FM&&T Day Giornata di studio: Formal Methods && Tools giovedì 17 ottobre 2002 Area CNR Pisa, Istituto IEI, Aula 53 Annuncio e Programma .TALKS Illustrazione delle attivita' di ricerca, sperimentazione e sviluppo svolte dai componenti del Gruppo congiunto IEI-CNUCE Formal Methods && Tools (http://matrix.iei.pi.cnr.it/FMT), e di progetti e collaborazioni in corso. Confronto con ricercatori invitati di altri gruppi e istituzioni, attivi su tematiche analoghe o complementari. INVITED TALK Dines Bjørner, Technical University of Denmark. TOOLS Panoramica sugli strumenti software disponibili presso il laboratorio del Gruppo, per la specifica, progettazione, e verifica formale di sistemi complessi. TEMI Offerta di temi per dottorati di ricerca, tesi o altre collaborazioni. PARTECIPAZIONE Per motivi organizzativi preghiamo di segnalare il proprio interesse a partecipare a Tommaso Bolognesi (email@example.com) entro il 15 ottobre 2002. Non e' richiesta quota di partecipazione. PROGRAMMA 9:00 Apertura 9:15 Requirements Engineering - Vincenzo Gervasi (Univ. di Pisa, Dip. Informatica) Circe & UML: Parallel refinement of NL requirements and UML diagrams Stefania Gnesi (CNR/ISTI – FM&&T) Application of Linguistic Techniques for Requirements Analysis 10:30 ------ Caffè -----10:45 Abstract State Machines and Process Algebras - Egon Boerger (Univ. di Pisa, Dip. Informatica) Turbo ASMs Tommaso Bolognesi (CNR/ISTI – FM&&T) Towards Abstract State Processes 12:00 Formal Approaches to Human-Computer Interaction - Mieke Massink (CNR/ISTI – FM&&T) Continuous Interaction with Computers: Issues and Requirements 12:40 ------ Pranzo -----14:15 Invited talk Dines Bjørner, Technical University of Denmark Issues of Domain Engineering 15:30 Model Checking - Alessandro Fantechi (Univ. di Firenze, Dip. di Sistemi e Informatica) Enhancing test coverage by back-tracing model-checker counterexamples 16:15 ------ Caffè -----16:30 Precise UML (Unified Modelling Language) - Gianna Reggio (Univ. di Genova) Consistency issues in UML Diego Latella (CNR/ISTI – FM&&T) UMLStatecharts@ISTI 17:45 Chiusura Circe & UML: Parallel refinement of NL requirements and UML diagrams V. Gervasi, V. Ambriola We present the Circe environment for requirements engineering. Circe can analyze requirements written in natural language, and synthesize a number of formal models from the information extracted from the requirements. These models can then be visualized, validated and measured. Among the different representations, Circe can produce UML diagrams: We show how a systematic refinement mechanism based on transformations on the natural language form of the requirements can be used to refine the UML models in ways that cannot be easily expressed by other means. Application of Linguistic Techniques for Requirements Analysis S. Gnesi The use of NL as a way to specify the functional requirements of a system is a critical point, due to the inherent ambiguity originating from different interpretations of natural language descriptions. We discuss the use of methods, based on a linguistic approach, to analyze functional requirements expressed by means of textual (NL) sentences. We also discuss the application of selected linguistic analysis techniques that are provided by some of the tools to semantic analysis of NL requirements. Turbo ASMs: marrying sequential execution and synchronous parallelism E. Boerger, J. Schmid We explain the ASM submachine concept, developed with Joachim Schmid (Proc. CSL'00) and applied for the Java and JVM models and their analysis in the Jbook: Java and the Java Virtual Machine - Definition, Verification, Validation by R.Staerk, J. Schmid, Egon Boerger http://www.inf.ethz.ch/~jbook/. We explain the limits of the concept, motivating the work with T. Bolognesi which led to the concept of Abstract State Processes (ASP). Towards Abstract State Processes T. Bolognesi, E. Boerger By using Abstract State Machines (ASM), a system can be modelled in terms of a complex state structure whose evolutions are governed by a fixed set of rules. By using process algebraic specification languages, one conceives a concurrent, distributed system as a dynamic set of (conceptually) state-less, interacting processes. We illustrate ways in which ASMs can be used and extended in order to approximate the expressive flexibility offered by process algebraic languages. In particular we provide ASMs with an interleaving operator, denoted ‘|||’, which represents a second form of parallel composition, after standard ASM synchronous parallelism, and a new form of sequential composition denoted ‘>>’. Then we introduce selective synchrony, a parallel composition operator which combines interleaving and full synchrony. This leads to our full ASP model, which can also express atomic rendez-vous with data exchange. Continuous Interaction with Computers: Issues and Requirements G. Faconti, M. Massink This presentation introduces continuous interaction as a requirement of interactive systems to support native human behaviour. It addresses a framework of (formal) modelling notations and analysis tools to drive design decisions during the development of interactive systems. We briefly present a number of modelling examples and discuss their merits and limitations. Issues of Domain Engineering D. Bjørner Some facts: Before software and computing systems can be developed, their requirements must be reasonably well understood. Before requirements can be finalised the application domain, as it is, must be fairly well understood. Some opinions: In today's software and computing systems development very little, if anything is done, we claim, to establish fair understandings of the domain. It simply does not suffice, we further claim, to record assumptions about the domain when recording requirements. Far more radical theories of application domains must be at hand before requirements development is even attempted. In this presentation we advocate a strong rôle for domain engineering. We argue that domain descriptions are far more stable than are requirements prescriptions for support of one or another set of domain activities. We further argue, that once, given extensive domain descriptions, it is comparatively faster to establish trustworthy and stable requirements than it is today. We finally argue that once we have a suffcient (varietal) collection of domain specific, ie. related, albeit distinct, requirements, we can develop far more reusable software components than using current approaches. Thus, in this contribution we shall reason, at a meta-level, about major phases of software engineering: Domain engineering, requirements engineering, and software design. We shall suggest a number of domain and requirements engineering as well as software design concerns, stages and steps, notably: Domain facets, including domain intrinsics, support technologies, management & organisation, rules & regulations, as well as human behaviour. Requirements: Domain requirements, interface requirements, and machine requirements. Specifically: Domain requirements projection, determination, extension, and initialisation. We shall then proceed to “lift” our methodological concerns to encompass the more general ones of abstraction and modelling; of informal as well as formal description; of the more general issues of documentation: Informative, descriptive/prescriptive, and analytical; and hence of the importance of semiotics: Pragmatics, semantics, and syntax. The paper concludes with a proposal for a `Grand Challenge' for computing science. Enhancing test coverage by back-tracing model-checker counterexamples A. Fantechi, S. Gnesi, A. Maggiore In the activity of testing, when a desired coverage threshold is not reached, more test cases are needed. The problem we address in this lecture is how to build such test cases: it is common experience that finding such test cases can be a difficult problem: the easiest test cases to conceive are indeed the first one to be performed, and if they do not achieve the desired coverage, the needed test cases can be very cumbersome to discover. We propose a technique to enhance test coverage by deriving tests from not covered branches. The technique is based on the use of counterexamples returned by model checkers, and exploits compositionality to cope with large state spaces typical of real applications. Consistency Issues in UML E. Astesiano - G. Reggio UMLStatecharts@ISTI S. Gnesi, D. Latella, M. Massink, F. Mazzanti This paper gives an overview of our ongoing work on an integrated Framework and tools environments for the formal validation of UML Statecharts(UMLSDs). Automatic analysis by means of Model Checking and quantitative analysis via simulation of a behavioural subset of UMLSD are being developed. Moreover a testing and conformance theory for UMLSDs has been developed which includes foundations for automatic UMLSDs testing preorder and equivalence verification as well as automatic test case derivation from statecharts. High Quality Assurance standards for the definition and the implementation of tools are required for systems that require extreme safety and reliability. To achieve this goal we base our approach on the use of formal definition of syntax and semantics and whenever possible and convenient provide formal proofs concerning features of the notation and correctness of the implementation.