Joni Helin
ABSTRACT
We present a template mechanism which allows collective behavior and its invariants to be expressed in an abstract form. The mechanism supplements a view-based decomposition of distributed collaboration. Together templates and composition allow common idioms of distributed behavior to be specified and verified in an abstract form, and to be integrated in specifications. Two templates from a formal specification of Lamport's Paxos algorithm are given as examples.
- R. J. R. Back and R. Kurki-Suonio. Distributed cooperation with action systems. ACM Transactions on Programming Languages and Systems, 10(4):513--554, October 1988.]] Google Scholar
Digital Library
- R. J. R. Back and R. Kurki-Suonio. Decentralization of process nets with centralized control. Distributed Computing, 3:73--87, 1989.]]Google ScholarDigital Library
- Boichat, Dutta, Frolund, and Guerraoui. Deconstructing paxos. SIGACTN: SIGACT News (ACM Special Interest Group on Automata and Computability Theory), 34, 2003.]] Google ScholarDigital Library
- Eli Gafni and Leslie Lamport. Disk Paxos. Distributed Computing, 16(1):1--20, 2003.]] Google ScholarDigital Library
- Joni Helin and Pertti Kellomäki. Concern-based specification of distributed systems using behaviourally complete views. In Hong Mei Minhuan Huang and Juanjun Zhao, editors, Proceedings of the International Workshop on Aspect-Oriented Software Development (WAOSD 2004), in conjunction with 2nd IEEE International Conference on Software Engineering and Formal Methods (SEFM2004), pages 74--78, September 2004.]]Google Scholar
- P. Herrmann, G. Graw, and H. Krumm. Compositional specification and structured verification of hybrid systems in cTLA. In Proceedings of the 1st IEEE International Symposium on Object-oriented Real-time distributed Computing - (ISORC'98), pages 335--340. IEEE Computer Society Press, 1998.]] Google ScholarDigital Library
- American National Standards Institute. American National Standard for information technology: programming language ADA: ANSI/ISO/IEC 8652-1995: Revision and redesignation of ANSI/MIL 1815A-1983. Number 119-1 in FIPS PUB. American National Standards Institute, 1430 Broadway, New York, NY 10018, USA, revised edition, April 1995.]]Google Scholar
- ISO/IEC. International Standard 14882 -- Programming Languages -- C++, Second Edition, October 2003.]]Google Scholar
- Pertti Kellomäki. An annotated specification of the consensus protocol of Paxos using superposition in PVS. Technical Report 36, Tampere University of Technology, Institute of Software Systems, 2004. Available at http://www.cs.tut.fi/ohj/reports.html.]]Google Scholar
- Leslie Lamport. The part-time parliament. ACM Transactions on Computer Systems, 16(2):133--169, 1998.]] Google ScholarDigital Library
- Arnulf Mester and Heiko Krumm. Formal behavioural patterns for the tool-assisted design of distributed applications. In Hartmut König, Kurt Geihs, and Thomas Preuβ, editors, IFIP WG 6.1 International Working Conference on Distributed Applications and Interoperable Systems (DAIS 97), pages 235--248. Chapman & Hall, 1997.]]Google Scholar
- César Muñoz and John Rushby. Structural embeddings: Mechanization with method. In Jeannette Wing and Jim Woodcock, editors, FM99: The World Congress in Formal Methods, volume 1708 of Lecture Notes in Computer Science, pages 452--471, Toulouse, France, September 1999. Springer-Verlag.]] Google ScholarDigital Library
- S. Owre, N. Shankar, J. M. Rushby, and D. W. J. Stringer-Calvert. PVS Language Reference. Computer Science Laboratory, SRI International, Menlo Park, CA, September 1999.]]Google Scholar
- Sam Owre, John Rushby, Natrajan Shankar, and Friedrich von Henke. Formal verification of fault-tolerant architecures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107--125, February 1995.]] Google ScholarDigital Library
- The PVS home page at http://pvs.csl.sri.com, 2005.]]Google Scholar
- Peri Tarr, Harold Ossher, William Harrison, and Stanley M. Sutton, Jr. N degrees of separation: Multi-dimensional separation of concerns. In Proceedings of the 1999 International Conference on Software Engineering, pages 107--119. IEEE Computer Society Press / ACM Press, 1999.]] Google ScholarDigital Library
- Peri Tarr, Harold Ossher, and Stanley M. Sutton, Jr. Hyper/J: multi-dimensional separation of concerns for Java. In Proceedings of the 24th International Conference on Software Engineering (ICSE-02), pages 689--690, New York, May 19--25 2002. ACM Press.]] Google ScholarDigital Library
Index Terms
- Invariants come from templates
Recommendations
Composing invariants
We explore the question of the composition of invariance specifications in a context of concurrent and reactive systems. Depending on how compositionality is stated and how invariants are defined, invariance specifications may or may not be ...
Frameworks Based on Templates for Rigorous Model-driven Development
The engineering of systems that are acceptably correct is a hard problem. On the one hand, semi-formal modelling approaches that are used in practical, large-scale system development, such as the UML, are not amenable to formal analysis and consistency ...
Automatic generation of state invariants from requirements specifications
Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be ...
Comments