A Case Study in Testing Distributed Systems

This paper describes a case study in the testing of distributed systems. The software under test is a middleware system developed in Java. The full test lifecycle is examined including unit testing, integration testing, and system testing. Where possible, traditional tools and techniques are used to carry out the testing. One aspect where this is not possible is the testing of the low-level concurrency, which is often overlooked when testing commercial distributed systems, since the middleware or application server is already developed by a third-party and is assumed to operate correctly. This paper examines testing the middleware system itself, and therefore, a method for testing the concurrency properties of the system is used. The testing revealed a number of faults and design weaknesses, and showed that, with some adaptation, traditional tools and techniques go a long way in the testing of distributed applications

A Refinement Calculus for Logic Programs

Existing refinement calculi provide frameworks for the stepwise development of imperative programs from specifications. This paper presents a refinement calculus for deriving logic programs. The calculus contains a wide-spectrum logic programming language, including executable constructs such as sequential conjunction, disjunction, and existential quantification, as well as specification constructs such as general predicates, assumptions and universal quantification. A declarative semantics is defined for this wide-spectrum language based on executions. Executions are partial functions from states to states, where a state is represented as a set of bindings. The semantics is used to define the meaning of programs and specifications, including parameters and recursion. To complete the calculus, a notion of correctness-preserving refinement over programs in the wide-spectrum language is defined and refinement laws for developing programs are introduced. The refinement calculus is illustrated using example derivations and prototype tool support is discussed.Comment: 36 pages, 3 figures. To be published in Theory and Practice of Logic Programming (TPLP

Tool Support for Testing Java Monitors

The Java programming language supports monitors. Monitor implementations, like other concurrent programs, are hard to test due to the inherent non-determinism. This paper presents the ConAn (Concurrency Analyser) tool for generating drivers for the testing of Java monitors. To obtain adequate controllability over the interactions between Java threads, the generated driver contains processes that are synchronized by a clock. The driver automatically executes the calls in the test sequence in the prescribed order and compares the outputs against the expected outputs specified in the test sequence. The method and tool are illustrated in detail on an asymmetric producer-consumer monitor, and their application to two other monitors is discussed

Exploring model-based development for the verification of real-time Java code

Many safety- and security-critical systems are real-time systems and, as a result, tools and techniques for verifying real-time systems are extremely important. Simulation and testing such systems can be exceedingly time-consuming and these techniques provide only probabilistic measures of correctness. There are a number of model-checking tools for real-time systems. However, they provide formal verification for models, not programs. To increase the confidence in real-time programs written in real-time Java, this paper takes a modelling approach to the design of such programs. First, models can be mechanically verified, to check whether they satisfy particular properties, by using current real-time model-checking tools. Then, programs are derived from the model by following a systematic approach. To illustrate the approach we use a nontrivial example: a gear controller

Systematic Operational Profile Development for Software Components

An operational profile is a quantification of the expected use of a system. Determining an operational profile for software is a crucial and difficult part of software reliability assessment in general and it can be even more difficult for software components. This paper presents a systematic method for deriving an operational profile for software components. The method uses both actual usage data and intended usage assumptions to derive a usage structure, usage distribution and characteristics of parameters (including relationships between parameters). A usage structure represents the flow and interaction of operation calls. Statecharts are used to model the usage structures. A usage distribution represents probabilities of the operations. The method is illustrated on two Java classes but can be applied to any software component that is accessed through an Application Program Interface (API)

A Declarative Semantics for Logic Program Refinement

The refinement calculus provides a framework for the stepwise development of imperative programs from specifications. This paper presents a semantics for a refinement calculus for deriving logic programs. The calculus contains a wide-spectrum logic programming language, including executable constructs such as sequential conjunction, disjunction, and existential quantification, as well as specifications constructs (general predicates and assumptions) and universal quantification. A semantics is defined for this wide-spectrum language based on {\em executions}, which are partial functions from states to states, where a state is represented as a set of bindings. This execution semantics is used to define the meaning of programs and specifications, including parameters and recursion. To complete the calculus, a notion of correctness-preserving refinement over programs in the wide-spectrum language is defined and a refinement law for introducing recursive procedures is presented

Presenilin-1 deficiency leads to loss of Cajal–Retzius neurons and cortical dysplasia similar to human type 2 lissencephaly

AbstractBackground: Presenilin-1 (PS1) is a transmembrane protein that is located in the endoplasmic reticulum and the cis Golgi apparatus. Missense mutations of PS1 that modify γ-secretase function, leading to a pathologic processing of amyloid precursor protein, are an important cause of familial Alzheimer's disease. Physiologically, the presenilins are involved in the Notch and Wnt–β-catenin signaling pathways.Results: PS1-deficient mice develop a cortical dysplasia resembling human type 2 lissencephaly, with leptomeningeal fibrosis and migration of cortical-plate neurons beyond their normal position into the marginal zone and subarachnoid space. This disorder of neuronal migration is associated with the disappearance of the majority of the cells of the marginal zone, notably most of the Cajal–Retzius pioneer neurons, between embryonic days E14 and E18, and is preceded and accompanied by disorganization of Notch-1 immunoreactivity on the neuronal cell membranes. The marginal zone also becomes depleted of the extracellular matrix protein reelin and chondroitin sulfate proteoglycans. At that stage PS1 is transiently expressed in leptomeningeal fibroblasts, which are mandatory for the trophic support of Cajal–Retzius neurons.Conclusions: In agreement with models in which neuronal migration disorders have been linked to a defect in Cajal–Retzius cells, the loss of most of these cells in PS1-deficient mice leads to cortical dysplasia. Because PS1 is normally expressed in the leptomeninges, and these become fibrotic in the PS1-knockout mice, we favor the hypothesis that the loss of Cajal–Retzius cells is caused by a defective trophic interaction with leptomeningeal cells, possibly involving disruption of Notch signaling

A Framework for Systematic Specification Animation

Specification animation allows users to pose questions about specifications that can be answered quickly and automatically. This paper presents a framework for systematically animating specifications. Several generic properties are identified to check on specifications. A method is presented that uses variants of the specification to check these properties using an animation tool, and also uses testgraphs (directed graphs that partially model the specification being animated) to check the properties for a large number of interesting states. Tool support for all of the above is also discussed. The framework is demonstrated on a small specification and its application to two larger specifications is discussed. Experience with the framework indicates that it can be used to effectively animate small to medium-sized specifications and that it can reveal a significant number of problems in these specifications

API Documentation with Executable Examples

The rise of component-based software development has created an urgent need for effective API documentation. Experience has shown that it is hard to create precise and readable documentation. Prose documentation can provide a good overview but lacks precision. Formal methods offer precision but the resulting documentation is expensive to develop. Worse, few developers have the skill or inclination to read formal documentation. We present a pragmatic solution to the problem of API documentation. We augment the prose documentation with executable test cases, including expected outputs, and use the prose plus the test cases as the documentation. With appropriate tool support, the test cases are easy to develop and read. Such test cases constitute a completely formal, albeit partial, specification of input/output behavior. Equally important, consistency between code and documentation is demonstrated by running the test cases. This approach provides an attractive bridge between formal and informal documentation. We also present a tool that supports compact and readable test cases, and generation of test drivers and documentation, and illustrate the approach with detailed case studies

Refinement of higher-order logic programs

A refinement calculus provides a method for transforming specifications to executable code, maintaining the correctness of the code with respect to its specification. In this paper we extend the refinement calculus for logic programs to include higher-order programming capabilities in specifications and programs, such as procedures as terms and lambda abstraction. We use a higher-order type and term system to describe programs, and provide a semantics for the higher-order language and refinement. The calculus is illustrated by refinement examples