Xudong He

A Formal Definition of Hierarchical Predicate Transition Nets

Hierarchical predicate transition nets have recently been introduced as a visual formalism for specifying complex reactive systems. They extend predicate transition nets with hierarchical structures so that large systems can be specified and understood stepwisely, and thus are more suitable for real-world applications. In this paper, we provide a formal syntax and an algebraic semantics for hierarchical predicate transition nets, which establish the theory of hierarchical predicate transition nets for precise specification and formal reasoning.

Formally analyzing software architectural specifications using SAM

In the past decade, software architecture has emerged as a major research area in software engineering. Many architecture description languages have been proposed and some analysis techniques have also been explored. In this paper, we present a graphical formal software architecture description model called software architecture model (SAM). SAM is a general software architecture development framework based on two complementary formalisms--Petri nets and temporal logic. Petri nets are used to visualize the structure and model the behavior of software architectures while temporal logic is used to specify the required properties of software architectures. These two formal methods are nicely integrated through the SAM software architecture framework. Furthermore, SAM provides the flexibility to choose different compatible Petri net and temporal logic models according to the nature of system under study. Most importantly, SAM supports formal analysis of software architecture properties in a variety of well-established techniques--simulation, reachability analysis, model checking, and interactive proving, In this paper, we show how to formally analyze SAM software architecture specifications using two well-known techniques--symbolic model checking with tool Symbolic Model Verifier, and theorem proving with tool STeP.

Introducing software architecture specification and analysis in SAM through an example

Abstract Software architecture study has become one of the most active research areas in software engineering in the recent years. Although there have been many published results on specification and analysis method of software architectures, information on sound systematic methodology for modeling and analyzing software architectures is lacking. In this article, we present a formal systematic software architecture specification and analysis methodology called SAM and show how to apply SAM to specify a command control (C2) system and to analyze its real-time constraints.

A methodology of testing high-level Petri nets

Abstract Petri nets have been extensively used in the modelling and analysis of concurrent and distributed systems. The verification and validation of Petri nets are of particular importance in the development of concurrent and distributed systems. As a complement to formal analysis techniques, testing has been proven to be effective in detecting system errors and is easy to apply. An open problem is how to test Petri nets systematically, effectively and efficiently. An approach to solve this problem is to develop test criteria so that test adequacy can be measured objectively and test cases can be generated efficiently, even automatically. In this paper, we present a methodology of testing high-level Petri nets based on our general theory of testing concurrent software systems. Four types of testing strategies are investigated, which include state-oriented testing, transition-oriented testing, flow-oriented testing and specification-oriented testing. For each strategy, a set of schemes to observe and record testing results and a set of coverage criteria to measure test adequacy are defined. The subsumption relationships and extraction relationships among the proposed testing methods are systematically investigated and formally proved.

Compositional schedulability analysis of real-time systems using time Petri nets

This paper presents an approach to the schedulability analysis of real-time systems modeled in time Petri nets by separating timing properties from other behavioral properties. The analysis of behavioral properties is conducted based on the reachability graph of the underlying Petri net, whereas timing constraints are checked in terms of absolute and relative firing domains. If a specific task execution is schedulable, we calculate the time span of the task execution, and pinpoint nonschedulable transitions to help adjust timing constraints. A technique for compositional timing analysis is also proposed to deal with complex task sequences, which not only improves efficiency but also facilitates the discussion of the reachability issue with regard to schedulability. We identified a class of well-structured time Petri nets such that their reachability can be easily analyzed.

A new approach to verify rule-based systems using petri nets

Abstract In the past several years, various graphical techniques were proposed to analyze various types of structural errors, including inconsistency (conflict rules), incompleteness (missing rules), redundancy (redundant rules), and circularity (circular depending rules), in rule-based systems in which rules can be represented in propositional logic. In this paper, we present a special reachability graph technique based on ω-nets (a special type of low-level petri nets) to detect all of the above types of structural errors. Our new technique is simple, efficient, and can be easily automated. We highlight the unique features of this new approach and demonstrate its application through two examples.

A methodology for constructing predicate transition net specifications

In this paper, a methodology for constructing hierarchical and structured predicate transition net specifications is developed, which includes new systematic notation extensions for supporting various transformation techniques upon predicate transition nets and several rules for applying such transformation techniques. The levelling technique in data‐flow diagrams is adapted in the refinement and the abstraction techniques, and the state decomposition idea in state‐charts is employed in designing various label formulation operators. The methodology is illustrated through the specification of a lift system. The methodology can significantly reduce the constructing complexity and enhance the comprehensibility of large predicate transition net specifications.

PZ nets - a formal method integrating Petri nets with Z

Abstract In this paper, a formal method (called PZ nets) for specifying concurrent and distributed systems is presented. PZ nets integrate two well-known existing formal methods Petri nets and Z such that Petri nets are used to specify the overall structure, control flows, causal relation, and dynamic behavior of a system; and Z is used to define tokens, labels and constrains of the system. The essence, benefits, and problems of the integration are discussed. A set of heuristics and transformations to develop PZ nets and a technique to analyze PZ nets are proposed and demonstrated through a well-known example.

Integrating predicate transition nets with first order temporal logic in the specification and verification of concurrent systems

This paper presents some results of integrating predicate transition nets with first order temporal logic in the specification and verification of concurrent systems. The intention of this research is to use predicate transition nets as a specification method and to use first order temporal logic as a verification method so that their strengths — the easy comprehension of predicate transition nets and the reasoning power of first order temporal logic can be combined. In this paper, a theoretical relationship between the computation models of these two formalisms is presented; an algorithm for systematically translating a predicate transition net into a corresponding temporal logic system is outlined; and a special temporal refutation proof technique is proposed and illustrated in verifying various concurrent properties of the predicate transition net specification of the five dining philosophers problem.

A Methodology for Test Selection

Software creation requires not only testing during the development cycle by the development staff, but also independent testing following the completion of the implementation. However in the latter case, the amount of testing that can be carried out is often limited by time and resources. At the very most, independent testing can be expected to provide 100% test coverage of the test requirements (or specifications) associated with the software element with the minimum of effort. This paper describes a methodology employing integer programming by which the amount of testing required to provide the maximum possible test coverage of the test requirements (for the given test set) is assured while at the same time minimizing the total number of tests to be included in a test suite. A collateral procedure provides recommendations on which tests might be eliminated if less than 100% test coverage of the test requirements is permitted. This latter procedure will be useful in determining the risk of not running the minimum set of tests for 100% test coverage. A third process selects from the test matrix the set of tests to be applied to the system following maintenance modification of any test requirements-- that is, to provide a submatrix for regression testing. The potential benefits for applying the integer programming technique in test data selection is also discussed.