Skip to main content
SpringerLink
Log in

Integrating a formal method into a software engineering process with UML and Java

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

We describe how CSP-OZ, a formal method combining the process algebra CSP with the specification language Object-Z, can be integrated into an object-oriented software engineering process employing the UML as a modelling and Java as an implementation language. The benefit of this integration lies in the rigour of the formal method, which improves the precision of the constructed models and opens up the possibility of (1) verifying properties of models in the early design phases, and (2) checking adherence of implementations to models.

The envisaged application area of our approach is the design of distributed reactive systems. To this end, we propose a specific UML profile for reactive systems. The profile contains facilities for modelling components, their interfaces and interconnections via synchronous/broadcast communication, and the overall architecture of a system. The integration with the formal method proceeds by generating a significant part of the CSP-OZ specification from the initially developed UML model. The formal specification is on the one hand the starting point for verifying properties of the model, for instance by using the FDR model checker. On the other hand, it is the basis for generating contracts for the final implementation. Contracts are written in the Java Modeling Language (JML) complemented by CSPjassda, an assertion language for specifying orderings between method invocations. A set of tools for runtime checking can be used to supervise the adherence of the final Java implementation to the generated contracts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ábrahám-Mumm E, de Boer FS, de Roever W-P, Steffen M (2002) Verification for Java’s reentrant multithreading concept. In: FoSSACS 2002, Vol 2303 of LNCS, Springer, Heidelberg, pp 4–20

  2. Bolton Ch, Davies J (2002) Refinement in Object-Z and CSP. In: Butler M, Petre L, Sere K (eds) IFM 2002: integrated formal methods, number 2335 in LNCS, pp 225–244

  3. Bartetzko D, Fischer C, Möller M, Wehrheim H (2001) Jass—Java with Assertions. In: Havelund K, Roşu G (eds) ENTCS, Vol 55. Elsevier http://www.elsevier.nl/locate/entcs/volume55.html

  4. Brookes SD, Hoare CAR, Roscoe AW (1984) A theory of communicating sequential processes. J ACM 31: 560–599

    Article  MATH  MathSciNet  Google Scholar 

  5. Brörkens M, Möller M (2002) Dynamic event generation for runtime checking using the JDI. In: Havelund K, Rosu G (eds) ENTCS, Vol 70. Elsevier http://www.elsevier.nl/locate/entcs/volume70.html

  6. Brörkens M (2002) Trace- und Zeit-Zusicherungen beim Programmieren mit Vertrag. Master’s thesis, University of Oldenburg, Department of Computing Science, January 2002

  7. Cavalcanti A, Sampaio A (2002) From CSP-OZ to Java with processes. In: Workshop on formal methods for parallel programming, held in conjunction with international parallel and distributed processing symposium. IEEE CS Press, 2002. Contained in IPDPS collected proceedings CD-ROM

  8. Cavalcanti A, Sampaio A, Woodcock J (2003) A refinement strategy for circus. Formal Aspects Comput 15(2-3): 146–181

    Article  MATH  Google Scholar 

  9. Derrick J, Boiten EA (2003) Relational concurrent refinement. Formal Aspects Comput 15(2-3): 182–214

    Article  MATH  Google Scholar 

  10. Davies J, Crichton Ch (2003) Concurrency and refinement in the unified modeling language. Formal Aspects Comput 15(2-3): 118–145

    Article  MATH  Google Scholar 

  11. Damm W, Harel D (2001) LSCs: Breathing life into message sequence charts. Formal Methods Syst Des 19(1): 45–80

    Article  MATH  Google Scholar 

  12. Damm W, Josko B, Pnueli A, Votintseva A (2005) A discrete-time UML semantics for concurrency and communication in safety-critical applications. Sci Comput Program 55(1-3)

  13. Dupuy S, Ledru Y, Chabre-Peccoud M (2000) An overview of RoZ - a tool for integrating UML and Z specifications. In: 12th conference on advanced information systems engineering (CAiSE’2000)

  14. Duke R, Rose G, Smith G (1995) Object-Z: A specification language advocated for the description of standards. Comput Stand Interfaces 17: 511–533

    Article  Google Scholar 

  15. Drusinsky D (2000) The Temporal Rover and the ATG Rover. In: SPIN Modelchecking and Software Verification, volume 1885 of LNCS, Springer, Heidelberg, pp 323–330

  16. Engels G, Küster J, Heckel R, Groenewegen L (2001) A methodology for specifying and analyzing consistency of object-oriented behavioral models. In: 9th ACM SigSoft symposium on foundations of software engineering, Vol 26 of ACM Software Engineering Notes

  17. Formal Systems (Europe) Ltd. (2003) Failures-divergence refinement: FDR2 user manual, May 2003

  18. Fischer C (1997) CSP-OZ: a combination of Object-Z and CSP. In: Bowman H, Derrick J (eds) Formal methods for open object-based distributed systems (FMOODS ’97), Vol 2. Chapman & Hall, London, pp 423–438

  19. Fischer C (2000) Combination and implementation of processes and data: from CSP-OZ to Java. PhD thesis, Bericht Nr. 2/2000, University of Oldenburg, April 2000

  20. Fischer C, Olderog E-R, Wehrheim H (2001) A CSP view on UML-RT structure diagrams. In: Hussmann H (ed) Fundamental approaches to software engineering (FASE’01), Vol 2029 of LNCS. Springer, Heidelberg, 2001, pp 91–108

  21. Fecher H, Schönborn J, Kyas M, de Roever WP (2005) 29 new unclarities in the semantics of UML 2.0 state machines. In: ICFEM, Vol 3785 of LNCS. Springer, Heidelberg, 2005, pp 52–65

  22. Fischer C, Wehrheim H (1999) Model-checking CSP-OZ specifications with FDR. In: Araki K, Galloway A, Taguchi K (eds) Proceedings of the first international conference on integrated formal methods (IFM). Springer, pp 315–334

  23. Gosling J, Joy B, Steele G, Bracha G (2000) The Java language specification, second edition. Addison-Wesley, Reading

  24. Gullekson G (2000) Designing for concurrency and distribution with Rational Rose RealTime. Technical report, Rational Software

  25. Hatcliff J, Dwyer M (2001) Using the Bandera tool set to model-check properties of concurrent Java software. In: Larsen KG (ed) CONCUR 2001, LNCS. Springer, Heidelberg

  26. Huisman M, Jacobs B (2000) Java program verification via a Hoare Logic with abrupt termination. In: Maibaum T (ed) Fundamental approaches to software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg, pp 284–303

  27. Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs

  28. Havelund K, Rosu G (2004) Efficient monitoring of safety properties. Softw Tools Technol Transf 6(2): 158–173

    Article  Google Scholar 

  29. Havelund K, Rosu G (2004) An overview of the runtime verification tool java pathexplorer. Formal Methods Syst Des 24(2): 189–215

    Article  MATH  Google Scholar 

  30. Jacobs B, van den Berg J, Huisman M, van Berkum M, Hensel U, Tews H (1998) Reasoning about Java classes (preliminary report). In: Proceedings OOPSLA 98, Vol 33 of ACM SIGPLAN notices, pp 329–340, Oct. 1998

  31. The Java Modeling Language (JML) home page. http://www.jmlspecs.org/

  32. Kramer R (1998) iContract—the Java Design by Contract tool. Technical report, Reliable Systems

  33. Leavens GT, Baker AL, Ruby C (2003) Preliminary design of JML: a behavioral interface specification language for Java. Technical Report 98-06v, Iowa State Univ., Dept. of Computer Science, May 2003. See http://www.jmlspecs.org

  34. Leavens GT, Cheon Y, Clifton C, Ruby C, Cok DR (2003) How the design of JML accomodates both runtime assertion checking and formal verification. In: FMCO’02, Vol 2852 of LNCS. Springer, Heidelberg

  35. Leino KRM (2001) Extended static checking: a ten-year perspective. In: Wilhelm R (eds) Informatics—10 years back, 10 years ahead, Vol 2000 of LNCS. Springer, Heidelberg, pp 157–175

    Google Scholar 

  36. Leuschel M, Massart T, Currie A (2001) How to make FDR spin: LTL model checking of CSP by refinement. In: FME 2001: international symposium of formal methods Europe, Vol 2021 of LNCS. Springer, Heidelberg

  37. Latella D, Majzik I, Massink M (1999) Automatic verification of a behavioural subset of UML statechart diagrams using the SPIN model-checker. Formal Aspects Comput 11: 430–445

    Article  Google Scholar 

  38. OMG model driven architecture. Object Management Group. http://www.omg.org/mda

  39. Meyer B (1997) Object-oriented software construction, 2nd edn. Prentice-Hall, Englewood Cliffs

  40. Möller M (2002) Specifying and checking Java using CSP. In: Workshop on formal techniques for java-like programs—FTfJP’2002. Computing Science Department, University of Nijmegen, June 2002. Technical Report NIII-R0204

  41. Oliveira M, Cavalcanti A (2004) From Circus to JCSP. In: Davies J, Schulte W, Barnett M (eds) ICFEM 2004, Vol 3308 of LNCS. Springer, Heidelberg, October 2004, pp 320–340

  42. Olderog E-R, Hoare CAR (1986) Specification-oriented semantics for communicating processes. Acta Inform 23: 9–66

    Article  MATH  MathSciNet  Google Scholar 

  43. Olderog E-R, Wehrheim H (2005) Specification and (property) inheritance in CSP-OZ. Sci Comput Program 55: 227–257

    Article  MATH  MathSciNet  Google Scholar 

  44. Poetzsch-Heffter A, Meyer J (1999) Interactive verification environments for object-oriented languages. J Univ Comput Sci 5(3): 208–225

    Google Scholar 

  45. Reggio G, Astesiano E, Choppy C, Hussmann H (2000) Analysing UML active classes and associated state machines—a lightweight formal approach. In: Maibaum T (ed) Fundamental approaches to software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg

  46. Rumbaugh J, Jacobson I, Booch G (1999) The unified modeling language reference manual. Object Technology Series. Addison-Wesley, Reading

  47. Roscoe AW (1994) Model-checking CSP. In: Roscoe AW (eds) A classical mind—essays in honour of C.A.R. Hoare. Prentice-Hall, Englewood Cliffs, pp 353–378

    Google Scholar 

  48. Roscoe AW (1998) The theory and practice of concurrency. Prentice-Hall, Englewood Cliffs.

    Google Scholar 

  49. Rasch H, Wehrheim H (2003) Checking consistency in UML diagrams: classes and state machines. In: Najm E, Nestmann U, Stevens P (eds) Formal methods for open object-based distributed systems (FMOODS’03), Vol 2884 of LNCS. Springer, Heidelberg, pp 229–243

    Google Scholar 

  50. Rasch H, Wehrheim H (2005) Checking the validity of scenarios in UML models. In: Steffen M, Zavatarro G (eds) FMOODS 2005: formal methods for open, object-based distributed systems, Vol 3535 of LNCS. Springer, Heidelberg, pp 67–82

    Google Scholar 

  51. Snook C, Butler M (2005) UML-B: formal modelling and design aided by UML. ACM Trans Softw Eng Methodol

  52. Scattergood JB (1998) The semantics and implementation of machine-readable CSP. PhD thesis, University of Oxford

  53. Smith G, Derrick J (1997) Refinement and verification of concurrent systems specified in Object-Z and CSP. In: Hinchey M, Liu S (eds) International conference of formal engineering methods (ICFEM). IEEE, pp 293–302

  54. Selic B, Gullekson G, Ward PT (1994) Real-time object-oriented modeling. Wiley, New York.

    MATH  Google Scholar 

  55. Stoerrle H, Hausmann JH (2005) Towards a formal semantics of UML 2.0 activities. In: Software engineering 2005, Vol P-64 of LNI. Gesellschaft fuer Informatik, pp 117–128

  56. Schäfer T, Knapp A, Merz S (2001) Model checking UML state machines and collaborations. In: Stoller SD, Visser W (eds) ENTCS, Vol 55. Elsevier, Amsterdam

  57. Smith G (1992) An object-oriented approach to formal specification. PhD thesis, Department of Computer Science, University of Queensland, St.Lucia 4072, Australia, October 1992

  58. Smith G (2000) The object-Z specification language. Kluwer, Dordrecht.

    MATH  Google Scholar 

  59. Spivey JM (1998) The Z notation: a reference manual, 2nd edn. Prentice-Hall, Oxford.

    Google Scholar 

  60. Selic B, Rumbaugh J (1998) Using UML for modeling complex real-time systems. Technical report, ObjecTime

  61. Treharne H, Schneider SA (2002) Communicating B machines. In: ZB2002: international conference of Z and B Users, Vol 2272 of LNCS. Springer, Heidelberg

  62. OMG Unified Modeling Language specification, version 1.5, March 2003. http://www.omg.org

  63. OMG Unified Modeling Language: Superstructure, version 2.0—final adopted specification, August 2003 http://www.omg.org

  64. Wehrheim H (2000) Data abstraction techniques in the validation of CSP-OZ specifications. Formal Aspects Comput 12: 147–164

    Article  MATH  Google Scholar 

  65. Wehrheim H (2000) Specification of an automatic manufacturing system – a case study in using integrated formal methods. In: Maibaum T (eds) Fundamental approaches of software engineering (FASE 2000), Vol 1783 of LNCS. Springer, Heidelberg, pp 334–348

    Chapter  Google Scholar 

  66. Welch PH (2002) Process oriented design for Java: concurrency for all. In: Computational science—ICCS 2002, Vol 2330 of LNCS. Springer, Heidelberg, April 2002. Keynote Tutorial, pp 687–687

  67. International Organisation for Standardization (2002) Information technology—Z formal specification notation—Syntax, type system and semantics, 1st edn, July 2002. ISO/IEC 13568:2002 (E) International Standard

Download references

Author information

Authors and Affiliations

  1. Department of Computing Science, University of Oldenburg, 26111, Oldenburg, Germany

    Michael Möller & Ernst-Rüdiger Olderog

  2. Department of Computer Science, University of Paderborn, 33098, Paderborn, Germany

    Holger Rasch & Heike Wehrheim

Authors
  1. Michael Möller
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernst-Rüdiger Olderog
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Holger Rasch
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Heike Wehrheim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Möller.

Additional information

This research was partially supported by the DFG project ForMooS (grants OL 98/3-2 and WE 2290/5-1).

C. B. Jones

Rights and permissions

Reprints and permissions

About this article

Cite this article

Möller, M., Olderog, ER., Rasch, H. et al. Integrating a formal method into a software engineering process with UML and Java. Form Asp Comp 20, 161–204 (2008). https://doi.org/10.1007/s00165-007-0042-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-007-0042-7

Keywords

Search

Navigation