Yuting Chen,Shaoying Liu,W. Eric Wong

DOI: https://doi.org/10.1142/s0218194008003994

2008-01-01

Abstract:The application of specification-based program verification techniques (e.g., black-box testing, formal proof) faces strong challenges in practice when the gap between the structure of a specification and that of its program is large. This paper describes a view-based program review approach to addressing these challenges. The essential idea of the approach is first to derive comparable views from the specification and program, and then detect and eliminate the violations of structural consistency in the program views on the basis of a set of criteria. We also developed a prototype tool to support the review approach, and conducted a case study to assess the effectiveness of the approach.

Yuting Chen,Shaoying Liu,Fumiko Nagoya

DOI: https://doi.org/10.1109/ICIS.2005.18

2005-01-01

Abstract:The application of specification-based programverification techniques (e.g., testing, review, and proof) usually faces strong challenges in practice when the gap between the structure of a specification and that of its program is large. In this paper we describe an approach to detecting the violations of the structural consistency in programs based on their specifications by review. The approach is aimed at supporting software development in which programs are constructed based on their formal specifications. We establish a set of criteria and a review process that can guide reviewers to uncover structural consistency violations in programs, and apply the approach in a case study to assess its effectiveness.

Yuting Chen,Shaoying Liu,Fumiko Nagoya

DOI: https://doi.org/10.1109/ICECCS.2006.46

2006-01-01

Abstract:The application of specification-based program verification techniques (e.g., testing, review, and proof) faces strong challenges in practice when the gap between the structure of a specification and that of its program is large. In this paper we describe a tool-supported review approach to detecting structural consistency violations by introducing the review method, discussing the design and implementation Of the tool, andpresenting a case study to assess the effectiveness of the tool and identify pointsforfurther improvement.

Lin Gui,Jun Sun,Yang Liu,Yuanjie Si,Jin Song Dong,Xinyu Wang

DOI: https://doi.org/10.1145/2483760.2483779

2013-01-01

Abstract:Testing provides a probabilistic assurance of system correctness. In general, testing relies on the assumptions that the system under test is deterministic so that test cases can be sampled. However, a challenge arises when a system under test behaves non-deterministiclly in a dynamic operating environment because it will be unknown how to sample test cases. In this work, we propose a method combining hypothesis testing and probabilistic model checking so as to provide the ``assurance" and quantify the error bounds. The idea is to apply hypothesis testing to deterministic system components and use probabilistic model checking techniques to lift the results through non-determinism. Furthermore, if a requirement on the level of ``assurance" is given, we apply probabilistic model checking techniques to push down the requirement through non-determinism to individual components so that they can be verified using hypothesis testing. We motivate and demonstrate our method through an application of system reliability prediction and distribution. Our approach has been realized in a toolkit named RaPiD, which has been applied to investigate two real-world systems.

F Nagoya,Sy Liu,Yt Chen

DOI: https://doi.org/10.1109/ICECCS.2004.1310924

2004-01-01

Abstract:Software review is an effective means to enhance the quality of software systems. However, traditional review methods emphasize the importance of the way to organize reviews and rely on the quality of the reviewers' experience and personal skills. In this paper we propose a new approach to rigorously reviewing programs based on their formal specifications. The fundamental idea of the approach is to use a formal specification as a standard to check whether all the required functions and properties in the specification are correctly implemented by its program. To help investigate the effectiveness and the weakness of the approach, we conduct two case studies of reviewing two program systems that implement the same formal specification of "A Research Management Policy" using different strategies, and present the evaluation of the case studies. The results show that the review approach is effective in detecting faults when the reviewer is different from the programmer, but less effective when the reviewer is the same as the programmer.

Shaoying Liu,Yuting Chen

DOI: https://doi.org/10.1016/j.jss.2007.05.036

IF: 3.5

2008-01-01

Journal of Systems and Software

Abstract:Specification-based (or functional) testing enables us to detect errors in the implementation of functions defined in specifications, but since specifications are often incomplete in practice for some reasons (e.g., lack of ideas, no time to write), it is unlikely to be sufficient for testing all parts of corresponding programs. On the other hand, implementation-based (or structural) testing focuses on the examination of program structures, which allows us to test all parts of the programs, but may not be effective to show whether the programs properly implement the corresponding specifications. To perform a comprehensive testing of a program in practice, it is important to adopt both specification-based and implementation-based testing. In this paper we describe a relation-based test method that combines the specification-based and the implementation-based testing approaches. We establish a set of relations for test case generation, illustrate how the method is used with an example, and investigate the effectiveness and weakness of the method through an experiment on testing a software tool system.

Fumiko Nagoya,Yuting Chen,Shaoying Liu

DOI: https://doi.org/10.1109/DEPCOS-RELCOMEX.2006.6

2006-01-01

Abstract:Program review is an effective technique for detecting faults in software systems by reading and analyzing program code. However, challenges still remain in providing systematic and rigorous review techniques. We have recently developed a rigorous review approach and a software tool that provide reviewers with support in analyzing whether a program accurately implements the functions and properties defined in its specification. In this paper, we describe an empirical study of the application of our review approach and tool to a software system for automated teller machines (ATMs). We also discuss the effectiveness of the review approach, as well as some weaknesses, based on the results of our study, and suggest potential solutions to the problems encountered during the study.

Fumiko Nagoya,Shaoying Liu,Yuting Chen

DOI: https://doi.org/10.1109/COMPSAC.2005.36

2005-01-01

Abstract:Effective tool support is crucial for successfully applying software review techniques in practice. In this paper, we describe the design and implementation of a software tool to support an approach to reviewing programs on the basis of their formal specifications. The approach was initially proposed in our previous publication to improve the rigor, repeatability, and effectiveness of existing code review methods. We also present a case study in which we reviewed an ATM system to assess the performance of the review approach when used with the software tool. The results of the case study show that the approach is effective in detecting errors in programs and the tool is helpful in enhancing the efficiency of the review process.

Shaoying Liu,Yuting Chen,Fumiko Nagoya,John A. McDermid

DOI: https://doi.org/10.1109/tse.2011.102

IF: 7.4

2012-01-01

IEEE Transactions on Software Engineering

Abstract:Software inspection is a static analysis technique that is widely used for defect detection, but which suffers from a lack of rigor. In this paper, we address this problem by taking advantage of formal specification and analysis to support a systematic and rigorous inspection method. The aim of the method is to use inspection to determine whether every functional scenario defined in the specification is implemented correctly by a set of program paths and whether every program path of the program contributes to the implementation of some functional scenario in the specification. The method is comprised of five steps: deriving functional scenarios from the specification, deriving paths from the program, linking scenarios to paths, analyzing paths against the corresponding scenarios, and producing an inspection report, and allows for a systematic and automatic generation of a checklist for inspection. We present an example to show how the method can be used, and describe an experiment to evaluate its performance by comparing it to perspective-based reading (PBR). The result shows that our method may be more effective in detecting function-related defects than PBR but slightly less effective in detecting implementation-related defects. We also describe a prototype tool to demonstrate the supportability of the method, and draw some conclusions about our work.

fumiko nagoya,shaoying liu,yuting chen

DOI: https://doi.org/10.1109/ICECCS.2005.33

2005-01-01

Abstract:Program review is an effective means for enhancing software quality. In this paper we describe the design of a software tool to support our proposed "function-path" approach to reviewing programs based on SOFL specifications. The approach includes four steps: (1) deriving all the functional scenarios from a formal specification, (2) generating all the necessary program paths in a program, (3) establishing the mapping between the functional scenarios in the specification and the program paths as implemented functions in the program, and (4) reviewing all the program paths against their functional scenarios in the specification.

W. T. Tsai,Wei, X.,Chen, Y.,Paul, R.

DOI: https://doi.org/10.1109/SOSE.2005.2

2005-01-01

Abstract:This paper presents a specification based robust testing framework for Web services. Web services testing is done by 1) extracting condition and event combinations from the Web service specification; 2) ensuring that these combinations are consistent with each other; 3) performing completeness analysis to identify all the missing condition and event combinations; 4) identifying the locations where updates are needed to maintain the completeness and consistency; and 5) emphasizing on robustness testing by generating positive as well as negative test cases. An efficient algorithm called Covering Scenario Generation is proposed to identify the locations where incompleteness and inconsistency exist. The algorithm is based on the min-terms of Boolean expressions that combine multiple conditions into a single checkable item. The proposed algorithm has been experimented with several large industrial applications and the results indicated that the proposed algorithm is robust and scalable to large applications. A case study is designed to illustrate the design and testing process.

Xinyu Feng,Zhong Shao,Yu Guo,Yuan Dong

DOI: https://doi.org/10.1007/978-3-540-87873-5_8

2008-01-01

Abstract:A major challenge for verifying completesoftware systems is their complexity. A complete software system consists of program modules that use many language features and span different abstraction levels (e.g. user code and run-time system code). It is extremely difficult to use one verification system (e.g. type system or Hoare-style program logic) to support all these features and abstraction levels. In our previous work, we have developed a new methodology to solve this problem. We apply specialized "domain-specific" verification systems to verify individual program modules and then link the modules in a foundational open logical framework to compose the verified complete software package. In this paper, we show how this new methodology is applied to verify a software package containing implementations of preemptive threads and a set of synchronization primitives. Our experience shows that domain-specific verification systems can greatly simplify the verification process of low-level software, and new techniques for combining domain-specific and foundational logics are critical for the successful verification of complete software systems.

Shingo Fukuoka,Yixiang Chen,Shaoying Liu

DOI: https://doi.org/10.1007/978-981-13-0893-2_10

2017-01-01

Abstract:Software development is costly endeavors. In general, the cost can be reduced by checking whether the program meets the specification. Usually, software is composed of several modules so that by checking the correctness of each module, developers can find the causes of errors efficiently. Formal verification and specification-based testing are effective techniques to verify programs. Formal verification based on Hoare logic can establish the correctness of programs from the theoretical point of view. However, it is regarded as an impractical technique for realistic programs, due to some challenges, On the other hand, specification-based testing is able to detect errors, and it is easy to perform. Therefore, it is frequently used for realistic developments. However, in most cases, the testing cannot guarantee the correctness of programs. As we described above, both of these techniques cannot do satisfactory job alone. To solve this problem, a novel verification approach was suggested, which is called testing-based formal verification (TBFV). In this paper, we aim to automate application of Hoare logic to Java programs based on the previously proposed TBFV. At the same time, we try to reveal the feasibility of TBFV through developing a supporting tool for Java programs and conducting a case study. At the same time, to achieve an effective automatic verification, we add the function of automatic boundary testing in the result evaluation step in the supporting tool. As a result, our supporting tool has achieved a semi-formal automation of Hoare logic application, which can help reduce the cost of verification process.

Xudong He,Huiqun Yu,Yi Deng

DOI: https://doi.org/10.4018/978-1-59140-941-1.ch013

2007-01-01

Abstract:Software has been a major enabling technology for advancing modern society, and is now an indispensable part of daily life. Because of the increased complexity of these software systems, and their critical societal role, more effective software development and analysis technologies are needed. How to develop and ensure the dependability of these complex software systems is a grand challenge. It is well known that a highly dependable complex software system cannot be developed without a rigorous development process and a precise specification and design documentation. Formal methods are one of the most promising technologies for precisely specifying, modeling, and analyzing complex software systems. Although past research experience and practice in computer science have convincingly shown that it is not possible to formally verify program behavior and properties at the program source code level due to its extreme huge size and complexity, recently advances in applying formal methods during software specification and design, especially at software architecture level, have demonstrated significant benefits of using formal methods. In this chapter, we will review several well-known formal methods for software system specification and analysis. We will present recent advances of using these formal methods for specifying, modeling, and analyzing software architectural design.

Ting Su,Geguang Pu,Weikai Miao,Jifeng He,Zhendong Su

DOI: https://doi.org/10.1007/s11432-016-5589-6

2016-01-01

Science China Information Sciences

Abstract:>Software testing is the primary way to ensure software quality,but occupies more than 50%the cost of software development[1].It was estimated that software failures cost the US economy alone about 60 billion each year largely due to inadequate software testing infrastructures[2].

Shahbaz Ali,Hailong Sun,Yongwang Zhao

DOI: https://doi.org/10.1007/978-3-030-41418-4_18

2020-01-01

Abstract:In the current technological era, the correct functionality and quality of software systems are of prime concern and require practical approaches to improve their reliability. Besides classical testing, formal verification techniques can be employed to enhance the reliability of software systems. In this connection, we propose an approach that combines the strengths of two effective techniques, i.e., Model learning and Model checking for the formal analysis of Java libraries. To evaluate the performance of the proposed approach, we consider the implementation of “Java.util” package as a case study. First, we apply model learning to infer behavior models of Java package and then use model checking to verify that the obtained models satisfy basic properties (safety, functional, and liveness) specified in LTL/CTL languages. Our results of the formal analysis reveal that the learned models of Java package satisfy all the selected properties specified in temporal logic. Moreover, the proposed approach is generic and very promising to analyze any software library/package considered as a black-box.

Yuzhou Liu,Lei Liu,Huaxiao Liu,Hongji Yang

DOI: https://doi.org/10.1109/access.2018.2836342

IF: 3.9

2018-01-01

IEEE Access

Abstract:Software verification can ensure the software quality by inspecting the properties of program. A key issue for software verification is to check whether the software can meet user requirements especially when the requirements change frequently. To tackle this problem, we propose an approach to verify the program by inspecting the internal relations with the user requirements. In the approach, the constraints in the requirements are represented by a concern-based model defined in our previous work by Liu et al. and the internal relations of program are extracted based on static analysis methods; then, a framework of verification system is defined to inspect whether the program can satisfy the constraints for discovering the errors with their locations. The main contribution of this paper includes: 1) kinds of internal relations of program are defined and their calculation methods are given to transform the source codes to a formalized model, which is taken as the object to be verified and 2) formal description of verification system framework is given to support the automation of verification process. Since the verification tasks can be set freely based on the requirements in the system, the proposed approach can help developers to cope with the change of requirements better.

Paschal C. Amusuo,Parth V. Patil,Owen Cochell,Taylor Le Lievre,James C. Davis

2024-10-19

Abstract:Formal verification provides mathematical guarantees that a software is correct. Design-level verification tools ensure software specifications are correct, but they do not expose defects in actual implementations. For this purpose, engineers use code-level tools. However, such tools struggle to scale to large software. The process of "Unit Proofing" mitigates this by decomposing the software and verifying each unit independently. We examined AWS's use of unit proofing and observed that current approaches are manual and prone to faults that mask severe defects. We propose a research agenda for a unit proofing framework, both methods and tools, to support software engineers in applying unit proofing effectively and efficiently. This will enable engineers to discover code-level defects early.

Software Engineering

Wei Dong,Ji Wang,Liuying Li,Shuhao Li,Haiyan Chen

2001-01-01

Abstract:It is important to find the errors and evaluate the quality of software in the design stage. This paper studies the methods and the corresponding environment of testing and verifying UML models from multi-viewpoint. It can automatically generate test cases for criterion model of UML state machine, and visually execute test cases for implemented model. The UML models can also be dynamically simulated to intuitively reflect the design. The CTL properties of UML state machine can be verified combined with the model checker SMV. The environment also can intelligently guide users to define operational profile and collect failure data in testing UML models, select the reliability models and combinatorial models, and estimate the reliability of design specification. This environment has been used in practice partly.

Qiqige Wuniri,Xiaoping Li,Fan Yang,Shilong Ma,Yifan Liu,Naihai Li

DOI: https://doi.org/10.1007/978-981-10-2338-5_42

2016-01-01

Abstract:In this paper a virtual test method, which is a fusion approach on the combination of automata-based model checking theory and systems engineering theory, is proposed. An automaton of Window Tree Model (WTM) based on multi-tree to describe the system behavior as a system model is used on one hand, and a State Transition Graph (STG) based on Buchi automaton to describe design correctness as a specification is used on the other hand. An automaton-based model checking mechanism is designed to build the foundation of the virtual test method. Moreover, the two main aspects of the method, which are the design correctness verification and the interface test, are defined. A case study is followed to illustrate the modeling and verification process. Finally, a Virtual Test Platform (VTP), which implements the method, is introduced to unfold the virtual test configuration, virtual test execution as well as the virtual test evaluation features.