Relating fair testing and accordance for service replaceability

AbstractThe accordance pre-order describes whether a service can safely be replaced by another service. That is, all partners for the original service should be partners for the new service. Partners for a service interact with the service in such a way that always a certain common goal can be reached.We relate the accordance pre-order to the pre-orders known from the linear–branching time spectrum, notably fair testing. The differences between accordance and fair testing include the modeling of termination and success, and the parts of the services that cannot be used reliably by any partner. Apart from the theoretical results, we address the practical relevance of the introduced concepts

Under consideration for publication in Formal Aspects of Computing Streamlining progress-based derivations of concurrent programs

Abstract. The logic of Owicki and Gries is a well known logic for verifying safety properties of concurrent programs. Using this logic, Feijen and van Gasteren describe a method for deriving concurrent programs based on safety. In this work, we explore derivation techniques of concurrent programs using progress-based reasoning. We use a framework that combines the safety logic of Owicki and Gries, and the progress logic of UNITY. Our contributions improve the applicability of our earlier techniques by reducing the calculational overhead in the formal proofs and derivations. To demonstrate the effectiveness of our techniques, a derivation of Dekker’s mutual exclusion algorithm is presented. This derivation leads to the discovery of some new and simpler variations of this famous algorithm

A formal analysis of a dynamic distributed spanning tree algorithm

Abstract. We analyze the spanning tree algorithm in the IEEE 1394.1 draft standard, which correctness has not previously been proved. This algorithm is a fully-dynamic distributed graph algorithm, which, in general, is hard to develop. The approach we use is to formally develop an algorithm that is almost equivalent to it: First, based on a formal specification and an abstraction of the network, we systematically construct an algorithm including its correctness proof. Afterwards we implement this algorithm in terms of IEEE 1394 devices under maintenance of its correctness.

Formalizing and testing the consistency of DSL transformations

A domain specific language (DSL) focuses on the essential concepts in a specific problem domain, and abstracts from low-level implementation details. The development of DSLs usually centers around the meta-model, grammar and code generator, possibly extended with transformations to analysis models. Typically, little attention is given to the formal semantics of the language, whereas this is essential for reasoning about DSL models, and for assessing the correctness of the generated code and analysis models. We argue that the semantics of a DSL should be defined explicitly and independently of any code generator, to avoid all kinds of complexities from low-level implementation details. As the generated analysis models must reflect some of these implementation details, we propose to formalize them separately. To assess the correctness and consistency of the generated code and analysis models in a practical way, we use conformance testing. We extensively illustrate this general approach using specific formalizations for an industrial DSL on collision prevention. We do not aim for a generic semantic model for any DSL, but this specific DSL indicates the potential of a modular semantics to facilitate reuse among DSLs