International Workshop on Software Specification and Design 1989 (ACM SIGSOFT Engineering Notes, Volume 14, Number 3) The techniques of formal verification are one means for gaining greater assurance of the correctness of software. These techniques require precise specification of the properties to be assured. This paper formulates precise specifications corresponding to the intuitive notions of “fault tolerance” and of “graceful degradation”. An analogy is constructed between these fault-tolerance specifications and a particular class of specifications for computer security. On the basis of this analogy, it is argued that formal verification of fault tolerance will face some of the same problems, and benefit from some of the same solutions, as verification
{"title":"Formal specification of fault-tolerance and its relation to computer security","authors":"D. Weber","doi":"10.1145/75199.75240","DOIUrl":"https://doi.org/10.1145/75199.75240","url":null,"abstract":"International Workshop on Software Specification and Design 1989 (ACM SIGSOFT Engineering Notes, Volume 14, Number 3) The techniques of formal verification are one means for gaining greater assurance of the correctness of software. These techniques require precise specification of the properties to be assured. This paper formulates precise specifications corresponding to the intuitive notions of “fault tolerance” and of “graceful degradation”. An analogy is constructed between these fault-tolerance specifications and a particular class of specifications for computer security. On the basis of this analogy, it is argued that formal verification of fault tolerance will face some of the same problems, and benefit from some of the same solutions, as verification","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130687881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Constructing requirements specifications for a complex system is a quite difficult process. In this paper, we have focussed on the elaboration part of this process whete new requirements are progressively identified and incorporated in the requirements document. We propose a requirements specification language which, beyond the mere expression of requirements, also supports the elaboration step. This language is a Gist’s dialect where the concepts of goals and the one of agent characterized by some responsibility are identified. A formaliiation of this requirements language is proposed in terms of a non standard modal logic of actions.
{"title":"A logic of action for supporting goal-oriented elaborations of requirements","authors":"E. Dubois","doi":"10.1145/75199.75225","DOIUrl":"https://doi.org/10.1145/75199.75225","url":null,"abstract":"Constructing requirements specifications for a complex system is a quite difficult process. In this paper, we have focussed on the elaboration part of this process whete new requirements are progressively identified and incorporated in the requirements document. We propose a requirements specification language which, beyond the mere expression of requirements, also supports the elaboration step. This language is a Gist’s dialect where the concepts of goals and the one of agent characterized by some responsibility are identified. A formaliiation of this requirements language is proposed in terms of a non standard modal logic of actions.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123975333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software tools are essential for writing specifications. This paper describes how analogical reasoning can play an important role in such a tool. A knowledge base of specifications informal and formal of a representative class of problems and a set of heuristic rules analogical spectfication derivation are used to transform a given informal spectfication into a formal one. Analogies are detected between components of the given (target) informal specification and components of one or more (base) informal spectfications from the knowledge base. Ordering of the analogies and subsequent selection is performed by invoking heuristics germane to the situation. Due to the nature of the analogy process, the derived specification may be incorrect. A heuristic has been developed to correct some such errors.
{"title":"Analogical approach to specification derivation","authors":"K. Miriyala, M. Harandi","doi":"10.1145/75199.75230","DOIUrl":"https://doi.org/10.1145/75199.75230","url":null,"abstract":"Software tools are essential for writing specifications. This paper describes how analogical reasoning can play an important role in such a tool. A knowledge base of specifications informal and formal of a representative class of problems and a set of heuristic rules analogical spectfication derivation are used to transform a given informal spectfication into a formal one. Analogies are detected between components of the given (target) informal specification and components of one or more (base) informal spectfications from the knowledge base. Ordering of the analogies and subsequent selection is performed by invoking heuristics germane to the situation. Due to the nature of the analogy process, the derived specification may be incorrect. A heuristic has been developed to correct some such errors.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115173448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We take a theoretician’s look at Chandy and Misra’s UNITY and ask what it is that makes the UNITY methodology so easy to use and how it relates to alternative methodologies. Specifically, we show how UNITY might have been obtained as a specialization of Manna and Pnueli’s temporal logic proof methodology together with Gerth’s transition logic. This has the additional advantage of firmly rooting UNITY within a proof methodology that is sound and (relatively) complete, thus transferring these properties to UNITY itself.
{"title":"Rooting UNITY","authors":"R. Gerth, A. Pnueli","doi":"10.1145/75199.75202","DOIUrl":"https://doi.org/10.1145/75199.75202","url":null,"abstract":"We take a theoretician’s look at Chandy and Misra’s UNITY and ask what it is that makes the UNITY methodology so easy to use and how it relates to alternative methodologies. Specifically, we show how UNITY might have been obtained as a specialization of Manna and Pnueli’s temporal logic proof methodology together with Gerth’s transition logic. This has the additional advantage of firmly rooting UNITY within a proof methodology that is sound and (relatively) complete, thus transferring these properties to UNITY itself.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132282053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We describe a formalism that maps a first order logic-based specification into a graph representation (Influence Graph). The graph can be shown to be a representation scheme equivalent to ordinary Petri nets, with an emphasis on general causal implications instead of resource usage. By making the procedural aspects of a system explicit, the graph helps users in validating specifications of system behaviors. A program has been implemented to construct, simplify and analyze influence graphs.
{"title":"Representing first order logic-based specifications in Petri-net-like graphs","authors":"K. Yue","doi":"10.1145/75199.75245","DOIUrl":"https://doi.org/10.1145/75199.75245","url":null,"abstract":"We describe a formalism that maps a first order logic-based specification into a graph representation (Influence Graph). The graph can be shown to be a representation scheme equivalent to ordinary Petri nets, with an emphasis on general causal implications instead of resource usage. By making the procedural aspects of a system explicit, the graph helps users in validating specifications of system behaviors. A program has been implemented to construct, simplify and analyze influence graphs.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121649060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Design is a process which inherently involves tradeoffs. We are currently pursuing a model of specification design which advocates the integration of multiple perspectives of a system. We have mapped the integration problem onto the negotiation problem of many issues between many agents in order to apply known resolution techniques. Part of that mapping requires the modeling of domain goals which serve as issues for negotiation. Herein, we describe the use of domain goals in our conflict resolution process which is applied during the integration of specifications. Consider the problem of integrating two databases which (I) have constraints governing their form, (2 1’ represent rich semantic entities, and 3) are the resu t of a large design effort-possibly con 6 ucted by multiple agents. Problems arise immediately: how does one determine (1) the correspondence between database entities, (2) the identification of conflicts, and (3) the resolution of those conflicts? Each of these problems in turn consists of subproblems: determining correspondences is a labeling P roblem that involves as ects of graph isomorphism lo] and concept learning 41; identification of conflicts requires P a theory of goa s and plans[29]; finally, a theory of compromise and negotiation IS necessary for the resolution of conflicts[22]. Instances of this integration problem may be found in the merging of database versions, program versions[l4], software designs[l2], and the area we are exploring-specification designs[25]. In this paper we will consider a model which uses the general notion of plan integration as part of its specification Permission to copy without fee all or part of this ma terial is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permis sion of the Association for Computing Machinery. To copy otherwise, or to republish, requries a fee and/or specific permission. integration knowledge. Viewed as an integration element of rich semantic entities (i.e., plans consist operators b , organized in a particular partial order, generated y a complex problem solving process. Commonly, the planning process involves the maintenance of a goal tree which records the derivation of subgoals and plan operators from the root goals of a plan. Our extended goal tree, termed the development record, plays a significant role in the characterization and resolution of integration interactions. In section 3, we describe the model around which we are constructing a computer-based system which automates integration via the maintenance and analysis of the development record. Section 4 traces the integration algorithm as two types of integrations are carried out. As a precursor, we describe the methodology by which we construct parallel designs and allow for their subsequent integration. Functional decomposition is a methodology
{"title":"Integrating multiple specifications using domain goals","authors":"W. N. Robinson","doi":"10.1145/75199.75232","DOIUrl":"https://doi.org/10.1145/75199.75232","url":null,"abstract":"Design is a process which inherently involves tradeoffs. We are currently pursuing a model of specification design which advocates the integration of multiple perspectives of a system. We have mapped the integration problem onto the negotiation problem of many issues between many agents in order to apply known resolution techniques. Part of that mapping requires the modeling of domain goals which serve as issues for negotiation. Herein, we describe the use of domain goals in our conflict resolution process which is applied during the integration of specifications. Consider the problem of integrating two databases which (I) have constraints governing their form, (2 1’ represent rich semantic entities, and 3) are the resu t of a large design effort-possibly con 6 ucted by multiple agents. Problems arise immediately: how does one determine (1) the correspondence between database entities, (2) the identification of conflicts, and (3) the resolution of those conflicts? Each of these problems in turn consists of subproblems: determining correspondences is a labeling P roblem that involves as ects of graph isomorphism lo] and concept learning 41; identification of conflicts requires P a theory of goa s and plans[29]; finally, a theory of compromise and negotiation IS necessary for the resolution of conflicts[22]. Instances of this integration problem may be found in the merging of database versions, program versions[l4], software designs[l2], and the area we are exploring-specification designs[25]. In this paper we will consider a model which uses the general notion of plan integration as part of its specification Permission to copy without fee all or part of this ma terial is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permis sion of the Association for Computing Machinery. To copy otherwise, or to republish, requries a fee and/or specific permission. integration knowledge. Viewed as an integration element of rich semantic entities (i.e., plans consist operators b , organized in a particular partial order, generated y a complex problem solving process. Commonly, the planning process involves the maintenance of a goal tree which records the derivation of subgoals and plan operators from the root goals of a plan. Our extended goal tree, termed the development record, plays a significant role in the characterization and resolution of integration interactions. In section 3, we describe the model around which we are constructing a computer-based system which automates integration via the maintenance and analysis of the development record. Section 4 traces the integration algorithm as two types of integrations are carried out. As a precursor, we describe the methodology by which we construct parallel designs and allow for their subsequent integration. Functional decomposition is a methodology ","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"203 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115354498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Two important features of a real-time distributed programs are: establishing the logical correctness of the program using realistic models and establishing timing properties or deriving timing constraints. In this paper, we provide a hierarchy of proof techniques for deriving the timing properties of real-time distributed programs. First, we provide a static characterization of real-time distributed programs using the maximum-parallelism model and show that several interesting timing characteristics can be derived from such an analysis. The static analysis is based on complete trace structures and hence, we can specify various classes of safety (including deadlock), evcutuality propcrtics uch as eventual stability (pcrsistance), recurrence, progress etc as well as parallel actions, and timing constraints. Based on prefix-closed tract structures (under the maximal parallelism model), we define two proof systems referred to as syntactic and general proof systems. The syntactic proof system uses assertions (postulates) attached to the I/O commands (essentially, reflecting the cnablcment, or othcrwisc of the guards) rather than state information. Using such a system, WC establish that we can refine several of the timing properties obtained by the static analysis. All the proof syntcms arc compositional and they form a hierarchy. The hierarchy not only establishes the consistency of the systems but also provides the user a selection of proof systems depending on the requirements. Further, the algorithms based on the static analysis lead to algorithmic derivation of the timing properties of a wide variety of real-time programs.
{"title":"Reasoning of real-time distributed programming languages","authors":"R. Shyamasundar, J. Hooman, R. Gerth","doi":"10.1145/75199.75214","DOIUrl":"https://doi.org/10.1145/75199.75214","url":null,"abstract":"Two important features of a real-time distributed programs are: establishing the logical correctness of the program using realistic models and establishing timing properties or deriving timing constraints. In this paper, we provide a hierarchy of proof techniques for deriving the timing properties of real-time distributed programs. First, we provide a static characterization of real-time distributed programs using the maximum-parallelism model and show that several interesting timing characteristics can be derived from such an analysis. The static analysis is based on complete trace structures and hence, we can specify various classes of safety (including deadlock), evcutuality propcrtics uch as eventual stability (pcrsistance), recurrence, progress etc as well as parallel actions, and timing constraints. Based on prefix-closed tract structures (under the maximal parallelism model), we define two proof systems referred to as syntactic and general proof systems. The syntactic proof system uses assertions (postulates) attached to the I/O commands (essentially, reflecting the cnablcment, or othcrwisc of the guards) rather than state information. Using such a system, WC establish that we can refine several of the timing properties obtained by the static analysis. All the proof syntcms arc compositional and they form a hierarchy. The hierarchy not only establishes the consistency of the systems but also provides the user a selection of proof systems depending on the requirements. Further, the algorithms based on the static analysis lead to algorithmic derivation of the timing properties of a wide variety of real-time programs.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132760152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper shows how formal specification techniques can be beneficially applied in the develop ment of electronic instrumentation. As an example of our approach we present a specification of a simple electronic instrument, written in the Z specification language. We argue that such specifications can be used to gain insight into software/hardware systems and to clarify the resulting design. A consequence is that formal specifications can assume a pivotal role in system design as non-executable prototypes and lead to a cost-effect application of formal techniq,ues in industrial settings.
{"title":"Formally specifying electronic instruments","authors":"N. M. Delisle, D. Garlan","doi":"10.1145/75199.75236","DOIUrl":"https://doi.org/10.1145/75199.75236","url":null,"abstract":"This paper shows how formal specification techniques can be beneficially applied in the develop ment of electronic instrumentation. As an example of our approach we present a specification of a simple electronic instrument, written in the Z specification language. We argue that such specifications can be used to gain insight into software/hardware systems and to clarify the resulting design. A consequence is that formal specifications can assume a pivotal role in system design as non-executable prototypes and lead to a cost-effect application of formal techniq,ues in industrial settings.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133435165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The logic programming paradigm has emerged as an alternative to the traditional imperative style of software development. Modern development methods suggest the structure of the data and the program should be considered as important ae the slgorithm aspects of the computation. Kowalski’s =Algorithm = Logic + Control” needs to be enriched by logic reification and control enhancement. The notion of data reification is also intro duccd This paper describes our design methodology to develop Prolog programs by reifying logical specifications. We will look at Prolog as a design lasguage. Our primary goal is to study a model for the design process.
{"title":"LCD-reification: a formal method for developing Prolog programs","authors":"F. Lin, F. E. Hunt","doi":"10.1145/75199.75237","DOIUrl":"https://doi.org/10.1145/75199.75237","url":null,"abstract":"The logic programming paradigm has emerged as an alternative to the traditional imperative style of software development. Modern development methods suggest the structure of the data and the program should be considered as important ae the slgorithm aspects of the computation. Kowalski’s =Algorithm = Logic + Control” needs to be enriched by logic reification and control enhancement. The notion of data reification is also intro duccd This paper describes our design methodology to develop Prolog programs by reifying logical specifications. We will look at Prolog as a design lasguage. Our primary goal is to study a model for the design process.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115510688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper considers various types of analysis that are possible for formal requirements specifications in the ;Statecharts language. The application of recently developed criteria for completeness analysis of embedded systems requirements to specifications in Statecharts is discussed, in particular. Additions for the language that will enable such analysis are indicated.
{"title":"Analysis capabilities for requirements specified in statecharts","authors":"Bonnie E. Melhart, N. Leveson, M. Jaffe","doi":"10.1145/75199.75215","DOIUrl":"https://doi.org/10.1145/75199.75215","url":null,"abstract":"This paper considers various types of analysis that are possible for formal requirements specifications in the ;Statecharts language. The application of recently developed criteria for completeness analysis of embedded systems requirements to specifications in Statecharts is discussed, in particular. Additions for the language that will enable such analysis are indicated.","PeriodicalId":435917,"journal":{"name":"International Workshop on Software Specification and Design","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121315898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: