Constraint Diagrams: Visualizing Assertions in OO Modelling

Describes a notation, constraint diagrams, which allows pre/post conditions and invariants to be expressed visually, rather than in the notation of mathematical logic. The notation is explored through a small case study (a library system). Some conclusions are drawn about the use of the notation in modelling, and its possible impact on tools and semantics. This report has been split into two and considerable revised and updated: Kent (1997b), Kent (1997c)

Conflict Detection in Call Control using First-Order Logic Model Checking

Feature interaction detection methods, whether online or offline, depend on previous knowledge of conflicts between the actions executed by the features. This knowledge is usually assumed to be given in the application domain. A method is proposed for identifying potential conflicts in call control actions, based on analysis of their pre/post-conditions. First of all, pre/postconditions for call processing actions are defined. Then, conflicts among the pre/post-conditions are defined. Finally, action conflicts are identified as a result of these conflicts. These cover several possibilities where the actions could be simultaneous or sequential. A first-order logic model-checking tool is used for automated conflict detection. As a case study, the APPEL call control language is used to illustrate the approach, with the Alloy tool serving as the model checker for automated conflict detection. This case study focuses on pre/post-conditions describing call control state and media state. The results of the method are evaluated by a domain expert with pragmatic understanding of the system’s behavior. The method, although computationally expensive, is fairly general and can be used to study conflicts in other domains

MLGuard: Defend Your Machine Learning Model!

Machine Learning (ML) is used in critical highly regulated and high-stakes fields such as finance, medicine, and transportation. The correctness of these ML applications is important for human safety and economic benefit. Progress has been made on improving ML testing and monitoring of ML. However, these approaches do not provide i) pre/post conditions to handle uncertainty, ii) defining corrective actions based on probabilistic outcomes, or iii) continual verification during system operation. In this paper, we propose MLGuard, a new approach to specify contracts for ML applications. Our approach consists of a) an ML contract specification defining pre/post conditions, invariants, and altering behaviours, b) generated validation models to determine the probability of contract violation, and c) an ML wrapper generator to enforce the contract and respond to violations. Our work is intended to provide the overarching framework required for building ML applications and monitoring their safety.Comment: Accepted in SE4SafeML'2

Automated Reasoning and Natural Proofs for Programs Manipulating Data Structures

We consider the problem of automatically verifying programs that manipulate a dynamic heap, maintaining complex and multiple data-structures, given modular pre-post conditions and loop invariants. We discuss specification logics for heaps, and discuss two classes of automatic procedures for reasoning with these logics. The first identifies fragments of logics that admit completely decidable reasoning. The second is a new approach called the natural proof method that builds proof procedures for very expressive logics that are automatic and sound (but incomplete), and that embody natural proof tactics learnt from manual verification

Model based functional testing using pattern directed filmstrips.

Model driven functional system testing generates test scenarios from behavioral and structural models. In order to automatically generate tests, conditions such as invariants and pre-/post-conditions must be precisely defined. UML provides the Object Constraint Language (OCL) for this purpose; however OCL expressions can become very complex. This paper describes an approach that allows many commonly found OCL patterns to be expressed as snapshot patterns that correspond directly to the information model diagrams. Behaviour is constructed as chains of snapshots, or filmstrips. Snapshots and filmstrips are as expressive as UML behaviour models and OCL but it is argued that they are more accessible and more modular

Model based functional testing using pattern directed filmstrips.

Model driven functional system testing generates test scenarios from behavioral and structural models. In order to automatically generate tests, conditions such as invariants and pre-/post-conditions must be precisely defined. UML provides the Object Constraint Language (OCL) for this purpose; however OCL expressions can become very complex. This paper describes an approach that allows many commonly found OCL patterns to be expressed as snapshot patterns that correspond directly to the information model diagrams. Behaviour is constructed as chains of snapshots, or filmstrips. Snapshots and filmstrips are as expressive as UML behaviour models and OCL but it is argued that they are more accessible and more modular

Using Assertions to Enhance the Correctness of Kmelia Components and their Assemblies

15 p.International audienceThe Kmelia component model is an abstract formal component model based on services. It is dedicated to the specification and development of correct components. This work enriches the Kmelia language to allow the description of data, expressions and assertions when specifying components and services. The objective is to enable the use of assertions in \kmelia in order to support expressive service descriptions, to support client/supplier contracts with pre/post-conditions, and to enhance formal analysis of component-based system. Assertions are used to perfom analysis of services, component assemblies and service compositions. We illustrate the work with the verification of consistency properties involving data at component and assembly levels

Using Event-B to Verify the Kmelia Components and Their Assemblies

International audienceBuilding reliable software systems from components requires to verify the consistency of components and the correctness of component assemblies. In this work, we design a verification method to address the problem of verifying the consistency of components states and the correctness of assembly contracts, using pre-/post-conditions. The starting point is specifications written with the Kmelia component model: a Kmelia component type declares provided and required services which are used to link components in component assemblies. We generate Event-B models from Kmelia specifications in such a way that we can check the consistency and also the correctness of assembly at the Kmelia level, using Event-B provers. An illustrative example based on a stock management system is used to support the presentation

Automatic Dynamic Web Service Composition: A Survey and Problem Formalization

The aim of Web service composition is to arrange multiple services into workflows supplying complex user needs. Due to the huge amount of Web services and the need to supply dynamically varying user goals, it is necessary to perform the composition automatically. The objective of this article is to overview the issues of automatic dynamic Web service composition. We discuss the issues related to the semantics of services, which is important for automatic Web service composition. We propose a problem formalization contributing to the formal definition of the pre-/post-conditions, with possible value restrictions, and their relation to the semantics of services. We also provide an overview of several existing approaches dealing with the problem of Web service composition and discuss the current achievements in the field and depict some open research areas

Towards a Formal Approach to Validating and Verifying Functional Design for Complex Safety Critical Systems

The quality and reliability of safety criticalsoftware systems are highly dependent on proper systemvalidation and verification. In model-driven softwaredevelopment, semi-formal notations are often used inrequirements capture. Though semi-formal notations possessadvantages, their major disadvantage is their imprecision. Atechnique to eliminate imprecision is to transform semi-formalmodels into an analyzable representation using formalspecification techniques (FSTs). With this approach to systemvalidation and verification, safety critical systems can bedeveloped more reliably. This work documents early experienceof applying FSTs on UML class diagrams as attributeconstraints, and pre- post-conditions on procedures. Thevalidation and verification of the requirements of a system tomonitor unmanned aerial vehicles in unrestricted airspace is theorigin of this work. The challenge is the development of a systemwith incomplete specifications; multiple conflicting stakeholders’interests; existence of a prototype system; the need forstandardized compliance, where validation and verification areparamount, which necessitates forward and reverse engineeringactivities