Abstract
We describe how CSP-OZ, a formal method combining the process algebra CSP with the specification language Object-Z, can be integrated into an object-oriented software engineering process employing the UML as a modelling and Java as an implementation language. The benefit of this integration lies in the rigour of the formal method, which improves the precision of the constructed models and opens up the possibility of (1) verifying properties of models in the early design phases, and (2) checking adherence of implementations to models.
The envisaged application area of our approach is the design of distributed reactive systems. To this end, we propose a specific UML profile for reactive systems. The profile contains facilities for modelling components, their interfaces and interconnections via synchronous/broadcast communication, and the overall architecture of a system. The integration with the formal method proceeds by generating a significant part of the CSP-OZ specification from the initially developed UML model. The formal specification is on the one hand the starting point for verifying properties of the model, for instance by using the FDR model checker. On the other hand, it is the basis for generating contracts for the final implementation. Contracts are written in the Java Modeling Language (JML) complemented by CSPjassda, an assertion language for specifying orderings between method invocations. A set of tools for runtime checking can be used to supervise the adherence of the final Java implementation to the generated contracts.
Similar content being viewed by others
References
Ábrahám-Mumm E, de Boer FS, de Roever W-P, Steffen M (2002) Verification for Java’s reentrant multithreading concept. In: FoSSACS 2002, Vol 2303 of LNCS, Springer, Heidelberg, pp 4–20
Bolton Ch, Davies J (2002) Refinement in Object-Z and CSP. In: Butler M, Petre L, Sere K (eds) IFM 2002: integrated formal methods, number 2335 in LNCS, pp 225–244
Bartetzko D, Fischer C, Möller M, Wehrheim H (2001) Jass—Java with Assertions. In: Havelund K, Roşu G (eds) ENTCS, Vol 55. Elsevier http://www.elsevier.nl/locate/entcs/volume55.html
Brookes SD, Hoare CAR, Roscoe AW (1984) A theory of communicating sequential processes. J ACM 31: 560–599
Brörkens M, Möller M (2002) Dynamic event generation for runtime checking using the JDI. In: Havelund K, Rosu G (eds) ENTCS, Vol 70. Elsevier http://www.elsevier.nl/locate/entcs/volume70.html
Brörkens M (2002) Trace- und Zeit-Zusicherungen beim Programmieren mit Vertrag. Master’s thesis, University of Oldenburg, Department of Computing Science, January 2002
Cavalcanti A, Sampaio A (2002) From CSP-OZ to Java with processes. In: Workshop on formal methods for parallel programming, held in conjunction with international parallel and distributed processing symposium. IEEE CS Press, 2002. Contained in IPDPS collected proceedings CD-ROM
Cavalcanti A, Sampaio A, Woodcock J (2003) A refinement strategy for circus. Formal Aspects Comput 15(2-3): 146–181
Derrick J, Boiten EA (2003) Relational concurrent refinement. Formal Aspects Comput 15(2-3): 182–214
Davies J, Crichton Ch (2003) Concurrency and refinement in the unified modeling language. Formal Aspects Comput 15(2-3): 118–145
Damm W, Harel D (2001) LSCs: Breathing life into message sequence charts. Formal Methods Syst Des 19(1): 45–80
Damm W, Josko B, Pnueli A, Votintseva A (2005) A discrete-time UML semantics for concurrency and communication in safety-critical applications. Sci Comput Program 55(1-3)
Dupuy S, Ledru Y, Chabre-Peccoud M (2000) An overview of RoZ - a tool for integrating UML and Z specifications. In: 12th conference on advanced information systems engineering (CAiSE’2000)
Duke R, Rose G, Smith G (1995) Object-Z: A specification language advocated for the description of standards. Comput Stand Interfaces 17: 511–533
Drusinsky D (2000) The Temporal Rover and the ATG Rover. In: SPIN Modelchecking and Software Verification, volume 1885 of LNCS, Springer, Heidelberg, pp 323–330
Engels G, Küster J, Heckel R, Groenewegen L (2001) A methodology for specifying and analyzing consistency of object-oriented behavioral models. In: 9th ACM SigSoft symposium on foundations of software engineering, Vol 26 of ACM Software Engineering Notes
Formal Systems (Europe) Ltd. (2003) Failures-divergence refinement: FDR2 user manual, May 2003
Fischer C (1997) CSP-OZ: a combination of Object-Z and CSP. In: Bowman H, Derrick J (eds) Formal methods for open object-based distributed systems (FMOODS ’97), Vol 2. Chapman & Hall, London, pp 423–438
Fischer C (2000) Combination and implementation of processes and data: from CSP-OZ to Java. PhD thesis, Bericht Nr. 2/2000, University of Oldenburg, April 2000
Fischer C, Olderog E-R, Wehrheim H (2001) A CSP view on UML-RT structure diagrams. In: Hussmann H (ed) Fundamental approaches to software engineering (FASE’01), Vol 2029 of LNCS. Springer, Heidelberg, 2001, pp 91–108
Fecher H, Schönborn J, Kyas M, de Roever WP (2005) 29 new unclarities in the semantics of UML 2.0 state machines. In: ICFEM, Vol 3785 of LNCS. Springer, Heidelberg, 2005, pp 52–65
Fischer C, Wehrheim H (1999) Model-checking CSP-OZ specifications with FDR. In: Araki K, Galloway A, Taguchi K (eds) Proceedings of the first international conference on integrated formal methods (IFM). Springer, pp 315–334
Gosling J, Joy B, Steele G, Bracha G (2000) The Java language specification, second edition. Addison-Wesley, Reading
Gullekson G (2000) Designing for concurrency and distribution with Rational Rose RealTime. Technical report, Rational Software
Hatcliff J, Dwyer M (2001) Using the Bandera tool set to model-check properties of concurrent Java software. In: Larsen KG (ed) CONCUR 2001, LNCS. Springer, Heidelberg
Huisman M, Jacobs B (2000) Java program verification via a Hoare Logic with abrupt termination. In: Maibaum T (ed) Fundamental approaches to software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg, pp 284–303
Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs
Havelund K, Rosu G (2004) Efficient monitoring of safety properties. Softw Tools Technol Transf 6(2): 158–173
Havelund K, Rosu G (2004) An overview of the runtime verification tool java pathexplorer. Formal Methods Syst Des 24(2): 189–215
Jacobs B, van den Berg J, Huisman M, van Berkum M, Hensel U, Tews H (1998) Reasoning about Java classes (preliminary report). In: Proceedings OOPSLA 98, Vol 33 of ACM SIGPLAN notices, pp 329–340, Oct. 1998
The Java Modeling Language (JML) home page. http://www.jmlspecs.org/
Kramer R (1998) iContract—the Java Design by Contract tool. Technical report, Reliable Systems
Leavens GT, Baker AL, Ruby C (2003) Preliminary design of JML: a behavioral interface specification language for Java. Technical Report 98-06v, Iowa State Univ., Dept. of Computer Science, May 2003. See http://www.jmlspecs.org
Leavens GT, Cheon Y, Clifton C, Ruby C, Cok DR (2003) How the design of JML accomodates both runtime assertion checking and formal verification. In: FMCO’02, Vol 2852 of LNCS. Springer, Heidelberg
Leino KRM (2001) Extended static checking: a ten-year perspective. In: Wilhelm R (eds) Informatics—10 years back, 10 years ahead, Vol 2000 of LNCS. Springer, Heidelberg, pp 157–175
Leuschel M, Massart T, Currie A (2001) How to make FDR spin: LTL model checking of CSP by refinement. In: FME 2001: international symposium of formal methods Europe, Vol 2021 of LNCS. Springer, Heidelberg
Latella D, Majzik I, Massink M (1999) Automatic verification of a behavioural subset of UML statechart diagrams using the SPIN model-checker. Formal Aspects Comput 11: 430–445
OMG model driven architecture. Object Management Group. http://www.omg.org/mda
Meyer B (1997) Object-oriented software construction, 2nd edn. Prentice-Hall, Englewood Cliffs
Möller M (2002) Specifying and checking Java using CSP. In: Workshop on formal techniques for java-like programs—FTfJP’2002. Computing Science Department, University of Nijmegen, June 2002. Technical Report NIII-R0204
Oliveira M, Cavalcanti A (2004) From Circus to JCSP. In: Davies J, Schulte W, Barnett M (eds) ICFEM 2004, Vol 3308 of LNCS. Springer, Heidelberg, October 2004, pp 320–340
Olderog E-R, Hoare CAR (1986) Specification-oriented semantics for communicating processes. Acta Inform 23: 9–66
Olderog E-R, Wehrheim H (2005) Specification and (property) inheritance in CSP-OZ. Sci Comput Program 55: 227–257
Poetzsch-Heffter A, Meyer J (1999) Interactive verification environments for object-oriented languages. J Univ Comput Sci 5(3): 208–225
Reggio G, Astesiano E, Choppy C, Hussmann H (2000) Analysing UML active classes and associated state machines—a lightweight formal approach. In: Maibaum T (ed) Fundamental approaches to software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg
Rumbaugh J, Jacobson I, Booch G (1999) The unified modeling language reference manual. Object Technology Series. Addison-Wesley, Reading
Roscoe AW (1994) Model-checking CSP. In: Roscoe AW (eds) A classical mind—essays in honour of C.A.R. Hoare. Prentice-Hall, Englewood Cliffs, pp 353–378
Roscoe AW (1998) The theory and practice of concurrency. Prentice-Hall, Englewood Cliffs.
Rasch H, Wehrheim H (2003) Checking consistency in UML diagrams: classes and state machines. In: Najm E, Nestmann U, Stevens P (eds) Formal methods for open object-based distributed systems (FMOODS’03), Vol 2884 of LNCS. Springer, Heidelberg, pp 229–243
Rasch H, Wehrheim H (2005) Checking the validity of scenarios in UML models. In: Steffen M, Zavatarro G (eds) FMOODS 2005: formal methods for open, object-based distributed systems, Vol 3535 of LNCS. Springer, Heidelberg, pp 67–82
Snook C, Butler M (2005) UML-B: formal modelling and design aided by UML. ACM Trans Softw Eng Methodol
Scattergood JB (1998) The semantics and implementation of machine-readable CSP. PhD thesis, University of Oxford
Smith G, Derrick J (1997) Refinement and verification of concurrent systems specified in Object-Z and CSP. In: Hinchey M, Liu S (eds) International conference of formal engineering methods (ICFEM). IEEE, pp 293–302
Selic B, Gullekson G, Ward PT (1994) Real-time object-oriented modeling. Wiley, New York.
Stoerrle H, Hausmann JH (2005) Towards a formal semantics of UML 2.0 activities. In: Software engineering 2005, Vol P-64 of LNI. Gesellschaft fuer Informatik, pp 117–128
Schäfer T, Knapp A, Merz S (2001) Model checking UML state machines and collaborations. In: Stoller SD, Visser W (eds) ENTCS, Vol 55. Elsevier, Amsterdam
Smith G (1992) An object-oriented approach to formal specification. PhD thesis, Department of Computer Science, University of Queensland, St.Lucia 4072, Australia, October 1992
Smith G (2000) The object-Z specification language. Kluwer, Dordrecht.
Spivey JM (1998) The Z notation: a reference manual, 2nd edn. Prentice-Hall, Oxford.
Selic B, Rumbaugh J (1998) Using UML for modeling complex real-time systems. Technical report, ObjecTime
Treharne H, Schneider SA (2002) Communicating B machines. In: ZB2002: international conference of Z and B Users, Vol 2272 of LNCS. Springer, Heidelberg
OMG Unified Modeling Language specification, version 1.5, March 2003. http://www.omg.org
OMG Unified Modeling Language: Superstructure, version 2.0—final adopted specification, August 2003 http://www.omg.org
Wehrheim H (2000) Data abstraction techniques in the validation of CSP-OZ specifications. Formal Aspects Comput 12: 147–164
Wehrheim H (2000) Specification of an automatic manufacturing system – a case study in using integrated formal methods. In: Maibaum T (eds) Fundamental approaches of software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg, pp 334–348
Welch PH (2002) Process oriented design for Java: concurrency for all. In: Computational science—ICCS 2002, Vol 2330 of LNCS. Springer, Heidelberg, April 2002. Keynote Tutorial, pp 687–687
International Organisation for Standardization (2002) Information technology—Z formal specification notation—Syntax, type system and semantics, 1st edn, July 2002. ISO/IEC 13568:2002 (E) International Standard
Author information
Authors and Affiliations
Corresponding author
Additional information
This research was partially supported by the DFG project ForMooS (grants OL 98/3-2 and WE 2290/5-1).
C. B. Jones
Rights and permissions
About this article
Cite this article
Möller, M., Olderog, ER., Rasch, H. et al. Integrating a formal method into a software engineering process with UML and Java. Form Asp Comp 20, 161–204 (2008). https://doi.org/10.1007/s00165-007-0042-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-007-0042-7