In model-driven development, requirements are captured as a specification model, from which a conforming implementation is automatically generated. Model consistency, with respect to requirements, is a primary concern...
详细信息
ISBN:
(纸本)9780769539096
In model-driven development, requirements are captured as a specification model, from which a conforming implementation is automatically generated. Model consistency, with respect to requirements, is a primary concern. If the various structural and integrity constraints are inconsistent, then either the model will admit no implementation, or the implementation produced will not behave according to the intended requirements. We present an approach, based upon data-How testing, to helping developers inspect their models for inconsistency. System models contain classes, attributes, invariants, and methods specified as first-order predicates. We identify for every attribute its intra-method usages. We construct accordingly call sequences demonstrating its inter-method usages. We derive from each call sequence a Boolean constraint, as a test case, ensuring both the execution of the corresponding inter-method usage and the maintenance of invariants. Developers may examine this test suite and compare against their original understandings about the requirements.
In a pre and postcondition-style specification, it is difficult to specify the allowed sequences of method calls, referred to as protocols. The protocols are essential properties of reusable object-oriented classes an...
详细信息
In a pre and postcondition-style specification, it is difficult to specify the allowed sequences of method calls, referred to as protocols. The protocols are essential properties of reusable object-oriented classes and application frameworks, and the approaches based on the pre and postconditions, such as design by contracts (DBC) and formal behavioral interface specification languages (BISL), are being accepted as a practical and effective tool for describing precise interfaces of (reusable) program modules. We propose a simple extension to the Java Modeling Language (JML), a BISL for Java, to specify protocol properties in an intuitive and concise manner. The key idea of our approach is to separate protocol properties from functional properties written in pre and post-conditions and to specify them in a regular expression-like notation. The semantics of our extension is formally defined and provides a foundation for implementing runtime checks. Case studies have been performed to show the effectiveness our approach. We believe that our approach can be adopted by other BISLs.
Specifications that are used in detailed design and in the documentation of existing code are primarily written and read by programmers. However, most formal specification languages either make heavy use of symbolic m...
详细信息
ISBN:
(纸本)3540203036
Specifications that are used in detailed design and in the documentation of existing code are primarily written and read by programmers. However, most formal specification languages either make heavy use of symbolic mathematical operators, which discourages use by programmers, or limit assertions to expressions of the underlying programming language, which makes it difficult to write complete specifications. Moreover, using assertions that are expressions in the underlying programming language can cause problems both in runtime assertion checking and in formal verification, because such expressions can potentially contain side effects. The Java Modeling Language, JML, avoids these problems. It uses a side-effect free subset of Java's expressions to which are added a few mathematical operators (such as the quantifiers \forall and \exists). JML also hides mathematical abstractions, such as sets and sequences, within a library of Java classes. The goal is to allow JML to serve as a common notation for both formal verification and runtime assertion checking;this gives users the benefit of several tools without the cost of changing notations.
Using logical assertions for program verification is a basic research subject in software engineering. This paper analyzes current approaches and proposes three rules that an assertion testing framework should sat...
详细信息
Using logical assertions for program verification is a basic research subject in software engineering. This paper analyzes current approaches and proposes three rules that an assertion testing framework should satisfy. That is, after adding contracts using a framework, the contracts in a tested project should be able to satisfy consistency, transitivity and completeness. By satisfying these three rules, the contracts can perform as a solid foundation for automatic test case generation. This paper also brings forward a practical approach to writing contracts, the Java Test Oracle Creator (jtoc), which uses Java annotations and Java inner class to construct intelligible contracts for programmers. Finally, a proof is given that jtoc-generated test projects satisfy the three rules proposed above.
Using logical assertions for program verification is a basic research subject in software engineering. This paper analyzes current approaches and proposes three rules that an assertion testing framework should satisfy...
详细信息
Using logical assertions for program verification is a basic research subject in software engineering. This paper analyzes current approaches and proposes three rules that an assertion testing framework should satisfy. That is, after adding contracts using a framework, the contracts in a tested project should be able to satisfy consistency, transitivity and completeness. By satisfy- ing these three rules, the contracts can perform as a solid foundation for automatic test case generation. This pa- per also brings forward a practical approach to writing contracts, the Java Test Oracle Creator (jtoc), which uses Java annotations and Java inner class to construct intelligible contracts for programmers. Finally, a proof is given that jtoc-generated test projects satisfy the three rules proposed above.
contracts and specifications have long been used in object-oriented design, programming and testing to enhance reliability before software deployment. However, the use of specifications in deployed software is commonl...
详细信息
ISBN:
(纸本)9783642141065
contracts and specifications have long been used in object-oriented design, programming and testing to enhance reliability before software deployment. However, the use of specifications in deployed software is commonly limited to runtime checking where assertions form a basis for detecting incorrect program states to terminate the erroneous executions. This paper presents a contract-based approach for data structure repair, which allows repairing erroneous executions in deployed software by repairing erroneous states. The key novelty is the support for rich behavioral specifications, such as those that relate pre-states with post-states of the method to accurately specify expected behavior and hence to enable precise repair. The approach is based on the view of a specification as a nondeterministic implementation, which may permit a high degree of non-determinism. The key insight is to use any correct state mutations by an otherwise erroneous execution to prune the non-determinism in the specification, thereby transmuting the specification to an implementation that does not incur a prohibitively high performance penalty. While invariants, pre-conditions and post-conditions could be provided in different modeling languages, we leverage the Alloy tool-set, specifically the Alloy language and the Alloy Analyzer for systematically repairing erroneous states. Four different algorithms are presented and implemented in our data structure repair framework. Experiments using complex specifications show the approach holds much promise in increasing software reliability.
A black-box testing strategy based on Zweben et al.'s specification-based test data adequacy criteria is explored. The approach focuses on generating a flowgraph from a component's specification and applying a...
详细信息
Although computer scientists understand the importance of discrete mathematics to the foundations of their field, computer science (CS) students do not always see the relevance. Thus, it is important to find a way to ...
详细信息
Although computer scientists understand the importance of discrete mathematics to the foundations of their field, computer science (CS) students do not always see the relevance. Thus, it is important to find a way to show students its relevance. The concept of program correctness is generally taught as an activity independent of the programming process, hence many CS students perceive it as unnecessary, and even irrelevant. The concept of contracts, on the other hand, is generally taught as an integral part of the programming process. Most CS students have little difficulty understanding the need to establish contracts via preconditions and postconditions. In order to improve teaching program correctness concepts, we implemented ProVIDE, an enhanced integrated development environment (IDE). ProVIDE assists student programmers in contract construction. Rather than asking for both a precondition and postcondition for each of the student's methods, ProVIDE asks the student to simply supply a postcondition. ProVIDE then helps the student construct the appropriate precondition by leading him or her through an axiomatic proof of the method's correctness. Thus, the proof of of the method's correctness is a side-effect of the student's need to construct an appropriate precondition.
暂无评论