Integrating a formal method into a software engineering process with UML and Java

We describe how CSP-OZ, a formal method combining the process algebra CSP with the specification language Object-Z, can be integrated into an object-oriented software engineering process employing the UML as a modelling and Java as an implementation language. The benefit of this integration lies in the rigour of the formal method, which improves the precision of the constructed models and opens up the possibility of (1) verifying properties of models in the early design phases, and (2) checking adherence of implementations to models.The envisaged application area of our approach is the design of distributed reactive systems. To this end, we propose a specific UML profile for reactive systems. The profile contains facilities for modelling components, their interfaces and interconnections via synchronous/broadcast communication, and the overall architecture of a system. The integration with the formal method proceeds by generating a significant part of the CSP-OZ specification from the initially developed UML model. The formal specification is on the one hand the starting point for verifying properties of the model, for instance by using the FDR model checker. On the other hand, it is the basis for generating contracts for the final implementation. Contracts are written in the Java Modeling Language (JML) complemented by CSPjassda, an assertion language for specifying orderings between method invocations. A set of tools for runtime checking can be used to supervise the adherence of the final Java implementation to the generated contracts.

[1]  Heinrich Hußmann,et al.  Analysing UML Active Classes and Associated State Machines - A Lightweight Formal Approach , 2000, FASE.

[2]  Thierry Massart,et al.  How to Make FDR Spin LTL Model Checking of CSP by Refinement , 2001, FME.

[3]  A. W. Roscoe A classical mind: essays in honour of C. A. R. Hoare , 1994 .

[4]  Willem P. de Roever,et al.  29 New Unclarities in the Semantics of UML 2.0 State Machines , 2005, ICFEM.

[5]  K. Rustan M. Leino,et al.  Extended Static Checking: A Ten-Year Perspective , 2001, Informatics.

[6]  Clemens Fischer Combination and implementation of processes and data: from CSP-OZ to Java , 2000 .

[7]  Heike Wehrheim,et al.  Data Abstraction Techniques in the Validation of CSP-OZ Specifications , 2000, Formal Aspects of Computing.

[8]  Graeme Smith,et al.  An object-oriented approach to formal specification , 1992 .

[9]  Heike Wehrheim,et al.  Checking Consistency in UML Diagramms: Classes and State Machines , 2003, FMOODS.

[10]  Amir Pnueli,et al.  A discrete-time UML semantics for concurrency and communication in safety-critical applications , 2005, Sci. Comput. Program..

[11]  Matthew B. Dwyer,et al.  Using the Bandera Tool Set to Model-Check Properties of Concurrent Java Software , 2001, CONCUR.

[12]  Bran Selic,et al.  Using UML for Modeling Complex Real-Time Systems , 1998, LCTES.

[13]  John Derrick,et al.  Refinement and verification of concurrent systems specified in Object-Z and CSP , 1997, First IEEE International Conference on Formal Engineering Methods.

[14]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[15]  Heike Wehrheim,et al.  Model-Checking CSP-OZ Specifications with FDR , 1999, IFM.

[16]  Grigore Rosu,et al.  An Overview of the Runtime Verification Tool Java PathExplorer , 2004, Formal Methods Syst. Des..

[17]  Ernst-Rüdiger Olderog,et al.  Specification and (property) inheritance in CSP-OZ , 2005, Sci. Comput. Program..

[18]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[19]  Frank S. de Boer,et al.  Verification for Java's Reentrant Multithreading Concept , 2002, FoSSaCS.

[20]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[21]  Heike Wehrheim,et al.  Specification of an Automatic Manufacturing System: A Case Study in Using Integrated Formal Methods , 2000, FASE.

[22]  Roger Duke,et al.  Object-Z: a specification language advocated for the description of standards , 1995 .

[23]  Peter H. Welch,et al.  Process Oriented Design for Java: Concurrency for All , 2002, International Conference on Computational Science.

[24]  Heike Wehrheim,et al.  Checking the Validity of Scenarios in UML Models , 2005, FMOODS.

[25]  Bart Jacobs,et al.  Reasoning about Java classes: preliminary report , 1998, OOPSLA '98.

[26]  R. Kramer iContract - The Java(tm) Design by Contract(tm) Tool , 1998 .

[27]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[28]  Jim Davies,et al.  Concurrency and Refinement in the Unified Modeling Language , 2002 .

[29]  Bertrand Meyer,et al.  Object-oriented software construction (2nd ed.) , 1997 .

[30]  Stephan Merz,et al.  Model checking UML state machines and collaborations , 2001, Workshop on Software Model Checking @ CAV.

[31]  Clemens Fischer CSP-OZ: a combination of object-Z and CSP , 1997 .

[32]  Graeme Smith,et al.  The Object-Z Specification Language , 1999, Advances in Formal Methods.

[33]  Bran Selic,et al.  Real-time object-oriented modeling , 1994, Wiley professional computing.

[34]  Mark Brörkens,et al.  Dynamic Event Generation for Runtime Checking using the JDI , 2002, Electron. Notes Theor. Comput. Sci..

[35]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .

[36]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[37]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[38]  Axel Uhl,et al.  Model-Driven Architecture , 2002, OOIS Workshops.

[39]  Dave Thomas,et al.  State Machines , 2002, IEEE Softw..

[40]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[41]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[42]  Eerke A. Boiten,et al.  Relational Concurrent Refinement , 2003, Formal Aspects of Computing.

[43]  Grigore Rosu,et al.  Efficient monitoring of safety properties , 2004, International Journal on Software Tools for Technology Transfer.

[44]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[45]  Gary T. Leavens,et al.  How the Design of JML Accomodates Both Runtime Assertion Checking and Formal Verification , 2002, FMCO.

[46]  C. A. R. Hoare,et al.  A Theory of Communicating Sequential Processes , 1984, JACM.

[47]  Augusto Sampaio,et al.  From CSP-OZ to Java with processes , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[48]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[49]  Reiko Heckel,et al.  A methodology for specifying and analyzing consistency of object-oriented behavioral models , 2001, ESEC/FSE-9.

[50]  Ana Cavalcanti,et al.  From Circus to JCSP , 2004, ICFEM.

[51]  Ernst-Rüdiger Olderog,et al.  A CSP View on UML-RT Structure Diagrams , 2001, FASE.

[52]  C. A. R. Hoare,et al.  Specification-oriented semantics for Communicating Processes , 1983, Acta Informatica.

[53]  Colin F. Snook,et al.  UML-B: Formal modeling and design aided by UML , 2006, TSEM.

[54]  Arnd Poetzsch-Heffter,et al.  Interactive Verification Environments for Object-Oriented Programs , 1999, Journal of universal computer science (Online).

[55]  Michael Möller Specifying and Checking Java using CSP , 2002 .

[56]  Jim Davies,et al.  Refinement in Object-Z and CSP , 2002, IFM.

[57]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[58]  Sophie Dupuy-Chessa,et al.  An Overview of RoZ: A Tool for Integrating UML and Z Specifications , 2000, CAiSE.

[59]  Augusto Sampaio,et al.  A Refinement Strategy for Circus , 2003, Formal Aspects of Computing.

[60]  Diego Latella,et al.  Automatic Verification of a Behavioural Subset of UML Statechart Diagrams Using the SPIN Model-checker , 1999, Formal Aspects of Computing.

[61]  Steve A. Schneider,et al.  Communicating B Machines , 2002, ZB.

[62]  Heike Wehrheim,et al.  Jass - Java with Assertions , 2001, RV@CAV.

[63]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[64]  Harald Störrle,et al.  Towards a Formal Semantics of UML 2.0 Activities , 2005, Software Engineering.

[65]  Ernst-Rüdiger Olderog,et al.  Trace- und Zeit- Zusicherungen beim Programmieren mit Vertrag , 2002 .