lecture on automated software engineering
play

Lecture on Automated Software Engineering Alloy: Analyzing Software - PowerPoint PPT Presentation

Nov 01, 2023 •470 likes •818 views

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

  1. Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as proper credit is given to the author. The latest version of these slides can be found at: http://www.monperrus.net/martin/alloy-slides.pdf 1

  2. Content of this lecture These slides ● provide an overview of the language "Alloy" ● provide an overview of the different usage of Alloy: ● generate instances (e.g. test cases) ● detect overspecifications ● detect underspecifications ● verify properties ● See also "Alloy: A Quick Reference" http://www.monperrus.net/martin/alloy-quick-ref.pdf 2

  3. Content of this lecture These slides ● provide an overview of the language "Alloy" ● provide an overview of the different usage of Alloy: ● generate instances (e.g. test cases) ● detect overspecifications ● detect underspecifications ● verify properties ● See also "Alloy: A Quick Reference" http://www.monperrus.net/martin/alloy-quick-ref.pdf 3

  4. http://alloy.mit.edu References: ALCOA: The Alloy constraint analyzer, 2000 ● Automating First-Order Relational Logic, 2000 ● Finding bugs with a constraint solver, 2000 ● A micromodularity mechanism, 2001 ● Alloy: a lightweight object modelling notation, 2002 ● Software Abstractions Logic, Language, and Analysis, 2006 ● 4

  5. What is Alloy? Alloy is a tool to find conceptual bugs (not implementation bugs): domain logic, communication protocols, emergent properties, etc. A bug is a property which is not verified: No explicit property = no bug found ● "No planes can be allowed to land at the same time" 5

  6. The intuition The core idea of Alloy is transform a property and the corresponding model into a first order logic formula: and to verify this model with a standard SAT solver: The formula is satisfiable: x0=true x1=false r00=true etc. 6

  7. Alloy Generating instances with Alloy 7

  8. Alloy Alloy consists of generating instances of an object- oriented model. 8

  9. Your first Alloy Program: a WoW Map Generator sig Island { } sig Town { island : Island } sig Road { end1 : Town, end2 : Town } fact { no i,j: Island | some r : Road | i!=j and r.end1.island =i and r.end2.island =j } run { } for 3 A basic Alloy model consists of signatures and facts. 9

  10. Alloy Detecting overspecification with Alloy (no instances) 10

  11. Overspecification: assumption In case of overspecification, there are no possible instances. This appears even in presence of slight overspecification. 11

  12. A natural language specification (1) A file system object has a parent ● A directory is a special kind of file system object ● A directory contains file system objects ● There is one directory which is called the root ● The root directory has no parent ● 12

  13. // A file system object has a directory as parent sig FSObject { parent: Dir } // A directory is a special kind of file system object sig Dir extends FSObject { // A directory contains file system objects contents: set FSObject } // There is one directory which is called the root one sig Root extends Dir {} // The root directory has no parent fact RootProperty { no Root.parent } run {} for 5 Overspecifications are detected with the absence of instances. 13

  14. Overspecification are detected by "No Instance Found" ● 14

  15. // A file system object has a directory as parent ~ Java class sig FSObject { parent : Dir ~ UML 1..1 } ~ Java extends // A directory is a special kind of file system object sig Dir extends FSObject { // A directory contains file system objects ~ UML 0..* contents: set FSObject } singleton // There is one directory which is called the root one sig Root extends Dir {} fact = always true // The root directory has no parent fact { no Root.parent } run { find instances } 15

  16. The Fix // R1: All file system objects but Root have a directory as parent sig FSObject { parent: lone Dir ~ UML 0..1 } // A directory is a special kind of file system object sig Dir extends FSObject { // A directory contains file system objects contents: set FSObject } // There is one directory which is called the root one sig Root extends Dir {} // The root directory has no parent fact RootProperty { no Root.parent Predicate logic // see R1 all t:FSObject | t not in Root implies one t.parent } run {} 16

  17. A natural language specification (2) A file system object can have a parent ● A directory is a special kind of file system object ● A directory contains file system objects ● A file is a special kind of file system objects ● There is one special directory which is called the root and has no parent ● A directory is the parent of its contents ● Every file system object is in one directory ● A directory can not be in itself ● A directory can not be one of its ancestors ● It is possible to have directories containing several objects ● All file system objects must have one parent ● Where is the bug? 17

  18. Alloy Detecting Underspecifications with Alloy (wrong instances) 19

  19. Underspecification: assumption In case of underspecification, wrong instances appear quickly. The search strategies of Alloy further fasten their occurrences. 20

  20. Example 1 Specification: A file system object is in a directory ● A directory contains file system objects ● There is no cycle in the structure ● Question: is it possible? sig FSObject { parent: Dir } sig Dir { contents: set FSObject } A transitive pred noCycle { all d:Dir | d not in d.^parent } closure is the set // question of all reachable run { some FSObject and noCycle } nodes. Warning The join operation here always yields an empty set. Left type = {this/Dir} Right type = {this/FSObject->this/Dir} Alloy is a typed language, some bugs are caught at compile time. Bug: instances of Dir have no field "parent" Solution: add "extends Dir" 21

  21. Example 1 Specification: A file system object is in a directory ● A directory is a file system object and contains file system objects ● There is no cycle in in the structure ● Question: is it possible? sig FSObject { parent: Dir } sig Dir extends FSObject { contents: set FSObject } pred noCycle { all d:Dir | d not in d.^parent } // question run { some FSObject and noCycle } No instance found! Bug: no concept of Root directory Solution: add the missing concept and the associated facts 22

  22. Example 1 Specification: A file system object is in a directory ● A directory is a file system object and contains file system objects ● There is no cycle in in the structure ● There is on directory called Root which has no parent. ● Question: is it possible? sig FSObject { parent: Dir } sig Dir extends FSObject { contents: set FSObject } pred noCycle { all d:Dir - Root | d not in d.^parent } one sig Root extends Dir {} run { some FSObject and noCycle } 23

  23. Example 1 Specification: A file system object is in a directory ● A directory is a file system object and contains file system objects ● There is no cycle in in the structure ● There is on directory called Root which has no parent. ● Question: it it enough? sig FSObject { parent: lone Dir } sig Dir extends FSObject { contents: set FSObject } pred noCycle { all d:Dir - Root | d not in d.^parent } one sig Root extends Dir {} fact {no Root.parent} run { some FSObject and noCycle } 24

  24. Example 1 Specification: A file system object is in a directory ● A directory is a file system object and contains file system objects ● There is no cycle in in the structure ● There is on directory called Root which has no parent. ● A directory is the parent of its content ● Question: it it enough? fact { all d:Dir - Root | d not in d.^parent } fact { all d:Dir | all c:d.contents | d = c.parent } 25

  25. Example 1 A file system object is in a directory ● A directory is a file system object and contains file system objects ● There is no cycle in in the structure ● There is on directory called Root which has no parent. ● A directory is the parent of its content ● All files but root are in the contents of its parent directory ● Question: it it enough? YES (in a certain scope, by checking some instances) fact { all f:FSObject - Root | f in f.parent.contents } 26

  26. The Final Specification abstract sig FSObject { parent: lone Dir } sig Dir extends FSObject { contents: set FSObject } sig File extends FSObject {} one sig Root extends Dir {} fact {no Root.parent} fact { all d:FSObject - Root | d not in d.^parent } fact { all d:Dir | all c:d.contents | d = c.parent } fact { all f:FSObject - Root | f in f.parent.contents } run { } for 6 27

  27. Alloy Verifying Properties with Assertions 28

  28. safe sig Gang { members : set Inmate } sig Inmate { room: Cell } sig Cell { } // no room shared pred safe { no g1,g2: Gang | g1!=g2 and some (g1.members.room & g2.members.room) } pred happy { all p1,p2 : Inmate | // if they are in the same room // they are in the same gang p1.room = p2.room implies ~members[p1] = ~members[p2] } check {safe implies happy } for 3 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Engineering and Architecture Refactoring and Integration Testing The power of automated

Software Engineering and Architecture Refactoring and Integration Testing The power of automated

Software Engineering and Architecture Refactoring and Integration Testing The power of automated tests Two product variants Alphatown and Betatown Four models to handle this compositional proposal has nice properties... How do

865 views • 44 slides
Lecture 1 Dr. Tom Way CSC 4700 1 Introduction Dr. Tom Way CSC 4700 2 Software engineering

Lecture 1 Dr. Tom Way CSC 4700 1 Introduction Dr. Tom Way CSC 4700 2 Software engineering

What is Software Engineering? CSC 4700 Software Engineering Lecture 1 Dr. Tom Way CSC 4700 1 Introduction Dr. Tom Way CSC 4700 2 Software engineering Facts Fact : The economies of ALL developed nations are dependent on software.

175 views • 6 slides
Unified Modelling UML Language What is UML? (me, 10 min) 9 different diagram types

Unified Modelling UML Language What is UML? (me, 10 min) 9 different diagram types

Last update: 15 June 2005 Software Architecture Lecture 12: UML Prof. Dr. Bertrand Meyer Till G. Bay Chair of Softw are Engineering Software Architecture - Lecture 12 Chair of Softw are Engineering Software Architecture - Lecture 12

70 views • 5 slides
Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science & Engineering University of Washington Joint work with David Notkin July 2004 Motivation Existing automated test generation tools are

638 views • 43 slides
Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lecture 2:

Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lecture 2:

Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lecture 2: Software Engineering Fundamentals Today We try to put Software Engineering in an historical perspective We

731 views • 53 slides
Today & next lecture Aims of the course Introduction to issues of software quality Axiomatic

Today & next lecture Aims of the course Introduction to issues of software quality Axiomatic

Chair of Software Engineering Chair of Software Engineering Software Verification Contracts, Trusted Components and Patterns Bertrand Meyer Manuel Oriol Till Bay ETH, Fall 2008 Today & next lecture Aims of the course Introduction to

405 views • 36 slides
CS 294-73 Software Engineering for Scientific Computing Lecture 8:

CS 294-73 Software Engineering for Scientific Computing Lecture 8:

CS 294-73 Software Engineering for Scientific Computing Lecture 8: Unstructured grids and sparse matrices Back to Poissons equation. 2 09/19/2017 CS294-73 Lecture 8 Some Vector Calculus x ,

358 views • 25 slides
Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software

Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software Process PSP: the background CMMI: Capability Maturity Model Integration (originally: CMM) From late 1980s,

718 views • 40 slides
Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering

Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering

Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering Crisis Nearly 1/3 of information technology (computer and software) projects were cancelled before completion Average overrun of project

376 views • 26 slides
Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology

Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology

Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology Future and Our Motivation 1. Automated reasoning, in particular theorem proving will remain central in software verification and program analysis.

881 views • 69 slides
Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti - Alessandra Gorla verification Engineering processes Engineering disciplines pair construction activities activities that check intermediate

801 views • 58 slides
CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock

CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock

CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock Trading System A customer approaches YOURSTRULYTradingSolutions with the need for an architecture design for an automated stock trading

192 views • 4 slides
CS 294-73 Software Engineering for Scientific Computing Lecture 5: More

CS 294-73 Software Engineering for Scientific Computing Lecture 5: More

CS 294-73 Software Engineering for Scientific Computing Lecture 5: More tools: Gmake, debuggers, git, visualization GNU Make (https://www.gnu.org/software/make/manual) A tricky bit of script parsing to manipulate files

345 views • 31 slides
Lecture 5: Project Management Software Engineering, SS 06 History What is a project? Every

Lecture 5: Project Management Software Engineering, SS 06 History What is a project? Every

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Lecturer: Hermann Lehner (http://sct.inf.ethz.ch/h) Slides: Based on KSE06 With kind permission of Peter Mller Lecture 5: Project

241 views • 3 slides
The case for agile methods (or: the Cubicle Strikes Back) Software Engineering, lecture 8:

The case for agile methods (or: the Cubicle Strikes Back) Software Engineering, lecture 8:

Three cultures of software development Chair of Software Engineering Three cultures: Software Engineering Prof. Dr. Bertrand Meyer Process Agile Software development: Object Process vs agile The first two are usually

467 views • 13 slides
Lecture 3 Parnas Information Hiding Announcement SSE: Students in Software Engineering

Lecture 3 Parnas Information Hiding Announcement SSE: Students in Software Engineering

Lecture 3 Parnas Information Hiding Announcement SSE: Students in Software Engineering http://www.edge.utexas.edu/sse/ Software Engineering Reading Group 11AM - 12PM on every other friday

719 views • 38 slides
formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum overview Universidade do Minho & INESC TEC ONERA DTIS & Universit fdrale de Toulouse Carnegie Mellon University

652 views • 31 slides
Finding Minimal Unsatisfiable Cores of Declarative Specifications Emina Torlak, Felix Chang and

Finding Minimal Unsatisfiable Cores of Declarative Specifications Emina Torlak, Felix Chang and

Finding Minimal Unsatisfiable Cores of Declarative Specifications Emina Torlak, Felix Chang and Daniel Jackson Formal Methods 08 Turku, Finland May 30, 2008 Testing alone is not enough to establish correctness testing: a few cases

933 views • 66 slides
Example interface with declarations signature ILIST = sig type a ilist (* nonempty; one

Example interface with declarations signature ILIST = sig type a ilist (* nonempty; one

Example interface with declarations signature ILIST = sig type a ilist (* nonempty; one element indicated *) val singletonOf : a -> a ilist val indicated : a ilist -> a val indicatorLeft : a ilist -> a ilist

670 views • 46 slides
Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song

Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song

Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song Jialiang Shen Yinghui Wu Washington State University Beijing University of Washington State University Posts and

362 views • 21 slides
Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy April 30 & May 1, 2018. Cambridge, MA Alloys widespread applications Program verification Design modeling and analysis PO POL Mo MonA

220 views • 21 slides
Two approaches to writing interfaces Interface projected from implementation: No

Two approaches to writing interfaces Interface projected from implementation: No

Two approaches to writing interfaces Interface projected from implementation: No separate interface Compiler extracts from implementation (CLU, Java class , Haskell) When code changes, must extract again Few cognitive

470 views • 21 slides
System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014

System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014

System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014 Project Paral-ITP ANR-11-INSE-001 Introduction Building blocks jEdit: sophisticated text editor implemented in Java http://www.jedit.org Scala:

474 views • 21 slides
Rotor: A Tool for Renaming Values in OCamls Module System Reuben N. S. Rowe, Hugo Fre,

Rotor: A Tool for Renaming Values in OCamls Module System Reuben N. S. Rowe, Hugo Fre,

Rotor: A Tool for Renaming Values in OCamls Module System Reuben N. S. Rowe, Hugo Fre, Simon J. Thompson, Scott Owens University of Kent, Canterbury Third International Workshop on Refactoring Tuesday 28 th May 2019, Montral, Canada

416 views • 28 slides

More recommend