FM&&T Day - Formal Methods && Tools Group

FM&&T Day
Giornata di studio: Formal Methods && Tools
giovedì 17 ottobre 2002
Area CNR Pisa, Istituto IEI, Aula 53
Annuncio e Programma
Illustrazione delle attivita' di ricerca, sperimentazione e sviluppo svolte
dai componenti del Gruppo congiunto IEI-CNUCE Formal Methods &&
Tools (, e di progetti e collaborazioni in
corso. Confronto con ricercatori invitati di altri gruppi e istituzioni, attivi
su tematiche analoghe o complementari.
Dines Bjørner, Technical University of Denmark.
Panoramica sugli strumenti software disponibili presso il laboratorio del
Gruppo, per la specifica, progettazione, e verifica formale di sistemi
Offerta di temi per dottorati di ricerca, tesi o altre collaborazioni.
Per motivi organizzativi preghiamo di segnalare il proprio interesse a
partecipare a Tommaso Bolognesi ( entro il 15
ottobre 2002. Non e' richiesta quota di partecipazione.
9:00 Apertura
9:15 Requirements Engineering
Vincenzo Gervasi (Univ. di Pisa, Dip. Informatica)
Circe & UML: Parallel refinement of NL requirements and UML diagrams
Stefania Gnesi (CNR/ISTI – FM&&T)
Application of Linguistic Techniques for Requirements Analysis
10:30 ------ Caffè -----10:45 Abstract State Machines and Process Algebras
Egon Boerger (Univ. di Pisa, Dip. Informatica)
Turbo ASMs
Tommaso Bolognesi (CNR/ISTI – FM&&T)
Towards Abstract State Processes
12:00 Formal Approaches to Human-Computer Interaction
Mieke Massink (CNR/ISTI – FM&&T)
Continuous Interaction with Computers: Issues and Requirements
12:40 ------ Pranzo -----14:15 Invited talk
Dines Bjørner, Technical University of Denmark
Issues of Domain Engineering
15:30 Model Checking
Alessandro Fantechi (Univ. di Firenze, Dip. di Sistemi e Informatica)
Enhancing test coverage by back-tracing model-checker counterexamples
16:15 ------ Caffè -----16:30 Precise UML (Unified Modelling Language)
Gianna Reggio (Univ. di Genova)
Consistency issues in UML
Diego Latella (CNR/ISTI – FM&&T)
17:45 Chiusura
Circe & UML: Parallel refinement of NL requirements and UML diagrams
V. Gervasi, V. Ambriola
We present the Circe environment for requirements engineering. Circe can analyze requirements
written in natural language, and synthesize a number of formal models from the information extracted
from the requirements. These models can then be visualized, validated and measured. Among the
different representations, Circe can produce UML diagrams: We show how a systematic refinement
mechanism based on transformations on the natural language form of the requirements can be used to
refine the UML models in ways that cannot be easily expressed by other means.
Application of Linguistic Techniques for Requirements Analysis
S. Gnesi
The use of NL as a way to specify the functional requirements of a system is a critical point, due to the
inherent ambiguity originating from different interpretations of natural language descriptions. We
discuss the use of methods, based on a linguistic approach, to analyze functional requirements
expressed by means of textual (NL) sentences. We also discuss the application of selected linguistic
analysis techniques that are provided by some of the tools to semantic analysis of NL requirements.
Turbo ASMs: marrying sequential execution and synchronous parallelism
E. Boerger, J. Schmid
We explain the ASM submachine concept, developed with Joachim Schmid (Proc. CSL'00) and
applied for the Java and JVM models and their analysis in the Jbook:
Java and the Java Virtual Machine - Definition, Verification, Validation
by R.Staerk, J. Schmid, Egon Boerger
We explain the limits of the concept, motivating the work with T. Bolognesi which led to the concept
of Abstract State Processes (ASP).
Towards Abstract State Processes
T. Bolognesi, E. Boerger
By using Abstract State Machines (ASM), a system can be modelled in terms of a complex state
structure whose evolutions are governed by a fixed set of rules. By using process algebraic
specification languages, one conceives a concurrent, distributed system as a dynamic set of
(conceptually) state-less, interacting processes. We illustrate ways in which ASMs can be used and
extended in order to approximate the expressive flexibility offered by process algebraic languages. In
particular we provide ASMs with an interleaving operator, denoted ‘|||’, which represents a second
form of parallel composition, after standard ASM synchronous parallelism, and a new form of
sequential composition denoted ‘>>’. Then we introduce selective synchrony, a parallel composition
operator which combines interleaving and full synchrony. This leads to our full ASP model, which can
also express atomic rendez-vous with data exchange.
Continuous Interaction with Computers: Issues and Requirements
G. Faconti, M. Massink
This presentation introduces continuous interaction as a requirement of interactive systems to support
native human behaviour. It addresses a framework of (formal) modelling notations and analysis tools to
drive design decisions during the development of interactive systems. We briefly present a number of
modelling examples and discuss their merits and limitations.
Issues of Domain Engineering
D. Bjørner
Some facts: Before software and computing systems can be developed, their requirements must be
reasonably well understood. Before requirements can be finalised the application domain, as it is, must
be fairly well understood. Some opinions: In today's software and computing systems development
very little, if anything is done, we claim, to establish fair understandings of the domain. It simply does
not suffice, we further claim, to record assumptions about the domain when recording requirements.
Far more radical theories of application domains must be at hand before requirements development is
even attempted.
In this presentation we advocate a strong rôle for domain engineering. We argue that domain
descriptions are far more stable than are requirements prescriptions for support of one or another set of
domain activities. We further argue, that once, given extensive domain descriptions, it is
comparatively faster to establish trustworthy and stable requirements than it is today. We finally argue
that once we have a suffcient (varietal) collection of domain specific, ie. related, albeit distinct,
requirements, we can develop far more reusable software components than using current approaches.
Thus, in this contribution we shall reason, at a meta-level, about major phases of software engineering:
Domain engineering, requirements engineering, and software design. We shall suggest a number of
domain and requirements engineering as well as software design concerns, stages and steps, notably:
Domain facets, including domain intrinsics, support technologies, management & organisation, rules &
regulations, as well as human behaviour. Requirements: Domain requirements, interface requirements,
and machine requirements. Specifically: Domain requirements projection, determination, extension,
and initialisation. We shall then proceed to “lift” our methodological concerns to encompass the more
general ones of abstraction and modelling; of informal as well as formal description; of the more
general issues of documentation: Informative, descriptive/prescriptive, and analytical; and hence of the
importance of semiotics: Pragmatics, semantics, and syntax. The paper concludes with a proposal for a
`Grand Challenge' for computing science.
Enhancing test coverage by back-tracing model-checker counterexamples
A. Fantechi, S. Gnesi, A. Maggiore
In the activity of testing, when a desired coverage threshold is not reached, more test cases are needed.
The problem we address in this lecture is how to build such test cases: it is common experience that
finding such test cases can be a difficult problem: the easiest test cases to conceive are indeed the first
one to be performed, and if they do not achieve the desired coverage, the needed test cases can be very
cumbersome to discover. We propose a technique to enhance test coverage by deriving tests from not
covered branches. The technique is based on the use of counterexamples returned by model checkers,
and exploits compositionality to cope with large state spaces typical of real applications.
Consistency Issues in UML
E. Astesiano - G. Reggio
S. Gnesi, D. Latella, M. Massink, F. Mazzanti
This paper gives an overview of our ongoing work on an integrated Framework and tools environments
for the formal validation of UML Statecharts(UMLSDs). Automatic analysis by means of Model
Checking and quantitative analysis via simulation of a behavioural subset of UMLSD are being
developed. Moreover a testing and conformance theory for UMLSDs has been developed which
includes foundations for automatic UMLSDs testing preorder and equivalence verification as well as
automatic test case derivation from statecharts. High Quality Assurance standards for the definition and
the implementation of tools are required for systems that require extreme safety and reliability. To
achieve this goal we base our approach on the use of formal definition of syntax and semantics and
whenever possible and convenient provide formal proofs concerning features of the notation and
correctness of the implementation.