1 an Introduction to Formal Modeling in Requirements Engineering

Total Page:16

File Type:pdf, Size:1020Kb

1 an Introduction to Formal Modeling in Requirements Engineering University of Toronto Department of Computer Science University of Toronto Department of Computer Science Outline An Introduction to ‹ Why do we need Formal Methods in RE? you are here! Formal Modeling ‹ What do formal methods have to offer? ‹ A survey of existing techniques in Requirements Engineering ‹ Example modeling language: SCR ƒ The language ƒ Case study Prof Steve Easterbrook ƒ Advantages and disadvantages Dept of Computer Science, ‹ Example analysis technique: Model Checking University of Toronto, Canada ƒ How it works ƒ Case Study [email protected] ƒ Advantages and disadvantages http://www.cs.toronto.edu/~sme ‹ Where next? © 2001, Steve Easterbrook 1 © 2000-2002, Steve Easterbrook 2 University of Toronto Department of Computer Science University of Toronto Department of Computer Science What are Formal Methods? Example formal system: Propositional Logic ‹ First Order Propositional Logic provides: ‹ Broad View (Leveson) ƒ a set of primitives for building expressions: ƒ application of discrete mathematics to software engineering variables, numeric constants, brackets ƒ involves modeling and analysis ƒ a set of logical connectives: ƒ with an underlying mathematically-precise notation and (Ÿ), or (⁄), not (ÿ), implies (Æ), logical equality (≡) ƒ the quantifiers: ‹ Narrow View (Wing) " - “for all” $ - “there exists” ƒ Use of a formal language ƒ a set of deduction rules ÿ a set of strings over some well-defined alphabet, with rules for distinguishing which strings belong to the language ‹ ƒ Formal reasoning about formulae in the language Expressions in FOPL ÿ E.g. formal proofs: use axioms and proof rules to demonstrate that some formula ƒ expressions can be true or false is in the language (x>y Ÿ y>z) Æ x>z x+1 < x-1 x=y y=x ≡ "x ($y (y=x+z)) x,y,z ((x>y y>z)) x>z) ‹ For requirements modeling… " Ÿ Æ x>3 ⁄ x<-6 ƒ A notation is formal if: ‹ Open vs. Closed Expressions ÿ …it comes with a formal set of rules which define its syntax and semantics. ÿ …the rules can be used to analyse expressions to determine if they are ƒ a variable that is quantified is bound (otherwise it is free) syntactically well-formed or to prove properties about them. ƒ if all the variables are bound, the formula is closed ƒ a closed formula is either true or false © 2000-2002, Steve Easterbrook 3 © 2000-2002, Steve Easterbrook 4 University of Toronto Department of Computer Science University of Toronto Department of Computer Science The Essential Software Process? What does correctness mean? Source: Adapted from Blum, 1992, p32 Application Domain Machine Domain Real World ‹ Some distinctions: Problem ƒ Domain Properties are things in the application domain that are true whether or not we ever build the proposed system Statement ƒ Requirements are things in the application domain that we wish to be made true by delivering the proposed system ƒ A specification is a description of the behaviours the program must have in order to meet the requirements Validation Correctness Implementation Verification ‹ Two correctness (verification) criteria: Correspondence Statement ƒ The Program running on a particular Computer satisfies the Specification ƒ The Specification, in the context of the given domain properties, satisfies the requirements ‹ Two completeness (validation) criteria: ƒ We discovered all the important requirements System ƒ We discovered all the relevant domain properties © 2000-2002, Steve Easterbrook © 2000-2002, Steve Easterbrook 5 Source: Adapted from Jackson, 1995, p170-171 6 1 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Understanding the distinctions… Another Example ‹ Requirement R: ‹ Requirement R: ƒ “Reverse thrust shall only be enabled when the aircraft is moving on the ƒ “The database shall only be accessible by authorized personnel” runway” ‹ Domain Properties D: ‹ Domain Properties D: ƒ Authorized personnel have passwords ƒ Wheel pulses on if and only if wheels turning ƒ Passwords are never shared with non-authorized personnel ƒ Wheels turning if and only if moving on runway ‹ Specification S: ‹ Specification S: ƒ Access to the database shall only be granted after the user types an ƒ Reverse thrust enabled if and only if wheel pulses on authorized password ‹ S + D imply R ‹ S + D imply R ƒ But what if the domain assumptions are wrong? ƒ But what if the domain assumptions are wrong? © 2000-2002, Steve Easterbrook © 2000-2002, Steve Easterbrook Source: Adapted from Jackson, 1995, p172 7 Source: Adapted from Jackson, 1995, p172 8 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Where do things go wrong? Where do things go wrong? ‹‹ ComputerComputer goesgoes wrongwrong (very(very rare!)rare!) ‹ Application Domain Machine Domain ‹ Causes:Causes: ƒ ƒPowerPower failure failure ƒ ƒCircuitCircuit or or Chip Chip failure failure ƒ ƒOperatingOperating System System Failure Failure ƒ ƒUnforeseenUnforeseen Device Device or or Network Network failure failure ‹‹ CaughtCaught by:by: ƒ ƒDesignDesign analysis, analysis, testing, testing, certification certification through through use, use, …… Application Domain Machine Domain ‹‹ ProgramProgram isis wrongwrong (rare?)(rare?) ‹‹ Causes:Causes: ƒ ƒLatentLatent bugs bugs (programmer (programmer error) error) ƒ ƒMisunderstoodMisunderstood specification specification ƒ ƒPoorPoor configuration configuration management management ƒ ƒPoorPoor change change control control ‹‹ CaughtCaught by:by: ƒ ƒTestTest to to specification; specification; Inspection Inspection and and Walkthroughs Walkthroughs © 2000-2002, Steve Easterbrook 9 © 2000-2002, Steve Easterbrook 10 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Where do things go wrong? Where do things go wrong? ‹‹ SpecificationSpecification isis wrongwrong (common)(common) Application Domain Machine Domain ‹‹ Causes:Causes: ƒ ƒMisunderstoodMisunderstood requirements requirements ƒ ƒPoorPoor choice choice of of specification specification language language ƒ ƒAmbiguous,Ambiguous, inconsistent inconsistent or or incomplete incomplete specification specification ‹‹ CaughtCaught by:by: ƒ ƒInspection,Inspection, formal formal verification, verification, end-to-end end-to-end testing testing Application Domain Machine Domain ‹‹ RequirementsRequirements areare wrongwrong (common)(common) ‹‹ Causes:Causes: ƒ ƒInsufficientInsufficient communication communication with with customers/users customers/users ƒ ƒLackLack of of analysis analysis ƒ ƒFailureFailure to to handle handle change change ‹‹ CaughtCaught by:by: ƒ ƒInspections,Inspections, customer customer reviews, reviews, ƒ ƒmodeling,modeling, formal formal validation, validation, prototyping prototyping © 2000-2002, Steve Easterbrook 11 © 2000-2002, Steve Easterbrook 12 2 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Where do things go wrong? Where do formal methods apply? ‹ Domain Properties are wrong (very common) ‹ Domain Properties are wrong (very common) ‹ Formalize S - the specification ‹ Causes: ‹ Causes: “I unquestioningly assume ƒ as a precise baseline to verify the program against ƒ Lack of domain expertise ƒ Lack of domain expertise that all assumptions must ÿ ƒ Unquestioned assumptions specification languages: Z, VDM, Larch, … ƒ Unquestioned assumptions be questioned” - Parnas ƒ ƒ ƒInsufficientInsufficient domain domain analysis analysis as an explicit model of program behavior to compare against requirements ‹ ‹ CaughtCaught by:by: ‹ ƒ Formalize D - the domain knowledge ƒFailureFailure analysis, analysis, talking talking to to the the right right experts, experts, off-nominal off-nominal testing testing ƒ so we can reason about: ÿ whether it is complete ÿ how it affects the proposed system Application Domain Machine Domain ƒ Formalization helps us to be precise and explicit about the environment ‹ Formalize R - the requirements ƒ so we can animate them ƒ so we can test logical coherence ƒ so we can check for completeness ÿ …against an underlying mathematical (semantic) model © 2000-2002, Steve Easterbrook 13 © 2000-2002, Steve Easterbrook 14 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Outline Why formalize in RE? ‹ Why do we need Formal Methods in RE? ‹ To remove ambiguity and improve precision ‹ What do formal methods have to offer? you are here! ‹ Provides a basis for verification: ƒ That a program meets its specification ‹ A survey of existing techniques ƒ That a that specification captures the requirements adequately ‹ Example modeling language: SCR ‹ Allows us to reason about the requirements ƒ The language ƒ Properties of formal requirements models can be checked automatically ƒ Case study ƒ Can test for consistency, explore the consequences, etc. ƒ Advantages and disadvantages ‹ Allows us to animate/execute the requirements ‹ Example analysis technique: Model Checking ƒ Helps with visualization and validation ƒ How it works ‹ Will have to formalize eventually anyway ƒ Case Study ƒ RE is all about bridging from the informal world to a formal machine domain ƒ Advantages and disadvantages ‹ Where next? © 2000-2002, Steve Easterbrook 15 © 2000-2002, Steve Easterbrook 16 University of Toronto Department of Computer Science University of Toronto Department of Computer Science Why people don’t formalize in RE Setting the Boundaries ‹ FM tend to be lower level than other techniques ‹ Formal methods assume
Recommended publications
  • Formal Specification Methods What Are Formal Methods? Objectives Of
    ICS 221 Winter 2001 Formal Specification Methods What Are Formal Methods? ! Use of formal notations … Formal Specification Methods ! first-order logic, state machines, etc. ! … in software system descriptions … ! system models, constraints, specifications, designs, etc. David S. Rosenblum ! … for a broad range of effects … ICS 221 ! correctness, reliability, safety, security, etc. Winter 2001 ! … and varying levels of use ! guidance, documentation, rigor, mechanisms Formal method = specification language + formal reasoning Objectives of Formal Methods Why Use Formal Methods? ! Verification ! Formal methods have the potential to ! “Are we building the system right?” improve both software quality and development productivity ! Formal consistency between specificand (the thing being specified) and specification ! Circumvent problems in traditional practices ! Promote insight and understanding ! Validation ! Enhance early error detection ! “Are we building the right system?” ! Develop safe, reliable, secure software-intensive ! Testing for satisfaction of ultimate customer intent systems ! Documentation ! Facilitate verifiability of implementation ! Enable powerful analyses ! Communication among stakeholders ! simulation, animation, proof, execution, transformation ! Gain competitive advantage Why Choose Not to Use Desirable Properties of Formal Formal Methods? Specifications ! Emerging technology with unclear payoff ! Unambiguous ! Lack of experience and evidence of success ! Exactly one specificand (set) satisfies it ! Lack of automated
    [Show full text]
  • Certification of a Tool Chain for Deductive Program Verification Paolo Herms
    Certification of a Tool Chain for Deductive Program Verification Paolo Herms To cite this version: Paolo Herms. Certification of a Tool Chain for Deductive Program Verification. Other [cs.OH]. Université Paris Sud - Paris XI, 2013. English. NNT : 2013PA112006. tel-00789543 HAL Id: tel-00789543 https://tel.archives-ouvertes.fr/tel-00789543 Submitted on 18 Feb 2013 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITÉ DE PARIS-SUD École doctorale d’Informatique THÈSE présentée pour obtenir le Grade de Docteur en Sciences de l’Université Paris-Sud Discipline : Informatique PAR Paolo HERMS −! − SUJET : Certification of a Tool Chain for Deductive Program Verification soutenue le 14 janvier 2013 devant la commission d’examen MM. Roberto Di Cosmo Président du Jury Xavier Leroy Rapporteur Gilles Barthe Rapporteur Emmanuel Ledinot Examinateur Burkhart Wolff Examinateur Claude Marché Directeur de Thèse Benjamin Monate Co-directeur de Thèse Jean-François Monin Invité Résumé Cette thèse s’inscrit dans le domaine de la vérification du logiciel. Le but de la vérification du logiciel est d’assurer qu’une implémentation, un programme, répond aux exigences, satis- fait sa spécification. Cela est particulièrement important pour le logiciel critique, tel que des systèmes de contrôle d’avions, trains ou centrales électriques, où un mauvais fonctionnement pendant l’opération aurait des conséquences catastrophiques.
    [Show full text]
  • Implementing a Transformation from BPMN to CSP+T with ATL: Lessons Learnt
    Implementing a Transformation from BPMN to CSP+T with ATL: Lessons Learnt Aleksander González1, Luis E. Mendoza1, Manuel I. Capel2 and María A. Pérez1 1 Processes and Systems Department, Simón Bolivar University PO Box 89000, Caracas, 1080-A, Venezuela 2 Software Engineering Department, University of Granada Aynadamar Campus, 18071, Granada, Spain Abstract. Among the challenges to face in order to promote the use of tech- niques of formal verification in organizational environments, there is the possi- bility of offering the integration of features provided by a Model Transforma- tion Language (MTL) as part of a tool very used by business analysts, and from which formal specifications of a model can be generated. This article presents the use of MTL ATLAS Transformation Language (ATL) as a transformation artefact within the domains of Business Process Modelling Notation (BPMN) and Communicating Sequential Processes + Time (CSP+T). It discusses the main difficulties encountered and the lessons learnt when building BTRANSFORMER; a tool developed for the Eclipse platform, which allows us to generate a formal specification in the CSP+T notation from a business process model designed with BPMN. This learning is valid for those who are interested in formalizing a Business Process Modelling Language (BPML) by means of a process calculus or another formal notation. 1 Introduction Business Processes (BP) must be properly and formally specified in order to be able to verify properties, such as scope, structure, performance, capacity, structural consis- tency and concurrency, i.e., those properties of BP which can provide support to the critical success factors of any organization. Formal specification languages and proc- ess algebras, which allow for the exhaustive verification of BP behaviour [17], are used to carry out the formalization of models obtained from Business Process Model- ling (BPM).
    [Show full text]
  • Behavioral Verification of Distributed Concurrent Systems with BOBJ
    Behavioral Verification of Distributed Concurrent Systems with BOBJ Joseph Goguen Kai Lin Dept. Computer Science & Engineering San Diego Supercomputer Center University of California at San Diego [email protected] [email protected] Abstract grams [4]), whereas design level verification is easier and more likely to uncover subtle bugs, because it does not re- Following condensed introductions to classical and behav- quire dealing with the arbitrary complexities of program- ioral algebraic specification, this paper discusses the veri- ming language semantics. fication of behavioral properties using BOBJ, especially its These points are illustrated by our proof of the alternat- implementation of conditional circular coinductive rewrit- ing bit protocol in Section 4. There are actually many dif- ing with case analysis. This formal method is then applied ferent ways to specify the alternating bit protocol, some of to proving correctness of the alternating bit protocol, in one which are rather trivial to verify, but our specification with of its less trivial versions. We have tried to minimize mathe- fair lossy channels is not one of them. The proof shows that matics in the exposition, in part by giving concrete illustra- this specification is a behavioral refinement of another be- tions using the BOBJ system. havioral specification having perfect channels, and that the latter is behaviorally equivalent to perfect transmission (we thank Prof. Dorel Lucanu for this interpretation). 1. Introduction Many important contemporary computer systems are distributed and concurrent, and are designed within the ob- Faced with increasingly complex software and hardware ject paradigm. It is a difficult challenge for formal meth- systems, including distributed concurrent systems, where ods to handle all the features involved within a uniform the interactions among components can be very subtle, de- framework.
    [Show full text]
  • Seamless Interactive Program Verification
    Seamless Interactive Program Verification Sarah Grebing1, Jonas Klamroth2, and Mattias Ulbrich1 1 Karlsruhe Institute of Technology, Karlsruhe, Germany 2 FZI Research Center for Information Technology, Karlsruhe, Germany Abstract. Deductive program verification has made considerable progress in recent years. Automation is the goal, but it is apparent that there will always be challenges that cannot be verified fully automatically, but require some form of user input. We present a novel user interaction concept that allows the user to interact with the verification system on different abstraction levels and on different verification/proof artifacts. The elements of the concept are based on the findings of qualitative user studies we conducted amongst users of interactive deductive program verification systems. Moreover, the concept implements state-of-the-art user interaction principles. We prototypically implemented our concept as an interactive verification tool for Dafny programs. Deductive program verification tasks lead to challenging logical reasoning tasks. Recent and ongoing progress of satisfiability modulo theories (SMT) solvers allow these tasks to be more and more automated. As program verification is an undecidable problem, one can always find verification tasks which cannot be verified automatically – in practice, many real-world verification tasks require user guidance such that automatic reasoning engines can find a proof. With rising success of automatic verification engines, programs that require inspection become more and more sophisticated. They are likely to operate on complex data structures or make use of advanced features like concurrency. This complexity contributes to the fact that guiding the verification tool is a non-trivial, iterative process which, in addition, requires knowledge about internals of the verification tool.
    [Show full text]
  • Scrum Goes Formal: Agile Methods for Safety-Critical Systems
    Scrum Goes Formal: Agile Methods for Safety-Critical Systems Sune Wolff Terma A/S Terma Defense and Security Hovmarken 4, 8520 Lystrup, Denmark Email: [email protected] Abstract—Formal methods have had a relative low penetra- Formal methods are perceived as being mystical and only tion in industry but have the potential for much wider use. The used by a selected few computer scientists or mathemati- use of agile methods has been highly limited in development cians, and that the learning curve is too steep to be useful by of safety-critical systems due to the lack of formal evaluation techniques and rigorous planning. A combination of formal more “ordinary” people for developing non-critical systems. methods and agile development processes can potentially widen In order to change these prejudices, and eventually ensuring the use of formal methods in industry as well as enabling the a broader industrial usage of formal methods, a wider use of agile methods in development of safety-critical systems. range of engineers must be “exposed” to formal methods This paper describes a way to add the use of formal methods to to discover the benefits first-hand. the agile development process Scrum. Experiences from using a variant of the strategy in an industrial case are summarised. In a highly competitive industry companies strive to deliver faster better and cheaper software solutions. A broad spectrum of agile methods, ranging from individual methods Keywords-Scrum; formal methods; combined method like eXtreme Programming and test driven development to management-oriented process frameworks like Scrum [3] I. INTRODUCTION have emerged as a means to achieve this.
    [Show full text]
  • Certified Reasoning on Real Numbers and Objects in Co-Inductive Type
    Universita` degli Studi di Udine Dipartimento di Matematica e Informatica Dottorato di Ricerca in Informatica Institut National Polytechnique de Lorraine Ecole´ Nationale Superieure´ des Mines, Nancy Laboratoire Lorraine de Recherche en Informatique et ses Applications Doctorat de Recherche en Informatique Ph.D. Thesis Certified Reasoning on Real Numbers and Objects in Co-inductive Type Theory Candidate: Supervisors: Alberto Ciaffaglione Furio Honsell Pietro Di Gianantonio Claude Kirchner Luigi Liquori °c 2003, Alberto Ciaffaglione Author’s e-mail: ciaff[email protected], Alberto.Ciaff[email protected] Author’s address: Dipartimento di Matematica e Informatica Universit`adegli Studi di Udine via delle Scienze, 206 33100 Udine (Italia) Abstract In this thesis we adopt Formal Methods based on Type Theory for reasoning on the semantics of computer programs. The ultimate goal is their certification, that is, to prove that a fragment of software meets its formal specification. Application areas of our research are the representation of and computation on the Real Numbers and the Object-oriented Languages based on Objects. In our investigation, Coinductive specification and proof principles play an essential role. In the first part of the thesis we deal with Constructive Real Numbers. We construct the reals using streams, i.e. infinite sequences, of signed digits. We work with constructive logic, that is, we develop “algorithmic” mathematics. We implement the Real Numbers in Coq using streams, which are managed using coinductive judgments and corecursive algorithms. Then we introduce a constructive axiomatization and we use it for proving the adequacy of our construction. In the second part of the thesis we approach Object-based Calculi with side-effects, in order to address important properties, such as Type Soundness, formally.
    [Show full text]
  • Formal Specification and Verification Stephan Merz
    Formal specification and verification Stephan Merz To cite this version: Stephan Merz. Formal specification and verification. Dahlia Malkhi. Concurrency: the Works of Leslie Lamport, 29, Association for Computing Machinery, pp.103-129, 2019, ACM Books, 10.1145/3335772.3335780. hal-02387780 HAL Id: hal-02387780 https://hal.inria.fr/hal-02387780 Submitted on 2 Dec 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Formal specification and verification Stephan Merz University of Lorraine, CNRS, Inria, LORIA, Nancy, France 1. Introduction Beyond his seminal contributions to the theory and the design of concurrent and distributed algorithms, Leslie Lamport has throughout his career worked on methods and formalisms for rigorously establishing the correctness of algorithms. Commenting on his first article about a method for proving the correctness of multi-process programs [32] on the website providing access to his collected writings [47], Lamport recalls that this interest originated in his submitting a flawed mutual-exclusion algorithm in the early 1970s. As a trained mathematician, Lamport is perfectly familiar with mathematical set theory, the standard formal foundation of classical mathematics. His career in industrial research environments and the fact that his main interest has been in algorithms, not formalisms, has certainly contributed to his designing reasoning methods that combine pragmatism and mathematical elegance.
    [Show full text]
  • Formal Software Engineering the B Method for Correct-By-Construction Software
    Formal Software Engineering The B Method for correct-by-construction software J. Christian Attiogbé November 2012 J. Christian Attiogbé (November 2012) Formal Software Engineering 1 / 135 Agenda The B Method: an introduction Introduction: what it is? A quick overview Example of specification Light Control in a Room How to develop using B System Analysis Structuration: Abstract Machines Modeling Data Modeling Data Operations Refinements Implementation J. Christian Attiogbé (November 2012) Formal Software Engineering 2 / 135 Agenda Examples of development Exemples GCD (PGCD), euclidian division, Sorting Basic concepts of the method Modeling the static part (data) Modeling the dynamic part(operations) Proof of consistency Refinement Proofs of refinement Case studies (with AtelierB, Rodin) J. Christian Attiogbé (November 2012) Formal Software Engineering 3 / 135 Introduction to B B Method (..1996) A Method to specify, design and build sequential software. (1998..) Event B ... distributed, concurrent systems. (...) still evolving, with more sophisticated tools (aka Rodin) ;-( J. Christian Attiogbé (November 2012) Formal Software Engineering 4 / 135 Introduction to B Examples of application in railways systems Figure: Synchronisation of platform screen doors - Paris Metro J. Christian Attiogbé (November 2012) Formal Software Engineering 5 / 135 Introduction to B Industrial Applications Applications in Transportation Systems (Alsthom>Siemens) braking systems, platform screen doors(line 13, Paris metro), KVS, Calcutta Metro (India), Cairo INSEE (french
    [Show full text]
  • Overview of Formal Methods in Software Engineering
    Overview of formal methods in software engineering IOANA RODHE, MARTIN KARRESAND FOI, Swedish Defence Research Agency, is a mainly assignment-funded agency under the Ministry of Defence. The core activities are research, method and technology development, as well as studies conducted in the interests of Swedish defence and the safety and security of society. The organisation employs approximately 1000 personnel of whom about 800 are scientists. This makes FOI Sweden’s largest research institute. FOI gives its customers access to leading-edge expertise in a large number of fi elds such as security policy studies, defence and security related analyses, the assessment of various types of threat, systems for control and management of crises, protection against and management of hazardous substances, IT security and the potential offered by new sensors. FOI Swedish Defence Research Agency Phone: +46 8 555 030 00 www.foi.se FOI-R--4156--SE SE-164 90 Stockholm Fax: +46 8 555 031 00 ISSN 1650-1942 December 2015 Ioana Rodhe, Martin Karresand Overview of formal methods in software engineering Bild/cover: Martin Karresand FOI-R--4156--SE Titel Översikt över formella metoder i programvaruutveckling Title Overview of formal methods in software engineering Report no FOI-R--4156--SE Month December Year 2015 Pages 50 ISSN ISSN-1650-1942 Customer The Swedish Armed Forces Project no E36077 Approved by Christian Jönsson Division Information- and Aeronautical Systems FOI Research area Armed Forces R&T area Command and control FOI Swedish Defence Research Agency This work is protected under the Act on Copyright in Literary and Artistic Works (SFS 1960:729).
    [Show full text]
  • Mechanized Support for the Formal Specification, Verification and Deployment of Component-Based Applications Nuno Gaspar
    Mechanized support for the formal specification, verification and deployment of component-based applications Nuno Gaspar To cite this version: Nuno Gaspar. Mechanized support for the formal specification, verification and deployment of component-based applications. Other [cs.OH]. Université Nice Sophia Antipolis, 2014. English. NNT : 2014NICE4127. tel-01114217v1 HAL Id: tel-01114217 https://hal.inria.fr/tel-01114217v1 Submitted on 8 Feb 2015 (v1), last revised 10 Apr 2015 (v2) HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITÉ DE NICE-SOPHIA ANTIPOLIS École Doctorale STIC Sciences et Technologies de l’Information et de la Communication THÈSE pour l’obtention du titre de Docteur en Sciences Mention Informatique présentée et soutenue par Nuno Gaspar Mechanized support for the formal specification, verification and deployment of component-based applications Thèse dirigée par Eric Madelaine et co-encadrée par Ludovic Henrio Soutenue le 16 Décembre 2014 Jury Rapporteurs Frédéric Loulergue LIFO, Université d’Orléans Alan Schmitt INRIA Bretagne Atlantique Examinateurs Luis Barbosa Universidade do Minho Yves Bertot INRIA Sophia Antipolis Directeur de thèse Eric Madelaine INRIA Sophia Antipolis Co-encadrant de thèse Ludovic Henrio CNRS ii iii E assim foi.
    [Show full text]
  • Towards the Integration of Formal Specification in the Áncora Methodology
    Towards the integration of formal specification in the Áncora methodology Carlos Alberto Fernández-y-Fernández 1 y Martín José José 2 1Instituto de Computación, Universidad Tecnológica de la Mixteca, carretera a Acatlima Km. 2.5 Huajuapan de León, Oax., México C.P. 69000, [email protected] 2División de Estudios de Posgrado, Universidad Tecnológica de la Mixteca, carretera a Acatlima Km. 2.5 Huajuapan de León, Oax., México C.P. 69000, [email protected] Abstract: There are some non-formal methodologies such as RUP, OpenUP, agile methodologies such as SCRUP, XP and techniques like those proposed by UML, which allow the development of software. The software industry has struggled to generate quality software, as importance has not been given to the engineering requirements, resulting in a poor specification of requirements and software of poor quality. In order to generate a contribution to the specification of requirements, this article describes a methodological proposal, implementing formal methods to the results of the process of requirements analysis of the methodology Áncora. Keywords: Software Engineering (SE), Requirements Engineering (RE), Software Requirements Specification (SRS), Formal Methods (FM). 1. Introduction Generating quality software has been a problem for many years for the software industry. In the late 60's the computer community detected a number of cases of failure, such as late delivery of the final product exceed the original cost, poor product quality. In late 1968, government, academia and users agreed to the first conference on Software Engineering (SE) to identify methods and techniques for software development quality and best cost [1]. Some authors such as Sommerville [2] define SE as "a discipline of engineering that incorporates all aspects of software production from the early stages of system specification up to its maintainance and after it is used".
    [Show full text]