Víctor A. Braberman

A foundation for behavioural conformance in software product line architectures

Software product lines or families represent an emerging paradigm that is enabling companies to engineer applications with similar functionality and user requirements more effectively. Behaviour modelling at the architecture level has the potential for supporting behaviour analysis of entire product lines, as well as defining optional and variable behaviour for different products of a family. However, to do so rigorously, a well defined notion of behavioural conformance of a product to its product line must exist. In this paper we provide a discussion on the shortcomings of traditional behaviour modelling formalisms such as Labelled Transition Systems for characterising conformance and propose Modal Transition Systems as an alternative. We discuss existing semantics for such models, exposing their limitations and finally propose a novel semantics for Modal Transition Systems, branching semantics, that can provide the formal underpinning for a notion of behaviour conformance for software product line architectures.

Model-based quality assurance of protocol documentation: tools and methodology

Microsoft is producing interoperability documentation for Windows client–server and server–server protocols. The Protocol Engineering Team in the Windows organization is responsible for verifying the documentation to ensure that it is of the highest quality. Various test‐driven methods are being applied including, when appropriate, a model‐based approach. This paper describes core aspects of the quality assurance process and tools that were put in place, and specifically focuses on model‐based testing (MBT). Experience so far confirms that MBT works and that it scales, provided it is accompanied by sound tool support and clear methodological guidance. Copyright

Parametric prediction of heap memory requirements

This work presents a technique to compute symbolic polynomial approximations of the amount of dynamic memory required to safely execute a method without running out of memory, for Javalike imperative programs. We consider object allocations and deallocations made by the method and the methods it transitively calls. More precisely, given an initial configuration of the stack and the heap, the peak memory consumption is the maximum space occupied by newly created objects in all states along a run from it. We over-approximate the peak memory consumption using a scopedmemory management where objects are organized in regions associated with the lifetime of methods. We model the problem of computing the maximum memory occupied by any region configuration as a parametric polynomial optimization problem over a polyhedral domain and resort to Bernstein basis to solve it. We apply the developed tool to several benchmarks.

Visual timed event scenarios

Formal description of real-time requirements is a difficult and error prone task. Conceptual and tool support for this activity plays a central role in the agenda of technology transference from the formal verification engineering community to the real-time systems development practice. In this article we present VTS, a visual language to define complex event-based requirements such as freshness, bounded response, event correlation, etc. The underlying formalism is based on partial orders and supports real-time constraints. The problem of checking whether a timed automaton model of a system satisfies these sort of scenarios is shown to be decidable. Moreover, we have also developed a tool that translates visually specified scenarios into observer timed automata. The resulting automata can be composed with a model under analysis in order to check satisfaction of the stated scenarios. We show the benefits of applying these ideas to some case studies.

Synthesizing nonanomalous event-based controllers for liveness goals

We present SGR(1), a novel synthesis technique and methodological guidelines for automatically constructing event-based behavior models. Our approach works for an expressive subset of liveness properties, distinguishes between controlled and monitored actions, and differentiates system goals from environment assumptions. We show that assumptions must be modeled carefully in order to avoid synthesizing anomalous behavior models. We characterize nonanomalous models and propose assumption compatibility, a sufficient condition, as a methodological guideline.

Existential live sequence charts revisited

Scenario-based specifications are a popular means for describing intended system behaviour. We aim to facilitate early analysis of system behaviour and the development of behaviour models in conjunction with scenarios. In this paper we define a novel scenario-based specification language with an existential semantics and that supports conditional specification of behaviour in the form of prechart and main chart. The language semantics is consistent with existing informal scenario-based and use-case based approaches to requirements engineering. The language provides a good fit with universal live sequence charts as standard existential live sequence charts do not adequately support conditional scenarios. In addition, we define a novel synthesis algorithm that, rather than building arbitrarily one of the many behaviour models that satisfy a scenario, constructs a modal transition system (MTS) which characterizes all behaviour models that conform to the scenario.

Synthesis of live behaviour models

We present a novel technique for synthesising behaviour models that works for an expressive subset of liveness properties and conforms to the foundational requirements engineering World/Machine model, dealing explicitly with assumptions on environment behaviour and distinguishing controlled and monitored actions. This is the first technique that conforms to what is considered best practice in requirements specifications: distinguishing prescriptive and descriptive assertions. Most previous attempts at using synthesis of behavioural models were restricted to handling only safety properties. Those that did support liveness were inadequate for synthesis of operational event based models as they did not include the bespoke distinction between system goals and environment assumptions.

A Static Analysis for Synthesizing Parametric Specifications of Dynamic Memory Consumption.

We present a static analysis for computing a parametric upper-bound of the amount of memory dynamically allocated by (Java-like) imperative object-oriented programs. We propose a general procedure for synthesizing non-linear formulas which conservatively estimate the quantity of memory explicitly allocated by a method as a function of its parameters. We have implemented the procedure and evaluated it on several benchmarks. Experimental results produced exact estimations for most test cases, and quite precise approximations for many of the others. We also apply our technique to compute usage in the context of scoped memory and discuss some open issues.

Verification of real-time designs: combining scheduling theory with automatic formal verification

We present an automatic approach to verify designs of real-time distributed systems for complex timing requirements. We focus our analysis on designs which adhere to the hypothesis of analytical theory for Fixed-Priority scheduling. Unlike previous formal approaches, we draw from that theory and build small formal models (based on Timed Automata) to be analyzed by means of model checking tools. We are thus integrating scheduling analysis into the framework of automatic formal verification.

A scenario-matching approach to the description and model checking of real-time properties

A major obstacle in the technology transfer agenda of behavioral analysis and design methods is the need for logics or automata to express properties for control-intensive systems. Interaction-modeling notations may offer a replacement or a complement, with a practitioner-appealing and lightweight flavor, due partly to the sub specification of intended behavior by means of scenarios. We propose a novel approach consisting of engineering a new formal notation of this sort based on a simple compact declarative semantics: VTS (visual timed event scenarios). Scenarios represent event patterns, graphically depicting conditions over traces. They predicate general system events and provide features to describe complex properties not expressible with MSC-like notations. The underlying formalism supports partial orders and real-time constraints. The problem of checking whether a timed-automaton model has a matching trace is proven decidable. On top of this kernel, we introduce a notation to state properties over all system traces: conditional scenarios, allowing engineers to describe uniquely rich connections between antecedent and consequent portions of the scenario. An undecidability result is presented for the general case of the model-checking problem over dense-time domains, to later identify a decidable-yet practically relevant-subclass, where verification is solvable by generating antiscenarios expressed in the VTS-kernel notation.