Catálogo de publicaciones - libros

Synchronous languages were developed in the mid-80’s specifically to deal with embedded systems. They are based on mathematical semantics and support formal compilation to classical software or hardware languages as well as formal verification. Esterel v7 is a major industrial evolution of the original Esterel synchronous language, mostly directed to complex hardware applications. The language is supported by the Esterel Studio integrated development environment, which provides a smooth path from verifiable executable specification to efficient circuit synthesis. The graphical Safe States Machines derived from Esterel are also used in the SCADE tool which is widely used for safety-critical software applications in avionics.

Blast is an automatic verification tool for checking temporal safety properties of C programs. Given a C program and a temporal safety property, Blast statically proves that either the program satisfies the safety property or the program has an execution trace that exhibits a violation of the property. Blast constructs, explores, and refines abstractions of the program state space based on lazy predicate abstraction and interpolation-based predicate discovery. We show how Blast can be used to statically prove memory safety for C programs. We take a two-step approach. First, we use Ccured , a type-based memory safety analyzer, to annotate with run-time checks all program points that cannot be proved memory safe by the type system. Second, we use Blast to remove as many of the run-time checks as possible (by proving that these checks never fail), and to generate for the remaining run-time checks execution traces that witness them fail. Our experience shows that Blast can remove many of the run-time checks added by Ccured and provide useful information to the programmer about many of the remaining checks.

This paper is concerned with the application of Web services to distributed, cross-organizational business processes. In this scenario, it is crucial to answer the following questions: Do two Web services fit together in a way such that the composed system is deadlock-free? – the question of compatibility . Can one Web service be replaced by another while the remaining components stay untouched? – the question of equivalence . Can we reason about the soundness of one given Web service without considering the actual environment it will by used in? This paper defines the notion of usability – an intuitive and locally provable soundness criterion for a given Web services. Based on this notion, this paper demonstrates how the other questions could be answered. The presented method is based on Petri nets, because this formalism is widely used for modeling and analyzing business processes. Due to the existing Petri net semantics for BPEL4WS – a language that is in the very act of becoming the industrial standard for Web service based business processes – the results are directly applicable to real world examples.

Web Services are the basic building blocks of next generation Internet applications, based on dynamic service discovery and composition. Dedicated discovery services will store both syntactic and behavioral descriptions of available services and guarantee their compatibility with the requirements expressed by clients. In practice, however, interactions may still fail because the Web Service’s implementation may be faulty. In fact, the client has no guarantee on the quality of the implementation associated to any service description. In this paper, we propose the idea of high-quality service discovery incorporating automatic testing for validating Web Services before allowing their registration. First, the discovery service automatically generates conformance test cases from the provided service description, then runs the test cases on the target Web Service, and only if the test is successfully passed, the service is registered. In this way, clients bind with Web Services providing a compatible signature, a suitable behavior, and a high-quality implementation.

Model Transformation has become central to most software engineering activities. It refers to the process of modifying a (usually graphical) model for the purpose of analysis (by its transformation to some other domain), optimization, evolution, migration or even code generation. In this work, we show termination criteria for model transformation based on graph transformation . This framework offers visual and formal techniques based on rules, in such a way that model transformations can be subject to analysis. Previous results on graph transformation are extended by proving the termination of a transformation if the rules applied meet certain criteria. We show the suitability of the approach by an example in which we translate a simplified version of Statecharts into Petri nets for functional correctness analysis.

Graphs are a common means to represent structures in models and meta-models of software systems. In this context, the description of model domains by classifying the domain entities and their relations using class diagrams or type graphs has emerged as a very valuable principle. The constraints that can be imposed by pure typing are, however, relatively weak; it is therefore common practice to enrich type information with structural properties (such as local invariants or multiplicity conditions) or inheritance . In this paper, we show how to formulate structural properties using graph constraints in type graphs with inheritance, and we show how to translate constrained type graphs with inheritance to equivalent constrained simple type graphs. From existing theory it then follows that graph constraints can be translated into pre-conditions for productions of a typed graph transformation system which ensures those graph constraints. This result can be regarded as a further important step of integrating graph transformation with object-orientation concepts.

Modeling the dependencies between provided and required services within a software component is necessary for several reasons, such as automated component adaptation and architectural dependency analysis. Parametric contracts for software components specify such dependencies and were successfully used for automated protocol adaptation and quality of service prediction. In this paper, a novel model for parametric contracts based on graph grammars is presented and a first definition of the compositionality of parametric contracts is given. Compared to the previously used finite state machine based formalism, the graph grammar formalism allows a more elegant formulation of parametric contract applications and considerably simpler implementations.

The build architecture of legacy C/C++ software systems, groups program files in directories to represent logical components. The interfaces of these components are loosely defined by a set of header files that are typically grouped in one common include directory. As legacy systems evolve, these interfaces decay, which contribute to an increase in the build time and the number of conflict in parallel developments. This paper presents an empirical study of the build architecture of large commercial software systems, introduces a restructuring approach, based on Reflexion models and automatic clustering, and reports on a case study using VIM open source editor.

Scenarios are a popular means for capturing behavioural requirements of software systems early in the lifecycle. Scenarios show how components interact to provide system level functionality. If component reliability information is available, scenarios can be used to perform early system reliability assessment. In this paper we present a novel automated approach for predicting software system reliability. The approach involves extending a scenario specification to model (1) the probability of component failure , and (2)  scenario transition probabilities derived from an operational profile of the system. From the extended scenario specification, probabilistic behaviour models are synthesized for each component and are then composed in parallel into a model for the system. Finally, a user-oriented reliability model described by Cheung is used to compute a reliability prediction from the system behaviour model. The contribution of this paper is a reliability prediction technique that takes into account the component structure exhibited in the scenarios and the concurrent nature of component-based systems. We also show how implied scenarios induced by the component structure and system behaviour described in the scenarios can be used to evolve the reliability prediction.

Component reuse is inhibited by two factors: Lack of an adequate modeling representation of components and lack of a method to predict properties of a composition of application components. In this paper, we propose a framework for conflict identification. The framework is primarily based on a taxonomy describing communication and technology related properties. Conflict identification is based on inference rules. Furthermore, we aim to integrate conflict reasoning in the software development process. We will show that the Unified Modeling Language and the Resource Description Framework can be combined to provide a solution to the representation problems, without resorting to extension mechanisms, and without limiting to a specific component platform. As a real life example, we model the connection of an .Net Serviced Component to an Enterprise Java Bean as part of a mortgage bank’s enterprise architecture and prove its viability.