形式化构件规约自动生成中的演化转换

基于软件体系结构的开发将是未来大型、复杂软件开发的主要技术,而构件是该方法的基础。形式化构件规约对构件的功能描述、分类和检索有重要意义。文中给出了一种用于形式化构件规约自动生成的转换方法即演化转换,对该方法的转换过程、转换规则提取、表示及主要转换算法进行了详细说明,并对规约的完整性和转换的正确性进行了探讨。最后,还对该方法的实现系统及其特点进行了简要介绍。演化转换能较好地控制转换粒度和跨度,对转换正确性和规约完整性也有一定的保证,在转换过程中实现了规约的垂直重用,使构造的模型和规约对需求变化有一定的适应性。     

Radl 形式规格说明相对正确性研究

在形式规格说明的获取任务中,一个重要问题是验证获取得到的形式规格说明的正确性.即给定一个问题需求P,往往可以获取多种不同形式的规格说明,如何验证这些不同形式的规格说明均正确?问题需求的非(半)形式化与形式规格说明的形式化两者之间差异的本性,使得该问题成为软件需求工程中一个具有挑战性的问题.提出一种基于形式化推导的方法来验证同一问题不同形式规格说明的相对正确性,通过证明不同形式规格说明与问题需求某个最为直截明了的形式规格说明Si等价来实现,而Si使用PAR方法和PAR平台转换为可执行程序,通过测试已经得到确认.为了支持该方法,进一步提出了扩展的逻辑系统和辅助证明算法.使用Radl语言作为形式规格说明语言,通过排序搜索、组合优化领域的两个典型实例对该方法进行了详细的阐述.实际使用效果表明,该方法不仅能够有效地验证Radl形式规格说明的正确性,还具备良好的可扩充性.该方法在规格说明的正确性验证、算法优化、程序等价性证明等研究领域具有潜在的理论意义与应用价值.     

基于体系结构模型检查分布式控制系统

分布控制系统是大量硬件设备通过计算机系统得以控制和协调的高度复杂系统,它们也是任务统,需要保障其功能的高度正确性和可靠性.分析复杂控制系统的过程包含了证明或验证设计的系统确实满足某种需求.但由于系统的复杂度,有效分析系统是相当困难的.从系统设计和分析的角度看,基于体系结构方法可以运用层次化构造和抽象的方法来减小模型复杂度.模型检查技术是分析复杂系统构造满足正确和可靠性需求的有效方法.结合软件体系结构描述方法和模型检查技术,提出了基于体系结构的分布式控制系统形式分析方法,通过楼宇综合控制系统实例研究,展示了该方法在提高分布式控制系统设计质量方面的效果.     

Integral: Petri-net approach to distributed software development

As the architecture of modern software systems continues to evolve in a distributed fashion, the development of such systems becomes increasingly complex, which requires the integration of more sophisticated specification techniques, tools, and procedures into the conventional methodology. An essential capability of an integrated software development environment is a formal specification method to capture effectively the system's functional requirements as well as its performance requirements. A validation and verification (V&V) system based on a formal specification method is of paramount importance to the development and maintenance of distributed systems.

There has been recent interest in integrating software techniques and tools at the specification level. It is also noted that an effective way of achieving such integration is by using wide-spectrum specification techniques. In view of these points, an integrated V&V system, called Integral, is presented that provides comprehensive and homogeneous analysis capabilities to both specification and testing phases of the life-cycle of distributed software systems. The underlying software model that supports various V&V activities in Integral is primarily based on Petri nets and is intended to be wide spectrum. The ultimate goal of this research is to demonstrate to the software industry, domestic or foreign, the availability and applicability of a new Petri-net-based software development paradigm. Integral is a prototype V&V system to support such a paradigm.     

面向方面分布式系统形式化规格说明语言

分布式系统复杂性的不断增加以及对可配置性和可重用性要求的不断提高,需要面向方面软件工程方法的支持,而形式化方法能保证分布式系统的正确性。本文对分布式规格说明语言Ocsid进行了面向方面的扩展,讨论了面向方面的Ocsid的框架结构、语法要求、方面的联结和功能接口。定义了面向方面的Ocsid规格说明语言中叠加和组合的形式化描述,该形式化描述覆盖了各个精化阶段,使精化体系的各个独立视点被协调地组合,并能形式化地验证规格说明的时态属性和系统行为。本文的工作针对的是分布式系统的形式化规格说明,提出了面向方面Ocsid的形式基础和方面扩展,其基本思想同样适用于更一般的情况。     

面向媒体时序描述的带时间自动机的自动构造方法

依据有穷状态自动机模型,面向程序规范的并发系统和分布式系统测试方法的研究已经取得许多结果。由于特殊的实时和同步要求,这些结果不能直接应用于分布式多媒体软件系统的测试。为此,作者提出一种面向媒体对象时序描述的地间自动机（Ｔｉｍｅｄ ａｕｔｏｍａｔａ）的自动构造方法,根据带时间自动机,对分布式多媒体软件系统进行非确定性测试时,可以较容易地判断运行结果正确与否;在进行确定性测试时,可以辅助自动生成测试用     

Model continuity in the design of dynamic distributed real-time systems

Model continuity refers to the ability to transition as much as possible a model specification through the stages of a development process. In this paper, the authors show how a modeling and simulation environment, based on the discrete event system specification formalism, can support model continuity in the design of dynamic distributed real-time systems. In designing such systems, the authors restrict such continuity to the models that implement the system's real-time control and dynamic reconfiguration. The proposed methodology supports systematic modeling of dynamic systems and adopts simulation-based tests for distributed real-time software. Model continuity is emphasized during the entire process of software development $the control models of a dynamic distributed real-time system can be designed, analyzed, and tested by simulation methods, and then smoothly transitioned from simulation to distributed execution. A dynamic team formation distributed robotic system is presented as an example to show how model continuity methodology effectively manages the complexity of developing and testing the control software for this system.     

基于结构化功能规格说明的测试方法和工具

由于程序的形式化验证技术还局限于比较小的程序，软件测试仍然是目前和今后相当长一段时间内保证大型软件质量和可靠性的主要手段．测试大型软件是一项既繁重又复杂的工作，计算机辅助软件测试将会大大降低测试工作量，提高测试效率．本文首先提出一种新的、简单有效的基于结构化功能规格说明的测试方法，然后阐述如何基于该方法设计井实现一个测试工具环境，以提高测试者的工作效率，减轻测试者的负担．     

Cache consistency by design

Summary. In this paper we present a proof of the sequential consistency of the lazy caching protocol of Afek, Brown, and Merritt. The proof will follow a strategy of stepwise refinement, developing the distributed caching memory in five transformation steps from a specification of the serial memory, whilst preserving the sequential consistency in each step. The proof, in fact, presents a rationalized design of the distributed caching memory. We will carry out our proof using a simple process-algebraic formalism for the specification of the various design stages. We will not follow a strictly algebraic exposition, however. At some points the correctness will be shown using direct semantic arguments, and we will also employ higher-order constructs like action transducers to relate behaviours. The distribution of the design/proof over five transformation steps provides a good insight into the variations that could have been allowed at each point of the design while still maintaining sequential consistency. The design/proof in fact establishes the correctness of a whole family of related memory architectures. The factorization in smaller steps also allows for a closer analysis of the fairness assumptions about the distributed memory.     

一个统一的程序验证框架

本文提出了一个简单的方法，其中程序和其性质都由一个逻辑：时序逻辑中的公式表示．文中给出了一个程序的转换模块的定义，提出了时序执行语义的概念．它是一个时序公式，精确地说明了一个程序．将时序逻辑作为规范语言，程序正确性就意味着说明程序的公式蕴含说明性质的公式，其中蕴含即为一般的逻辑蕴含．因此，本文的方法为并发程序的规范及验证提供了一个统一的框架．它允许充分利用现有的用于证明并发系统时序性质的各种完全证明系统．一个缓冲系统的简单例子用来说明本文的方法．此例子表明本文的方法是可行的.     

实时系统软件开发过程中形式方法的作用

针对实时系统软件开发的特殊性要求,本文强调形式方法是保证实时系统软件开发正确的一种重要方法。文章首先对形式方法的含义进行了系统的介绍,然后分析了形式方法的三个分支在实时系统软件开发过程中的作用,即形式规约、定理证明、形式验证,并指出了形式方法当前主要应用的能力以及应用的局限性,最后提出了形式方法的一些主要研究方向。     

A Methodology for Constructing User-Oriented Requirements Specifications for Large-Scale Systems Using Electronic Hypermedia

requirements specifications are developed for large-scale systems, the final specification is usually an abstraction of the original requirements data into a text-based form that is often foreign to end-users. A method was developed for representing requirements through use of electronic multimedia. The resulting specification is capable of representing requirements and requirements data in a manner that is more representative of the real-world problem space than traditional specifications. This paper presents a method for incorporating multimedia exhibits, notably the results of rapid prototyping activities and animated simulation, into a requirements specification for large-scale C2I systems. To examine the effectiveness of the method, a multimedia requirements specification was developed based on an existing text specification for a real-world system. An experiment was also performed that showed the product of the methodology to be effective in increasing the understandability of the specification over that obtained from the text specification alone.     

基于STeC-Stateflow转换系统的实时系统仿真与验证方法

物联网以及信息物理融合系统对形式化建模提出了新的挑战, 引入了实时系统规范语言STeC, 为刻画实时系统的时空一致性提供了规范语言。针对STeC语言建立STeC至Stateflow自动转换系统, 提出一种基于STeC至Stateflow转换的仿真及验证方法, 该方法使用STeC语言对实时系统进行形式化建模, 再建立实时监控的Simulink仿真模型, 并使用Checkmate对系统进行安全性验证。通过对京沪高铁运行的实例研究, 表明该方法对高铁运行系统实时仿真的有效性, 并能够验证高铁运行系统的安全性。     

分布实现完全LOTOS规范的转换方法

基于LOTOS规范语言,文章从系统功能规范出发,结合实际系统的分布特性,推导出符合实际系统结构的模块化规范的转换方法.用标注的完全LOTOS语言规范表达复杂的系统分布特性,研究了使用广播通信方式进行协同的、直接处理多模块划分的规范分解算法.     

可成长的分布式系统

可持续发展是大规模分布式系统的基本特征。在研究了大规模分布式系统的特点和规律后,本文提出了一个新的概念一可成长的分布式系统,认为大规模分布式系统是随着需求、环境、技术、投资等多种因素的变化而不断成长起来的。文中分析了分布对象技术在支持分布式系统的可成长性方面的优势和缺陷,然后提出了一个面向Agent的系统框架,并阐述了面向Agent的方法对于开发和维护可成长的分布式系统是合适的,并给出了后续的主要研究方向。     

Specification, Refinement and Verification of Concurrent Systems—An Integration of Object-Z and CSP

This paper presents a method of formally specifying, refining and verifying concurrent systems which uses the object-oriented state-based specification language Object-Z together with the process algebra CSP. Object-Z provides a convenient way of modelling complex data structures needed to define the component processes of such systems, and CSP enables the concise specification of process interactions. The basis of the integration is a semantics of Object-Z classes identical to that of CSP processes. This allows classes specified in Object-Z to be used directly within the CSP part of the specification.In addition to specification, we also discuss refinement and verification in this model. The common semantic basis enables a unified method of refinement to be used, based upon CSP refinement. To enable state-based techniques to be used for the Object-Z components of a specification we develop state-based refinement relations which are sound and complete with respect to CSP refinement. In addition, a verification method for static and dynamic properties is presented. The method allows us to verify properties of the CSP system specification in terms of its component Object-Z classes by using the laws of the CSP operators together with the logic for Object-Z.     

Integrating Java and CORBA: a programmer's perspective

The introduction of Java's proprietary remote method invocation (RMI) with version 1.1 of the Java Development Kit simplified the challenging task of developing distributed object-based systems. RMI provides convenient integration with Java; however, it lacks interoperability with other languages. The Object Management Group's Common Object Request Broker Architecture (CORBA), on the other hand, is a platform- and language-neutral specification for developing distributed object systems. CORBA provides services not covered by RMI, such as managing transactional safety and persistency. We use a small chat room application to describe how a programmer can combine Java RMI's ease of use with CORBA's language neutrality. We start with an implementation based on a set of distributed objects using RMI. We then adapt the example to CORBA or, more specifically, the RMI-over-IIOP (Internet inter-ORB protocol) specification developed by Sun and IBM     

An Experiment in Program Composition and Proof

This paper explores a compositional approach to program specification, development and proof. We apply a theory of composition to a problem in distributed computing with the goal of understanding the strengths and weaknesses of this compositional approach. First, we describe the theory briefly. Then we give a specification of a desired system. Next, we propose a design of the desired system as a composition of components and prove its correctness. Finally, we show how the proof can be reused for a slightly different compositional structure by using the concept of observation.