G. Leduc, A Framework based on implementation relations for implementing LOTOS specifications, To appear in a special issue of: Computer Networks & ISDN Systems, 1991.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....relation, conformance testing involves finding a set of tests for a specification to distinguish between correct and incorrect implementations. 2] elaborates a theory for testing systems specified in Lotos. Several test generation algorithms for an LTS and for Basic Lotos have been proposed, e.g. [17, 20]. In [23, 24] the testing theory for an LTS is refined for communicating systems that distinguish inputs and outputs. This is a more realistic view of systems. For validating hardware designs, simulation has been and is still the predominant method in industry. In the main, test cases for ....

G. Leduc. A framework based on implementation relations for implementing Lotos specifications. Computer Networks and ISDN Systems, 25(1):23--41, Aug. 1992.

....a labelled transition system through the axioms and inference rules given in Table 1. Often labelled transition systems are considered to be too concrete to abstractly specify system behaviour. It is therefore customary to interpret process specifications via, so called, implementation relations [13, 3]. These are relations between a domain of implementations and a domain of specifications that formalise a particular notion of correctness. They may, for example, abstract from 1 Rational Rose is a trade mark of the Rational Software Corporation. Table 1. Inference rules ff; p ff Gamma ....

....of consistency relations that the lower one is included in the higher one. It is always sufficient to verify a strictly stronger relation rather than the required notion of consistency. The relationships depicted in the bottom half of Fig. 1 are mostly well known results from the literature [13, 12, 3]. The other relationships between consistency relations usually follow from a straightforward monotonicity argument as in Prop. 16 or directly from the definitions. 3.4 Consistency Checking Example Using the results obtained above, we can now verify the pair wise consistency of the specifications ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

.... include [41] 23] 43] 2] 22] In addition, a related use of viewpoints can be found in object oriented design methodologies, such as [7] In fact, variants of viewpoints modelling have been investigated for some time in a number of guises, e.g. aspects [2] partial specification [2] 6] [37] [34] views [33] multiple paradigm specification [47] putting theories together in institutions [22] 24] and viewpoints [23] 38] 7] These models typically prompt the central issue of viewpoint consistency, i.e. how to check that multiple specifications of the system do not conflict with ....

....relation generalises all notions of evolving a formal description towards an implementation and thus embraces the many such notions that have been proposed. In particular, DEV contains refinement relations, equivalences and relations which can broadly be classed as implementation relations [37], such as the LOTOS conformance relation conf. These different classes of development are best distinguished by their basic properties. Refinement is typically reflexive and transitive (i.e. a preorder) equivalences are reflexive, symmetric and transitive; and implementation relations only need ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

....processes, and by defining satisfaction (see section 4) as an extension of it, we achieve precisely this. 3 LOTOS AS A SPECIFICATION TECHNIQUE The meaning of a specification, i.e. the set of implementations that it describes, depends on the chosen satisfaction relation. Following [Lar90a] and [Led92], we define a specification technique to be a pair h Sigma; sati, where Sigma is the set of all specifications, and sat is some satisfaction relation. Using the notion of bisimulation from the previous section, we could instantiate sat with . However, as argued in the introduction, this would ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

....specifications, thus removing message sequences of the channel specifications that do not contribute to system progress. Then, an optimized converter is generated from a given service specification, the two protocol specifications and the modified channel specifications. The reduction relation [3] [9] is used to compare the service specification and the constructed internetworking system. Compared with related works, our method has three advantages: 1) it generates an optimized converter; 2) the service specification may be nondeterministic; 3) it may need less computation. 1. Introduction ....

....Then an optimized converter is generated from a given service specification, the two protocol specifications and the modified channel specifications. Since the unecessary states and transitions are removed from the first step, this approach may reduce computation. We use the reduction relation [3] [9] to compare the resulting interworking system and the service specification. This allows the treatment of nondeterministic service specifications. A reduced system must foresee the same interaction sequences, but may present less non deterministic choice. Compared with related works, our method ....

[Article contains additional citation context not shown here]

G. Leduc, A Framework Based on Implementation Relations for Implementing LOTOS Specifications, Computer Networks and ISDN Systems 25 (1992).

....It is understood that the latter requirement is the task of robustness testing. An important property of conf is that it is testable for any specification S, and that for each S test suites can be derived from S. Several test generation algorithms were developed for conf relations [PF90, Wez89, Led92] after the work of Brinksma. Based on Brinksma s theory, conformance testing for IOLTSs (Input Output Labelled Transition Systems) was proposed by Jan Tretmans [Tre96] Informally an IOLTS is a special LTS in which all inputs are always enabled in any state. The observation is that most ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25(1):23--41, August 1992.

....usually represented by labeled transition trees, or simply trees, for the obvious pictorial advantage. On the right is an example of a behaviour B represented by a tree. In addition to the basic definition, the following notations and definitions are widely used for interpreting LTSs [BrSS87] [Ledu92]. L = a, b, c, is the alphabet of observable actions and i is the hidden action; B a B means that after executing the observable action a, the behaviour expression B is transformed into another behaviour expression B ; B i k B means that after executing a sequence of k ....

G. Leduc. A Framework based on the Implementation relations for Implementing LOTOS Specifications, Computer Networks and ISDN Systems, 25, 23-41, North Holland, 1992.

....and this is how the desired behavior as a nice conformance relation is obtained. We have explored in detail the relationship between the conformance relation and our friendly testing in [dFLN97a] There we have proved that v fr is equal to v conf , which is the transitive closure of v conf [Led92], and thus the strongest order relation weaker than v conf . Acknowledgments. We would like to thank the anonymous referee for the careful reading and her his comments and suggestions that have contributed to improve the presentation of the paper. ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specications. Computer Networks and ISDN Systems, 25(1):2341, 1992. 22

....On the contrary, in [Tretmans 1996] testing ordering te is represented by i te s, probably to maintain the left to right convention between the implementation and the specication in the conformance relation. Finally, it is easy to check that the reduction relation red [Brinksma et al. 1986, Leduc 1992], which can be dened by i red s ioe i conf s and Tr(i) Tr(s) is equal to te above. In fact, this could be seen as a more convincing justi cation of the use of the left to right notation for the ordering, since in this alternative denition of the relation there is no reference to tests, and ....

....a b conf a Phi (b ; c) since after the possible execution of b by the specication, the implementation cannot execute the expected c, while this b plays no role when comparing a and a Phi (b ; c) G. Leduc has thoroughly worked on the theoretical study of conformance relations [Leduc 1991, Leduc 1992]. He has studied the equivalence induced by an implementation relation, which is dened by: s1 impeq s2 iff 8 i : i imp s1 ( i imp s2 ) Whenever imp is an order relation, it is immediate to prove that impeq is the usual equivalence relation induced by it, thus we have impeq = imp imp ....

[Article contains additional citation context not shown here]

Leduc, G. [1992], `A framework based on implementation relations for implementing LOTOS specications', Computer Networks and ISDN Systems 25(1), 2341.

....relation generalises all notions of evolving a formal description towards an implementation and thus embraces the many such notions that have been proposed. In particular, DEV contains refinement relations, equivalences and relations which can broadly be classed as implementation relations [12] such as the LOTOS conformance relation conf. These different classes of development are best distinguished by their basic properties. Refinement is typically reflexive and transitive (i.e. a preorder) equivalences are reflexive, symmetric and transitive; and implementation relations are only ....

G. Leduc. A framework based on implementation relations for implementingLOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

....reduces the choice to a handful of FDTs. In fact, LOTOS [19] Estelle [20] SDL [7] and Z [39] are seen as the main contenders. Although, if the final requirement is wavered a whole host of object oriented dialects [10, 35] process calculi supporting mobile processes, 30] and real time FDTs [26, 28] could be considered. SDL SDL 92 Estelle LOTOS Z OO Theta p Theta Theta Theta Dynamic Reconfiguration p p p p = Theta Theta Non functional requirements p = Theta p = Theta p = Theta Theta Theta Standardised p p p p p = Theta Support for formal reasoning Theta Theta Theta p ....

....both offer more tractable semantic foundations than the extended finite state machine approaches; this is reflected in the categorisation under support for formal reasoning. For example, semantically well founded notions of refinement and equivalence have been defined for both LOTOS, see [6] [26], and Z, see [32] while corresponding definitions for Estelle, SDL or SDL 92 are mathematically problematic. Furthermore, Z and LOTOS have been argued for on grounds of their superior support for abstract specification. In addition, particular areas of application of FDTs in ODP reveal a richer ....

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

....specification. This is a specification that describes a real implementation in as much detail that a direct mapping from the implementation specification to the real implementation can be found. Thus, it is normal just to consider conformance relations between specifications, see [4] 5] [14] for typical approaches. However, implementation specifications relate to real implementations in different ways for different FDTs and, in particular, for some FDTs not all implementation specifications are implementable. For example, a Z specification that contains an operation [n : N jn = 5 ....

....same set of valid implementation specifications through conf . It should be pointed out that j cf does not imply standard semantic equivalence; the equivalences of FDTs (such as observational and testing equivalences of process algebra) are likely to be stronger than j cf . Refinement. Following [14] we define that S 2 is a refinement of S 1 as: Definition 9 S 1 v S 2 iff fS : S 2 confSg fS : S 1 confSg i.e. refinement restricts the set of conformant implementation specifications. But, importantly, the implementations of a refinement are also implementations of the original ....

[Article contains additional citation context not shown here]

G. Leduc. A framework based on implementation relations for implementing LOTOS specifications. Computer Networks and ISDN Systems, 25:23--41, 1992.

....as an intermediate specification; but it is not its role anyway, since by definition the implementation is the last formal stage of the implementation process. Therefore, we will not restrict ourselves to transitive implementation relations. A more detailed study of this problem is presented in [Led 91a] Besides, let us note that the conf relation is not transitive. We will show how imp induces naturally an equivalence, denoted imp eq. S 1 imp eq S 2 iff I I imp S 1 = I I imp S 2 where I I imp S denotes the set of processes I which are valid implementations of S according to ....

....conf trace eq = te or equivalently, P, Q, we have P conf eq Q (Tr (P) Tr (Q) P conf Q Q conf P (Tr (P) Tr (Q) P te Q For processes with equal trace sets, conf eq and te are equal. i) is directly derived from proposition 3. 2, and the proofs of (ii) and (iii) are given in [Led 91a] All these results are summarized in figure 4.1. The shaded area is exactly the testing equivalence. In [Led 90] examples are provided to prove that all the inclusions are strict, i.e. no area in the figure is empty. We give now a more useful definition of conf eq. 7 conf eq red ext te ....

G. Leduc, A Framework based on implementation relations for implementing LOTOS specifications, To appear in a special issue of: Computer Networks & ISDN Systems, 1991.

....[dNi 87, vGl 90, Led 91] observation equivalence [Par 85, Mil 89] testing equivalence or some related preorders [dNi 84, BHR 84, BSS 87, Hen 88] have been defined for that purpose. A general framework for dealing with this transformation or implementation process has been defined in [Led 91, Led 92b] Examples of transformation rules are given in [Lan 90, Mas 92] Ideally, a performance analysis ought to be carried out at several intermediate stages of the design to quantitatively support some design decisions and their associated transformation steps. However, the difficulty is to bridge ....

G. Leduc, A Framework Based on Implementation Relations for Implementing LOTOS Specifications, in: Computer Networks & ISDN Systems 25 (1) (1992) 23-41.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC