Jan van Katwijk

Reuse dimensions

In recent years, there have been much publications on reuse. In order to bet an overview of the whole field and also a good impression of the state of the reuse art, we studied reuse literature of the last few years. As basis for comparison, we classified literature according to four (more or less orthogonal) dimensions, based on the actions and knowledge of the reuser, i.e. the software engineer. The dimensions are: actions to be taken to get an existing reusable item; knowledge to be applied to find an existing reusable item; actions to be taken to build the complete system needed; knowledge to be applied to get the complete system needed. The survey shows that research on reuse from the viewpoint of needed system, receives far less attention than research from the viewpoint of reusable artifacts. We expect reuse to live up to its promise if this topic is addressed was well.

Application and benefits of formal methods in software development

Formal methods for software development receive much attention in research centres, but are rarely used in industry for the development of (large) software systems. One of the reasons is that little is known about the integration of formal methods in the software process, and the exact role of formal methods in the software life-cycle is still unclear. In this paper, a detailed examination is made of the application of, and the benefits resulting from, a generally applicable formal method (VDM) in a standard model for software development (DoD-STD-2167A). Currently, there is no general agreement on how formal methods should be used, but in order to analyse the use of formal methods in the software process, a clear view of such use is essential. Therefore, we show what is meant by ‘using a formal method’. The different activities of DoD-STD-2167A are analysed with regard to their suitability for applying VDM and the benefits that may result from applying VDM for that activity. Based on this analysis, an overall view on the usage of formal methods in the software process is formulated.

A Case for Structured Analysis/Formal Design

Both formal methods and structured methods in software development have disadvantages inherent to the class of methods they belong to. A better method may be composed by taking the best of a formal method and the best of a structured method and constructing one, new method. In this paper two approaches to transforming data flow diagrams, the main system representation resulting from SA, to constructs in VDM are described. Each approach can be used as a basis for a combined SA/VDM method. A comparison is made between the two presented models by analyzing their characteristics. Some conclusions on the usability of the combination of SA and VDM are presented.

Specification and Verification of a Safety Shell with Statecharts and Extended Timed Graphs

A new technique for applying safety principles, termed safety shell, eases the formal verification by segregation of the safety critical regions of the application into independent, well structured modules. This paper presents a practical use of formal methods for verification of the safety shell. A framework is proposed for the integration of semiformal and formal notations, in order to produce a formal specification on which verification tools can be applied. The approach relies on the following steps. The first step consists in using adequately statecharts and support tools to guide the analysts understanding of the system and produce a preliminary document. In the second step an XTG-based specification is generated from the preliminary document on the basis of predefined rules. The third step then is to verify the specification w.r.t. relevant specified properties. Tool support is being developed to assist in the second step, while tool support for verification is available through the TVS toolset.

Analyzing Schedulability of Astral Specifications using Extended Timed Automata

This paper reports our experiences with using an extension of timed automata [1] for schedulability analysis of prototype implementations. The approach builds upon requirements specifications constructed using the formal real-time specification language Astral [7]. Astral specifications are translated into extended timed automata. The resulting automata are augmented with implementation details like assignment of processes to processors, priorities, worst-case execution times of operations, and scheduling policies. Schedulability analysis is then performed by (automated) formal verification of the extended automaton.

Transformation of UML Specification to XTG

We use tuples of extended class, object and statechart UML-diagrams as UML specifications of real-time systems. The semantics of the UML specification is defined by transformation to the eXtended Timed Graphs (XTG). The correctness of our transformation is demonstrated by showing that the XTG computation tree can be projected into the computation tree of the corresponding UML specification. The transformation opens the possibility to specify temporal-logic properties at the UML level and to verify them at the XTG level using the PMC model checker.

Evaluation of Software Architecture for a Control System: A Case Study

In this paper, we give our view on the software architecture phase in the development process. During this phase, we distinguish modeling and structuring activities. A system is modeled according to a certain approach, and this model is used to instantiate a certain architectural style. In general, the activities are intertwined. The choice for a certain software architecture has implications on the nonfunctional properties of the system. We illustrate our view with a case study of a software controller for a (toy) railroad system which we have available in our software lab. Several models of this system, expressed in formal specification languages, were made in the past, so we are able to produce a software architecture for the system while carrying out both activities separately. The resulting software architectures are evaluated with respect to timing aspects, scalability, fault-tolerance, and extendibility. Extendibility of a software system is especially important for domains were changes should be applicable on-line. Design for change should start at the software architectural level.

Real-Time Computing Education: Responding to a Challenge of the Next Century

Abstract This paper summarizes the discussion held among members of the IFAC TC on Real-Time Software Engineering on the distinctive features of real-time computing. It discusses the internal and external factors that characterize real-time computing as an area of science and presents some ideas about the balance between theory, abstraction, and design in the process of instruction. It also attempts to answer the question whether realtime computing is a fundamental or an applied subject area.

Stepwise Development of Model-Oriented Real-Time Specifications from Action/Event Models

Two notations for specifying real-time systems are presented: an analysis language A/EL and a design language mosca. An abstract syntax for an action/event language (A/EL) is presented that offers constructions on a high abstract level for describing behavioural and timing requirements for real-time systems. Next the model-oriented specification languagemosca is shortly introduced. This language is based on VDMSL [12] and CCS [20] with extensions for describing structure and timing issues. It is shown how specifications in A/EL can be transformed into mosca specifications guided by some simple design principles.

Type Checking BSI/VDM-SL

In this paper a type system for BSI/VDM-SL is described. General characteristics of this system are presented using a formal notation. The main property of the system is that type checking can be done in a single bottom-up tree walk. The advantages and disadvantages of this approach are discussed. It is described how the type system has been implemented with the use of the attribute grammar evaluating system generator GAG.