Verification of Web Service Flows with Model-Checking Techniques
|
|
- Sharyl Randall
- 5 years ago
- Views:
Transcription
1 Verification of Web Service Flows with Model-Checking Techniques Shin NAKAJIMA Hosei University and PRESTO, JST Abstract UDDI register Web service is an emerging software technology to use remote services in the Internet. As it becomes pervasive, some language to describe Web service flows is needed to combine existing services flexibly. The flow essentially describes distributed collaborations and is not easy to write and verify, while the fault that the flow description may contain can only be detected at runtime. The faulty flow description is not desirable because a tremendous amount of publicly shared network resources are consumed. The verification of the Web service flow prior to its execution in the Internet is mandatory. This paper proposes to use the software model-checking technology for the verification of the Web service flow descriptions. For a concrete discussion, the paper adapts WSFL (Web Services Flow Language) as the language to describe the Web service flows, and uses the SPIN model-checker for the verification engine. The experiment shows that the software model-checking technology is usable as a basis for the verification of WSFL descriptions. 1 Introduction As using the Internet becomes a part of our daily activities, Web service, a new form of software technology to use remote services, is emerging [1][15]. The Web service is now considered as a new infrastructure for the e-business type applications. Generally, end-users find to use appropriate Web services that are located somewhere in the Internet. Further, it sometimes requires to combine more than one Web services to fulfill their needs. A concept of service aggregation, combining existing Web services easily as our needs change, is one of the key features of the technology. For the service aggregation to be a usable technology, it is apparent that a way of expressing the flow that describes how various Web services are composed is important. Since each Web service is a self-contained software system having its own threads of control, the flow description can be regarded as a kind of distributed collaboration. Unfortunately, lookup Client service interaction... Figure 1. Web Service such a distributed system is not easy to validate its correctness. Further, the faulty behavior that the system might have can only be detected at runtime due to the limitation of the current Web service technology. The faulty flow description is not desirable just seen from a viewpoint of the conventional software engineering. The situation with the Web service flow is worse than that because a tremendous amount of publicly shared network resources are consumed. It is apparent that the verification of the Web service flow prior to its execution in the Internet is mandatory [12]. This paper proposes to use the software model-checking technology [3] for the verification of the Web service flow descriptions. For a concrete discussion, the paper adapts WSFL (Web Services Flow Language) [10] as the language to describe the Web service flows, and uses the SPIN modelchecker [6] for the verification engine. The paper discusses in detail a method of verifying WSFL description by using SPIN. In particular, it presents an encoding method that translates WSFL primitives to Promela, the input specification language of SPIN. The experiment shows that the software model-checking technology is usable as a basis for the verification of WSFL descriptions. 2 Web Service Aggregation As Web service becomes pervasive, an end-user can use various services spread over the Internet [1][15]. It needs standardization for various aspects of the Web services to push the technology for a wide acceptance. Figure 1 illus-
2 trates a typical scenario that involves related technologies. UDDI (Universal Description, Discovery and Integration) [14] is a directory server, which uses [2] to describe properties of the Web services that UDDI manages. A global UDDI has entities, each describing properties of existing Web services (s); the properties are described in. A client searches the UDDI so that he finds appropriate Web services. Then, he initiates the service interactions with them. (Web Service Description Language), standardized by W3C, is a format meant to be used to describe the external interface of Web services, and uses the XML technology for the concrete representation. is essentially an XML document for representing the endpoint interface specification of the service, each of which provides information necessary for users to access. Figure 2 presents an illustration of the Web service aggregation. A typical example of such an aggregation is a travel agency. A travel agency has a variety of business partners such as airline carriers, hotels, rent-a-car agencies or railroad operation companies. The agency accepts requests directly from its customers to make itineraries with related reservations of hotels, airlines etc. When regarding each of its business partner as an independent Web service provider that has a definite for accesses from the outside, the travel agency actually implements a Web service flow as schematically shown in Figure 2. In addition, the travel agency can be a service provider that has its own for the clients to make accesses. The agency also registers itself in some global UDDI server. A concept of service aggregation, combining existing Web services, may be considered unique for the Web service technology. There are a lot of the Web services ready for the clients to use. The clients combine flexibly some of the existing Web services as their own needs change in an ad-hoc manner. The aggregation is essentially making the Web services to collaborate with each other; each of the services are self-contained software systems having its own threads of control. Thus, the description for the aggregation needs an explicit notion of both control and data flows among the Web services, that faithfully reflects the causal structure of the services. The flow essentially describes distributed collaborations. Up to now, two languages, WSFL [10] and XLANG [13], for describing Web service flows have been proposed. The aim of both languages is to augment with the behavioural aspects of the flow. By using one of the languages, end-users can express their own needs as programs or flow descriptions. It, however, needs a great care on submitting the descriptions to execute in the Internet. The flow descriptions may contain bugs because it is probable for end-users to write such flow descriptions in an ad-hoc manner. Buggy flow descriptions are not desirable just seen from Service Aggregation Figure 2. Web Service Aggregation Rollback Fault!! Figure 3. Faulty Flow Rollback a viewpoint of the conventional software engineering. It can, further, be argued that the situation with the Web service is worse than that because of the following reasons. 1. A lot of Web services are invoked before the flow reaches a point where the fault is found. The cost of rollback all the transactions executed within each service provider is high. Figure 3 shows the situation. 2. A lot of network traffic are consumed in order that network Web services are invoked. And all the consumed traffic is turned to be void at the point of the fault. It implies that a careless end-user, executing a buggy flow description, consumes tremendous amount of network resources that are shared publicly. Thus, verifying the Web service flow prior to its execution in the Internet is mandatory [12]. 3 Verification Method This section presents an approach to the verification with the software model checking techniques [3]. In order to make the discussion concrete, this paper adapts WSFL [10] as the flow description language and SPIN [6] as the verification engine. 3.1 Overview of Verification Process WSFL, as will be explained in Section 3.2.1, is essentially a workflow schema description language that is based on the net-oriented specification paradigm. The verification
3 WSFL Description Translation Promela Description SPIN (Model-Checker) Properties in LTL Figure 4. Verification Process OR-join AND-join flowsource flowsink Figure 5. WSFL Basis problem, thus, turns out to be one similar to the verification of workflow or business flow [4][8][11]. Figure 4 shows the verification process. The flow description written in WSFL is translated into Promela, the input specification language of SPIN. The properties to be checked are reachability, deadlock-freedom, or application specific progress properties. The application specific properties are expressed as formulae of LTL (Linear Temporal Logic), which are also fed into SPIN. 3.2 Formalization The formalization mainly concerns with the translation of a WSFL flow model into Promela processes. The Promela processes should faithfully encode the operational semantics of WSFL WSFL WSFL (Web Service Flow Language), proposed by IBM, is a net-oriented specification language, originated from a model of a workflow description language [9]. Each service invocation corresponds to a task of workflow and both control and data flows are represented as arcs relating task nodes. WSFL is meant to be a behavioural extension of, and is equipped with an XML-based concrete syntax. The core part of the behavioural aspect is a WSFL flow model. Figure 5 shows a schematic illustration. The WSFL flow model shows how the description combines the necessary existing Web services. An invocation of Web service, called a flow activity depicted as a circle in Figure 5, corresponds to a workflow node. Each activity may have an event of invoking some external service provider, accepting notification from the outside, or performing an internal action. Here, an internal action is assumed to be implemented in the platform that the flow model is executing. Both control (straight lines) and data (dotted lines) flows between the activities are links in Figure 5. A flow model starts with a single flowsource and ends with a single flowsink. Further, the activity may have join conditions, such as AND-join or OR-join, to express the control flow logically. The logical condition is posed on the input control flows of the activity. The flow model can itself define its own service provider type that can be used from the outside (either other flow model or service provider). The specification document [10] describes the operational semantics of the WSFL flow model. The semantics is based on the PM-flow [9] proposed by the same author as a workflow schema language. In a word, WSFL can be considered as an XML-based workflow schema language following the PM-flow model. The semantics is similar to that of CPN (Coloured Petri Nets) [7]. The operational semantics is essentially given in terms of a set of rules that select activities to be fired. More than one activity are simultaneously able to fire, which is the source of concurrency. WSFL provides a global model in addition to the flow model. The aim of the global model is just to combine more than one flow models to have a large specification. The global model is mostly concerned with a structural aspect, and thus will not be discussed further in the following sections SPIN and Promela SPIN is an automaton-based model-checker developed by G. J. Holzmann [6]. SPIN provides a specification language Promela that describes the target system to be a collection of Promela processes (automata) with channel communications. Figure 6 is an example specification of ABP (Alternating Bit Protocol) written in Promela [5]. The example consists of two Promela processes, Sender and Receiver to have communication by using two Promela channels, sender and receiver, of the buffer size 1 (NBUF), and a special process init to initialize the target system. The message transmitted via the channels is actually a datatype of short, and some values are defined in terms of #define for readability. The 1 The example in Figure 8 actually makes use of the WSFL global model.
4 Promela process uses a syntax similar to Hoare s CSP for the message send and receive. The! syntax such as in receiver!msg1 depicts a send action, while the? as in sender?ack1 is a receive action. The Promela processes are translated into a (product of) Büchi automaton. SPIN uses the internal representation in the form of LTS (Labeled Transition System) to find some faulty situations such as deadlocks. Further, SPIN allows to express various properties such as application specific progress properties in terms of LTL. The LTL formula is automatically translated by SPIN into Büchi automaton and thus is checked against the target system automaton. An LTL formula can have [] (always), <> (eventually) and U (strong until) as the temporal operators Translation Templates The translation templates assume a framework of the representation in Promela as follows; mapping a WSFL activity to a Promela process, mapping control and data links to Promela channels. First, a WSFL datalink has a unique name (name) and both the source and destination activities (source and target) as its attributes. <datalink name=... source=... target=... /> Second, a WSFL control link has further two attributes in addition to the attributes that a datalink has. A transitioncondition is a logical formula that controls when the transition fires. And result has a pattern of a message to fire the transition. When its source activity generates a message that matches with the specified pattern, the control link is marked as fire. <controllink name=... source=... target=... transitioncondition=... result=... /> Third, a WSFL activity has a name (name) and a termination condition (exitcondition) as its attributes, and has many kinds of component members; the input data (input) and output data (output), the join condition (join condition), the entity of the service provider (performedby), and the data conversion format (materialize). A concrete representation concerning with the invocation of the service provider is specified as <implement>...</implement>. The exitcondition may need a further explanation. After the service provider returns some result, the condition is checked. And when the condition is not satisfied, the #define NBUF 1 #define MSG0 10 #define MSG1 11 #define ACK0 12 #define ACK1 13 chan sender =[NBUF] of { short }; chan receiver =[NBUF] of { short }; proctype Sender() { short any; again: do :: receiver!msg1 -> if :: sender?ack1 -> break :: sender?any :: timeout fi od; do :: receiver!msg0 -> if :: sender?ack0 -> break :: sender?any :: timeout fi od; goto again } proctype Receiver() { short any; again: do :: receiver?msg1 -> sender!ack1; break :: receiver?msg0 -> sender!ack0 :: receiver?any od; P0: do :: receiver?msg0 -> sender!ack0; break :: receiver?msg1 -> sender!ack1 :: receiver?any od; P1: goto again } init { atomic { run Sender(); run Receiver() } } Figure 6. Promela Example
5 provider is executed again with possibly different input parameters. Otherwise the repetition is terminated. In sum, the exitcondition provides a mechanism for looping. <activity name=... exitcondition=... > <input name= /> <join condition= /> <materialize... /> <performedby... /> <implement>... </implement> <output name= /> </activity> According to the translation framework mentioned early, a link is mapped into a Promela channel. In the current encoding, a channel has two parameters; the first carrying a value to be transmitted, and the second referring to an identity of the sender activity 2. chan <CName> = [NBUF] of { short, short }; The Promela process corresponding to a WSFL activity takes a skeleton form below. proctype <Name> (<Formal Parameters>) { <Wait Loop> <Join Step> <Materialize Step> <Perform Step> <Call Exit Step> <Control Step> <Propagate Step> } A Promela process has formal parameters that correspond to all the input and output channels. Thus, when writing a Promela process, it is not necessary to worry about the concrete names of the linked flows. This is in accordance with the fact that the control and data link carry names of linked activities, but the activity does not. It is also expected to increase a reusability of the process description. It, however, requires to explicitly instantiate appropriate channels as the actual parameters when initializing the processes in init. In other word, the topology, reflecting how the activities are related with the control and data links, is described in the initialization process. It can increase the readability of the Promela specification text. init { atomic{ run <AName>(<CName>,...);... } } The explanations of each fragment in a Promela process description come in order. 2 The second parameter is not necessary, but added to be a help in debugging the translated Promela processes. <Wait Loop> It checks all the channels of the incoming control flows, and waits until all the channels have definite values. <Join Step> It reads out all the (logical) values from the control channels, and evaluates the join condition by using the extracted values. When the condition turns false, <Materialize Step> <Perform Step> and <Call Exit Step> are skipped. <Materialize Step> It extracts, from the input data links, the data necessary for the service provider to execute. <Perform Step> It kicks the service provider entity. It sends the required information to the service provider via an appropriate channel, or receives some notification information from a channel. It varies according to the way the original WSFL description specifies. <Call Exit Step> It evaluates the exit condition of the WSFL activity, and decides whether the <Perform Step> is executed again or not. <Control Step> It computes the information that will flow along the output control links. It also does some evaluation relating to the transitioncondition and result of the control links. <Propagate Step> It propagates the informations along all the output links of both control and data. In the case that <performedby... /> specifies an outside service provider, the <Perform Step> in the Promela process is responsible for dealing with a call and return. A WSFL service provider has several ports, each of which in turn has more than one operations. The Promela counterpart should have means to identify which operation is involved in each Promela channel send or receive action. The current encoding defines a channel to have three parameters; the first carrying a value to be transmitted, the second having an encoding of the operation and port information, and third referring to an identity of the sender activity 3. chan <ChName> = [NBUF] of { short, short, short }; 3 The third parameter is not necessary, but added for a debugging purpose.
6 A p D q B r C OR-join Traveler Agent Airline Plan Trip Submit to Travel Agent Receive Ticket Get Trip Order Select Legs Order Ticket Get Confirmation Generate Itinerary Get Ticket Order Reserve Seats Charge Credit Card Confirm Flights Figure 7. Dead-Path Elimination Receive Itinerary Issue Itinerary Issue etickets Figure 8. Ticket Order Example Dead-Path Elimination The operational semantics of WSFL is somewhat complicated due to Dead-Path Elimination (DPE). Figure 7, extracted from the specification document [10], explains why DPE is needed. In Figure 7, the activity A has its result p to be true and the r of the activity B false. Since r is false, the activity C will never be executed. Therefore, the join condition of the activity D will also be never evaluated. The activity D, however, can in principle be executed because its join condition is OR and one of its input control link p is already known to be true. In a word, the activity D can be executed logically, but its join condition will never be evaluated in the naive semantics of WSFL. The DPE of WSFL provides a means to resolve such pseudo faulty situations. DPE starts its execution when a join condition becomes false, or when there is an activity having only a single input control link with false. DPE traverses the flow model downward to eliminate the pseudo faulty situations by forcing the related join condition to be evaluated. DPE uses false values when it needs logical calculation in the evaluation process. In order to introduce DPE, the Promela model extends the logical values consulted in the evaluation of the join conditions to have forced. The forced value is generated and flowed downward exactly when the above mentioned DPE starts, and is interpreted as false in the evaluation of the join conditions. The Promela process needs some modifications to include DPE in the <Join Step> and <Control Step>. 3.3 Property Checking Examples This section uses a concrete example to explain how the property checking is conducted. Figure 8 is a schematic illustration of the example derived from the specification document [10]. The example has three WSFL flow models, Traveler, Agent, and AirLine. The Promela description is obtained by following the translation template method discussed in Section The code size is about 700 lines of Promela source text. The experiment adapts a verification method consisting of two steps. 1. Individual Flow Check The first step checks Promela description for each flow model individually. The description consists of the flow model itself and an environment model that provides information necessary to check the flow. For the case of Traveler, the environment should accepts a request (Submit to Travel Agent), and generates two notifications (Itinerary and Ticket) afterwards. The checks conducted in this step mostly concerns with the reachability and deadlock freedom. The progress property is trivial because the flows are almost sequential. 2. Aggregate Flow Check The second step deals with the whole flow model. The three constituent flow models exchange informations that are depicted as dotted lines in Figure 8. The checks concern with the reachability and deadlock freedom. And some application specific properties, expressed as LTL formulae, are also checked. In order to show the effectiveness of the model-checking technique, a first version of Agent is assumed to have an error behaviour in that it does not return Itinerary to the caller Traveler. This error may not be uncovered by the individual flow check of Agent. It is because whether generating Itinerary or not does not make effect on the correctness of the internal behaviour of Agent. The error can be discovered by the aggregate flow check where all the WSFL flow descriptions are merged. The aggregate model results in a deadlock because Traveler waits indefinitely for Itinerary delivered by Agent. After the verification, one may remedy Agent to show correct behaviour.
7 SPIN shows that the corrected version does not have any deadlock state by searching the whole state space. As an example of application-specific progress properties, the formula below for the case of Traveler is checked. It says that it is always ([]) the case that if there is an event of SubmitToTravelAgent then eventually (<>) ReceiveTicket and ReceiveItinerary are followed. [](SubmitToTravelAgent -> (<>ReceiveTicket && <>ReceiveItinerary) The aggregate flow turns to be a large transition system with about 280 thousands of states and about 470 thousands of transitions. It is because three flow models are analyzed as they execute concurrently, while each flow executes almost sequentially as Figure 8 suggests. Actually the size of each flow model is small. Airline, for example, has only 201 states and 586 transitions. 3.4 Discussions A large part of the WSFL specification document [10] concerns with the relationship between and messages in WSFL. This paper only considers behavioural aspects of WSFL flow model, which focuses on the information flowing along the control and data links. It does not deal with any check relating to the actual values that the service providers generate nor anything similar to typechecking. It is because the behavioural aspect is more important for distributed systems than the type or value checking. The present technique should be combined with other approaches if one wants to conduct the type or value checking. It is sometimes argued that the translation approach, such as the one in the present paper, has disadvantage that the outcome of the analysis is not easy to feedback on the input specification descriptions. In the present approach, one can obtain fault traces from SPIN if some faulty behaviour exist in the Promela description. It should find WSFL counter parts that are the source of the fault. As shown in Section 3.2.3, the translation is almost straight-forward. Further, most of the possible faults can be detected as a deadlock situation, in which a certain Promela process waits for values from its incoming channels. Since the correspondence between WSFL links and Promela channels and those of WSFL activities and Promela processes are clear, it is not difficult to locate faulty points in the WSFL descriptions. It is also not hard to formulate another set of templates that translate the Promela description back to the WSFL descriptions. This paper deals with WSFL as the specification language for Web service flow descriptions. XLANG [13], coming from Microsoft, is another language for describing Web service flows. It is expression-oriented and has a set of concurrency primitives. For example, all executes each of the specified sub-processes (blocks) concurrently. Unfortunately, it is not clear from the specification document [13] whether XLANG has precise semantics or not. Further, since XLANG is based on the computational model quite different from that of WSFL, it is not easy to apply the technique presented in the paper to XLANG. 4 Conclusion This paper first presented a discussion on the importance of verifying Web service flows. It then proposed to apply the software model-checking techniques to the subject matter. The paper used WSFL as the Web service flow language and SPIN as the model-checker. In order to model-check the WSFL descriptions, the paper formulated a set of translation templates that provided means to translate WSFL primitives into Promela, the input specification language of SPIN. It also presented simple examples in that some nontrivial faulty behaviors can be detected with SPIN. We currently work on the development of an integrated verification environment which hides the details of Promela/SPIN from the users of the tool. References [1] M. Aoyama. Introduction to Software Service Technologies (in Japanese). In IPSJ Magazine, Vol. 42, No. 9, pages , September [2] E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana. Web Service Description Language (). W3C Web Site, [3] E. Clarke, O. Grumberg, and D. Peled. Model Checking. The MIT Press, [4] H. Eertink, W. Janssen, P.O. Luttighuis, W. Teeuw, and C. Vissers. A Business Process Design Language, In Proc. FME FM 99, pages 76 95, September [5] G.J. Holzmann. Design and Validation of Computer Protocols. Prentice Hall, [6] G.J. Holzmann. The Model Checker SPIN. IEEE Trans. Soft. Engin., Vol.23, No.5, pages , May [7] K. Jensen. Coloured Petri Nets 1. Springer-Verlag, [8] C. Karamanolis, D. Giannakopoulou, J. Magee, and S.M. Wheater. Model Checking of Workflow Schemas. In Proc. IEEE EDOC 2000, pages , September 2000.
8 [9] F. Leymann and W. Altenhuber. Managing Business Processes as an Information Resource. IBM System Journal, vol.33, no.2, pages , [10] F. Leymann. Web Services Flow Language (WSFL 1.0). IBM Corporation, May [11] S. Nakajima. Verifying Business Flow Diagrams with CCS (in Japanese). In Proc. 1st JSSST Workshop on FOSE, pages , December [12] S. Nakajima. On Verifying Web Service Flows. In Proc. SAINT 2002 Workshop, pages , January Presented at WebSE 2002 [15]. [13] S. Thatte. XLANG Web Services for Business Process Design. Microsoft Corporation, May [14] UDDI Web Site. UDDI Technical White Paper. September [15] WebSE International Workshop on Web Service Engineering. Nara, February 2002.
Lightweight formal analysis of Web service flows
Progress in Informatics, No. 2, pp. 57-76, (2005) 57 Research Paper Lightweight formal analysis of Web service flows Shin NAKAJIMA National Institute of Informatics ABSTRACT BPEL (Business Process Execution
More informationTOWARDS AUTOMATED VERIFICATION OF WEB SERVICES
TOWARDS AUTOMATED VERIFICATION OF WEB SERVICES Cátia Vaz INESC-ID Lisboa, ISEL-IPL Rua Alves Redol 9, 1000-029 Lisboa cvaz@cc.isel.ipl.pt Carla Ferreira INESC-ID, IST-UTL Rua Alves Redol 9, 1000-029 Lisboa
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationDistributed Systems Programming (F21DS1) SPIN: Simple Promela INterpreter
Distributed Systems Programming (F21DS1) SPIN: Simple Promela INterpreter Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview
More informationFormal Verification of BPEL4WS Business Collaborations
Formal Verification of BPEL4WS Business Collaborations Jesús Arias Fisteus, Luis Sánchez Fernández, and Carlos Delgado Kloos Telematic Engineering Department Carlos III University of Madrid Avda. Universidad,
More informationComputer Aided Verification 2015 The SPIN model checker
Computer Aided Verification 2015 The SPIN model checker Grigory Fedyukovich Universita della Svizzera Italiana March 11, 2015 Material borrowed from Roberto Bruttomesso Outline 1 Introduction 2 PROcess
More informationLecture 3 SPIN and Promela
Lecture 3 SPIN and Promela 1 What is SPIN(Simple Promela INterpreter) A tool for analyzing mels of concurrent systems Mels described in Promela Language with concurrent processes Communication via shared
More informationDistributed Systems Programming (F21DS1) SPIN: Formal Analysis II
Distributed Systems Programming (F21DS1) SPIN: Formal Analysis II Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Introduce
More informationIssues on Decentralized Consistency Checking of Multi-lateral Collaborations
Issues on Decentralized Consistency Checking of Multi-lateral Collaborations Andreas Wombacher University of Twente Enschede The Netherlands a.wombacher@utwente.nl Abstract Decentralized consistency checking
More informationApplications of Formal Verification
Applications of Formal Verification Model Checking: Introduction to PROMELA Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State of Baden-Württemberg
More informationModel checking Timber program. Paweł Pietrzak
Model checking Timber program Paweł Pietrzak 1 Outline Background on model checking (spam?) The SPIN model checker An exercise in SPIN - model checking Timber Deriving finite models from Timber programs
More informationAdaptive Web Transactions: An Approach for Achieving the Atomicity of Composed Web Services
: An Approach for Achieving the Atomicity of Composed Web Services L. Pajunen, J. Korhonen, J. Puustjärvi Software Business and Engineering Institute, Helsinki University of Technology, P.O. Box 9600,
More informationApplications of Formal Verification
Applications of Formal Verification Model Checking: Introduction to PROMELA Prof. Dr. Bernhard Beckert Dr. Vladimir Klebanov SS 2012 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationA Technical Comparison of XPDL, BPML and BPEL4WS
A Technical Comparison of XPDL, BPML and BPEL4WS Robert Shapiro 1 Introduction XML-based business process languages represent a new approach to expressing abstract and executable processes that address
More informationTool demonstration: Spin
Tool demonstration: Spin 1 Spin Spin is a model checker which implements the LTL model-checking procedure described previously (and much more besides). Developed by Gerard Holzmann of Bell Labs Has won
More informationModel Requirements and JAVA Programs MVP 2 1
Model Requirements and JAVA Programs MVP 2 1 Traditional Software The Waterfall Model Problem Area Development Analysis REVIEWS Design Implementation Costly wrt time and money. Errors are found too late
More informationWhat is SPIN(Simple Promela Interpreter) Material About SPIN. Elements of Promela. Basic Variables and Types. Typical Structure of Promela Model
What is SPIN(Simple Promela Interpreter) Lecture 3 SPIN and Promela A tool for analyzing mels of reactive systems Mels described in Promela Language with concurrent processes, Communication via channels,
More informationNetwork Protocol Design and Evaluation
Network Protocol Design and Evaluation 05 - Validation, Part I Stefan Rührup Summer 2009 Overview In the last lectures: Specification of protocols and data/message formats In this chapter: Building a validation
More informationApplications of Formal Verification
Applications of Formal Verification Model Checking: Introduction to PROMELA Prof. Dr. Bernhard Beckert Dr. Vladimir Klebanov SS 2010 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationAutomated Reasoning. Model Checking with SPIN (II)
Automated Reasoning Model Checking with SPIN (II) Alan Bundy page 1 Verifying Global Properties Assertions can be used to verify a property locally For example, place assert(memreturned) at the end of
More informationNetwork Protocol Design and Evaluation
Network Protocol Design and Evaluation 05 - Validation, Part III Stefan Rührup Summer 2009 Overview In the first parts of this chapter: Validation models in Promela Defining and checking correctness claims
More informationCopyright 2008 CS655 System Modeling and Analysis. Korea Advanced Institute of Science and Technology
The Spin Model Checker : Part I Copyright 2008 CS655 System Korea Advanced Institute of Science and Technology System Spec. In Promela Req. Spec. In LTL Overview of the Spin Architecture Spin Model pan.c
More informationWhat is SPIN(Simple Promela Interpreter) Elements of Promela. Material About SPIN. Basic Variables and Types. Typical Structure of Promela Model
What is SPIN(Simple Promela Interpreter) Lecture XX SPIN and Promela A tool for analyzing mels of reactive systems Mels described in Promela Language with concurrent processes, Communication via channels,
More informationModeling, Testing and Executing Reo Connectors with the. Reo, Eclipse Coordination Tools
Replace this file with prentcsmacro.sty for your meeting, or with entcsmacro.sty for your meeting. Both can be found at the ENTCS Macro Home Page. Modeling, Testing and Executing Reo Connectors with the
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationthese developments has been in the field of formal methods. Such methods, typically given by a
PCX: A Translation Tool from PROMELA/Spin to the C-Based Stochastic Petri et Language Abstract: Stochastic Petri ets (SPs) are a graphical tool for the formal description of systems with the features of
More informationFORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY Pamela Zave AT&T Laboratories Research Florham Park, New Jersey, USA
More informationDesign and Analysis of Distributed Interacting Systems
Design and Analysis of Distributed Interacting Systems Lecture 5 Linear Temporal Logic (cont.) Prof. Dr. Joel Greenyer May 2, 2013 (Last Time:) LTL Semantics (Informally) LTL Formulae are interpreted on
More informationThe UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN
The UPPAAL Model Checker Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The aim of this presentation Introduce the basic concepts of model checking from a practical perspective Describe
More informationFormal Specification and Verification
Formal Specification and Verification Introduction to Promela Bernhard Beckert Based on a lecture by Wolfgang Ahrendt and Reiner Hähnle at Chalmers University, Göteborg Formal Specification and Verification:
More informationModeling Interactions of Web Software
Modeling Interactions of Web Software Tevfik Bultan Department of Computer Science University of California Santa Barbara, CA 9106 bultan@cs.ucsb.edu Abstract Modeling interactions among software components
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini GianLuigi Ferrari Lezione 3 2011 Slides per gentile concessione di Gerard J. Holzmann 2 the do-statement do :: guard 1 -> stmnt 1.1
More informationAn Approach for Modeling and Analyzing Dynamic Software Architectures
2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD) An Approach for Modeling and Analyzing Dynamic Software Architectures Junhua Ding Department
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Introduction to Promela Wolfgang Ahrendt 03 September 2015 SEFM: Promela /GU 150903 1 / 36 Towards Model Checking System Model Promela Program byte n = 0; active
More informationThe Spin Model Checker : Part I/II
The Spin Model Checker : Part I/II Moonzoo Kim CS Dept. KAIST Korea Advanced Institute of Science and Technology Motivation: Tragic Accidents Caused by SW Bugs 2 Cost of Software Errors June 2002 Software
More informationINF5140: Specification and Verification of Parallel Systems
INF5140: Specification and Verification of Parallel Systems Lecture 09 Defining Correctness Claims Gerar Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerar Schneider (Ifi,
More informationTransforming UML Collaborating Statecharts for Verification and Simulation
Transforming UML Collaborating Statecharts for Verification and Simulation Patrick O. Bobbie, Yiming Ji, and Lusheng Liang School of Computing and Software Engineering Southern Polytechnic State University
More informationLTL Reasoning: How It Works
Distributed Systems rogramming F21DS1 LTL Reasoning: How It Works Andrew Ireland School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Distributed Systems rogramming F21DS1 2 Overview
More informationDistributed Systems Programming (F21DS1) SPIN: Formal Analysis I
Distributed Systems Programming (F21DS1) SPIN: Formal Analysis I Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Introduce
More informationwant turn==me wait req2==0
Uppaal2k: Small Tutorial Λ 16 October 2002 1 Introduction This document is intended to be used by new comers to Uppaal and verification. Students or engineers with little background in formal methods should
More informationReading assignment: Reviews and Inspections
Foundations for SE Analysis Reading assignment: Reviews and Inspections M. E. Fagan, "Design and code inspections to reduce error in program development, IBM Systems Journal, 38 (2&3), 1999, pp. 258-287.
More informationPromela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN
Promela and SPIN Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH Promela and SPIN Promela (Protocol Meta Language): Language for modelling discrete, event-driven
More informationPage 1. Reading assignment: Reviews and Inspections. Foundations for SE Analysis. Ideally want general models. Formal models
Reading assignment: Reviews and Inspections Foundations for SE Analysis M. E. Fagan, "Design and code inspections to reduce error in program development, IBM Systems Journal, 38 (2&3), 999, pp. 258-28.
More informationGoals of the BPEL4WS Specification
Goals of the BPEL4WS Specification Frank Leymann, Dieter Roller, and Satish Thatte This note aims to set forward the goals and principals that formed the basis for the work of the original authors of the
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Introduction to Promela Wolfgang Ahrendt & Richard Bubel & Reiner Hähnle & Wojciech Mostowski 31 August 2011 SEFM: Promela /GU 110831 1 / 35 Towards Model Checking
More informationIntroduction to Model Checking
Introduction to Model Checking René Thiemann Institute of Computer Science University of Innsbruck WS 2007/2008 RT (ICS @ UIBK) week 4 1/23 Outline Promela - Syntax and Intuitive Meaning Promela - Formal
More informationPatrick Trentin Formal Methods Lab Class, March 03, 2017
Spin: Introduction Patrick Trentin patrick.trentin@unitn.it http://disi.unitn.it/trentin Formal Methods Lab Class, March 03, 2017 These slides are derived from those by Stefano Tonetta, Alberto Griggio,
More informationModel Checking Object-Z Specification Using SPIN
Sensors & Transducers 2013 by IFSA http://www.sensorsportal.com Model Checking Object-Z Specification Using SPIN 1 Lei Xiao, 2 Gongzheng Lu, 1 Shunzhi Zhu 1 School of Computer and Information Engineering
More informationSPIN part 2. Verification with LTL. Jaime Ramos. Departamento de Matemática, Técnico, ULisboa
SPIN part 2 Verification with LTL Jaime Ramos Departamento de Matemática, Técnico, ULisboa Borrowed from slides by David Henriques, Técnico, ULisboa LTL model checking How Spin works Checks non-empty intersection
More informationDesign of Internet Protocols:
CSCI 234 Design of Internet Protocols: George Blankenship George Blankenship 1 Outline Verication and Validation History and motivation Spin Promela language Promela model George Blankenship 2 Verication
More informationFormal Methods for Software Development
Formal Methods for Software Development Model Checking with Temporal Logic Wolfgang Ahrendt 21st September 2018 FMSD: Model Checking with Temporal Logic /GU 180921 1 / 37 Model Checking Check whether a
More informationManaging test suites for services
Managing test suites for services Kathrin Kaschner Universität Rostock, Institut für Informatik, 18051 Rostock, Germany kathrin.kaschner@uni-rostock.de Abstract. When developing an existing service further,
More informationThe Maude LTL Model Checker and Its Implementation
The Maude LTL Model Checker and Its Implementation Steven Eker 1,José Meseguer 2, and Ambarish Sridharanarayanan 2 1 Computer Science Laboratory, SRI International Menlo Park, CA 94025 eker@csl.sri.com
More informationFORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY Pamela Zave AT&T Laboratories Research Florham Park, New Jersey, USA
More informationWS-BPEL 2.0 Features and Status Overview
WS-BPEL 2.0 Features and Status Overview Charlton Barreto Adobe Senior Computer Scientist/Architect charltonb@adobe.com WS-BPEL Features and Status Advanced features Abstract and executable processes Changes
More informationFlight Systems are Cyber-Physical Systems
Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November
More informationSPIN, PETERSON AND BAKERY LOCKS
Concurrent Programs reasoning about their execution proving correctness start by considering execution sequences CS4021/4521 2018 jones@scss.tcd.ie School of Computer Science and Statistics, Trinity College
More informationAnalyzing Conversations of Web Services
Analyzing Conversations of Web Services Tevfik Bultan 1 Xiang Fu 2 Jianwen Su 1 1 Department of Computer Science, University of California, Santa Barbara Santa Barbara, CA 91306, USA. {bultan, su}@cs.ucsb.edu.
More informationApplicant and Traveler s Guide
Manual: July 2015 Applicant and Traveler s Guide Contents 1. Introduction... 4 2. Online Request... 4 2.1 Booking an Air Segment Online... 4 2.2 Booking Accommodation Online... 7 2.3 Car Rental... 9 3.
More informationUsing Spin to Help Teach Concurrent Programming
Using Spin to Help Teach Concurrent Programming John Regehr May 1, 1998 1 Introduction and Motivation Writing correct concurrent programs is very difficult; race conditions, deadlocks, and livelocks can
More informationSimple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer
Simple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer Minimal List Common Syntax is provided by XML To allow remote sites to interact with each other: 1. A common
More informationSPIN: Part /614 Bug Catching: Automated Program Verification. Sagar Chaki November 12, Carnegie Mellon University
SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki November 12, 2012 What is This All About? Spin On-the-fly verifier developed at Bell-labs by Gerard Holzmann and others
More informationWeb Services Architecture Directions. Rod Smith, Donald F Ferguson, Sanjiva Weerawarana IBM Corporation
Web Services Architecture Directions Rod Smith, Donald F Ferguson, Sanjiva Weerawarana 1 Overview Today s Realities Web Services Architecture Elements Web Services Framework Conclusions & Discussion 2
More informationSPIN: Introduction and Examples
SPIN: Introduction and Examples Alessandra Giordani agiordani@disi.unitn.it http://disi.unitn.it/~agiordani Formal Methods Lab Class, September 28, 2014 *These slides are derived from those by Stefano
More informationAlgorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)
Algorithmic Verification The software crisis (and hardware as well) Algorithmic Verification Comp4151 Lecture 1-B Ansgar Fehnker Computer become more powerful (Moore s law) The quality of programs cannot
More informationTowards a formal framework for Choreography
1 Towards a formal framework for Choreography Nadia Busi, Roberto Gorrieri, Claudio Guidi, Roberto Lucchi and Gianluigi Zavattaro Department of Computer Science Mura Anteo Zamboni, 7 40127 Bologna - Italy
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 4, Jul-Aug 2015
RESEARCH ARTICLE OPEN ACCESS Multi-Lingual Ontology Server (MOS) For Discovering Web Services Abdelrahman Abbas Ibrahim [1], Dr. Nael Salman [2] Department of Software Engineering [1] Sudan University
More informationCODING TCPN MODELS INTO THE SIMIO SIMULATION ENVIRONMENT
CODING TCPN MODELS INTO THE SIMIO SIMULATION ENVIRONMENT Miguel Mujica (a), Miquel Angel Piera (b) (a,b) Autonomous University of Barcelona, Faculty of Telecommunications and Systems Engineering, 08193,
More informationIntroduction to Software Engineering. 6. Modeling Behaviour
Introduction to Software Engineering 6. Modeling Behaviour Roadmap > Use Case Diagrams > Sequence Diagrams > Collaboration (Communication) Diagrams > Activity Diagrams > Statechart Diagrams Nested statecharts
More informationTo be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability
More informationProgramming Assignment
Programming Assignment Multi-core nested depth-first search in Java Introduction In this assignment, you will implement a multi-core nested depth-first search algorithm (MC-NDFS). Sequential NDFS is a
More informationRAMAN N. CHIKKAMAGALUR
A WEB SERVICES FLOW LANGUAGE (WSFL) ENGINE FOR THE ENACTMENT OF COMPOSITE WEB SERVICES By RAMAN N. CHIKKAMAGALUR A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT
More informationComputer Lab 1: Model Checking and Logic Synthesis using Spin (lab)
Computer Lab 1: Model Checking and Logic Synthesis using Spin (lab) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu Calornia Institute of Technology AFRL, 25 April 2012 Outline Spin model checker: modeling
More informationCLAN: A Tool for Contract Analysis and Conflict Discovery
CLAN: A Tool for Contract Analysis and Conflict Discovery Stephen Fenech 1, Gordon J. Pace 1, and Gerardo Schneider 2 1 Dept. of Computer Science, University of Malta, Malta 2 Dept. of Informatics, University
More informationOn Nested Depth First Search
DIMACS Series in Discrete Mathematics and Theoretical Computer Science Volume 32, 1997 On Nested Depth First Search Gerard J. Holzmann, Doron Peled, and Mihalis Yannakakis The SPIN. ABSTRACT. We show in
More informationSpecification and Generation of Environment for Model Checking of Software Components *
Specification and Generation of Environment for Model Checking of Software Components * Pavel Parizek 1, Frantisek Plasil 1,2 1 Charles University, Faculty of Mathematics and Physics, Department of Software
More informationSoftware Service Engineering
Software Service Engineering Lecture 4: Service Modeling Doctor Guangyu Gao Some contents and notes selected from Service Oriented Architecture by Michael McCarthy 1. Place in Service Lifecycle 2 Content
More informationFormal Methods for Software Development
Formal Methods for Software Development Verification with Spin Wolfgang Ahrendt 07 September 2018 FMSD: Spin /GU 180907 1 / 34 Spin: Previous Lecture vs. This Lecture Previous lecture Spin appeared as
More informationFormal Verification: Practical Exercise Model Checking with NuSMV
Formal Verification: Practical Exercise Model Checking with NuSMV Jacques Fleuriot Daniel Raggi Semester 2, 2017 This is the first non-assessed practical exercise for the Formal Verification course. You
More informationMulti-Threaded System int x, y, r; int *p, *q, *z; int **a; EEC 421/521: Software Engineering. Thread Interleaving SPIN. Model Checking using SPIN
EEC 421/521: Software Engineering Model Checking using SPIN 4/29/08 EEC 421/521: Software Engineering 1 Multi-Threaded System int x, y, r; int *p, *q, *z; int **a; thread_1(void) /* initialize p, q, and
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More informationSpin: Overview of PROMELA
Spin: Overview of PROMELA Patrick Trentin patrick.trentin@unitn.it http://disi.unitn.it/trentin Formal Methods Lab Class, March 10, 2017 These slides are derived from those by Stefano Tonetta, Alberto
More informationPatrick Trentin Formal Methods Lab Class, Feb 26, 2016
Spin: Introduction Patrick Trentin patrick.trentin@unitn.it http://disi.unitn.it/~trentin Formal Methods Lab Class, Feb 26, 2016 These slides are derived from those by Stefano Tonetta, Alberto Griggio,
More informationŁabiak G., Miczulski P. (IIE, UZ, Zielona Góra, Poland)
UML STATECHARTS AND PETRI NETS MODEL COMPARIS FOR SYSTEM LEVEL MODELLING Łabiak G., Miczulski P. (IIE, UZ, Zielona Góra, Poland) The system level modelling can be carried out with using some miscellaneous
More informationExperiences with OWL-S, Directions for Service Composition:
Experiences with OWL-S, Directions for Service Composition: The Cashew Position Barry Norton 1 Knowledge Media Institute, Open University, Milton Keynes, UK b.j.norton@open.ac.uk Abstract. Having used
More informationThe Spin Model Checker : Part I. Moonzoo Kim KAIST
The Spin Model Checker : Part I Moonzoo Kim KAIST Hierarchy of SW Coverage Criteria Complete Value Coverage CVC (SW) Model checking Complete Path Coverage CPC Concolic testing All-DU-Paths Coverage ADUP
More informationModel-checking with the TimeLine formalism
Model-checking with the TimeLine formalism Andrea Zaccara University of Antwerp Andrea.Zaccara@student.uantwerpen.be Abstract A logical model checker can be an effective tool for verification of software
More informationTHE MODEL CHECKER SPIN
THE MODEL CHECKER SPIN Shin Hong, KAIST 17 th April,2007 1/33 Contents Introduction PROMELA Linear Temporal Logic Automata-theoretic software verification Example : Simple Elevator 2 SPIN is a software
More informationFormal Analysis and Verification of a Communication Protocol
Proceedings of the 5th WSEAS Int. Conference on Information Security and Privacy, Venice, Italy, November 20-22, 2006 103 Formal Analysis and Verification of a Communication Protocol XIN BEN LI, DE CHAO
More informationExercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic
Exercise Unit 2: Modeling Paradigms - RT-UML UML: The Unified Modeling Language Statecharts RT-UML in AnyLogic Simulation and Modeling I Modeling with RT-UML 1 RT-UML: UML Unified Modeling Language a mix
More informationBuilding Petri nets tools around Neco compiler
Building Petri nets tools around Neco compiler Lukasz Fronc and Franck Pommereau {fronc,pommereau}@ibisc.univ-evry.fr IBISC, Université d Évry/Paris-Saclay IBGBI, 23 boulevard de France 91037 Évry Cedex,
More informationLogic Model Checking
Logic Model Checking Lecture Notes 17:18 Caltech 101b.2 January-March 2005 Course Text: The Spin Model Checker: Primer and Reference Manual Addison-Wesley 2003, ISBN 0-321-22862-6, 608 pgs. checking omega
More informationPetri-net-based Workflow Management Software
Petri-net-based Workflow Management Software W.M.P. van der Aalst Department of Mathematics and Computing Science, Eindhoven University of Technology, P.O. Box 513, NL-5600 MB, Eindhoven, The Netherlands,
More informationPetri Nets ee249 Fall 2000
Petri Nets ee249 Fall 2000 Marco Sgroi Most slides borrowed from Luciano Lavagno s lecture ee249 (1998) 1 Models Of Computation for reactive systems Main MOCs: Communicating Finite State Machines Dataflow
More informationModeling a Cache Coherence Protocol with the Guarded Action Language
Modeling a Cache Coherence Protocol with the Guarded Action Language Quentin Meunier, Yann Thierry-Mieg, Emmanuelle Encrenaz Laboratoire d Informatique de Paris 6, Sorbonne Université, Paris. The TeraScale
More informationCS5232 Formal Specification and Design Techniques. Using PAT to verify the Needham-Schroeder Public Key Protocol
CS5232 Formal Specification and Design Techniques Using PAT to verify the Needham-Schroeder Public Key Protocol Semester 2, AY 2008/2009 1/37 Table of Contents 1. Project Introduction 3 2. Building the
More informationIntroduction to Formal Methods
2008 Spring Software Special Development 1 Introduction to Formal Methods Part I : Formal Specification i JUNBEOM YOO jbyoo@knokuk.ac.kr Reference AS Specifier s Introduction to Formal lmethods Jeannette
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationA Formal Model for Web-Service Composition
Simon Foster Department of Computer Science University of Sheffield http://www.dcs.shef.ac.uk/~simonf BCTCS 2006 Outline 1 Composing Web-Services Current Technologies 2 3 4 Outline
More information