Didier Buchs

Object-oriented nets with algebraic specifications: the CO-OPN/2 formalism

This paper presents and formally defines the CO-OPN/2 formalism (Concurrent Object-Oriented Petri Net) which is devised for the specification of large concurrent systems. We introduce the basic principles of the formalism, and describe how some aspects of objectorientation - such as the notions of class/object, object reference, inheritance and subtyping - are taken into account. In CO-OPN/2, classes (considered as templates) are described by means of algebraic nets in which places play the role of attributes, and methods are external parameterized transitions. A semantic extension for the management of the object references is defined. Inheritance and subtyping are clearly distinguished. Interaction between objects consists of synchronizations. Synchronization expressions are provided which allow the designer to select interaction policies between the partners. We also provide a step semantics which expresses the true concurrency of the object behaviors. Finally, in order to illustrate the modeling capabilities of our formalism, we adopted a case study on groupware or, more specifically, on a cooperative editor of hierarchical diagrams.

A formal specification framework for object-oriented distributed systems

In this paper, we present the Concurrent Object-Oriented Petri Nets (CO-OPN/2) formalism devised to support the specification of large distributed systems. Our approach is based on two underlying formalisms: order-sorted algebra and algebraic Petri nets. With respect to the lack of structuring capabilities of Petri nets, CO-OPN/2 has adopted the object-oriented paradigm. In this hybrid approach (model- and property-oriented), classes of objects are described by means of algebraic Petri nets, while data structures are expressed by order-sorted algebraic specifications. An original feature is the sophisticated synchronization mechanism. This mechanism allows to involve many partners in a synchronization and to describe the synchronization policy. A typical example of distributed systems, namely the Transit Node, is used throughout this paper to introduce our formalism and the concrete specification language associated with it. By successive refinements of the components of the example, we present, informally, most of the notions of CO-OPN/2. We also give some insights about the coordination layer, Context and Objects Interface Language (COIL), which is built on top of CO-OPN/2. This coordination layer is used for the description of the concrete distributed architecture of the system. Together, CO-OPN/2 and COIL provide a complete formal framework for the specification of distributed systems.

A Theory of Specification-Based Testing for Object-Oriented Software

The current strategies for testing object-oriented software all lack the formal basis which is necessary to perform this task efficiently. We propose the adaptation to object-oriented software of an existing theory of testing for stateless ADTs, to find errors in a class by checking that its implementation meets its specification. We present shortly in an informal way an object-oriented language, CO-OPN/2, in which language we will write the specification. We introduce a notion of test that takes into account the possible and impossible sequences of call of class methods. We examine the black-box test procedure, and give techniques to select a finite and pertinent test set from an exhaustive test set, including all the possible behaviors of the class under test, by applying test reduction hypothesis. We also study the construction of an oracle, the procedure that analyses the results of the tests, adapted to object-oriented software.

From formal specifications to ready-to-use software components: the concurrent object oriented Petri net approach

CO-OPN (Concurrent Object Oriented Petri Net) is a formal specification language for modelling distributed systems; it is based on coordinated algebraic Petri nets. We describe a method for generating an executable prototype from a CO-OPN specification. We focus our discussion on the generation of executable code for CO-OPN classes. CO-OPN classes are defined using Petri nets. The main problems arise when implementing synchronization and non-determinism of CO-OPN classes in procedural languages. Our method proposes a solution to these problems. Another interesting aspect of our method is the easy integration of a generated prototype into any existing system. This paper focuses on the generation of Java code that fulfils the Java Beans component architecture, however our approach is also applicable to other object-oriented implementation languages with a component architecture.

High-Level Petri Net Model Checking with AlPiNA

Although model checking is heavily used in the hardware domain, it did not take off in software engineering yet. One of the possible reasons is that software models are very complex. They integrate many dimensions such as data types and concurrency, leading to the infamous state space explosion problem. This article introduces the Algebraic Petri Nets Analyzer (AlPiNA), a symbolic model checker for High-level Petri nets. It is comprised of two independent modules: a GUI plug-in for Eclipse and an underlying model checking engine. AlPiNA is a step towards performing efficient and user-friendly model checking of large software systems. This is achieved by separating the model and its properties from the optimisation artifacts. This article describes the features that AlPiNA provides to the user for designing models and verifying properties. It also presents the techniques and artifacts used for tuning verification performance, along with some theoretical background.

Test selection for object-oriented software based on formal specifications

We propose a method of test selection based on formal specifications, for functional testing of object-oriented software. This method is based on rigorous theoretical foundations. To limit the size of test sets, we present several hypotheses specific to object-oriented systems, used to reduce an exhaustive test set into a pertinent test set while preserving its qualities: regularity hypotheses are used to constrain the shape of tests while uniformities, with or without subdomain decomposition, are used to limit the values of the variables appearing in the tests. Care is taken to provide a method for which operational methods can be implemented.

CO-OPN/2: a concurrent object-oriented formalism

In this article we present the concurrent object-oriented specification language CO-OPN/2 which extends the CO-OPN (Concurrent Object Oriented Petri Nets) formalism, destined to support the specification of large distributed systems. The CO-OPN/2 approach proposes a specification language, based on the object-oriented paradigm, which includes a fine description of true concurrent behavior.

Report on the Model Checking Contest at Petri Nets 2011

This article presents the results of the Model Checking Contest held within the SUMo 2011 workshop, a satellite event of Petri Nets 2011. This contest aimed at a fair and experimental evaluation of the performances of model checking techniques applied to Petri nets.

AlPiNA: a symbolic model checker

AlPiNA is a symbolic model checker for High Level Petri nets. It is comprised of two independent modules: a GUI plugin for Eclipse and an underlying model checking engine. AlPiNA’s objective is to perform efficient and user-friendly, easy to use model checking of large software systems. This is achieved by separating the model and its properties from the model checking-related concerns: the users can describe and perform checks on a high-level model without having to master low-level techniques. This article describes the features that AlPiNA provides to the user for specifying models and properties to validate, followed by the techniques that it implements for tuning validation performance.

From an abstract object-oriented model to a ready-to-use embedded system controller

We present an example of a construction of an embedded software system-a controller-from the formal specification to executable code. The CO-OPN (Concurrent Object Oriented Petri Net) formal specification language is used for modelling the controller and the associated hardware system with the inherent limitation of its physical components. CO-OPN formal language is based on coordinated algebraic Petri nets. The CO-OPN model can be used to verify some properties of the controller in the concrete physical environment. This is achieved by constrained animation of the valid prototype produced by automatic code generation. The possibility to incrementally refine the generated code can be used to obtain a more efficient implementation.