Salamah

Verifying pattern-generated LTL formulas: a case study

The Specification Pattern System (SPS) and the Property Specification (Prospec) tool assist a user in generating formal specifications in Linear Temporal Logic (LTL), as well as other languages, from property patterns and scopes. Patterns are high-level abstractions that provide descriptions of common properties, and scopes describe the extent of program execution over which the property holds. The purpose of the work presented in this paper is to verify that the generated LTL formulas match the natural language descriptions, timelines, and traces of computation that describe the pattern and scope. The LTL formulas were verified using the Spin model checker on test cases developed using boundary value analysis and equivalence class testing strategies. A test case is an LTL formula and a sequence of Boolean valuations. The LTL formulas were those generated from SPS and Prospec. The Boolean valuations of propositions in the LTL formula are generated by a deterministic, single-threaded Promela program that was run using the software model-checker Spin. For each pattern, a suite of test cases was. The experiments uncovered several errors in both the SPS-generated and the Prospec-generated formulas.

Developing case modules for teaching software engineering and computer science concepts

Although many software engineering (SE) and computer science (CS) texts use case studies to explain the different concepts, these case studies tend to focus on a specific subject such as object oriented design and implementation or requirements analysis and specification. In addition, these case studies usually lack instructor guidelines on how to use the material in teaching these concepts. The Digital Home Case Study addresses these issues by providing a complete set of artifacts associated with software development, and an extensive set of case study exercises for teaching different topics in software engineering and computer science, as well as guidance for instructors on how to use these case modules. In this paper, we motivate the use of the case study approach in teaching SE and CS concepts. We provide a description of the Digital Home case study and the associated artifacts and case modules. We also report on our use of the developed material.

The DigitalHome Case Study Material

The paper discusses the content and use of a comprehensive case study called the DigitalHome (DH) system. The DH system involves the development of ldquosmart houserdquo technology by a national retail chain serving the needs of home owners. Thus far, DH artifacts, scenarios and exercises have been developed. Thus DH case study has been used in an introductory software engineering course and in a graduate course in software architecture.

A Technique for Using Model Checkers to Teach Formal Specifications

The difficulty of writing, reading, and understanding formal specifications is one of the main obstacles in adopting formal verification techniques such as model checking and runtime verification. Introducing concepts in formal methods in an undergraduate program is essential for training a workforce that can develop and test high-assurance systems. This paper presents educational outcomes and outlines an instructive component that can be used in an undergraduate course to teach formal approaches and languages. The component uses a model checker and a specification tool to teach Linear Temporal Logic (LTL), a specification language that is widely used in a variety of verification tools. The paper also introduces a novel technique that analyzes LTL specifications by using the SPIN model checker to elucidate the behaviors accepted by the specifications.

Validated templates for specification of complex LTL formulas

Formal verification approaches that check software correctness against formal specifications have been shown to improve program dependability. Tools such as Specification Pattern System (SPS) and Property Specification (Prospec) support the generation of formal specifications. SPS has defined a set of patterns (common recurring properties) and scopes (system states over which a pattern must hold) that allows a user to generate formal specifications by using direct substitution of propositions into parameters of selected patterns and scopes. Prospec extended SPS to support the definition of patterns and scopes that include the ability to specify parameters with multiple propositions (referred to as composite propositions or CPs), allowing the specification of sequential and concurrent behavior. Prospec generates formal specifications in Future Interval Logic (FIL) using direct substitution of CPs into pattern and scope parameters. While substitution works trivially for FIL, it does not work for Linear Temporal Logic (LTL), a highly expressive language that supports specification of software properties such as safety and liveness. LTL is important because of its use in the model checker Spin, the ACM 2001 system Software Award winning tool, and NuSMV. This paper introduces abstract LTL templates to support automated generation of LTL formulas for complex properties in Prospec. In addition, it presents formal proofs and testing to demonstrate that the templates indeed generate the intended LTL formulas.

Verification of Automatically Generated Pattern-Based LTL Specifications

The use of property classifications and patterns, i.e., high-level abstractions that describe common behavior, have been shown to assist practitioners in generating formal specifications that can be used in formal verification techniques. The specification pattern system (SPS) provides descriptions of a collection of patterns. The extent of program execution over which a pattern must hold is described by the notion of scope. SPS provides a manual technique for obtaining formal specifications from a pattern and a scope. The property specification tool (Prospec) extends SPS by introducing composite propositions (CPs), a classification for defining sequential and concurrent behavior to represent pattern and scope parameters, and provides a tool to support users. This work provides general templates for generating formal specifications in linear temporal logic (LTL) for all pattern, scope, and CP combinations. In addition, the work explains the methodology for the verification of the correctness of these templates.

Read before you write

This paper describes and advocates a focused approach to using inspections of software artifacts as an active learning technique in software engineering education. A central thesis is that one must “learn to read before they write” that is, you should read and study an existing software artifact, before you develop one. There is discussion of how software artifacts and supporting instructional materials from a Digital Home case study project can be used to support and guide software inspection exercises. These inspection exercises are designed to introduce students to realistic software engineering artifacts and involve them in rigorous examination of their contents. Instances of the use of software inspections to teach software engineering are described and analyzed: the experiences of students and instructors, what worked and what did not, and how this influenced the cases study project. The authors also outline a set of topics and courses in which software inspections might be used as a teaching tool throughout a computing curriculum.

Using Pairwise Testing to Verify Automatically-Generated Formal Specifications

In this paper, we report on the effectiveness of the testing approach known as pairwise or orthogonal testing in verifying the correctness of the LTL specifications generated by the PROperty SPECification (Prospec) tool. This tool assists the user in generating a large number (over 34,000) of formal specifications in formal languages, including Linear Temporal Logic (LTL). Pairwise testing is a technique that aims at, significantly, reducing the amount of test cases required for testing a particular software system while providing assurance of adequate coverage of the problem space.

Towards support for software model checking: improving the efficiency of formal specifications

The Property Specification (Prospec) tool uses patterns and scopes defined by Dwyer et al., to generate formal specifications in Linear Temporal Logic (LTL) and other languages. The work presented in this paper provides improved LTL specifications for patterns and scopes over those originally provided by Prospec. This improvement comes in the efficiency of the LTL formulas as measured in terms of the number of states in the Buchi automaton generated for the formula. Minimizing the size of the Buchi automata for an LTL specification provides a significant improvement for model checking software systems using such tools as the highly acclaimed Spin model checker.

Improving Pattern-Based LTL Formulas for Automata Model Checking

The Property Specification (Prospec) tool uses patterns and scopes defined by Dwyer et. al., to generate formal specifications in linear temporal logic (LTL) and other languages. The work presented in this paper provides improved LTL specifications for patterns and scopes over those originally provided by Prospec. This improvement comes in the efficiency of the LTL formulas as measured in terms of the number of states in the Buchi automaton generated for the formula. Minimizing the size of the Buchi automata for an LTL specification provides a significant support to the area of model checking.