Elements of Style: Analyzing a Software Design Feature
with a Counterexample Detector
Authors: Daniel Jackson and Craig Damon
Proceedings of the International Symposium on Software Testing and Analysis,
January, 1996.
Download the
Postscript (approx. 7MB). or
PDF
Download the
Postscript (approx 800KB, Figs 1 and 2 omitted). or
PDF
Abstract
We illustrate the application of a checking tool to the design of a style
mechanism for a word processor. The design is cast, along with some
expected properties, in a subset of Z that corresponds to the relational
calculus. The tool evaluates a property by enumerating all possible cases
within some finite bounds, displaying as a counterexample the first case
for which the property fails to hold. Unlike animation or execution tools,
our checker does not require state transitions to be expressed
constructively, and unlike theorem provers, operates completely
automatically without user intervention. Using a variety of reduction
mechanisms, it can cover an enormous number of cases in a reasonable time,
so that quite subtle flaws can be rapidly detected.
Keywords:
requirements analysis, design analysis, functional specification,
formal specification, Z, relational calculus, model checking, exhaustive
testing.
Composable
Software Systems Research Group in the School
of Computer Science at Carnegie Mellon
University.
[Last modified 19-Feb-1999.
Mail suggestions to the Maintainer.]