Showing papers by "Jeff Kramer published in 2003"

Model-based verification of Web service compositions

Abstract: In this paper, we discuss a model-based approach to verifying Web service compositions for Web service implementations. The approach supports verification against specification models and assigns semantics to the behavior of implementation model so as to confirm expected results for both the designer and implementer. Specifications of the design are modeled in UML (Unified Modeling Language), in the form of message sequence charts (MSC), and mechanically compiled into the finite state process notation (FSP) to concisely describe and reason about the concurrent programs. Implementations are mechanically translated to FSP to allow a trace equivalence verification process to be performed. By providing early design verification, the implementation, testing, and deployment of Web service compositions can be eased through the understanding of the differences, limitations and undesirable traces allowed by the composition. The approach is supported by a suite of cooperating tools for specification, formal modeling and trace animation of the composition workflow.

Synthesis of behavioral models from scenarios

Abstract: Scenario-based specifications such as Message Sequence Charts (MSCs) are useful as part of a requirements specification. A scenario is a partial story, describing how system components, the environment, and users work concurrently and interact in order to provide system level functionality. Scenarios need to be combined to provide a more complete description of system behavior. Consequently, scenario synthesis is central to the effective use of scenario descriptions. How should a set of scenarios be interpreted? How do they relate to one another? What is the underlying semantics? What assumptions are made when synthesizing behavior models from multiple scenarios? In this paper, we present an approach to scenario synthesis based on a clear sound semantics, which can support and integrate many of the existing approaches to scenario synthesis. The contributions of the paper are threefold. We first define an MSC language with sound abstract semantics in terms of labeled transition systems and parallel composition. The language integrates existing approaches based on scenario composition by using high-level MSCs (hMSCs) and those based on state identification by introducing explicit component state labeling. This combination allows stakeholders to break up scenario specifications into manageable parts and reuse scenarios using hMCSs; it also allows them to introduce additional domain-specific information and general assumptions explicitly into the scenario specification using state labels. Second, we provide a sound synthesis algorithm which translates scenarios into a behavioral specification in the form of Finite Sequential Processes. This specification can be analyzed with the Labeled Transition System Analyzer using model checking and animation. Finally, we demonstrate how many of the assumptions embedded in existing synthesis approaches can be made explicit and modeled in our approach. Thus, we provide the basis for a common approach to scenario-based specification, synthesis, and analysis.

ViewPoints: meaningful relationships are difficult!

Abstract: The development of complex systems invariably involves many stakeholders who have different perspectives on the problem they are addressing, the system being developed, and the process by which it is being developed. The ViewPoints framework was devised to provide an organisational framework in which these different. perspectives, and their relationships, could be explicitly represented and analysed. The framework acknowledges the inevitability of multiple inconsistent views, promotes separation of concerns, and encourages decentralised specification while providing support for integration through relationships and composition. In this paper, we reflect on the ViewPoints framework, current work, and future research directions.

Behaviour model elaboration using partial labelled transition systems

Abstract: State machine based formalisms such as labelled transition systems (LTS) are generally assumed to be complete descriptions of system behaviour at some level of abstraction: if a labelled transition system cannot exhibit a certain sequence of actions, it is assumed that the system or component it models cannot or should not exhibit that sequence. This assumption is a valid one at the end of the modelling effort when reasoning about properties of the completed model. However, it is not a valid assumption when behaviour models are in the process of being developed. In this setting, the distinction between proscribed behaviour and behaviour that has not yet been defined is an important one. Knowing where the gaps are in a behaviour model permits the presentation of meaningful questions to stakeholders, which in turn can lead to model exploration and thus more comprehensive descriptions of the system behaviour. In this paper we propose using partial labelled transition systems (PLTS) to capture what remains to be defined of the system behaviour. In the context of scenario synthesis, we show that PLTSs can be used to support the iterative incremental elaboration of behaviour models.

LTSA-MSC: tool support for behaviour model elaboration using implied scenarios

Abstract: We present a tool that supports the elaboration of behaviour models and scenario-based specification by providing scenario editing, behaviour model synthesis, and model checking for implied scenarios.

Combining abductive reasoning and inductive learning to evolve requirements specifications

Abstract: The development of requirements specifications inevitably involves modification and evolution. To support modification while preserving particular requirements goals and properties, the use of a cycle composed of two phases: analysis and revision is proposed. In the analysis phase, a desirable property of the system is checked against a partial specification. Should the property be violated, diagnostic information is provided. In the revision phase, the diagnostic information is used to help modify the specification in such a way that the new specification no longer violates the original property. An instance of the above analysis–revision cycle that combines new techniques of logical abduction and inductive learning to analyse and revise specifications, respectively is investigated. More specifically, given an (event-based) system description and a system property, abductive reasoning is applied in refutation mode to verify whether the description satisfies the property and, if it does not, identify diagnostic information in the form of a set of examples of property violation. These (counter) examples are then used to generate a corresponding set of examples of system behaviours that should be covered by the system description. Finally, such examples are used as training examples for inductive learning, changing the system description in order to resolve the property violation. This is accomplished with the use of the connectionist inductive learning and logic programming system—a hybrid system based on neural networks and the backpropagation learning algorithm. A case study of an automobile cruise control system illustrates the approach and provides some early validation of its capabilities.

Software Architecture Modeling & Analysis: A Rigorous Approach.

Abstract: In this overview paper, we outline a tool supported approach to the design and analysis of complex systems at the architectural level. The foundations of this approach are the use of the architectural description language Darwin to capture structural information about components and their interconnection and the use of a process algebra FSP to describe the behaviour of individual components. These descriptions are combined to construct a system behavioural model that can be animated to validate requirements and model checked against properties specified in Linear Temporal Logic. Recently, this foundation has been extended with work on the synthesis of behavioural models from scenarios captured as message sequence charts (MSC). Models described in this way can be used as an initial basis for validating requirements and as a specification that must be satisfied by more detailed models. The approach we outline is supported by the Labelled Transition system Analyser (LTSA) tool, which has been extended to deal with MSCs.

Model-based Simulation of Web Applications for Usability Assessment.

Abstract: In this paper we discuss an approach for simulating the behaviour of interactive software systems, before starting on any of the actual implementation, based on a model of the system at the architectural level. By providing a mock-up of the final user interface for controlling the simulation, it is possible to carry out usability assessments of the system much earlier in the design process than is usually the case. This means that design changes informed by this usability assessment can be made at this early stage. This is much less expensive than having to wait until an implementation of the system is completed before discovering flaws and having to make major changes to already implemented components. The approach is supported by a suite of cooperating tools for specification, formal modelling and animation of the system.

Modelling Undefined Behaviour in Scenario Synthesis

Abstract: Current approaches to scenario synthesis do not distinguish, in the resulting state machine models, proscribed behaviour from behaviour that has not yet been defined. In this paper we propose using partial labelled transition systems (PLTS) to capture what remains undefined of the system behaviour. In the context of scenario synthesis, we show that PLTSs can be used to provide feedback to stakeholders on the parts of the behaviour specification that need further elaboration. In this way we aim to support the iterative incremental elaboration of behaviour models.

Visual methods for Web application design

Abstract: The paper outlines a tool-supported approach to the design of Web applications. Behavioural models are augmented with Web-based simulations of user interfaces to permit validation and usability assessment of systems by end users in advance of implementation. The goal is to correct architectural design decisions that adversely impact usability early in the design cycle when correction is relatively inexpensive. The behavioural model of a system captures the interactions between the different users roles and the set of components that constitute the application. A visual scenario-based language is used to specify interactions and the tool LTSA-MSC is used to synthesise the required behavioural model. The tool supports a visual representation of this model that is animated in response to user-interaction with the simulated Web interface. The combination of these facilities permits agile incremental elaboration of a system design.