No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Implementation and validation of model-based multi-threaded Java applications and Web services
Abstract
In the software engineering world, many modelling notations and languages have been developed to aid application development. The technologies, Java and Web services, play an increasingly important role in web applications. However, because of issues of complexity, it is difficult to build multi-threaded Java
applications and Web Service applications, and even more difficult to model. Furthermore, it is difficult to reconcile the directly-coded application with the model-based application.
Based on the formal modelling system, RDT, the new work here covers: (i) a translator, RDTtoJava, used to automatically convert an RDT model into an executable multi-threaded Java application; (ii) the framework for developing an RDT model into a Java synchronous distributed application that is supported by the JAX-RPC Web Services; and, (iii) the framework for developing an RDT model into a Java asynchronous distributed application that is supported by the JMS Web services.
Experience was gained by building distributed computing models and client/server models and generation of the application based on such models. This work is helpful for the software developers and software researchers in formal software development.
ResearchGate has not been able to resolve any citations for this publication.
In partition testing, the input domain is divided into two or more disjoint subdomains according to some criteria and then test data are selected from each subdomain. Hence we must design a partitioning scheme that governs how to divide the input domain, and a test case allocation scheme that controls how to allocate test cases to the subdomains. Given any partitioning scheme, the test case allocation scheme plays a crucial part in the effectiveness of testing. This paper develops guidelines for comparing different test case allocation schemes. This provides solutions to the class of problems where various test case allocation schemes under the same partitioning scheme are compared for the effectiveness of testing. We illustrate with examples several potential applications of our findings.
The rapid evolution of the environment in which information systems are required to operate originated a new kind of systems: they are networked and process-driven applications. There is no well-defined widely accepted approach to such system. A model-based methodology is proposed for the development of this category of applications.
The cladding of a modern building is a critical, and expensive, specialist sub-system of the total building. This paper is concerned with modelling the supply chain processes within the building cladding sector of the UK construction industry. The modelling was conducted within the context of CIMclad, a research project involving a consortia of universities and industry that is seeking to move the cladding sector towards computer integrated design and manufacture. The goal was to better understand the existing supply chain processes. These processes are complex and span a diverse range of players, each of whom may play one or more roles. The methodology employed was a combination of informal mapping of the procurement chain and the application of formal process modelling techniques.
Given an algebraic specification of a class of objects, we define a fundamental pair as two equivalent terms generated by substituting all the variables on both sides of an axiom by normal forms. For any implementation error in the class, if it can be revealed by two equivalent terms in general, it can also be revealed by a fundamental pair. Hence, we need only select test cases from the set of fundamental pairs instead of equivalent pairs in general. We highlight an algorithm for selecting a finite set of fundamental pairs as test cases. Further, by using the relevant observable contexts technique, we highlight another algorithm to determine whether the objects resulting from executing a fundamental pair are observationally equivalent. If not, it reveals an implementation error.Using these algorithms, we have constructed a system to test object-oriented programs at class-level. We describe in detail the implementation of a prototype system, including the data structure of a Data member Relevant Graph (DRG) for the class, the procedures for the construction and path traversal of the DRG, the generation and execution of relevant observable contexts on the objects under test, and the reporting of implementation errors. The implementation illustrates an innovative idea of embedding testing algorithms into an interpreter to facilitate software testing.
Model checking is a popular formal verification technique for both software and hardware. The verification of concurrent software predominantly employs explicit-state model checkers, such as SPIN, that use partial-order reduction as a main technique to deal with large state spaces efficiently. In the hardware domain, the introduction of symbolic model checking has been considered a breakthrough, allowing the verification of systems clearly out-of-reach of any explicit-state model checker.This paper introduces ImProviso, a new algorithm for model checking of software that efficiently combines the advantages of partial-order reduction with symbolic exploration. IMPROVISO uses implicit BDD representations for both the state space and the transition relation together with a new implicit in-stack proviso for efficient partial-order reduction. The new approach is inspired by the Twophase partial-order reduction algorithm for explicit-state model checking.Initial experimental results show that the proposed algorithm improves the existing symbolic model checking approach and can be used to tackle problems that are not tractable using explicit-state methods.
Testing is difficult and expensive, and testing distributed system even more difficult due to issues such as interoperability, collaboration, synchronization, timing, and concurrency. A tester often needs to spend significant time in developing lengthy testing code to ensure that the System Under Test (SUT) is reasonably well tested. This paper proposes an Object-Oriented (OO) framework to test distributed system rapidly and adaptively by using scenario modeling, state modeling, verification patterns, design patterns, regression testing, ripple effect analysis, simulation, automated test execution, and remote testing using TCP/IP or SOAP. Finally, this paper uses a supply-chain example to illustrate the key concepts.
BDD-based symbolic model checking has received a great deal of attention because of its potential for solving hardware verification problems. However, there are other, qualitatively different, approaches that are also quite promising (which having different ...
We propose a new framework for black-box conformance testing of real-time systems. The framework is based on the model of partially-observable, non-deterministic timed automata. We argue that partial observability and non-determinism are essential features for ease of modeling, expressiveness and implementability. The framework allows the user to define, through appropriate modeling, assumptions on the environment of the system under test (SUT) as well as on the interface between the tester and the SUT. We consider two types of tests: analog-clock tests and digital-clock tests. Our algorithm for generating analog-clock tests is based on an on-the-fly determinization of the specification automaton during the execution of the test, which in turn relies on reachability computations. The latter can sometimes be costly, thus problematic, since the tester must quickly react to the actions of the system under test. Therefore, we provide techniques which allow analog-clock testers to be represented as deterministic timed automata, thus minimizing the reaction time to a simple state jump. We also provide algorithms for static or on-the-fly generation of digital-clock tests. These tests measure time only with finite-precision, digital clocks, another essential condition for implementability. We also propose a technique for location, edge and state coverage of the specification, by reducing the problem to covering a symbolic reachability
Testing embedded software systems on the control units of vehicles is a safety-relevant task, and de- veloping the test suites for performing the tests on test benches is time-consuming. We present the foundations and results of a case study to automate the generation of tests for control software of vehi- cle control units based on a specification of re- quirements in terms of finite state machines. This case study builds upon our previous work on gen- eration of tests for physical systems based on rela- tional behavior models. In order to apply the re- spective algorithms, the finite state machine repre- sentation is transformed into a relational model. We present the transformation, the application of the test generation algorithm to a real example, and discuss the results and some specific challenges regarding software testing.
Static analysis is a tremendous help when trying to find faults in complex software. Writing multi-threaded pro- grams is difficult, because the thread scheduling increases the program state space exponentially, and an incorrect thread synchronization produces faults that are hard to find. Program checkers have become sophisticated enough to find faults in real, large-scale software. In particular,Jlint, a very fast Java program checker, can check packages in a highly automated manner. The original version,Jlint1, still lacked full support for synchronization statements in Java. We extended Jlint1's model to include synchronizations on arbitrary objects, and named our versionJlint2. Our sta- tistical analysis proves that these extensions are relevant and useful. Applying Jlint2 to various large software pack- ages, including commercial packages from Trilogy, found 12 faults, two of which related to multi-threading.
Web services are software components that can be discovered and employed at runtime using the Internet. Conflicting requirements towards the nature of these services can be identified. From a business perspective, Web services promise to enable the formation of ad-hoc cooperations on a global scale. From a technical perspective, a high degree of standardization and rigorous specifications are required to enable the automated integration of Web services. A suitable technology for Web services has to mediate these needs for flexibility and stability. To be usable in practice, this technology has to be aligned to standard software engineering practice to allow for a seamless development of Web service enabled components.
This note presents an improvement to LeLann's algorithm for finding the largest (or smallest) of a set of uniquely numbered processes arranged in a circle, in which no central controller exists and the number of processes is not known a priori. This decentralized algorithm uses a technique of selective message extinction in order to achieve an average number of message passes of order (n log n) rather than O(n2).
Most techniques proposed for regression testing are either black- or white-box techniques, i.e. they solely consider either the specification or implementation of a program. However a combined technique can lead to significant savings in testing costs as some testing tasks need to be carried out once. Furthermore, the same test cases can cover both specification and implementation, reducing the total number of test cases. This paper shows the application of class specification implementation graphs (CSIGs) in regression testing. The distinguishing feature of CSIGs front existing representations is that each method of a class is shown from two perspectives, namely the specification and implementation view. Moreover a test suite reduction strategy has been incorporated to the CSIG construction algorithm to decrease the total number of test cases required. In this paper we show how CSIGs can be combined with an existing test case selection algorithm for regression testing.
With computer systems becoming ever larger and more complex, the cost and effort associated with their construction is increasing. Consequently, it is more important than ever that the developers understand how their systems behave if problems are to be avoided. However, acquiring this understanding is a problem: the systems are sufficiently complex that developers need help to analyse and understand them and, at the time this analysis is most crucial, the system is unavailable because it has yet to be built. We already have maturing technologies which address issues associated with the interconnection of software components at the procedural level, but they do not address issues related to the behaviour of these compound systems. Formal, executable models can help here by providing developers with a platform on which to establish the feasibility of a proposed design for a system. However, commercial developers seem reluctant to employ this type of modelling in their design activity. This report describes a new modelling tool in which the traditional model generation technique of writing “programming language like” code is replaced with a model generation tool which uses a graphical representation of models. Despite appearing informal, the system retains sufficient formality to permit the models to be executed using the tool, or converted into code for analysis by a traditional model checking tool.
Recently, many formal methods, such as the SCR (Software Cost Reduction) requirements method, have been proposed for improving the quality of software specifications. Although improved specifications are valuable, the ultimate objective of software development is to produce software that satisfies its requirements. To evaluate the correctness of a software implementation, one can apply black-box testing to determine whether the implementation, given a sequence of system inputs, produces the correct system outputs. This paper describes a specification-based method for constructing a suite of test sequences, where a test sequence is a sequence of inputs and outputs for testing a software implementation. The test sequences are derived from a tabular SCR requirements specification containing diverse data types, i.e., integer, boolean, and enumerated types. From the functions defined in the SCR specification, the method forms a collection of predicates called branches, which "cover" all possible software behaviors described by the specification. Based on these predicates, the method then derives a suite of test sequences by using a model checker's ability to construct counterexamples. The paper presents the results of applying our method to four specifications, including a sizable component of a contractor specification of a real system.
In the classic approach to logic model checking, software verification requires a manually constructed artifact (the model) to be written in the language that is accepted by the model checker. The construction of such a model typically requires good knowledge of both the application being verified and of the capabilities of the model checker that is used for the verification. Inadequate knowledge of the model checker can limit the scope of verification that can be performed; inadequate knowledge of the application can undermine the validity of the verification experiment itself. In this paper we explore a different approach to software verification. With this approach, a software application can be included, without substantial change, into a verification test-harness and then verified directly, while preserving the ability to apply data abstraction techniques. Only the test-harness is written in the language of the model checker. The test-hamess is used to drive the application through all its relevant states, while logical properties on its execution are checked by the model checker. To allow the model checker to track state, and avoid duplicate work, the test-harness includes definitions of all data objects in the application that contain state information. The main objective of this paper is to introduce a powerful extension of the SPIN model checker that allows the user to directly define data abstractions in the logic verification of application level programs.
Packed with hands-on tutorials, clear explanations, and working code examples, this definitive guide shows you how to use the individual APIs and tools in the J2EE platform, and how to bring them together to create your own enterprise applications.
Software testing plays a major role in software development because it accounts for a large part of the development cost. Moreover, manual testing technique always makes a problem. Consequently, this paper proposes the automatic testing technique to solve partially the testing process. This technique can automatically generate and select test cases from UML statechart diagrams. Firstly, we transform this diagram into intermediate diagram, called Testing Flow Graph (TFG), explicitly identify flows of UML statechart diagrams and enhance for testing. Secondly, from TFG we generate test case using the testing criteria that is the coverage of the state and transition of diagrams. Finally, the evaluation is performed using mutation analysis to assess the fault revealing power of our test cases.
RDT is a graphical formal modelling language in which the modeller works by constructing diagrams of the processes in their model which they then join to- gether to form complete systems. Aside from the benefits which accrue as a side effect of building a formal model of a proposed system, these diagrammatic models can be useful as a means of communication between the devel- opment team and the users. However one of the greatest benefits of a formal model is that it can be subjected to rigorous examination to ensure that it satisfies proper- ties required of the system. This paper describes the transformation used by the RDT toolset to generate Promela code (the input lan- guage of the SPIN model-checker) automatically from a model.
From the Book:For many years, the three of us have been developing software using object oriented techniques. We started with object oriented programming languages, like C++, Smalltalk, and Eiffel. Soon we felt the need to describe our software at a higher level of abstraction. Even before the first object oriented analysis and design methods, like Coad/Yourdon and OMT, were published, we used our own invented bubbles and arrows diagrams. This naturally led to questions like "What does this arrow mean?" and "What is the difference between this circle and that rectangle?". We therefore rapidly decided to use the newly emerging methods to design and describe our software. During the years we found that we were spending more time on designing our models, than on writing code. The models helped us to cope with larger and more complex systems. Having a good model of the software available, made the process of writing code easier and in many cases even straightforward.In 1997 some of us got involved in defining the first standard for object oriented modeling called UML. This was a major milestone that stimulated the use of modeling in the software industry. When the OMG launched its initiative on Model Driven Architecture we felt that this was logically the next step to take. People try to get more and more value from their high level models, and the MDA approach supports these efforts.At that moment we realized that all these years we had naturally walked the path towards model driven development. Every bit of wisdom we acquired during our struggle with the systems we had to build, fitted in with this new idea of how to build software. It caused a feeling similar to an AHA-erlebnis: "Yes, this is it," the same feeling we had years before when we first encountered the object-oriented way of thinking, and again when we first read the GOF book on design patterns. We feel that MDA could very well be the next major step forward in the way software is being developed. MDA brings the focus of software development to a higher level of abstraction, thereby raising the level of maturity of the IT industry.We are aware of the fact that the grand vision of MDA, which Richard Soley, the president of the OMG, presents so eloquently, is not yet a reality. However some parts of MDA can already be used today, while others are under development. With this book we want to give you insight in what MDA means and what you can achieve, both today and in the future.Anneke Kleppe, Jos Warmer, and Wim BastSoest, the NetherlandsJanuary 2003
As part of their effort to reduce development time and improve the quality of their products, software developers are looking at the software development process they use. They reason that a high quality process is likely to lead to a high quality product. However, few developers receive high ratings on the accepted scales when their process is evaluated. To achieve the highest ratings for their processes, developers need to measure and manage their process and to do this effectively, they need tool support. However, they also have significant investments in their existing processes and support systems that they cannot afford to abandon. This makes adopting the process model that is implicit in most process support tools difficult. In this paper, we describe our tool, RolEnact that attempts to address the requirements for a tool for the simulation and evaluation of software development processes and illustrate its use with an example.
Special Purpose Simulation (SPS) is a proven principle that can lead to the effective transfer of simulation knowledge to the construction industry. Three separate industry experiments have led to the identification of a set of requirements that construction ...
This paper presents Korat, a novel framework for automated testing of Java programs. Given a formal specification for a method, Korat uses the method precondition to automatically generate all (nonisomorphic) test cases up to a given small size. Korat then executes the method on each test case, and uses the method postcondition as a test oracle to check the correctness of each output.To generate test cases for a method, Korat constructs a Java predicate (i.e., a method that returns a boolean) from the method's pre-condition. The heart of Korat is a technique for automatic test case generation: given a predicate and a bound on the size of its inputs, Korat generates all (nonisomorphic) inputs for which the predicate returns true. Korat exhaustively explores the bounded input space of the predicate but does so efficiently by monitoring the predicate's executions and pruning large portions of the search space.This paper illustrates the use of Korat for testing several data structures, including some from the Java Collections Framework. The experimental results show that it is feasible to generate test cases from Java predicates, even when the search space for inputs is very large. This paper also compares Korat with a testing framework based on declarative specifications. Contrary to our initial expectation, the experiments show that Korat generates test cases much faster than the declarative framework.
This paper presents some issues related to the design and implementation of a concurrency analysis tool able to detect deadlock situations in Java programs that make use of multithreading mechanisms. An abstract formal model is generated from the Java source using the Java2Spin translator. The model is expressed in the PROMELA language, and the SPIN tool is used to perform its formal analysis. The paper mainly focuses on the design of the Java2Spin translator. A set of experiments, carried out to evaluate the performances of the analysis tool, is also presented. Copyright © 1999 John Wiley & Sons, Ltd.
The paper describes a new programming language for structured program- ming of computer operating systems. It extends the sequential programming language Pascal with concurrent programming tools called processes and moni- tors. Part I explains these concepts informally by means of pictures illustrating a hierarchical design of a simple spooling system. Part II uses the same exam- ple to introduce the language notation. The main contribution of Concurrent Pascal is to extend the monitor concept with an explicit hierarchy of access rights to shared data structures that can be stated in the program text and checked by a compiler.
Distributed computations are concurrent programs in which processes communicate by message passing. Such programs typically execute on network architectures such as networks of workstations or distributed memory parallel machines (i.e., multicomputers such as hypercubes). Several paradigms - examples or models - for process interaction in distributed computations are described. These include networks of filters, clients, and servers, heartbeat algorithms, probe/echo algorithms, broadcast algorithms, token-passing algorithms, decentralized servers, and bags of tasks. These paradigms are applicable to numerous practical problems. They are illustrated by solving problems, including parallel sorting, file servers, computing the topology of a network, distributed termination detection, replicated databases, and parallel adaptive quadrature. Solutions to all problems are derived in a step-wise fashion from a general specification of the problem to a concrete solution. The derivations illustrate techniques for developing distributed algorithms.
Web service technologies are becoming increasingly important for integrating systems and services. There is much activity and interest around standardization and usage of Web service technologies. The unified modeling language (UML) and the model driven architecture (MDA)™ provide a framework that can be applied to Web service development. We describe a model-driven Web service development process, where Web service descriptions are imported into UML models; integrated into composite Web services; and the new Web service descriptions are exported. The main contributions are conversion rules between UML and Web services described by Web service description language (WSDL) documents and XML schema.
One of the most important issues in the software development is how to guarantee that the software satisfies the quality defined in the requirement specification. This paper proposes that the issue can be solved, first the number of test cases is statistically calculated from the failure density defined in the requirement specification, then the selected test cases are executed basing on the hypothesis testing. This paper also presents how our method can be used for debugging. When the number of the test cases is calculated, we applied the statistical behavior of the software quality to the integration testing. We, however, did not consider the ripple effect since it is unable to measure. In order to guarantee the quality of 4σ, and 5σ, we found that many more test cases are needed than is previously believed enough.
This paper describes a case study in the testing of distributed systems. The software under test is a middleware system developed in Java. The full test life cycle is examined including unit testing, integration testing, and system testing. Where possible, traditional tools and techniques are used to carry out the testing. One aspect where this is not possible is the testing of the low-level concurrency, which is often overlooked when testing commercial distributed systems, since the middleware or application server is already developed by a third-party and is assumed to operate correctly. This paper examines testing the middleware system itself, and therefore, a method for testing the concurrency properties of the system is used. The testing revealed a number of faults and design weaknesses, and showed that, with some adaptation, traditional tools and techniques go a long way in the testing of distributed applications