indicates that the detected feature interaction failures represent real faults in their systems that were not previously identified based on analysis of the system features and their requirements.Software Engineerin