Nazareno Aguirre

DynAlloy: upgrading alloy with actions

We present DynAlloy, an extension to the Alloy specification language to describe dynamic properties of systems using actions. Actions allow us to appropriately specify dynamic properties, particularly, properties regarding execution traces, in the style of dynamic logic specifications. We extend Alloys syntax with a notation for partial correctness assertions, whose semantics relies on an adaptation of Dijkstras weakest liberal precondition. These assertions, defined in terms of actions, allow us to easily express properties regarding executions, favoring the separation of concerns between the static and dynamic aspects of a system specification. We also extend the Alloy tool in such a way that DynAlloy specifications are also automatically analyzable, as standard Alloy specifications. We present the foundations, two case-studies, and empirical results evidencing that the analysis of DynAlloy specifications can be performed efficiently.

Teaching software engineering using globally distributed projects: the DOSE course

Distributed software development poses new software engineering challenges. To prepare student for these new challenges, we have been teaching software engineering using globally distributed projects. The projects were developed in collaboration with eleven universities in ten different countries in Europe, Asia, and South America. This paper reports the experience teaching the course, describing the settings, problems faced organizing the projects and the lessons learned.

A temporal logic approach to the specification of reconfigurable component-based systems

We propose a formal specification language for dynamically reconfigurable component-based systems, based on temporal logic. The main aim of the language is to allow one to specify behaviours of component-based systems declaratively, with special emphasis on behaviours in which the architectural structure of the system changes dynamically. Due to the semantics and organisation of our language, it is straightforward to hierarchically build reconfigurable systems in terms of subsystems and basic component parts, and reason about them within the language. Despite its expressive power, the language is rather simple.

A logical basis for the specification of reconfigurable component-based systems

We present a logic and a prototypical specification language for specifying and reasoning about component-based systems with support for dynamic, i.e., run-time, architectural reconfiguration.We present the logic, an adaptation of an existing one proposed for specifying reactive systems, and some results that demonstrate its suitability for the specification of reconfigurable systems. We then explicate how the specification language can be used to specify a reconfigurable (sub)system via layers defining component templates, association/connector templates and a layer specifying reconfiguration operations used to dynamically change the system architecture. We also illustrate the expressive power and proof capabilities of the logic.

Improving Test Generation under Rich Contracts by Tight Bounds and Incremental SAT Solving

We present a novel and general technique for automated test generation that combines tight bounds with incremental SAT solving. The proposed technique uses incremental SAT to build test suites targeting a specific testing criterion, amongst various black-box and white-box criteria. As our experimental results show, the combination of tight bounds with incremental SAT, and the testing criterion driven approach implemented in our prototype tool FAJITA, enable us to effectively generate test suites for container classes with rich contracts, more efficiently than other state-of-the-art tools.

Efficient Analysis of DynAlloy Specifications

DynAlloy is an extension of Alloy to support the definition of actions and the specification of assertions regarding execution traces. In this article we show how we can extend the Alloy tool so that DynAlloy specifications can be automatically analyzed in an efficient way. We also demonstrate that DynAlloys semantics allows for a sound technique that we call program atomization, which improves the analyzability of properties regarding execution traces by considering certain programs as atomic steps in a trace. We present the foundations, case studies, and empirical results indicating that the analysis of DynAlloy specifications can be performed efficiently.

Reasoning about static and dynamic properties in alloy: A purely relational approach

We study a number of restrictions associated with the first-order relational specification language Alloy. The main shortcomings we address are:---the lack of a complete calculus for deduction in Alloys underlying formalism, the so called relational logic,---the inappropriateness of the Alloy language for describing (and analyzing) properties regarding execution traces.The first of these points was not regarded as an important issue during the genesis of Alloy, and therefore has not been taken into account in the design of the relational logic. The second point is a consequence of the static nature of Alloy specifications, and has been partly solved by the developers of Alloy; however, their proposed solution requires a complicated and unstructured characterization of executions.We propose to overcome the first problem by translating relational logic to the equational calculus of fork algebras. Fork algebras provide a purely relational formalism close to Alloy, which possesses a complete equational deductive calculus. Regarding the second problem, we propose to extend Alloy by adding actions. These actions, unlike Alloy functions, do modify the state. Much the same as programs in dynamic logic, actions can be sequentially composed and iterated, allowing them to state properties of execution traces at an appropriate level of abstraction.Since automatic analysis is one of Alloys main features, and this article aims to provide a deductive calculus for Alloy, we show that:---the extension hereby proposed does not sacrifice the possibility of using SAT solving techniques for automated analysis,---the complete calculus for the relational logic is straightforwardly extended to a complete calculus for the extension of Alloy.

BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support

Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce the number of spurious structures even further. In this paper we present bounded lazy initialization with SAT support (BLISS), a novel technique that refines the search for valid structures during the symbolic execution process. BLISS builds upon BLI, extending it with field bound refinement and satisfiability checks. Field bounds are refined while a symbolic structure is concretized, avoiding cases that, due to the concrete part of the heap and the field bounds, can be deemed redundant. Satisfiability checks on refined symbolic heaps allow us to prune these heaps as soon as they are identified as infeasible, i.e., as soon as it can be confirmed that they cannot be extended to any valid concrete heap. Compared to LI and BLI, BLISS reduces the time required by LI by up to four orders of magnitude for the most complex data structures. Moreover, the number of partially symbolic structures obtained by exploring program paths is reduced by BLISS by over 50 percent, with reductions of over 90 percent in some cases (compared to LI). BLISS uses less memory than LI and BLI, which enables the exploration of states unreachable by previous techniques.

An Equational Calculus for Alloy

In this paper we show that, by translating Alloy formulas to formulas in the language of fork algebras, we obtain a complete, equational, and purely relational calculus for Alloy.

Bounded Lazy Initialization

Tight field bounds have been successfully used in the context of bounded-exhaustive bug finding. They allow one to check the correctness of, or find bugs in, code manipulating data structures whose size made this kind of analyses previously infeasible. In this article we address the question of whether tight field bounds can also contribute to a significant speed-up for symbolic execution when using a system such as Symbolic Pathfinder. Specifically, we propose to change Symbolic Pathfinder’s lazy initialization mechanism to take advantage of tight field bounds. While a straightforward approach that takes into account tight field bounds works well for small scopes, the lack of symmetry-breaking significantly affects its performance. We then introduce a new technique that generates only non-isomorphic structures and consequently is able to consider fewer structures and to execute faster than lazy initialization.