Catálogo de publicaciones - libros

MSC is a visual formalism for specifying the behavior of systems. To obtain implementations for individual processes, the MSC choice construction poses fundamental problems. The best-studied cause is non-local choice, which e.g. is unavoidable in systems with autonomous processes. In this paper we characterize two additional problematic classes of choice nodes. Based on these three classes we point out some errors in related work. Extending our work on pragmatic implementations of non-local choice, we motivate a different choice semantics which allows a little more behavior. Finally, inspired by practical case studies, we present the first implementation approach for non-local choice nodes that can handle arbitrary numbers of processes.

This work defines several control-flow coverage criteria for testing the interactions among a set of collaborating objects. The criteria are based on UML sequence diagrams that are reverse-engineered from the code under test. The sequences of messages in the diagrams are used to define the coverage goals for the family of criteria, in a manner that generalizes traditional testing techniques such as branch coverage and path coverage. We also describe a run-time analysis that gathers coverage measurements for each criterion. To compare the criteria, we propose an approach that estimates the testing effort required to satisfy each criterion, using analysis of the complexity of the underlying sequence diagrams. The criteria were investigated experimentally on a set of realistic Java components. The results of this study compare different approaches for testing of object interactions and provide insights for testers and for builders of test coverage tools.

We present tool-support for checking the security requirements associated with UMLsec stereotypes. A framework supports implementing verification routines, based on XMI output of the diagrams from UML CASE tools. Advanced users of the UMLsec approach can use this open-source framework to implement verification routines for the constraints of self-defined stereotypes. We focus on a verification routine that automatically verifies sequence diagrams with cryptographic algorithms for security requirements by using automated theorem provers.

Models provide an alternative perspective for the understanding of a software system. However, models reflect the state of the system at the time of their creation (or last updating) but they do not reflect intermediate changes during the system’s evolution. Depicting perspectives without showing changes is like watching a movie through a small set of still pictures (i.e., no motion). This paper demonstrates this problem on an existing technique for the automated simplification (abstraction) of class diagrams. We will show that it is computationally feasible to maintain a set of abstract perspectives of a class structure such that evolutionary changes to the class structure are instantly perceived through its perspectives. For developers, this provides the ability to understand changes to systems from the modeling perspectives they care about. It also gives the developers the confidence that their modeling perspectives remain up-to-date with the system even while the system evolves.

We present a framework for formally proving that the composition of the behaviors of the different parts of a complex, real-time system ensures a desired global specification of the overall system. The framework is based on a simple compositional rely/guarantee circular inference rule, plus a small set of conditions concerning the integration of the different parts into a whole system. The reference specification language is the TRIO metric linear temporal logic. The novelty of our approach with respect to existing compositional frameworks — most of which do not deal explicitly with real-time requirements — consists mainly in its generality and abstraction from any assumptions about the underlying computational model and from any semantic characterizations of the temporal logic language used in the specification. Moreover, the framework deals equally well with continuous and discrete time. It is supported by a tool, implemented on top of the proof-checker PVS, to perform deduction-based verification through theorem-proving of modular real-time axiom systems. As an example of application, we show the verification of a real-time version of the old-fashioned but still relevant “benchmark” of the dining philosophers problem.

Coalgebra has in recent years been recognized as the framework of choice for the treatment of reactive systems at an appropriate level of generality. Proofs about the reactive behavior of a coalgebraic system typically rely on the method of coinduction. In comparison to ‘traditional’ coinduction, which has the disadvantage of requiring the invention of a bisimulation relation, the method of circular coinduction allows a higher degree of automation. As part of an effort to provide proof support for the algebraic-coalgebraic specification language CoCasl , we develop a new coinductive proof strategy which iteratively constructs a bisimulation relation, thus arriving at a new variant of circular coinduction. Based on this result, we design and implement tactics for the theorem prover Isabelle which allow for both automatic and semiautomatic coinductive proofs. The flexibility of this approach is demonstrated by means of examples of (semi-)automatic proofs of consequences of CoCasl specifications, automatically translated into Isabelle theories by means of the Bremen heterogeneous Casl tool set Hets.

We present how common Java Card security properties can be formalised in Dynamic Logic and verified, mostly automatically, with the KeY system. The properties we consider, are a large subset of properties that are of importance to the smart card industry. We discuss the properties one by one, illustrate them with examples of real-life, industrial size, Java Card applications, and show how the properties are verified with the KeY Prover – an interactive theorem prover for Java Card source code based on a version of Dynamic Logic that models the full Java Card standard. We report on the experience related to formal verification of Java Card programs we gained during the course of this work. Thereafter, we present the current state of the art of formal verification techniques offered by the KeY system and give an assessment of interactive theorem proving as an alternative to static analysis.