6 research outputs found
Verifying a verifier: on the formal correctness of an LTS transformation verification technique
Over the years, various formal methods have been proposed and further developed to determine the functional correctness of models of concurrent systems. Some of these have been designed for application in a model-driven development workflow, in which model transformations are used to incrementally transform initial abstract models into concrete models containing all relevant details. In this paper, we consider an existing formal verification technique to determine that formalisations of such transformations are guaranteed to preserve functional properties, regardless of the models they are applied on. We present our findings after having formally verified this technique using the Coq theorem prover. It turns out that in some cases the technique is not correct. We explain why, and propose an updated technique in which these issues have been fixed
Testing conformance of EJB 3 enterprise application servers
Enterprise JavaBeans (EJB) is a component technology used for enterprise application development. EJB is currently being implemented by such application servers as GlassFish, OpenEJB, JBoss, WebLogic and Apache Geronimo. Through the entire history EJB claimed its adherence to the "write once, run anywhere" philosophy of Java suggesting that an application developed for and deployed on one application server should be easily portable to a different application server. Therefore, one could have expected different application servers to adhere to the EJB specification. Adherence to this and related Java EE specifications is subject of the "Java EE 6 Full Profile" compatibility testing carried by Oracle. However, anecdotal evidence of discrepancies between the specification and certified implementations such as GlassFish, has been reported in the literature. In this paper we present an approach allowing one to go beyond the level of anecdotal knowledge and test requirements for EJB application servers with focus on portability. We apply the methodology developed to test how well two popular "Java EE 6 Full Profile"-compatible EJB application servers, GlassFish and JBoss, conform to the requirements in the EJB specification. The results are alarming: both application servers failed on a number of tests, violating the specification. Moreover, in GlassFish conformance to a requirement varies depending on whether a local or a remote application is used. Lack of conformance to the EJB specification compromises the portability of the EJB applications, deviates from the portability philosophy of Java, leads to unexpected behaviour, and hinders the learning process of novice EJB developers. Keywords: Enterprise JavaBeans, Specification Conformance, EJB Application Server
Compositional model checking is lively
Compositional model checking approaches attempt to limit state space explosion by iteratively combining behaviour of some of the components in the system and reducing the result modulo an appropriate equivalence relation. For an equivalence relation to be applicable, it should be a congruence for parallel composition where synchronisations between the components may be introduced. An equivalence relation preserving both safety and liveness properties is divergence-preserving branching bisimulation (DPBB). It is generally assumed that DPBB is a congruence for parallel composition, even in the context of synchronisations between components. However, so far, no such results have been published. This work finally proves that this is the case. Furthermore, we discuss how to safely decompose an existing LTS network in components such that the re-composition is equivalent to the original LTS network. All proofs have been mechanically verified using the Coq proof assistant. Finally, to demonstrate the effectiveness of compositional model checking with intermediate DPBB reductions, we discuss the results we obtained after having conducted a number of experiments