Statecharts: A visual formalism for complex systems
Science of Computer Programming
Design and validation of computer protocols
Design and validation of computer protocols
Seven Layers of Knowledge Representation and Reasoning in Support of Software Development
IEEE Transactions on Software Engineering - Special issue on knowledge representation and reasoning in software development
Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
sendmail
Completeness and Consistency in Hierarchical State-Based Requirements
IEEE Transactions on Software Engineering - Special issue: best papers of the 17th International Conference on Software Engineering (ICSE-17)
Automated consistency checking of requirements specifications
ACM Transactions on Software Engineering and Methodology (TOSEM)
INFOMOD: a knowledge-based moderator for electronic mail help lists
CIKM '96 Proceedings of the fifth international conference on Information and knowledge management
Model-checking of real-time systems: a telecommunications application: experience report
ICSE '97 Proceedings of the 19th international conference on Software engineering
Verifying systems with integer constraints and Boolean predicates: a composite approach
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Communications of the ACM
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Verifying Systems with Infinite but Regular State Spaces
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Structural Symmetry and Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Specware: Formal Support for Composing Software
MPC '95 Mathematics of Program Construction
Reactive system validation using automated reasoning over a fragment library
ASE '97 Proceedings of the 12th international conference on Automated software engineering (formerly: KBSE)
Planware ¾ Domain-Specific Synthesis of High-Performance Schedulers
ASE '98 Proceedings of the 13th IEEE international conference on Automated software engineering
Towards a Theory for Integration of Mathematical Verification and Empirical Testing
ASE '98 Proceedings of the 13th IEEE international conference on Automated software engineering
Industrial Applications of Software Synthesis via Category Theory
ASE '99 Proceedings of the 14th IEEE international conference on Automated software engineering
LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
Specification Modeling and Validation Applied to a Family of Network Security Products
Proceedings of the 16th IEEE international conference on Automated software engineering
RE 05: Engineering Successful Products
IEEE Software
Hi-index | 0.00 |
With a few exceptions, previous formal methods for reactive system design have focused on finite state machines represented in terms of boolean states and boolean next-state functions. By contrast, in many reactive system domains requirements engineers and developers think in terms of complex data types and expressive next-state functions. Formal methods for reactive system design must be extended to meet their needs as well. I term a reactive system function rich if expressing its state, next-state function, or output function naturally requires this higher expressive power. ISAT, a prototype formal-methods based tool environment, is intended to assist in the creation of function rich reactive systems. This paper describes a case study I have carried out using ISAT to design, validate, synthesize, and evolve controllers for the email agent components making up a novel spam-free email system that I deployed in a user trial in July 1999. The trial has been running since, with high availability, through several evolutionary specification changes and resulting software releases. In addition to summarizing ISAT and the trial, this paper discusses tool requirements placed by the domain and task, the simple and powerful platform/controller/pure-functions software architecture of the components, as well as lessons learned from the study.