M. Ardis, John A. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems. In Proc. 17th Intl. Conf. on Software Engineering, April 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....that formal techniques increase development time, that they require extensive personnel training, or that they are incompatible with other software packages. Experts in formal methods have analyzed this situation and provided useful insights into the reasons for this low level of acceptance [1, 4, 7, 10, 16, 17]. Although there are several reasons for this low level of acceptance, in this paper we address two important and related reasons in the area of formal specification. The first is the relative lack of effective tool support for the preparation and manipulation of formal specifications [13] and ....

Mark A. Ardis, John A. Chaves, Lalita J. Jagadeesan, Peter Mataga, Carlos Puchol, Mark G. Staskauskas, and James Von Olnhausen. A Framework for Evaluating Specification Methods for Reactive Systems: Experience Report. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

....of an external notation to the SZ core is an abstraction step, where information (in a syntactical sense) is lost. 6 Related Work and Discussion Specifying reactive systems with Z. There are several case studies where conventional Z has been used for the description of reactive systems. In [1] a comparative case study with several specification formalisms (including Z) has been carried out. The authors claim that for practical use of Z, a significant amount of structure has to be added. They conclude that Z was not a well suited method for the specification of reactive systems. In ....

M. A. Ardis, J. A. Chaves, L. J. Jagadesaan, P. Mataga, C . Puchol, Mark G. Statskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems - experience report. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

.... On one hand, proponents of formal methods have claimed to solve the problem by providing unambiguous and mathematical notations and verification techniques, but the penetration of these methods in industry and in standardization bodies (especially in North America) remains, unfortunately, low [5][12][34] On the other hand, scenario driven approaches, although often less formal, have raised a higher level of interest and acceptance, mostly because of their intuitive representation of services [37] 38] 48] 78] Such semi formal notations are a good compromise between informal and formal ....

Ardis, M.A., Chaves, J.A., Jagadeesan, L. J., Mataga, P., Puchol, C., Staskauskas, M.G., and Olnhausen, J.V. (1996) "A Framework for Evaluating Specification Methods for Reactive Systems --- Experience Report". In: IEEE Transactions on Software Engineering, 22 (6), 378-389.

....Evaluation Criteria The definition of evaluation criteria is as difficult and as important as the evaluation of languages itself, because the criteria and their relative weights basically determine the outcome of the evaluation process. We base our work on the studies described by Ardis et al. [1], Narayan and Gajski [2] and Davis [3] To a limited extent we also used the criteria discussed by Nordstrm and Pettersson [4] In all these reports a set of criteria is selected based on the assumption, that if a criterion is fulfilled by a language to a high degree, the language can be more ....

....these are the criteria of ultimate importance, they are influenced by many factors related to the design process, which had to be identified and filtered out before establishing valid conclusions about the influence of the language on these properties. Starting with the criteria discussed in [1, 2, 3, 4], we add new criteria, divide them into four groups, namely modelling, analysis, synthesis, and usability related aspects, as illustrated in figure 1. These groups are assessed independently from each other, which means a language is subject to four different assessments rather than one. The ....

M. A. Ardis, J. A. Chaves, L. J. Jagadeesan, P. Mataga, C. Puchol, M. G. Staskauskas, J. Von Olnhausen, "A Framework for Evaluating Specification Methods for Reactive Systems - Experience Report", IEEE Transactions on Software Engineering, June 1996.

....that make it easier to program reactive systems, and gives higher level description of systems together with automatic generation of lower level code. In addition to our BDC2E F G F H version of a piece of the CGA software, we have written an BIC4E F G F H version of another switch feature [2], and have found the same benefits. We are currently extending that version with further functionality, and are planning to test it in the switch environments. Acknowledgments We are grateful to David Weiss and Mary Zajac for many helpful discussions and valuable comments on previous versions of ....

M.A. Ardis, J.A. Chaves, L.J. Jagadeesan, P. Mataga, C. Puchol, M.G. Staskauskas, and J.E. Von Olnhausen. A framework for evaluating specification methods for reactive systems. In Proceedings of the 17th International Conference on Software Engineering, April 1995.

....involved, represented using sequence diagrams or Message Sequence Charts (MSCs [22] Finally, stage 3 aims to provide (informal) specifications of protocols and procedures. Formal specifications are sometimes provided (e.g. in SDL [21] but overall they still su#er from a low penetration [10,17], especially in North America [2,18] ITU T developed this three stage methodology two decades ago to describe services and protocols for ISDN. Naturally, such descriptions emphasize the reactive and behavioral nature of telecommunications systems. In this methodology, scenarios are often used as ....

Ardis, M. A., Chaves, J. A., Jagadeesan, L. J., Mataga, P., Puchol, C., Staskauskas, M. G., and Olnhausen, J. V.: "A Framework for Evaluating Specification Methods for Reactive Systems - Experience Report". In: Transactions on Software Engineering, IEEE, 22 (6), 1996, 378--389.

....of an external notation to the SZ core is an abstraction step, where information (in a syntactical sense) is lost. 6 Related Work and Discussion Specifying reactive systems with Z. There are several case studies where conventional Z has been used for the description of reactive systems. In [1] a comparative case study with several specification formalisms (including Z) has been carried out. The authors claim that for practical use of Z, a significant amount of structure has to be added. They conclude that Z was not a well suited method for the specification of reactive systems. In ....

M. A. Ardis, J. A. Chaves, L. J. Jagadesaan, P. Mataga, C . Puchol, Mark G. Statskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems - experience report. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

.... help practitioners select a verification system and also offered a set of evaluation criteria for specification notations [15] Faulk also proposed a set of evaluation criteria for specification notations [5] A comprehensive approach to evaluation and some results were presented by Ardis et al. [1]. In this work, a set of criteria was established for the evaluation of formal specification notations and the set was then applied to several notations. The evaluation was performed on a sample problem from the field of telecommunications. 3 Evaluation Framework 3.1 Framework Basis Our ....

Mark A. Ardis, John A. Chaves, Lalita J. Jagadeesan, Peter Mataga, Carlos Puchol, Mark G. Staskauskas, and James Von Olnhausen. A Framework for Evaluating Specification Methods for Reactive Systems: Experience Report. IEEE Transactions on Software Engineering, 22(6):378-- 389, June 1996.

....the specific application area of HCI [28] with different notations used on different problems. A recent workshop [4] brought together independent developments for an invoice case study, highlighting the difficulty of comparing and understanding these methods from a unified perspective. Ardis et al. [3] apply several different notations to the same reactive system to obtain criteria for judging the effectiveness of the different notations. Their criteria encompass issues of all stages of development, including specification, refinement and verification. Whilst the diverse specifications for ....

....m from channel rec.j.m. Nodes route messages according to local routing tables, which hold information indicating which output channel to forward on for each end destination. We represent a local routing table as a list of node ids. For example, a local routing table for node 3 might be given by [2,2,3]. The 2 in position 1 of this list indicates that when node 3 receives a message on an input channel designated NODE 1 NODE 3 NODE 2 UIs UIr out.3.3 in.3.3 in.2.3 in.1.3 out.3.1 out.3.2 link.3.1 link.3.2 link.2.1 link.1.2 NI NI UIr UIs UIs UIr NI send.3 rec.3 link.1.3 link.2.3 ....

Mark Ardis et al. A framework for evaluating specification methods for reactive systems experience report. IEEE Trans. on Soft. Eng., 22(6):378-- 389, June 1996.

....corrections can be very costly and system interoperability can be jeopardized. 1. 2 On Scenarios and FDTs in a Design Approach The process of going from informal functional or operational requirements to a high level formal specification is a research subject where much work has been done [3][6][14] However, many challenges, such as the ones presented in the previous section, still remain. Formal Description Techniques (FDTs) such as LOTOS [21] and SDL [24] were created in order to formally express functional requirements, and hence to answer some of these challenges. In particular, ....

Ardis, M.A., Chaves, J.A., Jagadeesan, L. J., Mataga, P., Puchol, C., Staskauskas, M.G., and Olnhausen, J.V. (1996) "A Framework for Evaluating Specification Methods for Reactive Systems --- Experience Report". In: IEEE Transactions on Software Engineering, 22 (6), 378-389.

....referenced several times but discussed only wherever it seems to be most appropriate. It is outside the scope of this survey to discuss the advantages and disadvantages of a given formal method with respect to other formal methods. The reader interested in such a comparative study is referred to [1] where the authors provide a comparative case study for Esterel, LOTOS, Modecharts, SDL, VFMS and Z. A set of eleven fundamental and five important criteria is described and the above mentioned FMs are evaluated according to these criteria. FSM (Finite State Machines) A simple finite state ....

M. Ardis, J. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. von Olnhausen. A framework for evaluating specification methods for reactive systems -- experience report. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

....code (e.g. C) or executable binary, the analysis attempts to generate a symbolic expression for each memory access in the loop that describes its range in terms of the context (e.g. values of variables) before the loop. An operating system can use the results of the analysis in one of two ways: [1] to prove statically that the surrounding context guarantees that these ranges are in safe bounds and then execute the unmodified code (as in PCC, but now fully automatic) or [2] to insert a guard before the loop entry that will guarantee at run time that the ranges are in safe bounds (as in SFI, ....

....5ESS switching network, a major software engineering concern is how to determine that the components fit together and interact in a well behaved manner. These are inherently temporal properties. Recently, there has been interest in using model checking or other verification tools for this purpose [1], but these techniques typically rely on trusting a human generated specification (i.e. an abstraction) of the program s behavior. I am interested in generating these specifications automatically. The analysis in this paper, which attempts to determine the value of expressions within a loop in ....

M. A. Ardis, J. A. Chaves, L. J. Jagadeesan, P. Mataga, C. Puchol, M. G. Staskauskas, and J. Von Olnhausen. A Framework for Evaluating Specification Methods for Reactive Systems. In Proceedings of the 17th International Conference on Software Engineering, pages 159--168, April 1995.

....2.4 Evaluation Criteria The definition of evaluation criteria is as difficult and as important as the evaluation of languages itself, because the criteria and their relative weights basically determine the outcome of the evaluation process. We base our work on the studies described by Ardis et al. [1], Narayan and Gajski [2] and Davis [3] To a limited extent we also used the criteria discussed by Nordstr m and Pettersson [4] but their first motivation is the evaluation of graphical tools rather than languages. In all these reports a set of criteria is selected based on the assumption, that ....

....these are the criteria with ultimate importance, they are influenced by many factors related to the design process, which had to be identified and filtered out before establishing valid conclusions about the influence of the language on these properties. Starting with the criteria discussed in [1, 2, 3, 4], we add new criteria, divide them into four groups, namely modelling, analysis, synthesis, and usability related aspects, as illustrated in figure 1. These groups are assessed independently from each other, which means a language is subject to four different assessments rather than a single one. ....

M. A. Ardis, J. A. Chaves, L. J. Jagadeesan, P. Mataga, C. Puchol, M. G. Staskauskas, and J. Von Olnhausen, "A Framework for Evaluating Specification Methods for Reactive Systems - Experience Report", IEEE Transactions on Software Engineering, vol. 22, no. 6, June 1996.

....in Espress. SZ combines Z s expressive power to describe data and data transformations with the dynamic modelling techniques of Statecharts and temporal logic. Specifying reactive systems with Z. There are several case studies where Z has been used for the description of reactive systems. In [1] a comparative case study with several specification formalisms (including Z) has been carried out. The authors claim that for practical use of Z, a significant amount of structure has to be added. They conclude that Z was not a well suited method for the specification of reactive systems. Further ....

M. A. Ardis, J. A. Chaves, L. J. Jagadesaan, P. Mataga, C . Puchol, Mark G. Statskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems - experience report. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

....3 Evaluation Criteria The definition of evaluation criteria is as difficult and as important as the evaluation of languages itself, because the criteria and their relative weights basically determine the outcome of the evaluation process. We base our work on the studies described by Ardis et al. [1], Narayan and Gajski [2] and Davis [3] To a limited extent we also used the criteria discussed by Nordstr m and Pettersson [4] but their first motivation is the evaluation of graphical tools rather than languages. In all these reports a set of criteria is selected based on the assumption, that ....

....these are the criteria with ultimate importance, they are influenced by many factors related to the design process, which had to be identified and filtered out before establishing valid conclusions about the influence of the language on these properties. Starting with the criteria discussed in [1, 2, 3, 4], we add a few new criteria, divide them into several groups to form a tree, and assign weights between 0.0 and 1.0. An overview of the criteria tree is given in figure 2 and each criteria is discussed in the following sections. Data Control Regular Irregular Complex Control Control Memory ....

[Article contains additional citation context not shown here]

M. A. Ardis, J. A. Chaves, L. J. Jagadeesan, P. Mataga, C. Puchol, M. G. Staskauskas, and J. Von Olnhausen, "A Framework for Evaluating Specification Methods for Reactive Systems - Experience Report", IEEE Transactions on Software Engineering, vol. 22, no. 6, June 1996.

No context found.

M. Ardis, John A. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems. In Proc. 17th Intl. Conf. on Software Engineering, April 1995.

....our toolset to several implementations of a Automatic Protection Switching (APS) system [2] The purpose of this system is to manage M redundant resources such as phone lines to ensure that N M of the highestquality resources are always selected for use. In earlier work, Ardis et al. [1] used temporal logic safety properties to formally specify the APS requirements. Based on this specification, we developed thirty APS implementations and tested them on literally millions of test cases. We found that our toolset automatically reveals violations of the requirements. This work was ....

....MOVINGg followed by the pair f; fF 2; OPEN; MOVINGg is in the language of the oracle finite state machine and leads it to an accepting state; hence our toolset automatically reports the violation. A TELECOMMUNICATIONS APPLICATION The Automatic Protection Switching System As described in [1], communication channels bridging switching systems need to interface to components manufactured by different vendors. In order to facilitate cooperation between components, standards have been established. One of the standards for maintaining connectivity is called Automatic Protection Switching ....

[Article contains additional citation context not shown here]

M. Ardis, J. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

....features that make it easier to program reactive systems, and gives higher level description of systems together with automatic generation of lower level code. In addition to our ESTEREL version of a piece of the CGA software, we have written an ESTEREL version of another switch feature [2], and have found the same benefits. We are currently extending that version with further functionality, and are planning to test it in the switch environments. Acknowledgments We are grateful to Mark Ardis,Peter Mataga, Chris Ramming, Mark Staskauskas, David Weiss, and Mary Zajac for many useful ....

M.A. Ardis, L.J. Jagadeesan, P. Mataga, C. Puchol, M.G. Staskauskas, and J.E. Von Olnhausen. A framework for evaluating specification methods for reactive systems, 1995. To appear in the Proceedings of the 17th International Conference on Software Engineering.

....features that make it easier to program reactive systems, and gives higher level description of systems together with automatic generation of lower level code. In addition to our Esterel version of a piece of the CGA software, we have written an Esterel version of another switch feature [2], and have found the same benefits. We are currently extending that version with further functionality, and are planning to test it in the switch environments. Acknowledgments We are grateful to David Weiss and Mary Zajac for many helpful discussions and valuable comments on previous versions of ....

M.A. Ardis, J.A. Chaves, L.J. Jagadeesan,P. Mataga, C. Puchol, M.G. Staskauskas, and J.E. Von Olnhausen. A framework for evaluating specification methods for reactive systems. In Proceedings of the 17th International Conference on Software Engineering, April 1995.

....system specifications. 4. COMPARISON OF FORMAL LANGUAGES In order to compare these different formal languages, it is important to first describe the criteria that will be used. The criteria I have chosen have been used before in a similar exercise with a group of experts at Bell Labs [Ardis et al. 1996]. The criteria are grouped into two categories; the order in which the criteria appear below within each group is arbitrary. The fundamental selection criteria are those that we believe are very important for a language to be successful, especially in telecommunications software development. The ....

....we have not had much experience with Estelle, so that portion of the evaluation is weak. 5. RESULTS AND OPPORTUNITIES In spite of the advantages of formal methods, they are not common practice in industry. Our group at Bell Labs has investigated the applicability of many of these methods [Ardis et al. 1996] in order to better understand this phenomenon. 5.1 Contributions Made The first contribution to acknowledge in the use of any of these methods is precision. Most projects that use formal methods claim that they discover a large number of ambiguities and inconsistencies in informal requirements. ....

Ardis, M., J.A. Chaves, L.J. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. VonOlnhausen (1996), "A framework for evaluating specification methods for reactive systems," IEEE Transactions on Software Engineering 22, 6, 378-389.

....in practice. To conduct the study we developed a testbed of model systems to which we could apply our testing tools. Since we wanted the testbed to be as realistic as possible, we modeled it after the APS system described below. 4.1. 1 The Automatic Protection Switching System As described in [2], communication channels bridging switching systems need to interface to components manufactured by different vendors. In order to facilitate cooperation between components, standards have been established. One of the standards for maintaining connectivity is called Automatic Protection Switching ....

....thus the states of the two lines and the operator commands. The output of the system consists of the state of the switch that selects the current communication line. As we described earlier, the requirements of the APS were formally specified as part of a formal methods case study by Ardis et al. [2]. We used this specification as the starting point for the following feasibility study. Like the original APS, the model used in the feasibility study is unidirectional and non revertive, but has one protection line for every two working lines (i.e. 2 1 rather than the original 1 1) We chose ....

M. Ardis, J. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

....our toolset to several implementations of an Automatic Protection Switching (APS) system [2] The purpose of this system is to manage M redundant resources such as phone lines to ensure that N M of the highestquality resources are always selected for use. In earlier work, Ardis et al. [1] used temporal logic safety properties to formally specify the APS requirements. Based on this specification, we developed thirty APS implementations and tested them on literally millions of test cases. Our toolset automatically found and revealed violations of the requirements. This work was ....

....MOVINGg followed by the pair f; fF 2; OPEN; MOVINGg is in the language of the oracle finite state machine and leads it to an accepting state; hence our toolset automatically reports the violation. A TELECOMMUNICATIONS APPLICATION The Automatic Protection Switching System As described in [1], communication channels bridging switching systems need to interface to components manufactured by different vendors. In order to facilitate cooperation between components, standards have been established. One of the standards for maintaining connectivity is called Automatic Protection Switching ....

[Article contains additional citation context not shown here]

M. Ardis, J. Chaves, L. Jagadeesan, P. Mataga, C. Puchol, M. Staskauskas, and J. Von Olnhausen. A framework for evaluating specification methods for reactive systems. IEEE Transactions on Software Engineering, 22(6):378--389, June 1996.

No context found.

M.A. Ardis, J.A. Chaves, L.J. Jagadeesan, P. Mataga, C. Puchol, M.G. Staskauskas, and J.von Olnhausen. A framework for evaluating specification methods for reactive systems: Experience report. IEEE Transactions on Software Engineering, 22(6):378-389, June 1996.

No context found.

M.A. Ardis et al., "A Framework for Evaluating Specification Methods for Reactive Systems," IEEE Trans. Software Engineering, Vol. 22, No. 6, June 1996, pp. 378-389.

No context found.

, 1996, 378-389

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC