Cheung, S. C., and Kramer, J. Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specied Constraints. In Proceedings of SIGSOFT'95 Third ACM SIGSOFT Symposium on the Foundations of Software Engineering (Oct. 1995), pp. 140-151.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....highly applicable to Software Engineering and that their investigation and application to Software Engineering is long overdue. It is time for Software Engineering to catch up with its more mature counterparts in traditional elds of engineering. Software Engineering problems are often typi ed [4, 3, 10, 27, 26, 30, 35] by the observations paraphrased below: There is usually a need to balance competing constraints. Occasionally there is a need to cope with inconsistency. There are often many potential solutions. There is typically no perfect answer . but good ones can be recognised. There are sometimes ....

Cheung, S. C., and Kramer, J. Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specied Constraints. In Proceedings of SIGSOFT'95 Third ACM SIGSOFT Symposium on the Foundations of Software Engineering (Oct. 1995), pp. 140-151.

....[19, 17, 5, 14, 21, 15] are also oriented towards describing the notion of information exchange of control flow through connectors and do not approach the idea of component assumptions. In Section 4 we discuss the relation between existing ADLs and assumptions more extensively. Cheung and Kramer [12] mention how assumptions can be introduced into hierarchical composition of components by means of user specified interfaces. Although interfaces are not limited to interaction through one specific port as in the Wright approach, they still are tied to the concept of architectural behavior: ....

....a unsatisfactory system configuration. In the next example we show how assumptions can be used to guarantee correct functional use of a component based on a well known example. 3.2. A gas station example We present another example based on a case presented originally by [6] and further studied by [12]. A gas station is modeled by an operator, two customers, a pump and a customer request queue. Figures 12 and 11 show the LTS for the behaviors of all components. The operator accepts money from clients (Prepay i ) and according to the request queue activates (Activate i ) the pump. Once the ....

[Article contains additional citation context not shown here]

J. Kramer and J.C. Cheung. Compositional reachability analysis of finite-state distributed systems with user-specified constraints. In SIGSOFT95: 3rd International Symposium on the Foundations of Software Engineering, pages 140--150, Washington D.C., October 1995.

....of each process separately may lead to state explosion, whereas the generation of the whole system of concurrent processes might succeed if processes constrain each other when composed in parallel. This issue has been addressed by re ned compositional veri cation approaches [GS90, CK93, Yeh93, CK95, CK96, GSL96, KM97, Che98, Gia99] which allow to generate the Lts of each separate process by taking into account interface constraints (also known as environment constraints or context constraints) These constraints express the behavioral restrictions imposed on each process by synchronization ....

S. C. Cheung and J. Kramer. Compositional Reachability Analysis of FiniteState Distributed Systems with User-Specied Constraints. In Proceedings of the 3rd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (Washington, DC, USA), pages 140-150. ACM Press, October 1995.

....usually based upon reachability analysis, necessary condition analysis, or data flow analysis. Reachability analysis enumerates all possible execution states, which in the worst case is exponential in the number of tasks [19] Several approaches have been suggested for optimizing such approaches [3, 5, 9, 10, 13, 14]. These approaches significantly improve the feasibility of reachability methods, but in general are still prohibitively expensive to use with industrial sized distributed systems. Necessary condition analysis encodes the property and the necessary conditions for execution as linear inequalities ....

S. C. Cheung, J. Kramer, "Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints", SIGSOFT, pp.140-150, 1995.

....methods has shaped compiler analysis research to consider partial systems, for example as inter procedural flow analyses. Those same needs are beginning to shape the more general analyses targeted at software verification and validation. Work on compositional analysis, e.g. YY91, CA94, CK95, CK96] has, of necessity, dealt with the question of analyzing sub systems. These techniques have the luxury of embedding such sub system analyses in the context of a whole program analysis. In this setting specification of the behavior expected at a sub systems interface can be automatically ....

S. C. Cheung and J. Kramer. Compositional reachability analysis of finite-state distributed systems with user-specified constraints. In ACM SIGSOFT '95 Symposium on Foundations of Software Engineering, pages 140--150, Washington, DC, October 1995.

....are the compositional approaches. These apply a divide and conquer strategy to decompose a program into sub systems, analyze the sub systems in isolation, then recombine sub system analysis results to infer properties of the program. Compositional variants of state reachability analyses [YY91, CK95] model checking [CLM89] and integer necessary conditions analysis [ABC 91] have all been shown to provide lower cost analysis than their non compositional counterparts for selected systems. These approaches are effective because of the underlying algebraic structure of concurrent programs. ....

....modular structure of implementations and the conclusive analyses to guide the decomposition of our analyses and the specification of environment automata. Another promising source of environment automata are implementations of sub systems themselves. In compositional reachability analyses [YY91, CK95] an environment automaton is constructed directly from the implementation of a sub system. Environment automata constructed in this way may very accurately describe the legal patterns of interface actions allowable by a sub system implementation. Such an automaton may overspecify the constraints ....

[Article contains additional citation context not shown here]

S. C. Cheung and J. Kramer. Compositional reachability analysis of finite-state distributed systems with user-specified constraints. In ACM SIGSOFT '95 Symposium on Foundations of Software Engineering, pages 140--150, Washington, DC, October 1995.

....if the description satisfies the rules and if not, the design would require some changes by the programmer. Apart from requiring high skill, the manual refinement might also involve sizeable effort because the physical size of the description might have to increase. Labeled transition system(LTS) CK95, CK96, CGK97] is another finite state notation for component specifications that uses a synchronous transition model. The assumptions in this model are even more restrictive than the other synchronous transition models because the set of components that will execute a transition in any given ....

....been developed. These systems are based on various divergent and even conflicting assumptions. These assumptions deal with the semantics of component execution, whether they execute asynchronously [Hen80] synchronously [HLR92, BG92] or with runtime determination of synchronization requirements [CK95] Other important differences between concurrent system specification methods arise in the area of time, where some systems assume a continuous timeline model [GMM90] some operate with finite intervals and a timeline made of discrete events [BG92] and others work with branching time model ....

S. C. Cheung and J. Kramer. "Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints". In SIGSOFT'95 Third ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 140--151, October 1995.

....( Sigma [ Unless otherwise specified, actions a; b; c; will range over A, actions ff; fi; fl; will range over Act, whereas s; t; will be action sequences ranging over Act . In this model we have modified the traditional definition of LTS to include the undefined state [9, 3]. We therefore formally define an LTS as follows: Definition 4.1 An LTS is a triple hS; A; Deltai, where: i) S Sts is a finite set of states; ii) A = A 0 [ f g, where A 0 A is a set of observable actions; iii) Delta (S Gamma f g) Theta A Theta S is a transition relation 1 . A ....

....required action renaming to be performed. 5.2 Two essential theorems Definition 5.1 Let P = hA; S; Delta; pi be a totally defined process. Then we call image process of P the process P 0 = hA; S [ f g; Delta 0 ; pi, where Delta 0 is constructed from Delta by the following procedure [3]: i) initialise Delta 0 to Delta; ii) for all a 2 A and s 2 S where there does not exist s 0 2 S such that hs; a; s 0 i 2 Delta: add hs; a; i to Delta 0 . Theorem 5.1 (Transparence theorem) Let Z; P be two totally defined processes, where P is deterministic and free of internal ....

[Article contains additional citation context not shown here]

S.C. Cheung and J. Kramer. Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints. Accepted for publication, 3d ACM International Symposium on the Foundations of Software Engineering, Washington, October 1995.

....sequences, forbidden by the synchronizations expected by the rest of the composition expression (its environment) In the worst cases, the size of S 0 may even exceed the one of S, leading to a failure of this approach. A solution to this problem has been proposed in [GS90,GLS96] and [CK93,CK95] for composition expressions based on the Csp [Hoa78] parallel operator. Intuitively, it consists in expressing the environment of a subexpression by an interface, i.e. an Lts representing a set of authorized execution sequences that can be performed by this sub expression. Thus, using a ....

....(partially) avoid these problems. 4 Compositional generation with user given interfaces The idea of using user supplied interfaces to represent the context constraints associated to a sub expression is not original: it is the basis of the work described in [GS90] and it has also been applied in [CK95] However, our objective in this section is to show how this solution can be adapted to Lotos composition expressions, and to propose a general framework in which both user given and computed interfaces can be used. The main problem arising when user given informations are used in a verification ....

[Article contains additional citation context not shown here]

S.C. Cheung and J. Kramer. Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints. In Proceedings of SIGSOFT'95, 1995.

No context found.

Kramer, J. and J.C. Cheung. Compositional reachability analysis of finite-state distributed systems with user specified constraints. SIGSOFT. 1995. Washington D.C.

....check safety properties in the mechanism of CRA, we add to the state machine model a special trap state. The trap state, labelled as p, is used to capture potential violation of safety properties specified by users. The same philosophy has also been utilised to detect erroneous context constraints [7]. 1.3 Paper Outline In the next section, we introduce labelled transition systems and present a gas station system which is used as a case study in our discussions. Section 3 presents a technique to detect and locate violation of safety properties in the framework of CRA, illustrating experience ....

....global LTS. If the LTS is free from state p, it represents the overall behaviour of the system; otherwise the mechanism indicates which safety properties are violated and how they occur. The mechanism may be further optimised by augmenting the CRA technique with the concept of context constraints [4, 7, 9] and partial ordering [14] These constraints capture behavioural restriction imposed on subsystems by their neighbouring processes. To further explore the potential of the technique, we are hoping to apply it to more complex examples. Further work is needed to provide guidance as to which actions ....

S. C. Cheung and J. Kramer, "Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints," presented at 3rd ACM SIGSOFT Symposium on the Foundations of Software Engineering, Washington, D.C., October 1995, SEN 20(4).

....both I 1 and I 2 . This property of superposition is particularly useful if more than one interface can be obtained by different means. For example, I 1 can be an interface derived by an algorithm while I 2 can be an interface specified by users who have knowledge of the behaviour of context V [9]. 7. INTERFACE CONSTRUCTION ALGORITHM In this section, we present an algorithm that can be used to derive interface processes automatically during compositional reachability analysis. We note that the criteria in the interface theorem are not necessarily met by an interface equal to an LTS of the ....

S. C. Cheung and J. Kramer, "Compositional Reachability Analysis of Finite-State Distributed Systems with User-Specified Constraints," in Proc. 3rd ACM SIGSOFT Symposium on the Foundations of Software Engineering, Washington, D.C., October 1995 (to appear).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC