A Study of the Electrum and DynAlloy Dynamic Behavior Notations
Pages 4946 - 4963
Abstract
<monospace>Alloy</monospace> is a formal specification language, which despite featuring a simple syntax and relational semantics, is very expressive and supports efficient automated specification analysis, based on SAT solving. While the language is sufficiently expressive to accommodate both <italic>static</italic> and <italic>dynamic</italic> properties of systems within specifications, the latter kind of properties require intricate, ad-hoc, constructions to encode system executions. Thus, extensions to the language have been proposed, that internalize these encodings and provide analysis techniques, specifically tailored to properties of executions. In this paper we study two particular extensions to <monospace>Alloy</monospace> that incorporate elements for the specification of properties of executions. These are <monospace>DynAlloy</monospace>, whose syntax and semantics are inspired by dynamic logic, and <monospace>Electrum</monospace>, based on linear-time temporal logic and inspired by languages such as <monospace>TLA+</monospace>. We analyze and compare the syntactic characteristics of the languages, their corresponding expressiveness, and the effectiveness and efficiency of their associated analysis tools. The comparison is based on a set of <monospace>Alloy</monospace> specifications that are taken from the literature and demand dynamic behavior analysis, including an <monospace>Alloy</monospace> model of the Chord ring-maintenance protocol, that drives our qualitative comparison of the notations.
References
[1]
“Detailed results and replication package for DynAlloy and electrum evaluation.” [Online]. Available: https://sites.google.com/view/dynalloyelectrumevaluation
[2]
A. Abbassi, A. Bandali, N. A. Day, and J. Serna, “A comparison of the declarative modelling languages B, Dash, and TLA+,” in Proc. 8th IEEE Int. Model-Driven Requirements Eng. Workshop (MoDRE), A. Moreira, G. Mussbacher, J. Araújo, and P. Sánchez, Eds., Banff, AB, Canada. Los Alamitos, CA, USA: IEEE Comput. Soc., Aug. 20, 2018, pp. 11–20.
[3]
J.-R. Abrial, E. Börger, and H. Langmaack, Eds., Formal Methods for Industrial Applications, Specifying and Programming the Steam Boiler Control (The Book Grow Out of a Dagstuhl Seminar) (Lecture Notes in Computer Science), vol. 1165. Berlin, Heidelberg: Springer, Jun. 1995.
[4]
B. Alpern and F. B. Schneider, “Defining liveness,” Inf. Process. Lett., vol. 21, no. 4, pp. 181–185, 1985.
[5]
K. Anastasakis, B. Bordbar, G. Georg, and I. Ray, “On challenges of model transformation from UML to Alloy,” Softw. Syst. Model., vol. 9, no. 1, pp. 69–86, 2010.
[6]
L. Baresi and P. Spoletini, “On the use of alloy to analyze graph transformation systems,” in Proc. 3rd Int. Conf. Graph Transformations (ICGT), in Lecture Notes in Computer Science, A. Corradini, H. Ehrig, U. Montanari, L. Ribeiro, and G. Rozenberg, Eds., vol. 4178, Natal, Rio Grande do Norte, Sep. 17–23, 2006, pp. 306–320.
[7]
G. Booch, J. E. Rumbaugh, and I. Jacobson, The Unified Modeling Language User Guide—The Ultimate Tutorial to the UML From the Original Designers (Object Technology Series). Reading, MA, USA: Addison-Wesley, 1999.
[8]
J. P. Bowen and M. G. Hinchey, “Formal methods,” in Computing Handbook, T. F. Gonzalez, J. Diaz-Herrera, and A. Tucker, Eds., 3rd ed.: Computer Science and Software Engineering. Boca Raton, FL, USA: CRC Press, 2014, pp. 71–25.
[9]
J. Brunel, D. Chemouil, A. Cunha, and N. Macedo, “The electrum analyzer: Model checking relational first-order temporal specifications,” in Proc. 33rd ACM/IEEE Int. Conf. Autom. Softw. Eng. (ASE), M. Huchard, C. Kästner, and G. Fraser, Eds., Montpellier, France. New York, NY, USA: ACM, Sep. 3–7, 2018, pp. 884–887.
[10]
J. Brunel, D. Chemouil, and J. Tawa, “Analyzing the fundamental liveness property of the Chord protocol,” in Proc. Formal Methods Comput. Aided Des. (FMCAD), N. S. Bjørner and A. Gurfinkel, Eds., Austin, TX, USA. Piscataway, NJ, USA: IEEE, Oct. 30–Nov. 2, 2018, pp. 1–9.
[11]
A. Bucchiarone and J. P. Galeotti, “Dynamic software architectures verification using dynalloy,” Electron. Commun. EASST, vol. 10, pp. 1–14, 2008.
[12]
R. Cavada et al., “The NUXMV symbolic model checker,” in Proc. 26th Int. Conf. Comput. Aided Verification (CAV), Held as Part of Vienna Summer Log. (VSL), in Lecture Notes in Computer Science, A. Biere and R. Bloem, Eds., vol. 8559, Vienna, Austria. Cham, Switzerland: Springer, Jul. 18–22, 2014, pp. 334–342.
[13]
E. M. Clarke, D. Kroening, and F. Lerda, “A tool for checking ANSI-C programs,” in Proc. 10th Int. Conf. Tools Algorithms Constr. Anal. Syst. (TACAS), Held as Part of Joint Eur. Conf. Theory Pract. Softw. (ETAPS), Barcelona, Spain, Mar. 29–Apr. 2, 2004, pp. 168–176.
[14]
L. C. Cordeiro, P. Kesseli, D. Kroening, P. Schrammel, and M. Trtík, “JBMC: A bounded model checking tool for verifying Java bytecode,” in Proc. 30th Int. Conf. Comput. Aided Verification (CAV), Held as Part of Federated Log. Conf. (FloC), Oxford, U.K., Jul. 14–17, 2018, pp. 183–190.
[15]
A. Cunha, “Bounded model checking of temporal formulas with Alloy,” in Proc. 4th Int. Conf. ABZ, in Lecture Notes in Computer Science, vol. 8477. Toulouse, France. Berlin, Heidelberg: Springer, Jun. 2–6, 2014, pp. 303–308.
[16]
G. Dennis, F. S.-H. Chang, and D. Jackson, “Modular verification of code with SAT,” in Proc. Int. Symp. Softw. Testing Anal. (ISSTA). New York, NY, USA: ACM, 2006, pp. 109–120.
[17]
W. G. Marco Devillers, J. Romijn, and F. W. Vaandrager, “Verification of a leader election protocol: Formal methods applied to IEEE 1394,” Formal Methods Syst. Des., vol. 16, no. 3, pp. 307–320, 2000.
[18]
E. W. Dijkstra and C. S. Scholten, Predicate Calculus and Program Semantics. Texts and Monographs in Computer Science. New York, NY, USA: Springer, 1990.
[19]
S. Farheen, N. A. Day, A. Vakili, and A. Abbassi, “Transitive-closure-based model checking (TCMC) in Alloy,” Softw. Syst. Model., vol. 19, no. 3, pp. 721–740, 2020.
[20]
L. Freitas and J. Woodcock, “Mechanising Mondex with Z/Eves, ”Formal Asp. Comput., vol. 20, no. 1, pp. 117–139, 2008.
[21]
M. F. Frias, J. P. Galeotti, C. G. Pombo, and N. M. Aguirre, “DynAlloy: Upgrading alloy with actions,” in Proc. 27th Int. Conf. Softw. Eng. (ICSE). New York, NY, USA: ACM, 2005, pp. 442–451.
[22]
M. F. Frias, C. L. Pombo, G. Baum, N. Aguirre, and T. Maibaum, “Taking Alloy to the movies,” in Proc. Int. Symp. Formal Methods Eur. (FME), in Lecture Notes in Computer Science, K. Araki, S. Gnesi, and D. Mandrioli, Eds., vol. 2805, Pisa, Italy. Berlin, Heidelberg: Springer, Sep. 8–14, 2003, pp. 678–697.
[23]
M. F. Frias, C. L. Pombo, G. A. Baum, N. Aguirre, and T. Maibaum, “Reasoning about static and dynamic properties in alloy: A purely relational approach,” ACM Trans. Softw. Eng. Methodol., vol. 14, no. 4, pp. 478–526, 2005.
[24]
M. F. Frias, C. L. Pombo, J. P. Galeotti, and N. Aguirre, “Efficient analysis of DynAlloy specifications,” ACM Trans. Softw. Eng. Methodol., vol. 17, no. 1, pp. 1–34, 2007.
[25]
D. M. Gabbay, A. Pnueli, S. Shelah, and J. Stavi, “On the temporal basis of fairness,” in Proc. Conf. Rec. 7th Annu. ACM Symp. Princ. Program. Lang., P. W. Abrahams, R. J. Lipton, and S. R. Bourne, Eds., Las Vegas, NV, USA. New York, NY, USA: ACM, Jan. 1980, pp. 163–173.
[26]
J. P. Galeotti, N. Rosner, C. G. L. Pombo, and M. F. Frias, “TACO: Efficient SAT-based bounded verification using symmetry breaking and tight bounds,” IEEE Trans. Softw. Eng., vol. 39, no. 9, pp. 1283–1307, Sep. 2013.
[27]
C. George and A. E. Haxthausen, “Specification, proof, and model checking of the mondex electronic purse using raise,” Formal Asp. Comput., vol. 20, no. 1, pp. 101–116, 2008.
[28]
C. Ghezzi, M. Jazayeri, and D. Mandrioli, Fundamentals of Software Engineering, 2nd ed. Upper Saddle River, NJ, USA: Prentice Hall, 2002.
[29]
M. Hammad, H. Bagheri, and S. Malek, “DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android,” J. Syst. Softw., vol. 149, no. 83, pp. 83–100, 2019.
[30]
D. Haneberg, G. Schellhorn, H. Grandy, and W. Reif, “Verification of Mondex electronic purses with KIV: From transactions to a security protocol,” Formal Asp. Comput., vol. 20, no. 1, pp. 41–59, 2008.
[31]
D. Harel, J. Tiuryn, and D. Kozen, Dynamic Logic. Cambridge, MA, USA: MIT Press, 2000.
[32]
M. Hinchey, M. Jackson, P. Cousot, B. Cook, J. P. Bowen, and T. Margaria, “Software engineering and formal methods,” Commun. ACM, vol. 51, no. 9, pp. 54–59, 2008.
[33]
G. J. Holzmann, “The model checker SPIN,” IEEE Trans. Softw. Eng., vol. 23, no. 5, pp. 279–295, May 1997.
[34]
G. J. Holzmann, The SPIN Model Checker—Primer and Reference Manual. Reading, MA, USA: Addison-Wesley, 2004.
[35]
M. Huth and M. D. Ryan, Logic in Computer Science—Modelling and Reasoning About Systems, 2nd ed. Cambridge, U.K.: Cambridge Univ. Press, 2004.
[36]
D. Jackson, “A comparison of object modelling notations: Alloy, UML and Z,” MIT Lab for Computer Science, unpublished, 1999.
[37]
D. Jackson, “Alloy: A lightweight object modelling notation,” ACM Trans. Softw. Eng. Methodol., vol. 11, no. 2, pp. 256–290, 2002.
[38]
D. Jackson, Software Abstractions: Logic, Language, and Analysis. Cambridge, MA, USA: MIT Press, 2006.
[39]
D. Jackson, I. Shlyakhter, and M. Sridharan, “A micromodularity mechanism,” in Proc. 8th Eur. Softw. Eng. Conf. Held Jointly With 9th ACM SIGSOFT Int. Symp. Found. Softw. Eng., Vienna, Austria, Sep. 10–14, 2001, pp. 62–73.
[40]
S. A. Khalek, G. Yang, L. Zhang, D. Marinov, and S. Khurshid, “TestEra: A tool for testing Java programs using alloy specifications,” in Proc. 26th IEEE/ACM Int. Conf. Autom. Softw. Eng. (ASE), P. Alexander, C. S. Pasareanu, and J. G. Hosking, Eds., Lawrence, KS, USA. Los Alamitos, CA, USA: IEEE Comput. Soc., Nov. 6–10, 2011, pp. 608–611.
[41]
D. Kroening and O. Strichman, Decision Procedures—An Algorithmic Point of View (Texts in Theoretical Computer Science. An EATCS Series), 2 nd ed. Berlin, Heidelberg: Springer, 2016.
[42]
L. Lamport, Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Reading, MA, USA: Addison-Wesley, 2002.
[43]
Y. Laurent, R. Bendraou, S. Baarir, and M.-P. Gervais, “Formalization of fUML: An application to process verification,” in Proc. 26th Int. Conf. Adv. Inf. Syst. Eng. (CAiSE), in Lecture Notes in Computer Science, M. Jarke et al., Eds., vol. 8484, Thessaloniki, Greece. Cham, Switzerland: Springer, Jun. 16–20, 2014, pp. 347–363.
[44]
N. Macedo, J. Brunel, D. Chemouil, A. Cunha, and D. Kuperberg, “Lightweight specification and analysis of dynamic systems with rich configurations,” in Proc. 24th ACM SIGSOFT Int. Symp. Found. Softw. Eng. (FSE), T. Zimmermann, J. Cleland-Huang, and Z. Su, Eds., Seattle, WA, USA. New York, NY, USA: ACM, Nov. 13–18, 2016, pp. 373–383.
[45]
J. Magee and J. Kramer, Concurrency—State Models and Java Programs. Hoboken, NJ, USA: Wiley, 1999.
[46]
Z. Manna and A. Pnueli, “Adequate proof principles for invariance and liveness properties of concurrent programs,” Sci. Comput. Program., vol. 4, no. 3, pp. 257–289, 1984.
[47]
A. Milicevic, D. Rayside, K. Yessenov, and D. Jackson, “Unifying execution of imperative and declarative code,” in Proc. 33rd Int. Conf. Softw. Eng. (ICSE), R. N. Taylor, H. C. Gall, and N. Medvidovic, Eds., Waikiki, Honolulu, HI, USA. New York, NY, USA: ACM, May 21–28, 2011, pp. 511–520.
[48]
M. M. Moscato, C. L. Pombo, and M. F. Frias, “Dynamite: A tool for the verification of alloy models based on PVS,” ACM Trans. Softw. Eng. Methodol., vol. 23, no. 2, pp. 1–37, 2014.
[49]
J. P. Near and D. Jackson, “An imperative extension to alloy,” in Proc. 2nd Int. Conf. Abstr. State Mach. Alloy B Z (ABZ), in Lecture Notes in Computer Science, M. Frappier, U. Glässer, S. Khurshid, R. Laleau, and S. Reeves, Eds., vol. 5977, Orford, QC, Canada. Springer, Feb. 22–25, 2010, pp. 118–131.
[50]
D. A. Peled, Software Reliability Methods. Texts in Computer Science. New York, NY, USA: Springer, 2001.
[51]
T. Ramananandro, “Mondex, an electronic purse: Specification and refinement checks with the Alloy model-finding method,” Formal Asp. Comput., vol. 20, no. 1, pp. 21–39, 2008.
[52]
G. Regis et al., “DynAlloy analyzer: A tool for the specification and analysis of alloy models with dynamic behaviour,” in Proc. 11th Joint Meet. Found. Softw. Eng., (ESEC/FSE), E. Bodden, W. Schäfer, A. Deursen, and A. Zisman, Eds., Paderborn, Germany. New York, NY, USA: ACM, Sep. 4–8, 2017, pp. 969–973.
[53]
J. A. Ross, A. Murashkin, J. H. Liang, M. Antkiewicz, and K. Czarnecki, “Synthesis and exploration of multi-level, multi-perspective architectures of automotive embedded systems,” Softw. Syst. Model., vol. 18, no. 1, pp. 739–767, 2019.
[54]
B. L. Schwartz, “An analytic method for the ‘difficult crossing’ puzzles,” Math. Mag., vol. 34, no. 4, pp. 187–193, 1961.
[55]
J. Serna, N. A. Day, and S. Esmaeilsabzali, “Dash: Declarative behavioural modelling in alloy with control state hierarchy,” Softw. Syst. Model., vol. 22, no. 2, pp. 733–749, 2023.
[56]
J. Serna, N. A. Day, and S. Farheen, “Dash: A new language for declarative behavioural requirements with control state hierarchy,” in Proc. IEEE 25th Int. Requirements Eng. (RE) Conf. Workshops, Lisbon, Portugal. Los Alamitos, CA, USA: IEEE Comput. Soc., Sep. 4–8, 2017, pp. 64–68.
[57]
I. Stoica, R. T. Morris, D. R. Karger, M. Kaashoek, and H. Balakrishnan, “Chord: A scalable peer-to-peer lookup service for internet applications,” in Proc. ACM SIGCOMM Conf. Appl. Technol. Archit. Protoc. Comput. Commun., R. L. Cruz and G. Varghese, Eds., San Diego, CA, USA, Aug. 27–31, 2001, pp. 149–160.
[58]
A. Sullivan, K. Wang, S. Khurshid, and D. Marinov, “Evaluating state modeling techniques in alloy,” in Proc. 6th Workshop Softw. Qual. Anal. Monit. Improvement Appl., Z. Budimac, Ed., vol. 1938, Belgrade, Serbia. Sep. 11–13, 2017. [Online]. Available: https://ceur-ws.org/
[59]
A. Vakili and N. A. Day, “Temporal logic model checking in Alloy,” in Proc. 3rd Int. Conf. Abstr. State Mach. Alloy B VDM Z (ABZ), in Lecture Notes in Computer Science, J. Derrick et al., Eds., vol. 7316, Pisa, Italy. Berlin, Heidelberg: Springer, Jun. 18–21, 2012, pp. 150–163.
[60]
M. Vaziri and D. Jackson, “Some shortcomings of OCL, the object constraint language of UML,” in Proc. 34th Int. Conf. Technol. Object-Oriented Lang. Syst. (TOOLS), Q. Li, D. Firesmith, R. Riehle, and B. Meyer, Eds., Santa Barbara, CA, USA, Jul. 30–Aug. 3, 2000, pp. 555–562.
[61]
W. Visser, K. Havelund, G. P. Brat, S. Park, and F. Lerda, “Model checking programs,” Autom. Softw. Eng., vol. 10, no. 2, pp. 203–232, 2003.
[62]
C. Wallace, “Using alloy in process modelling,” Inf. Softw. Technol., vol. 45, no. 15, pp. 1031–1043, 2003.
[63]
J. M. Wing, “A specifier's introduction to formal methods,” IEEE Comput., vol. 23, no. 9, pp. 8–22, Sep. 1990.
[64]
P. Zave, “Using lightweight modeling to understand chord,” Comput. Commun. Rev., vol. 42, no. 2, 2012.
[65]
P. Zave, “A practical comparison of alloy and spin,” Formal Asp. Comput., vol. 27, no. 2, 2015.
[66]
P. Zave, “Reasoning about identifier spaces: How to make Chord correct,” IEEE Trans. Softw. Eng., vol. 43, no. 12, pp. 1144–1156, Dec. 2017.
Index Terms
- A Study of the Electrum and DynAlloy Dynamic Behavior Notations
Index terms have been assigned to the content through auto-classification.
Recommendations
DynAlloy: upgrading alloy with actions
ICSE '05: Proceedings of the 27th international conference on Software engineeringWe present DynAlloy, an extension to the Alloy specification language to describe dynamic properties of systems using actions. Actions allow us to appropriately specify dynamic properties, particularly, properties regarding execution traces, in the ...
Efficient Analysis of DynAlloy Specifications
DynAlloy is an extension of Alloy to support the definition of actions and the specification of assertions regarding execution traces. In this article we show how we can extend the Alloy tool so that DynAlloy specifications can be automatically analyzed ...
DynAlloy analyzer: a tool for the specification and analysis of alloy models with dynamic behaviour
ESEC/FSE 2017: Proceedings of the 2017 11th Joint Meeting on Foundations of Software EngineeringWe describe DynAlloy Analyzer, a tool that extends Alloy Analyzer with support for dynamic elements in Alloy models. The tool builds upon Alloy Analyzer in a way that makes it fully compatible with Alloy models, and extends their syntax with a ...
Comments
Information & Contributors
Information
Published In
0098-5589 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 01 November 2023
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Jan 2025