Home Search Help  
Home Page Università di Genova

Publications of Gianna Reggio


From Conditional Specifications to Interaction Charts: A Journey from Formal to Visual Means to Model Behaviour
E. Astesiano and G. Reggio.
In Formal Methods in Software and System Specification.
Lecture Notes in Computer Science, Berlin, Springer Verlag, 2005. To appear.

In this paper, addressing the classical problem of modelling the behaviour of a system, we present a paradigmatic journey from purely formal and textual techniques to derived visual notations, with a further attention first to code generation and finally to the incorporation into a standard notation such as the UML.
We show how starting from Casl positive conditional specifications with initial semantics of labelled transition systems, we can devise a new visual paradigm, the interaction charts, which are diagrams able to express both reactive and proactive\autonomous behaviour.
Then, we introduce the executable interaction charts, which are interaction charts with a special semantics, by which we try to ease the passage to code generation.
Finally, we present the interaction machines, which are essentially executable interaction charts in a notation that can be easily incorporated, as an extension, into the UML.

A preliminary pdf version of this paper is available at ReggioEtAll03a.pdf.


A Formally Grounded Software Specification Method
C. Choppy and G. Reggio.
Journal of Logic and Algebraic Programming. Elsevier.
To appear. 2005.

One of the goals of software engineering is to provide what is necessary to write relevant, legible, useful descriptions of the systems to be developed, which will be the basis of successful developments. This goal was addressed both from informal approaches (providing in particular visual notations) and formal ones (providing a formal sound semantic basis). Informal approaches are often driven by a software development method, and, while formal approaches sometimes provide a user method, it is usually aimed at helping to use the proposed formalism when writing a specification. Our goal here is to provide a companion method that helps the user to understand the system to be developed, and to write the corresponding formal specifications. We also aim at supporting visual presentations of formal specifications, so as to "make the best of both formal and informal worlds". We developed this method for the (logical-algebraic) specification languages Casl (Common Algebraic Specification Language, developed within the joint initiative CoFI) and for an extension for dynamic systems Casl-LTL, and we believe it is general enough to be adapted to other paradigms.
Another challenge is that a method that is too general does not encompass the different kinds of systems to be studied, while too many different specialized methods result in partial views that may be difficult to integrate in a single global one. We deal with this issue by providing a limited number of instances of our method, fitted for three different kinds of software items, while keeping a common "meta"-structure and way of thinking. More precisely, we consider here that a software item may be a simple dynamic system, a structured dynamic system, or a data structure, and we show here how to support property-oriented (axiomatic) specifications. We are thus providing support for the "building-bricks" tasks of specifying software artifacts that in our experience are needed for the development process.
Our approach is illustrated with a lift case study.

A preliminary pdf version of this paper is available at ChoppyReggio05b.pdf.


A UML-Based Approach for Problem Frame Oriented Software Development
C. Choppy and G. Reggio.
Journal of Information and Software Technology. Elsevier.
To appear. 2005.

We propose a software development approach that combines the use of the structuring concepts provided by problem frames, the use of the UML notation, together with our methodological approach for well-founded methods. Problem frames are used to provide a first idea of the main elements of the problem under study. Then we provide ad hoc UML based development methods for some of the most relevant problem frames together with precise guidelines for the users. The general idea of our method is that, for each frame, several artifacts have to be produced, each one corresponding to a part of the frame. The description level may range from informal and sketchy, to formal and precise, while this approach is drawn from experience in formal specifications.
Thus we show how problem frames may be used upstream of a development method to yield an improved and more efficient method equipped with the problem frames structuring concepts.

A preliminary pdf version of this paper is available at ChoppyReggio05a.pdf.


A UML-Based Method for the Commanded Behaviour Frame
C. Choppy and G. Reggio.
In Proc. of the 1st International Workshop on Advances and Applications of Problem Frames (IWAAPF 2004); an ICSE 2004 workshop. K. Cox and J.G. Hall and L. Rapanotti editors.
IEEE, 2004.
Using UML for Problem Frame Oriented Software Development
C. Choppy and G. Reggio.
In Proc of the ISCA 13th Int. Conf. on Intelligent and Adaptative Systems and Software Engineering (IASSE-2004). W. Dosch and N. Debnath editors.
The International Society for Computers and Their Applications (ISCA), USA, 2004.

We propose a software development approach that combines the use of the UML notation, the use of the structuring concepts provided by the problem frames, together with our methodological approach for well-founded methods.
The problem frames are used to provide a first idea of the main elements of the problem under study. Then we provide ad hoc UML based development methods for some of the most relevant problem frames together with precise guidelines for the users. The general idea of our method is that, for each frame, several artifacts have to be produced, each one corresponding to a part of the frame.
The description level may range from informal and sketchy, to formal and precise, while this approach is drawn from experience in formal specifications.

The postscript version of an extended version of this paper is available at UFRAMESlong.ps.


Scientific Engineering of Distributed Java Applications: Third International Workshop, FIDJI 2003 Luxembourg-Kirchberg, Luxembourg, November 27-28, 2003 Revised Papers.
N. Guelfi, E. Astesiano and G. Reggio (editors).
Lecture Notes in Computer Science n. 2952, Berlin, Springer Verlag, 2004.
Tight Structuring for Precise UML-based Requirement Specifications
E. Astesiano and G. Reggio.
In Radical Innovations of Software and Systems Engineering in the Future, Proc. 9th Monterey Software Engineering Workshop, Venice, Italy, Sep. 2002.
Lecture Notes in Computer Science n. 2941, Berlin, Springer Verlag, 2004.

On the basis of some experience in the use of UML-based use case-driven methods, we believe and claim, contrary to a recent wave for allowing almost total freedom as opposed to disciplined methods, that a tighter and more precise structuring of the artifacts for the different phases of the software development process may help speed-up the process, while obviously making easier the consistency checks among the various artifacts. To support our claim we have started to investigate an approach, that, though being compliant with the \UML notation and a number of UML-based methods, departs from them both in the basic philosophy, that follows the "tight and precise" imperative, and in the technical solutions for structuring the various artifacts.
Building on some previous work concerning the structure of the requirement specification artifacts, here we complete upwards and improve our proposal, investigating the link between the analysis of the problem domain and the requirement capture and specification. Indeed, one of our assumptions, as advocated by some methodologists and backed by our own experience, is the neat separation between the problem domain and the system. To that purpose we propose a rather new way of structuring the problem domain model and then the link with the system, that encompasses the most popular current approaches to domain modelling. Then we exploit both the domain model and our requirement specification frame for capturing and specifying the requirements. From our construction we can derive rigorous guidelines, only hinted to here, for the specification tasks, in a workflow that allows and suggests iteration and incrementality, but in a way that is not just based on the single use cases and takes more care of the overall construction. The various concepts and constructions are illustrated with the help of a small running case study.

The postscript and pdf versions of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio03f.ps. and /person/ReggioG/AstesianoReggio03f.pdf.


Architecture Specific Models: Software Design on Abstract Platforms
E. Astesiano, M. Cerioli and G. Reggio.
In Radical Innovations of Software and Systems Engineering in the Future, Proc. 9th Monterey Software Engineering Workshop, Venice, Italy, Sep. 2002.
Lecture Notes in Computer Science n. 2941, Berlin, Springer Verlag, 2004.

We address in general the problem of providing a methodological and notational support for the development at the design level of applications based on the use of a middleware.
In order to keep the engineering support at the appropriate level of abstraction, we formulate our proposal within the frame of Model Driven Architecture (MDA).
We advocate the introduction of an intermediate abstraction level (between PIM and the PSM), called ASM for Architecture Specific Model, which is particularly suited to abstract away the basic common architectural features of different platforms.
In particular, we consider the middlewares supporting a peer-to-peer architecture, because of the growing interest in mobile applications with nomadic users and the presence of many proposals of peer-to-peer middlewares.

The postscript and pdf versions of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioEtAll03a.ps. and /person/ReggioG/ReggioEtAll03a.pdf.


Improving Use Case Based Requirements Using Formally Grounded Specifications
C..Choppy and G. Reggio.
In Proc. FASE 2004.
Lecture Notes in Computer Science, n. 2984. Berlin, Springer Verlag, 2004.

Our approach aims at helping to produce adequate requirements, both clear and precise enough so as to provide a sound basis to the overall development.
We present a technique for improving use case based requirements, by producing a companion Formally Grounded specification, that results both in an improved requirements capture, and in a requirement validation. The Formally Grounded requirements specification is written in a "visual" notation, using both diagrams and text, with a formal counterpart (written in the Casl-Ltl language). The resulting use case based requirements are of high quality, more systematic, more precise, and its corresponding Formally Grounded specification is available. We illustrate our approach on an Auction System case study.

The postscript and pdf versions of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ChoppyReggio04a.ps. and /person/ReggioG/ChoppyReggio04a.pdf.


Towards a Well-Founded UML-based Development Method
E. Astesiano and G. Reggio.
In Proc. FASE 2004.
IEEE Computer Society, 2003.

This paper presents an attempt, perhaps unorthodox, at bridging the gap between the use of formal techniques and the current software engineering practices. After years of full immersion in the development and use of formal techniques, we have been led to suggest a Virtuous Cycle philosophy, better marrying the rigour of formalities to the needs and, why not, the wisdom of current practices. What we have called Well-Founded Software Development Methods is a strategy compliant with that philosophy, that essentially aims at proposing methods where the formalities provide the foundational rigour, and perhaps may inspire new techniques, but are kept hidden from the user.
In a stream of papers we have outlined an approach - a possible instantiation of a particular well-founded method - which is Model-Driven and adopts a UML notation. Here, after introducing our basic philosophy and the Well-Founded methods strategy, we outline in summary our sample approach and, as a new contribution, we show in some detail how to handle the Model-Driven Design (or Platform Independent Design) phase.

The postscript and pdf versions of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio03g.ps. and /person/ReggioG/AstesianoReggio03g.pdf.


From Formal Techniques to Well-Founded Software Development Methods
E. Astesiano, G. Reggio and M. Cerioli.
In Formal Methods at the Crossroads: From Panacea to Foundational Support.
10th Anniversary Colloquium of UNU/IIST the International Institute for Software Technology of The United Nations University, Lisbon, Portugal, March 18-20, 2002. Revised Papers.
Lecture Notes in Computer Science n. 2757, Berlin, Springer Verlag, 2003.

We look at the main issue of the Colloquium "Formal Methods at the Crossroads from Panacea to Foundational Support" reflecting on our rather long experience of active engagement in the development and use of formal techniques.
In the years, we have become convinced of the necessity of an approach more concerned with the real needs of the software development practice. Consequently, we have shifted our work to include methodological aspects, learning a lot from the software engineering practices and principles.
After motivating our current position, mainly reflecting on our own experience, we suggest a Virtuous Cycle for the formal techniques having the chance of a real impact on the software development practices. Then, to provide some concrete illustration of the suggested principles, we propose and advocate a strategy that we call Well-Founded Software Development Methods, of which we outline two instantiations.

The postscript and pdf versions of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll03a.ps. and /person/ReggioG/AstesianoEtAll03a.pdf.


From Requirement Specification to Prototype Execution: a Combination of a Multiview Use-Case Driven Method and Agent-Oriented Techniques
E. Astesiano and G. Reggio.
In Proc. SEKE 2003. ACM Press, 2003.

In this paper we discuss how to combine a multiview use-case driven method for the requirement specification of a system with an agent-oriented method for developing a working prototype. The rationale behind this combination is to cover the complete software development cycle, while the two methods it originates from only cover a part of it. The prototype execution allows to obtain useful feedbacks on the coherence of the UML artifacts produced during the requirement specification phase.

The pdf version of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll03b.pdf.


Consistency Issues in Multiview Modelling Techniques
E. Astesiano and G. Reggio.
In Recent Trends in Algebraic Development Techniques 16th International Workshop, WADT 2002 - Frauenchiemsee, Germany, September 24-27, 2002. Revised Selected Papers.
Lecture Notes in Computer Science, n. 2755
Berlin, Springer Verlag, 2003.

In this paper, after introducing the problem and a brief survey of the current approaches, we look at the consistency problems in the UML in terms of the well-known machinery of classical algebraic specifications. Thus, first we review how the various kinds of consistency problems were formulated in that setting. Then, and this is the first contribution of our note, we try to reduce, as much as possible, the \UML problems to that frame. That analysis, we believe, is rather clarifying in itself and allows us to better understand what is new and what instead could be treated in terms of that machinery. We conclude with some directions for handling those problems, basically with constrained modelling methods that reduce and help precisely individuate the sources of possible inconsistencies.

The pdf version of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio03b.pdf.


Scientific Engineering for Distributed Java Applications
: International Workshop, Luxembourg-Kirchberg, Luxembourg, November 2002. Revised Papers.
N. Guelfi, E. Astesiano and G. Reggio (editors).
Lecture Notes in Computer Science n. 2604, Berlin, Springer Verlag, 2003.
A Notation to Support Component-Based Design of Java Applications
C. Amza and G. Reggio.
In FIDJI'2002 - Scientific Engineering of Distributed Java Applications, proceedings of the 2nd International Workshop, Luxembourg-Kirchberg, Luxembourg, November 2002(N. Guelfi, E. Astesiano and G. Reggio eds.).
Lecture Notes in Computer Science n. 2604, Berlin, Springer Verlag, 2003.

In this paper we present JTN2 (Java Targeted Notation 2) a notation for component-based design of Java applications. JTN2 defines a component model based on the fundamental object-oriented principles: abstraction, encapsulation, modularization and typing. Indeed, JTN2 is an extension of JTN, an object-oriented, formal, visual notation for designing concurrent Java applications. JTN2 component model aims to deal with three issues of Java based component development: component definition, component interconnection and component implementation in Java.
JTN2 allows a component to be described, understood and analyzed independently from other components. Pre-designed components are interconnected to form complete systems. JTN2 provides a static type system that checks if two components can be interconnected. Java code can be, then, generated automatically by taking advantage of multiple Java technologies, e.g., JavaBeans, Enterprise JavaBeans and JINI.

The pdf version of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/AmzaC/fidji2002/fidji2002.pdf.


Metamodelling Behavioural Aspects: the Case of the UML State Machines
G. Reggio.
In Proc. IDPT 2002.
Society for Design and Process Science, USA, 2002. CD included.

The "object-oriented meta-modeling" seems currently to be one of the most promising approach to the "precise" definition of UML. Essentially this means using a kernel object-oriented visula notation to define UML. This has proved itself to be an intuitive way of defining the abstract syntax of UML. For what concerns the "static part", the initial work of the pUML group seems to confirm that the approach is workable, whereas no convincing proposal have been presented to cover the dynamic aspects, as active classes, cooperation/communications among active objects, state charts, sequence diagrams, and so on.
We think that to conveniently and precisely define such aspects, we need an underlying formal model of the dynamic behaviour of the active objects, and we think, supported by our past experience, that labelled transition systems are a good one.
We thus propose how to use a kernel visual notation to define labelled transition systems in an object-oriented way. Furthermore, we present also a new kind of diagrams, quite similar to state charts, LTD (Labelled Transition Diagrams) to visually present such definitions. As an example, we work out the meta-model of the state machines starting from our formal definition of their semantics based on labelled transition systems.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio02c.pdf.


Knowledge Structuring and Representation in Requirement Specification
E. Astesiano and G. Reggio.
In Proc. SEKE 2002. ACM Press, New York, 2002.

On the basis of some experience in the use of use case-driven and UML-based methods, we believe that a more refined and stringent structuring of the knowledge in the artifacts of a Requirement Specification may help speed-up the specification process and make easier the consistency checks among the various components.
Thus we propose a way of structuring and representing the Requirement Specification artifacts that presents a number of novelties w.r.t. the best-known current methods, though in the end it can be seen as a complement/refinement of some of them and thus inserted in a more general process model, such as, e.g., RUP.

Our proposal is multiview, use case-driven and UML-based; thus also object-oriented. However, also benefitting of some earlier work, notably in the Structured Analysis, method and various hints by M. Jackson, we take a rather abstract view, trying to avoid a preemptive decision on the classes structuring the software system to build; that is achieved not only making a sharp distinction between business/domain modelling and the system, but also dealing with the system at the requirement level as a black box, providing only the minimal structure needed to express the interactions with the context.
From our construction we can derive rigorous guidelines for the specification tasks; the approach allows iteration and incrementality, but in a way that is not just based on the single use cases and takes more care of the overall construction.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio02a.pdf.


Labelled Transition Logic: An Outline
E. Astesiano and G. Reggio.
In Acta Informatica, Vol. 37. n.11,12, 2001.

In the last ten years we have developed and experimented in a series of projects, including industry test cases, a method for the specification of reactive/concurrent/parallel/distributed systems both at the requirement and at the design level. We present here in outline its main technical features, providing pointers to appropriate references for more detailed presentations of single aspects, applications and documentation.

The overall main feature of the method is its logical (algebraic) character, because it extends to labelled transition systems the logical/algebraic specification method of abstract data types; moreover systems are viewed as data within first-order structures called LT-structures. Some advantages of the approach are the full integration of the specification of static data and of dynamic systems, which includes by free higher-order concurrency, and the exploitation of well-explored classical techniques in many respects, including implementation and tools.

On the other hand the use of labelled transition systems for modelling systems, inspired by CCS, allows us to take advantage, with appropriate extensions, of some important concepts, like communication mechanisms and observational semantics, developed in the area of concurrency around CCS, CSP and related approaches.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio01b.ps


Towards a Rigorous Semantics of UML Supporting its Multiview Approach
G. Reggio, M. Cerioli and E. Astesiano.
In Proc. FASE 2001 (H. Hussmann Editor).
Lecture Notes in Computer Science n. 2029, Berlin, Springer Verlag, 2001.

We discuss the nature of the semantics of the UML. Contrary to the case of most languages, this task is far from trivial. Indeed, not only the UML notation is complex and its informal description is incomplete and ambiguous, but we also have the UML multiview aspect to take into account.
We propose a general schema of the semantics of the UML, where the different kinds of diagrams within a UML model are given individual semantics and then such semantics are composed to get the semantics on the overall model.
Moreover, we fill part of such a schema, by using the algebraic language CASL as a metalanguage to describe the semantics of class diagrams, state machines and the complete UML formal systems.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CerioliM/FASE2001.pdf.


UML-SPACES: A UML Profile for Distributed Systems Coordinated Via Tuple Spaces
E. Astesiano and G. Reggio.
In Proc. ISADS 2001, IEEE Computer Society Press, 2001.

Coordination via tuple spaces is a well known and accepted technique for designing distributed systems; originally introduced in Linda, it has been very recently adopted within the Java environment as underlying mechanism of the JavaSpaces™ technology.
Here we explore the possibility of using UML in the development of systems using such technique. While tuple spaces are modelled quite naturally in UML as particular passive classes and objects, state machines do not seem adequate for modelling active objects interacting via tuple spaces. A solution is to use the UML lightweight extension mechanism to propose an appropriate extension of state machines by adding transition triggers corresponding to successful and failed execution of lookup operations on a tuple space.
The result is a UML profile, and thus a visual notation, for modelling autonomous distributed systems based on tuple spaces.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio00a.pdf.


Using CASL to Specify the Requirements and the Design: A Problem Specific Approach
C. Choppy and G. Reggio.
In Recent Trends in Data Type Specifications. 14th Workshop on Specification of Abstract Data Types. (D. Bert and C. Choppy editors),
Lecture Notes in Computer Science, n. 1827, Berlin, Springer Verlag, pages 106-125, 2000.

In its book, "Software Requirements & Specifications: a Lexicon of Practice, Principles and Prejudices" (Addison-Wesley, 1995) M. Jackson introduces the concept of problem frame to describe specific classes of problems, to help in the specification and design of systems, and also to provide a framework for reusability. He thus identifies some particular frames, such as the translation frame (e.g., a compiler), the information system frame, the control frame (or reactive system frame), ... Each frame is described along three viewpoints that are application domains, requirements, and design.
Our aim is to use CASL (or possibly a sublanguage or an extension of CASL if and when appropriate) to formally specify the requirements and the design of particular classes of problems ("problem frames"). This goal is related to methodology issues for CASL, that are here addressed in a more specific way, having in mind some particular problem frame, i.e. a class of systems.
It is hoped that this will provide both a help in using, in a really effective way, CASL for system specifications, a link with approaches that are currently used in the industry, and a framework for the reusability of CASL specifications.
This approach is illustrated with some case studies, e.g., the information system frame is illustrated with the invoice system case study.

The postscript version of a complete version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ChoppyReggio99a.ps


An Algebraic Semantics of UML Supporting its Multiview Approach
G. Reggio, M. Cerioli and E. Astesiano.
In Proc. AMiLP 2000 (D. Heylen, A. Nijholt and G. Scollo Editors).
Twente Workshop on Language Technology n. 16,
Enschede, University of Twente, 2000.

We aim at using algebraic techniques, and in particular an extension, Casl-Ltl of the Casl basic language in order to produce a formal semantics of the UML. Contrary to most cases, this task is far from trivial. Indeed, the UML notation is complex, including a lot of heterogeneous notations for different aspects of a system, possibly described in different phases of the development process. Moreover, its informal description is incomplete and ambiguous, not only because it uses the natural language, but also because the UML allows the so called semantics variation points, that are constructs having a list of possible semantics, instead of just one.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll00b.ps


Plugging Data Constructs into Paradigm-Specific Languages: towards an Application to UML (Invited Lecture)
E. Astesiano, M. Cerioli and G. Reggio.
In Proc. AMAST 2000 (T. Rus Editor).
Lecture Notes in Computer Science n. 1816, Berlin, Springer Verlag, 2000.

We are interested in the composition of languages, in particular a data description language and a paradigm-specific language, from a pragmatic point of view.
Roughly speaking our goal is the description of languages in a component-based style, focussing on the data definition component. The proposed approach is to substitute the constructs dealing with data from the "data" language for the constructs describing data that are not specific to the particular paradigm of the "paradigm-specific" language in a way that syntax, semantics as well as methodologies of the two components are preserved.
We illustrate our proposal on a toy example: using the algebraic specification language CASL, as data language, and a "pre-post" condition logic à la Hoare, as the paradigm specific one.
A more interesting application of our technique is fully worked out in ReggioRepetto00b and the first step towards an application to UML, that is an analysis of UML from the data viewpoint, following the guidelines given here, is sketched at the end.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll00a.ps


CASL-CHART: a Combination of Statecharts and of the Algebraic Specification Language CASL
G. Reggio and L. Repetto.
In Proc. AMAST 2000 (T. Rus Editor).
Lecture Notes in Computer Science n. 1816, Berlin, Springer Verlag, 2000.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioRepetto00b.ps


Analysing UML Active Classes and Associated State Machines -- A Lightweight Formal Approach
G. Reggio, E. Astesiano, C. Choppy and H. Hussmann.
In Proc. FASE 2000 - Fundamental Approaches to Software Engineering.
Lecture Notes in Computer Science n. 1783 (T. Maibaum Editor), Berlin, Springer Verlag, 2000.

We consider the problem of precisely defining UML active classes with an associated state chart. We are convinced that the first step to make UML precise is to find an underlying formal model for the systems modelled by UML. We argue that labelled transition systems are a sensible choice; indeed they have worked quite successfully for languages as Ada and Java. Moreover, we think that this modelization will help to understand the UML constructs and to improve their use in practice. Here we present the labelled transition system associated with an active class using the algebraic specification language CASL.
The task of making precise this fragment of UML raises many questions about both the "precise" meaning of some constructs and the soundness of some allowed combination of constructs.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio99a.ps


Formalism and Method -- Full version
E. Astesiano and G. Reggio.
In T.C.S., Vol. 236. n.1,2, 2000.

Luckily, is getting strength the view that formal methods are useful tools within the context of an overall engineering process, heavily influenced by other factors that developers of formalisms should take into account.
We argue that the impact of formalisms would much benefit from adopting the habit of systematically and carefully relating formalisms to methods and to the engineering context, at various levels of granularity. Consequently we oppose the attitude of conflating formalism and method, with the inevitable consequence of emphasizing the formalism or even just neglecting the methodological aspects.
In order to make our reflections more concrete we illustrate our viewpoint addressing one particular activity in the software development process, namely the use of formal specification techniques.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio99a.ps.Z


Is it feasible to construct a semantics for all of UML?: Dynamic behaviour and concurrency
R. Wieringa, E. Astesiano, G. Reggio, A. Le Guennec, H. Hussman, K. van den Berg, P. van den Broek.
In ECOOP Workshop Reader: UML Semantics FAQ(S.Kent, A.Evans, B. Rumpe editors), 1999.

This paper reports the results of a workshop held at ECOOP'99.
The workshop was set up to find answers to questions fundamental to the definition of a semantics for the Unified Modelling Language. Questions examined the meaning of the term semantics in the context of UML; approaches to defining the semantics, including the feasibility of the metamodelling approach; whether a single semantics is desirable and, if not, how to set up a framework for defining multiple, interlinked semantics; and some of the outstanding problems for defining a semantics for all of UML.

The PDF version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Vari99a.pdf


JTN: A Java-Targeted Graphic Formal Notation for Reactive and Concurrent Systems
E. Coscia and G. Reggio.
In Proc. FASE 99 - Fundamental Approaches to Software Engineering.
Lecture Notes in Computer Science, Berlin, Springer Verlag, 1999.

JTN is a formal graphic notation for Java-targeted design specifications, that is specifications of systems that will be implemented using Java.
JTN is aimed to be a part of a more articulated project for the production of a development method for reactive/concurrent/distributed systems. The starting point of this project is an existing general method that however does not cover the coding phase of the development process. Such approach provides formal graphic specifications for the system design, but they are too abstract to be transformed into Java code in just one step, or at least, the transformation is really hard and complex.
We introduce an intermediate step that transforms the above abstract specifications into JTN specifications, for which the transformation into a Java program is almost trivial; thus such transformation can be automatized and guaranteed correct.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CosciaE/papers/JTN-Fase.ps


Stores as Homomorphisms and Their Transformations - A Uniform Approach to Structured Types in Imperative Languages
E. Astesiano, G. Reggio and E. Zucca.
Science of Computer Programming, Vol. 34. n.3, pages 163-190, 1999.

We address the problem of giving a clean and uniform mathematical model for handling user defined data types in imperative languages, contrary to the ad-hoc treatment usual in classical denotational semantics.
The problem is solved by defining the store as a homomorphic mapping of an algebraic structure of left values modelling containers into another one of right values modelling contents.
Consequently store transformations can be defined uniformly on the principle that they are minimal variations of the store embedding some basic intended effects and compatible with the homomorphic structure of the store.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /pub/person/ZuccaE/SCP99.ps.gz


Algebraic Specification of Concurrent Systems
E. Astesiano, M. Broy and G. Reggio.
In IFIP WG 1.3 Book on Algebraic Foundations of System Specification (E. Astesiano, B. Krieg-Bruckner and H.-J. Kreowski editors),
Berlin, Springer Verlag, 1999.

Most software systems are concerned with concurrent systems and thus it is of paramount importance to provide good formal support to the specification, design, and implementation of concurrent systems. Algebraic/logic methods have also found interesting applications in this field, especially to treat at the right level of abstraction the relevant features of a system, helping to hide the unnecessary details and thus to master system complexity.

Due to the particularly complex nature of concurrent systems, and contrary to the case of classical (static) data structures, there are different ways of exploiting algebraic methods in concurrency.

In the literature, we can distinguish at least four kinds of approaches.

The algebraic techniques are used at the metalevel, for instance, in the definition or in the use of specification languages. Then a specification involves defining one or more expressions of the language, representing one or more systems.

A particular specification language (technique) for concurrent systems is complemented with the possibility of abstractly specifying the (static) data handled by the systems considered using algebraic specifications.
We can qualify the approaches of this kind by the slogan "plus algebraic specifications of static data types".

These methods use particular algebraic specifications having "dynamic sorts", which are sorts whose elements are/correspond to concurrent systems. In such approaches there is only one "algebraic model" (for instance, a first-order structure or algebra) in which some elements represent concurrent systems.
We can qualify the approaches of this kind as "algebraic specifications of dynamic-data types", which are types of dynamic data.

These methods allow us to specify an (abstract) data type, which is dynamically changing with time. In such approaches we have different "algebraic" models corresponding to different states of the system.
We can qualify the approaches of this kind as "algebraic specifications of dynamic data-types"; here the data types are dynamic.

We have organized the paper around the classification above, providing significant illustrative examples for each of the classes. Our rationale has been mainly to present representatives. In particular, there is no intention of providing a comparative study of the methods. This is a goal outside the scope of the book.
We use a common example for the presentation of all approaches, a very simple concurrent system.

The postscript and pdf versions of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll99a.ps and /person/ReggioG/AstesianoEtAll99a.pdf.


A Discipline for Handling Feature Interaction
E. Astesiano and G. Reggio.
In Requirements Targeting Software and Systems Engineering, Proc. RTSE '97.
(M. Broy and B. Rumpe editors),
Lecture Notes in Computer Science, n. 1526 Berlin, Springer Verlag, 1998.

A challenging problem within the wider software evolution problem is the development of systems by features. While most of the recent work centered around the detection of feature interactions, we present an approach based on modular specification, separation of concerns and prevention of unwanted interactions. We illustrate our approach extending a formalism for the specification of reactive systems and showing its application to some aspects of the well-known case of telephone systems (POTS and variations).
The paper concentrates more on the methodological aspects, which are, at large extent, independent of the formalism. Indeed, this seems to be the case of some rather novel concepts like the distinction between pre-features (features in isolation) and features, closed and open semantics, feature composition and discipline of feature interaction, and finally the pervading role of a kind of anti-frame assumption.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio98c.ps.Z


A Method to Capture Formal Requirements: the INVOICE Case Study
G. Reggio.
In Proc. of Int. Workshop "Comparing Specification Techniques: What Questions Are Prompted by Ones Particular Method of Specification. March 1998, Nantes (France) (M. Allemand, C. Attiogbe and H. Habrias editors),
IRIN - Universite de Nantes, 1998.

In the last years myself in cooperation with other people have developed various specification formalisms for systems which can be named concurrent, parallel, reactive, ..., and applied to various case studies also in projects in cooperation with industry. While the people forwarding the case studies have found satisfactory the formal specifications produced with our cooperation, they were asking "how can we produce such specifications?" and "how can be such specifications integrated into a development process?" That has lead us to try to derive, out of a specification formalism for systems, a method for supporting the development process. Here we present the part concerning requirement specifications (thus requirements capture and specification) and a visual presentation of such specifications.
Our requirement specifications are formal, follow an axiomatic (or better property oriented) style, and use a variant of the CTL branching-time temporal logic, which can be termed first-order, many-sorted, with edge-formulae and equality.
Here the emphasis in on "HOW" to get the formal specifications, and on how to present them in a sensible way, rendering visually any part that it is possible. The proposed method provides precise instructions ({\em guidelines}) guiding the user to find, after some analysis of the system, in an exhaustive way (all\slash most of ?) the reasonable properties.
In this paper we consider only the part of our method concerning requirement specifications of simple (non-structured) systems, and the method is presented by using the two variants of the simple INVOICE case study, proposed in a workshop about comparing methods for formal requirements.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio98b.ps.Z


Very Abstract Specifications: A formalism Independent Approach
M. Cerioli and G. Reggio.
In Mathematical Structures in Computer Science, 1997.

Given an already fully developed formal specification method for reactive systems, Two operations are presented for a modular approach to the definition of frameworks for rigorous development of software, formally represented as institutions. The first one generalize models, allowing them to have more structure than the minimal required by their declared signatures, as it happens for software modules, having local routines that do not appear in their interface. The second one extends sentences, and their interpretation in models, allowing sentences on richer signatures to be used as formulae for poorer ones. Combining the application of these operations, powerful institutions can be defined, like those for very abstract entities, or for hyper-loose algebraic specifications. The compatibility of different sequential applications of these operations and properties of the resulting institutions are studied as well.
This is an extended version of Institutions for Very Abstract Specifications.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CerioliM/MSCS97.ps.gz


A Graphic Notation for Formal Specifications of Dynamic Systems
G. Reggio and M. Larosa.
In Proc. FME 97 - Industrial Applications and Strengthened Foundations of Formal Methods
(J. Fitzgerald and C.B. Jones editors),
Lecture Notes in Computer Science, n. 1313, Berlin, Springer Verlag, 1997.

Given an already fully developed formal specification method for reactive systems, we also develop an alternative graphic notation for its specifications to improve writing and understanding of such specifications and, hopefully, the acceptance of the method by industrial users.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioLarosa97a.ps.Z


Formalism and Method
E. Astesiano and G. Reggio.
In Proc. TAPSOFT '97
(M. Bidoit and M. Dauchet editors),
Lecture Notes in Computer Science, n. 1214, Berlin, Springer Verlag, pages 93-114, 1997.

Luckily, is getting strength the view that formal methods are useful tools within the context of an overall engineering process, heavily influenced by other factors that developers of formalisms should take into account.
We argue that the impact of formalisms would much benefit from adopting the habit of systematically and carefully relating formalisms to methods and to the engineering context, at various levels of granularity. Consequently we oppose the attitude of conflating formalism and method, with the inevitable consequence of emphasizing the formalism or even just neglecting the methodological aspects.
In order to make our reflections more concrete we illustrate our viewpoint addressing one particular activity in the software development process, namely the use of formal specification techniques.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio97a.ps.Z


Specification of Abstract Dynamic DataTypes: A Temporal Logic Approach
G. Costa and G. Reggio.
In T.C.S., Vol. 173. n. 2, pages 513-554, 1997.

A concrete dynamic-data type is just a partial algebra with predicates such that for some of the sorts there is a special predicate defining a transition relation.
An abstract dynamic-data type (ad-dt) is an isomorphism class of such algebras. To obtain specifications for ad-dt's, we propose a logic which combines many-sorted first-order logic with branching-time combinators.
We consider both an initial and a loose semantics for our specifications and give sufficient conditions for the existence of the initial models. Then we discuss structured specifications and implementation.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/CostaReggio97a.ps.Z.


A Dynamic Specification of the RPC-Memory Problem
E. Astesiano and G. Reggio.
In Formal System Specification: The RPC-Memory Specification Case Study
(M. Broy, S. Merz and K. Spies editors),
Lecture Notes in Computer Science, n. 1169, Berlin, Springer Verlag, pages 67-108, 1996.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio96a.ps.Z


Deontic Concepts in the Algebraic Specification of Dynamic Systems: The Permission Case
E. Coscia and G. Reggio.
In Recent Trends in Data Type Specifications. 11th Workshop on Specification of Abstract Data Types. Oslo Norway, September 1995
(M.Haveraaen, O. Owe and O.-J. Dahl editors),
Lecture Notes in Computer Science, n. 1130, Berlin, Springer Verlag, pages 161-182, 1996.

Deontic logic is the logic dealing with real as well as with ideal behaviour. Concepts of obligation, permission and prohibition are useful in formal specification to give a picture of what a system ought or it is permitted to do or to be, without forcing its behaviour in any way.
In this paper, permission and prohibition concepts are introduced by means of particular predicates within a framework for the specification of Abstract Dynamic Data Types. This allows us to treat separately normal (permitted) and abnormal (non-permitted) activities, making more natural the specification of recovery policies after non ideal behaviours. Moreover, deontic qualifications on behaviour may be combined with branching-time combinators, to express properties on particular kinds of behaviours.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/CosciaReggio96a.ps.Z


The SMoLCS Toolset
E. Astesiano, G. Reggio and F. Morando
In Proc. of TAPSOFT '95 ( P.D. Mosses, M. Nielsen and M.I. Schwartzbach editors),
n. 915 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 810-801, 1995.

A short presentation of the SMoLCS toolset.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoEtAll95a.ps


Algebraic Oriented Institutions
M. Cerioli and G. Reggio
In Algebraic Methodology and Software Technology (AMAST'93) (M. Nivat, C. Rattray, T. Rus and G. Scollo editors),
Workshops in Computing, London, Springer Verlag, 1993.

In many recent applications of the algebraic paradigm to formal specification methodologies, basic frameworks are endowed with new features, tailored for special purposes, that mostly are "orthogonal" to the underlying algebraic framework, in the sense that they are instances of a parametric constructions. This lack of generality is conflicting with the ability of changing the basic formalism, and hence with the reuse of methodologies, seen as high-level theoretical tools for the software development.
In any real application two steps can be distinguished in the process of getting the most suitable algebraic formalism: the choice of the most appropriate basic algebraic formalism (i.e. sufficiently powerful for the problem, but non-overcomplex) and the addition of the features needed in the particular case (e.g. entities for structured parallelism or higher-order functions for functional programming). Thus here we propose a modular construction of algebraic frameworks, formalized by means of operations on institutions, used as a synonym for logical formalism, in order to build richer institutions by adding one feature at a time.
Many constructions used in the practice have meaning only for those institutions that represent "algebraic formalisms". In order to give sound foundations for the treatment of such operations, a preliminary step is the formal definition of which institutions correspond to algebraic frameworks. Here we propose a first attempt at the definition of algebraic-oriented institutions, that includes all interesting cases. Then, using this definition, we formally define some operations adding features to basic algebraic frameworks and show that the result of such operations applied to any algebraic-oriented institution is an algebraic-oriented institution, too; so that the result can be used as input for other operations, modularly building a formalism as rich as needed by the application.
Technically algebraic-oriented institutions are described by (standard) algebraic specifications, so that both theoretical and software tools are at hand to help in the building process; moreover algebraic specification users already have the know-how to understand and manipulate metaoperations building algebraic formalisms.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CerioliM/AMAST93.ps.z


Institutions for Very Abstract Specifications
M. Cerioli and G. Reggio
In Recent Trends in Data Type Specification (H. Ehrig and F. Orejas editors),
n. 785 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 113-127, 1994.

This paper is a first attempt at the definition of a set of operations on specification frameworks, supporting the modular construction of formal software specification methodologies.
Since obviously a formalism providing tools to deal with all possible software specification features, if any, would be a monster and would become out of date in a short time, in our opinion the first step, in order to produce formal specifications, is to get a framework including all the features needed by the particular problem under examination, but as simple as possible.
Following an obvious reuse principle, the best way to get such a framework is to assemble pieces of formalisms, studied once and forever, or to tune an available formalism, adding only the local features.
In this paper, following the well-established approach by Goguen and Burstall, specification frameworks are formalized as institutions; thus enrichments and assembling of formalisms become, in this setting, operations among institutions.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CerioliM/WADT93.ps.gz


A SMoLCS Based Kit for Defining the Semantics of High-Level Algebraic Petri Nets
M Bettaz and G. Reggio
In Recent Trends in Data Type Specification (H. Ehrig and F. Orejas editors),
n. 785 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 98-112, 1994.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/BettazReggio94a.ps.Z


Stores as Homomorphisms and their Transformations
E. Astesiano, G. Reggio and E. Zucca
In Proc. MFCS'93 (Mathematical Foundations of Computer Science)
(H. Ehrig and F. Orejas editors),
n. 711 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 242-251, 1993.

In the classical denotational model of imperative languages handling structured types, like arrays, requires an ad-hoc treatment for each data type, including e.g. an ad-hoc allocation and deallocation mechanism. Our aim is to give a homogeneous approach that can be followed whichever is the data structure of the language.
We start from the traditional model for Pascal-like languages, which uses a notion of store as a mapping from left values (containers for values, usually called locations), into right values; we combine this idea with the well-known algebraic approach for modelling data types. More precisely, we consider an algebraic structure both for the right and the left values; consequently, the store becomes a homomorphic mapping of the left into the right structure.
Seeing a store as a homomorphism has a number of interesting consequences. First of all, the transformations over a store can be uniformly and rigorously defined on the basis of the principle that they are minimal variations compatible with some basic intended effect (e.g., some elementary substitution). Thus semantic clauses too, which rely on these transformations as auxiliary functions, can be given uniformly; for example, we can give a unique clause for assignment for any data type in Pascal and Ada-like languages.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggioEtAl93a.ps.Z


Specifying Reactive Systems by Abstract Events
E. Astesiano and G. Reggio
In Proc. of Seventh International Workshop on Software Specification and Design (IWSSD-7),
Los Alamitos, CA, IEEE Computer Society, 1993.

We consider the problem of specifying reactive systems at different level of abstraction and propose a method for connecting the requirement to the design phase.
As in a variety of other approaches, we assume that a process is modelled by a labelled transition system. The requirement phase is supposed to define a class of models, while at the design level, usually via a stepwise refinement, essentially one model is singled out. The connection between the two phases is provided by the notion of abstract event, with its associated specification language.
An abstract event is defined as a set of its concrete instances, which are labelled transition sequences and can occur as partial paths over labelled transition trees. Abstract events, which may be noninstantaneous and overlapping, are a flexible tool for expressing abstract requirements and, because of their semantics in term of labelled transition sequences, provide a rather transparent support to the refinement procedure.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio93e.ps.Z


A Metalanguage for the Formal Requirement Specification of Reactive Systems
E. Astesiano and G. Reggio
In Proc. FME'93: Industrial-Strength Formal Methods
(J.C.P. Woodcock and P.G. Larsen editors),
n. 670 of Lecture Notes in Computer Science, Berlin, Springer Verlag, 1993.

Various formalisms have been proposed for the specification of software / hardware systems characterized by the possibility of performing some dynamic activities interacting with an external world, called reactive systems; however in the literature sometimes also terms as: concurrent, parallel, distributed, ... systems have been used for pointing out to some particualr features of the systems; here we simply use the term reactive systems. Some of these formalisms deal with properties at what we may call design level, when already architectural decisions have been taken and a specification determines essentially one structure, though still at a rather abstract level (we say abstract specifications). At the requirement level, the proposed formalisms are dealing with the abstract dynamic properties, i.e. those related to the possible events in a system life, usually classified in safety and liveness properties. Now the experience shows that also the structural properties of a system (including the static data) and their relationships with dynamic features of a system are fundamental also at the requirement level; however the specification mechanism should be able to avoid overspecification, not confusing requirements and design.
In this paper to propose an approach, supported by a metalanguage (schema), for dealing, at the requirement level, with both static and dynamic properties.
The approach is based on a specification formalism which, according to the institution paradigm, consists in models (semantic structures), sentences or formulae (syntax) and validity (semantics of sentences). A specification is a set of formulae determining a class of models, all those satisfying the formulae. The new and central idea of this paper is the proposed models, that we call entity algebras. Those models can support statements about the structure of reactive systems, dealing with the subcomponents of a system, without referring to detailed structuring combinators, which are essential at the design level, but here would spoil the generality of requirements.
In the first section we give a rather informal presentation of entity algebras, illustrated by a small example. In the second we present the syntax of a specification language and in the third section the notion of validity of a formula and the semantic of a specification; some examples concerning also the application to an industrial test case are reported in the fourth section.
Two important comments are in order. First our metalanguage is rather schematic, in the sense that we can choose various formalisms for expressing the dynamic properties. Here, we give just a set of combinators, taken from the branching time logic, sufficient for expressing some common interesting requirements on reactive systems. In general, depending on the specific application field (e.g., industrial plants handled by automatisms, software / hardware architectures and so on) one can choose a minimal set of combinators getting a formalism powerful enough but rather simple. The important point is that now the dynamic formulae are "anchored" to a term representing a dynamic element and so we have a formalism where it is possible to express requirements involving properties on the activity either of different systems or of a system and some of its components; for example we can express properties of the form "a new component which can eventually reach a certain situation cannot be added to a system satisfying some condition".

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio93c.ps.Z


Algebraic Specification of Concurrency (invited lecture)
E. Astesiano and G. Reggio
In Recent Trends in Data Type Specification
(M. Bidoit and C. Choppy editors),
n. 655 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 1-39, 1993.

Algebraic specification methods provide techniques for data abstraction and the structured specification, validation and analysis of data structures. Classically, a (concrete) data structure is modelled by a many-sorted algebra; various categories of many-sorted algebras can be considered, like total, partial, order-sorted, with predicates and so on. An isomorphism class of data structures is called an abstract data type (shortly adt) and an algebraic specification is a description of one or more abstract data types. There are various approaches for identifying classes of abstract data types associated with an algebraic specification, which constitute its semantics: initial, terminal, observational; a semantics is loose when it identifies a class (usually infinite) of adt's. Since data structures can be very complex (a flight reservation system, e.g.), structuring and parameterization mechanisms are fundamental for building large specifications.
Together with a rigorous description of data structures, algebraic specifications support stepwise refinement from abstract specifications to more concrete descriptions (in the end, programs) of systems by means of the notion of implementation and techniques for proving correctness of implementations. In this respect formal proof systems associated with algebraic specifications play a fundamental role. Finally specification languages provide a linguistic support to algebraic specifications.
The purpose of the algebraic specification of concurrent systems is to specify structures where some data represent processes or states of processes, i.e. objects about which it is possible to speak of dynamic evolution and interaction with other processes; more generally we can consider as the subject of algebraic specification of concurrency those structures able to describe entities which may be active participants of events. Such data structures will be called simply "concurrent systems", where "concurrent" conveys different meanings, from "occurring together" to "compete for the same resources" and to "cooperate for achieving the same aim".
The aim of this paper is twofold: to analyse the aims and the nature of the algebraic specifications of concurrency and to give, as examples, a short overview of some (not all) relevant work. First we introduce some basic concepts and terminology about processes: the various models around which the specification models are built and the fundamental issues of (observational) semantics, formal description and specification; moreover we give some illustrative examples of specification problems to be used later for making more concrete some general considerations and for assessing different methods. After we try to qualify the field: indicating three different fundamental motivations/viewpoints (and distinguishing between methods and instances); then outlining the issues to deal with; finally illustrating by two significant examples/approaches how this field stimulates innovations and improvements beyond the classical theory of adt's. Finally we outline some relevant approaches; however, being impossible to report on all methods, we have mainly used some approaches to illustrate, as examples, concrete ways of tackling the issues of the field.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio93b.ps.Z


Event Logic for Specifying Abstract Dynamic Data Types
G. Reggio
In Recent Trends in Data Type Specification
(M. Bidoit and C. Choppy editors),
n. 655 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 292-309, 1993.

A dynamic algebra is just a many-sorted algebra with predicates such that for some of the sorts (dynamic sorts) there is a special predicate defining a labelled transition relation; thus the dynamic elements are modelled by means of labelled transition systems. An abstract dynamic data type (addt) is an isomorphism class of dynamic algebras.
To obtain specifications for addt's we have first used first-order logic; however such logic is not suitable for expressing all interesting abstract properties of dynamic elements. Here we present an "event logic" for specifying addt’s; the name "event" comes from "event structures". Event structures are a nice formalism for abstractly modelling dynamic elements, which allows to express properties such as causality and true concurrency; but they lack well-developed techniques for structuring detailed descriptions of complex systems.
Event logic is an attempt at building up an integrated specification framework for:

  • expressing abstract properties of dynamic elements by giving some "relationships" between events;
  • modelling dynamic elements in a simple and intuitive way as labelled transition systems.
The basic idea is that, given a labelled transition system, an "event" is just a set of partial execution paths (those corresponding to occurrences of that event). As a consequence, we have that in this framework events are not considered instantaneous and so we can also express finer relationships between them, as:
  • there is no instant at which e' and e" occur simultaneously,
  • e is the sequential composition of e' and e",
  • each occurrence of e' includes an occurrence of e" (i.e., e" starts either together or after e' and terminates either before or together e').

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it in /person/ReggioG/Reggio93a.ps.Z


Algebraic Specification at Work
E. Astesiano, A. Giovini, F. Morando and G. Reggio.
In Proc. AMAST'91 (Algebraic Methodology and Software Technology),
Berlin, Springer Verlag, 1992.

Concurrent software systems are used in fields where safety and reliability are critical. In spite of that, the validation of concurrent software tends to rely more on empirical experiments rather than on rigorous proofs. This practice, which is already bad for sequential software, becomes awful for concurrent systems since, due to nondeterminism, the behaviour observed during testing is only the most likely to occur.
We present a formal approach with associated tools for handling this situation. This method allows us to derive from the specification all possible behaviours of a concurrent program and hence to be sure that a tested program will always behave correctly on its test-bed. We outline the approach discussing its application to a typical situation in industrial practice.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoGioviniEtAl92b.ps.Z


Observational Structures and their Logic
E. Astesiano, A. Giovini and G. Reggio.
In T.C.S., Vol. 96, 1992, pages 249-283.

A powerful paradigm is presented for defining semantics of data types which can assign sensible semantics also to data representing processes. Processes are abstractly viewed as elements of observable sort in an algebraic structure, independently of the language used for their description. In order to define process semantics depending on the observations we introduce observational structures, essentially first-order structures where we specify how processes are observed. Processes are observationally related by means of experiments considered similar depending on a similarity law and relations over processes are propagated to relations over elements of non-observable sort by a propagation law. Thus an observational equivalence is defined, as union of all observational relations, which can be seen as a very abstract generalization of bisimulation equivalences introduced by David Park.
Though being general and abstract our construction allows to extend and improve interesting classical results. For example it is shown that for finitely observable structures the observational equivalence is obtainable as a limit of a denumerable chain of iterations; our conditions, which apply to algebraic structures in general, when instantiated in the case of labelled transition systems, are more liberal than the finitely branching condition. More importantly, we show how to associate with an observational structure various modal observational logics, related to sets of experiment schemas, that we call pattern sets.
The main result of the paper proves that for any family of pattern sets representing the simulation law the corresponding modal observational logic is a Hennessy-Milner logic: two observable objects are observationally equivalent if and only if they satisfy the same set of modal observational formulas. Indeed observational logics generalize to first-order structures various modal logics for labelled transition systems. Applications are shown to multilevel parallelism, higher-order concurrent calculi, distributed and branching bisimulation.
The theory presented in the paper is not at all confined to give semantics of processes. Indeed it provides a general semantic paradigm for abstract data type specifications, where some data are processes. In order to support this claim, in the final section we briefly consider algebraic specifications and give small examples of specifications integrating processes, data types and functions.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoGioviniEtAl92a.ps.Z


Abstract Dynamic Data Types: a Temporal Logic Approach
G. Costa and G. Reggio.
In Proc. MFCS'91 (A. Tarlecki editor),
n. 520 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 103-112, 1991.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/CostaReggio91a.ps.Z


Entities: an Institution for Dynamic Systems
G. Reggio.
In Recent Trends in Data Type Specification
(H. Ehrig, K.P. Jantke, F. Orejas and H. Reichel editors),
n. 534 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 244-265, 1991.

The paper introduces the entity framework, entity algebras and specifications, and shows how they can be used for formally modelling and specifying dynamic systems.
Entity algebras give integrated formal models for both data types, processes and objects; they are a subclass of partial algebras with predicates, having the following features: some sorts correspond to dynamic elements (entities); entities may have subcomponent entities together with usual (static) subcomponents; the structure of an entity is not fixed but defined in each case; entities have identities in such a way that it is possible to describe sharing of subcomponents.
Correspondingly to this model level we have entity specifications; more precisely: specifications in the small and specifications in the large; the first ones can be used to formally specify particular dynamic systems; while the latter are suitable for expressing very abstract properties of classes of dynamic systems.
In the paper we consider the specifications in the small showing their properties (e.g., they constitute an institution) and giving several examples; while specification in the large are handled in a forthcoming paper.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio91a.ps.Z


Processes as Data Types: Observational Semantics and Logic
E. Astesiano, A. Giovini and G. Reggio.
In Proc. of 18-eme Ecole de Printemps en Informatique Theorique, Semantique du Parallelism
(I. Guessarian editor),
n. 469 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 1-20, 1990.

The paper presents an attempt towards a unifying approach for the semantics of concurrency, abstracting from the particular language used for describing processes.
Processes are here abstractly viewed as elements of observable sort in an algebraic structure; and in order to define appropriate semantics we embody in the algebraic structure an observational viewpoint, obtaining what we call an observational structure. With each observational structure an observational equivalence is associated, which is an abstract version of the well-known bisimulation equivalence of Park for transition systems.
The main result shows how to associate with a class of observational structures a set of modal observational logic formulas, such that an abstract version of the Hennessy-Milner theorem holds.


SMoLCS-Driven Concurrent Calculi
E. Astesiano and G. Reggio.
In Proc. TAPSOFT'87, Vol. 1
(H. Ehrig, R. Kowalski, G. Levi and U. Montanari editors),
n. 249 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 169-201, 1987.
Data in a Concurrent Environment
E. Astesiano, A. Giovini and G. Reggio.
In Proc. Concurrency '88 (International Conference on Concurrency), Hamburg, R.F.T., 1988
(F. Vogt editor),
n. 335 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 140-159, 1988.

Integrating specifications of data types and concurrency seems not only a necessity, but an issue to be handled quite naturally. However, if we look at recent research on this topics, we can realize that the integration is very much affected by the basic method for the specification of concurrency. As a result not always the specification of data types is handled in a simple and natural way. We take the position that processes should in a sense just be a data type as any other one and that an overall approach to specification should permit the specification of a data type as in the case when no concurrency is involved. Thus handling the interaction of processes with data should be part of the specification of the dynamic aspects of a system.
Accordingly to this position, since some years (and in cooperation with other authors) we have elaborated a specification technique by which processes/concurrent systems are special abstract data types, modelling concurrent systems as algebraic transition systems with possibly the specification of a parallel structure (in the following "abstract data type" is abbreviated to adt). Our technical framework looks naturally apt to accommodate data type specifications. Indeed all the components of a concurrent system are specified as adts. Moreover, since processes are themselves specified as adts, they can be treated as data. As we permit the specification of functions (we use higher-order algebraic specification), we can thus specify data of any complexity and also model systems where processes are exchanged between processes, stored and so on.
After illustrating our specification technique by means of a simple example we discuss formally the two above aspects.
First we show how the embedding of adt specifications into the specification of a concurrent system does not affect their semantics, whatever is the semantics chosen for the system; second we show that this fact also holds when the data are processes/concurrent systems. Then we tackle the main point of the interaction of processes with objects of some data type.


The Ada Challenge for New Formal Semantic Techniques
E. Astesiano, A. Giovini, F. Mazzanti, G. Reggio and E. Zucca .
In Ada: Managing the Transition, Proc. of the Ada-Europe International Conference, Edimburgh, 1986, Cambridge, University Press, pages 239-248, 1986.

Ada is posing new challenging problems in the field of formal definitions, as it is witnessed by the many attempts at a solution.
We argue that the CEC-MAP project on AdaFD could be considered a new starting point, meeting the challenge to some extent. Indeed, following the SMoLCS methodology, the dynamic semantics is split in two parts, formalizing a model for the underlying concurrent structure and then connecting the abstract syntax to that model by a set of denotational, hence compositional, clauses. The formal model is given as an abstract data type which accomodates an operational semantics of concurrency and a parameterized modular specification of all the needed structures.
We outline how the followed approach can handle some of the basic problems, particularly the interference between sequential and concurrent features, together with permitting a local correspondence with the Language Reference Manual. We also point out some problems still to be settled.


Relational Specification and Observational Semantics
E. Astesiano, G. Reggio and M. Wirsing.
In Proc. MFCS'86,
n. 233 of Lecture Notes in Computer Science, Berlin, Springer Verlag, pages 209-217, 1986.

This paper introduces a special class of partial abstract data types, called relational specifications, in which some operations with boolean values, called relational operations, play a special role.
Roughly speaking, if r is one of such operations, then any right hand side of a conditional axiom in which r appears, has the form r(t1,...,tn) = true, and in t1,...,tn no relational operation appears. The simple underlying intuition is that r(t1,...,tn) = true asserts that t1,...,tn satisfy a certain observation, formalized by r. Hence a relational specification is meant for defining a data type satisfying some observational requirements.
The motivation for this study is twofold. On one side relational specifications allow a very simple and intuitive theory of behavioural equivalence. In particular it is possible to combine a loose semantics approach to specification, as advocated e.g. in ASL, with the choice of a terminal model in a class of algebras, possibly preserving a fixed model (e.g., initial) of a subspecification.
On the other side the algebraic specification of labelled transition systems used for the specification of concurrent systems are special cases of relational specifications. Indeed, following [BW1], a transition s - f -> s' is expressed by the assertion ->(s,f,s') = true, where -> is seen as a boolean operation. Thus relational specifications are well suited to specify in a unique framework concurrent systems together with their observational semantics. Indeed the present work provides a simple foundation to a parameterized, modular and hierarchical approach to concurrency, the SMoLCS approach, currently adopted in the CEC-MAP project on the formal definition of Ada.
First we give the introductory definitions and results showing the existence of initial models and studying various hierarchical relational specifications. Then we show how a natural semantics expressed by a terminal model can be associated to a relational specification; the terminal model formalizes the idea of behavioural semantics w.r.t. the observations made using the relations. Some applications and examples will illustrate concepts and results throughout the paper.


Technical Reports


A Development Frame for Web Sites -- Complete Version
E. Crivello and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-05-16, Italy, 2005.

In this paper we present a "development frame" for web sites.
Technically, a development frame consists of
-- a problem frame, i.e., a pattern that provides a precise conceptual model of what is the problem to be solved;
-- and a precise method based on UML to be used in that specific case. The development frame for web sites presented in this paper have been defined by specializing the precise one proposed by Astesiano and Reggio.

The pdf version of this paper is available at CrivelloReggio05a.pdf.


Requirements Capture and Specification for Enterprise Applications: a UML Based Attempt
C. Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-05-10, Italy, 2005.

We propose a software development method for enterprise applications that combines the use of the structural concepts provided by problem frames, and the use of the UML notation. Problem frames are patterns that provide a precise conceptual model of what is the problem to be solved.
The first step of our method is to match the current task with one of the problem frames that we propose for entreprise applications, and this helps to understand the nature of the problem under study. The problem frames to be considered for enterprise applications are clearly more complex than the basic ones. We then provide guidelines to develop all the artifacts required by the method through a dedicated choice of appropriate UML diagrams together with predefined schemas or skeletons for their contents. Thus, using our method provides a more direct path to the UML models, which saves time (no long questions about which diagrams to use and how) and improves the models quality (relevant issues are addressed, a uniform style is offered). In this paper, we consider the phases of modelling the domain, the requirements capture and specification, and their relationships.
Enterprise Applications cover a wide range of applications. Our method, using problem frames, leads to choose precise concepts to handle appropriate variants.

The pdf version of this paper is available at ChoppyReggio05c.pdf.


A UML-Based Method for the Commanded Behaviour Frame
C.Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-04-12, Italy, 2004.

In this paper we show how to assist the development for problems fitting the Commanded Behaviour frame, using UML with a well-founded approach, and we illustrate our ideas with a lift case study.

The pdf version of this paper is available at ChoppyReggioIWAAF.pdf.


Using UML for Problem Frame Oriented Software Development (Complete Version)
C.Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-04-11, Italy, 2004.

We propose a software development approach that combines the use of the UML notation, the use of the structuring concepts provided by the problem frames, together with our methodological approach for well-founded methods.
The problem frames are used to provide a first idea of the main elements of the problem under study. Then we provide ad hoc UML based development methods for some of the most relevant problem frames together with precise guidelines for the users. The general idea of our method is that, for each frame, several artifacts have to be produced, each one corresponding to a part of the frame.
The description level may range from informal and sketchy, to formal and precise, while this approach is drawn from experience in formal specifications.

The postscript version of this paper is available at UFRAMESlong.ps.


Improving Use Case Based Requirements Using Formally Grounded Specifications (Complete Version)
C.Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-03-45, Italy, 2003.

Our approach aims at helping to produce adequate requirements, both clear and precise enough so as to provide a sound basis to the overall development. Our idea here is to find a way to combine both advantages of use cases and of formal specifications. We present a technique for improving use case based requirements, using the formally grounded development of the requirements specification, and that results both in an improved requirements capture, and in a requirement validation. The formally grounded requirements specification is written in a "visual" notation, using both diagrams and text, with a formal counterpart (written in the Casl and Casl-Ltl languages). Being formally grounded, our method is systematic, and it yields further questions on the system that will be reflected in the improved use case descriptions. The resulting use case descriptions are of high quality, more systematic, more precise, and its corresponding formally grounded specification is available. We illustrate our approach on part of the Auction System case study.

The postscript and pdf versions of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ChoppyReggio03c.ps. and /person/ReggioG/ChoppyReggio03c.pdf.


Casl-Ltl: A Casl Extension for Dynamic Reactive Systems Version 1.0 - Summary
G. Reggio, E. Astesiano and C. Choppy.
Technical Report of DISI - Università di Genova, DISI-TR-03-36, Italy, 2003.

CASL the basic language developed within CoFI, the Common Framework Initiative for algebraic specification and development, cannot be used for specifying the requirements and the design of dynamic software systems. CASL-LTL is an extension to overcome this limit, allowing to specify dynamic system by modelling them by means of labelled transition systems and by expressing their properties with temporal formulae. It is based on LTL, the Labelled Transition Logic, that is a logic-algebraic formalism for the specification of dynamic systems, mainly developed by E.Astesiano and G. Reggio.

This document gives a detailed summary of the syntax and intended semantics of CASL-LTL. It is intended for readers who are already familiar with CASL.

The postscript and pdf versions of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioEtAll03b.ps. and /person/ReggioG/ReggioEtAll03b.pdf.


Towards a Formally Grounded Software Development Method
C.Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-03-35, Italy, 2003.

One of the goals of software engineering is to provide what is necessary to write relevant, legible, useful descriptions of the systems to be developed, which will be the basis of successful developments. This goal was addressed both from informal approaches (providing in particular visual languages) and formal ones (providing a formal sound semantic basis). Informal approaches are often driven by a software development method, and while formal approaches sometimes provide a user method, it is usually aimed at helping to use the proposed formalism/language when writing a specification. Our goal here is to provide a companion method that helps the user to understand the system to be developed, and to write the corresponding formal specifications. We also aim at supporting visual presentations of formal specifications, so as to "make the best of both formal and informal worlds". We developed this method for the (logical-algebraic) specification languages CASL (Common Algebraic Specification Language, developed within the joint initiative CoFI) and for an extension for dynamic systems CASL-LTL, and we believe it is general enough to be adapted to other paradigms.

Another challenge is that a method that is too general does not encompass the different kinds of systems to be studied, while too many different specialized methods and paradigms result in partial views that may be difficult to integrate in a single global one. We deal with this issue by providing a limited number of instances of our method, fitted for three different kinds of software items and two specification approaches, while keeping a common "meta"-structure and way of thinking. More precisely, we consider here that a software item may be a simple dynamic system, a structured dynamic system, or a data structure. We also support both property-oriented (axiomatic) and model-oriented (constructive) specifications. We are thus providing support for the "building-bricks" tasks of specifying/modelling software artifacts that in our experience are needed for the development process.

Our approach is illustrated with a lift case study, it was also used with other large case studies, and when used on projects by students yielded homogeneous results.

Let us note that it may be used either as itself, e.g., for requirements specification, or in combination with structuring concepts such as the Jackson's problem frames.

The postscript and pdf versions of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ChoppyReggio03a.ps. and /person/ReggioG/ChoppyReggio03a.pdf.


Tight Structuring for Precise UML-based Requirement Specifications (Complete Version)
E. Astesiano and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-03-4, Italy, 2003.

On the basis of some experience in the use of UML-based use case-driven methods, we believe and claim, contrary to a recent wave for allowing almost total freedom as opposed to disciplined methods, that a tighter and more precise structuring of the artifacts for the different phases of the software development process may help speed-up the process, while obviously making easier the consistency checks among the various artifacts. To support our claim we have started to investigate an approach, that, though being compliant with the UML notation and a number of UML-based methods, departs from them both in the basic philosophy, that follows the "tight and precise" imperative, and in the technical solutions for structuring the various artifacts.
Building on some previous work concerning the structure of the requirement specification artifacts, here we complete upwards and improve our proposal, investigating the link between the analysis of the problem domain and the requirement capture and specification. Indeed, one of our assumptions, as advocated by some methodologists and backed by our own experience, is the neat separation between the problem domain and the system.
To that purpose we propose a rather new way of structuring the problem domain model and then the link with the system, that encompasses the most popular current approaches to domain modelling. Then we exploit both the domain model and our requirement specification frame for capturing and specifying the requirements. From our construction we can derive rigorous guidelines, only hinted to here, for the specification tasks, in a workflow that allows and suggests iteration and incrementality, but in a way that is not just based on the single use cases and takes more care of the overall construction. The various concepts and constructions are illustrated with the help of a small running case study.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio03c.pdf.


Consistency Problems in UML-based Software Development: Workshop Materials
L. Kuzniarz, G. Reggio, J.L. Sourrouille and Z. Huzar (editors).
Research Report Blekinge Institute of Technology (Sweden), 2002-06, 2002.

The pdf version of this book is available at http://www.ipd.bth.se/uml2002/RR-2002-06.pdf.


Between PIM and PSM: the P2P Case
G. Reggio, M. Cerioli and E. Astesiano.
Technical Report of DISI - Università di Genova, DISI-TR-02-49, Italy, 2002.
Presented at "Monterey 2002 Workshop: Radical Innovations of Software and SystemsEngineering in the Future", Venezia October 2002.

We address in general the problem of providing a methodological and notational support for the software development at the design level of applications based on the use of a middleware. In particular, because of the growing interest in mobile applications with nomadic users, we consider the middlewares supporting a peer-to-peer architecture. In order to keep the engineering support at the appropriate level of abstraction we formulate our support within the frame of Model Driven Architecture (MDA), the approach proposed by OMG that considers the design development starting with a Platform Independent Model (PIM) then mapped into one or more Platform Specific Models (PSM) for different platforms, where a model has to be understood in a UML sense.

In this paper our main aim is to advocate the introduction of an intermediate abstraction level, called ASM for Architecture Specific Model, that is particularly suited to abstract away the basic common architectural features of different platforms, further separating concerns and allowing a greater flexibility and reuse when implementing on specific platforms. That solution seems particularly advantageous in presence of many proposals of peer-to-peer middlewares.

Technically, the support for the ASM level is presented in the form of a UML, hence object-oriented, profile which embodies a basic abstract peer-to-peer paradigm architecture. Within that profile the connection with middleware is for each peer naturally represented by an object whose operations correspond to its primitives.

To be concrete all concepts and notations are illustrated by means of a running example.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioEtAll02a.pdf.


Metamodelling Behavioural Aspects: the Case of the UML State Machines (Complete Version)
G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-02-3, Italy, 2002.

The "object-oriented meta-modeling" seems currently to be one of the most promising approach to the "precise" definition of UML.
Essentially this means using a kernel object-oriented visula notation to define UML.
This has proved itself to be an intuitive way of defining the abstract syntax of UML. For what concerns the "static part", the initial work of the pUML group seems to confirm that the approach is workable, whereas no convincing proposal have been presented to cover the dynamic aspects, as active classes, cooperation/communications among active objects, state charts, sequence diagrams, and so on.

We think that to conveniently and precisely define such aspects, we need an underlying formal model of the dynamic behaviour of the active objects, and we think, supported by our past experience, that labelled transition systems are a good one.
We thus propose how to use a kernel visual notation to define labelled transition systems in an object-oriented way. Furthermore, we present also a new kind of diagrams, quite similar to state charts, LTD (Labelled Transition Diagrams) to visually present such definitions.

As an example, we work out the meta-model of the state machines starting from our formal definition of their semantics based on labelled transition systems.

The postscript and the pdf versions of this paper are available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio02b.ps. and /person/ReggioG/Reggio02b.pdf.


A Middleware-Oriented Visual Notation for Distributed Mobile Systems
G. Reggio, M. Cerioli and E. Astesiano.
Technical Report of DISI - Università di Genova, DISI-TR-01-54, Italy, 2001.

We are witnessing a growing demand for applications characterized by decentralization and mobility for which the peer-to-peer paradigm seems to have some clear advantages.
The use of a middleware, encapsulating the treatment of distribution and mobility and providing appropriate abstractions for handling them in a transparent way, improves and simplifies the development of such applications.
In this paper we present a visual notation supporting the development of software based on such middleware.
Our notation is characterized by the integration of the middleware into an OO paradigm, as an object whose operations correspond to the middleware primitives, and is UML-based, in the sense that, following the official UML terminology, we propose a new UML profile.
The models in our profile include diagrams to describe the software and the data on each kind of peer, the required cooperations among peers, the architecture of the overall system and the deployment on an actual network.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioEtAll01a.pdf.


A Proposal of a Dynamic Core for UML Metamodelling with MML
G. Reggio and E. Astesiano.
Technical Report of DISI - Università di Genova, DISI-TR-01-17, Italy, 2001.

We present an initial proposal for an extension of MML, the basic language of [1], by adding a dynamic core and a basic visual notation to represent behaviour. Then we give some hints on how to use this extension for metamodelling UML covering the behavioural-dynamic aspects.
The presentation will follow the style of [1].
This report has to be considered complementary to [1].
[1] T.Clark, A.Evans, S.Kent, S.Brodsky, and S.Cook.
A Feasibility Study in Rearchitecting UML as a Family of Languages using a Precise OO Meta-Modeling Approach - Version 1.0. (September 2000).
Available at http://www.cs.york.ac.uk/puml/mmf.pdf, 2000.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioAstesiano01a.pdf.


An Extension of UML for Modelling the nonPurely-Reactive Behaviour of Active Objects
G. Reggio and E. Astesiano.
Technical Report of DISI - Università di Genova, DISI-TR-00-28, Italy, 2000.

Modelling nonpurely-reactive systems, such as agents and autonomous processes, does not find a direct support in the UML notation as it stands, and it is questionable whether it is possible and sensible to provide it in the form of a lightweight extension via stereotypes.

Thus we propose to extend the UML notation with a new category of diagrams, "behaviour diagrams", which are, in our opinion, complementary to statecharts for nonpurely-reactive processes (active objects). The proposed diagrams, to be used at the design level, also enforce localization\encapsulation at the visual level. Together with motivating and presenting the notation, we also discuss the various possibilities for presenting its semantics in a palatable way, depending on the reader.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioAstesiano00b.pdf.


Casl-Chart: Syntax and Semantics
G. Reggio and L. Repetto.
Technical Report of DISI - Università di Genova, DISI-TR-00-01, Italy, 2000.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioRepetto00a.ps.


A CASL Formal Definition of UML Active Classes and Associated State Machines
G. Reggio, E. Astesiano, C. Choppy and H. Hussman.
Technical Report of DISI - Università di Genova, DISI-TR-99-16, Italy, 1999. Revised March 2000.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio99b.ps.


Thirty one Problems in the Semantics of UML 1.3 Dynamics
G. Reggio and R. Wieringa.
OOPSLA'99 workshop "Rigorous Modelling and Analysis of the UML: Challenges and Limitations", Denver, 1999.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioWieringa99a.ps


Using CASL to Specify the Requirements and the Design: A Problem Specific Approach -- Complete Version
C. Choppy and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-99-33, Italy. 1999.

In its book, "Software Requirements & Specifications: a Lexicon of Practice, Principles and Prejudices" (Addison-Wesley, 1995) M. Jackson introduces the concept of problem frame to describe specific classes of problems, to help in the specification and design of systems, and also to provide a framework for reusability. He thus identifies some particular frames, such as the translation frame (e.g., a compiler), the information system frame, the control frame (or reactive system frame), ... Each frame is described along three viewpoints that are application domains, requirements, and design.
Our aim is to use CASL (or possibly a sublanguage or an extension of CASL if and when appropriate) to formally specify the requirements and the design of particular classes of problems ("problem frames"). This goal is related to methodology issues for CASL, that are here addressed in a more specific way, having in mind some particular problem frame, i.e. a class of systems.
It is hoped that this will provide both a help in using, in a really effective way, CASL for system specifications, a link with approaches that are currently used in the industry, and a framework for the reusability of CASL specifications.
This approach is illustrated with some case studies, e.g., the information system frame is illustrated with the invoice system case study.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ChoppyReggio99a.ps


Abstract Data Types and UML Models
H. Hussmann, M. Cerioli, G. Reggio and F. Tort.
Technical Report of DISI - Università di Genova, DISI-TR-99-15, Italy. 1999.

Object-oriented modelling, using for instance the Unified Modeling Language (UML), is based on the principles of data abstraction and data encapsulation. In this paper, we closely examine the relationship between object-oriented models (using UML) and the classical algebraic approach to data abstraction (using the Common Algebraic Specification Language CASL).
Technically, possible alternatives for a translation from UML to CASL are studied, and analysed for their principal consequences.
It is shown that object-oriented approaches and algebraic approaches differ in their view of data abstraction. Moreover, it is explained how specification methodology derived from the algebraic world can be used to achieve high quality in object-oriented models.

The pdf version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/HussmannEtAlt99a.pdf


A Proposal for a Semantics of a Subset of Multi-Threaded Good Java Programs
E. Coscia and G. Reggio.
Technical Report of Imperial College - London, 1998.

We have given an operational semantics to multi-threaded Java (leaving aside, for the moment, mechanism for distributed computing) by following the informal specification given by the language developers.
This work had pointed out some questionable properties of the Java programs concerning the way concurrent threads can interact with shared objects. Java semantics allows the access to shared objects to occur in a very loose way and this sometimes has very strange effects and makes it impossible or, at least, very hard to reason about concurrent programs. We have formally characterized one subclass of Java programs having acceptable properties guaranteeing a reliable use of shared variables, based on the idea that the mechanism ensuring such properties is the use of synchronization.
The good point, is that the restriction to the class of Java programs allows the use of a simpler operational semantics, and, consequently, simpler observations and equivalence notion.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/CosciaE/papers/JavaVancouver.ps


UML as Heterogeneous Multiview Notation: Strategies for a Formal Foundation
E. Astesiano and G. Reggio.
Technical Report of DISI - Università di Genova, DISI-TR-98-15, Italy, 1998.
Presented at the OOPSLA Workshoop: Formalizing UML. Why? How?, Vancouver, October 1998.

The postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio98e.ps.


A Graphic Specification of a High-Voltage Station
G. Reggio.
Technical Report of DISI - Università di Genova,
DISI-TR-98-33, Italy, 1998.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/Reggio98d.ps.Z


Labelled Transition Logic: An Outline
E. Astesiano and G. Reggio.
Technical Report of DISI - Università di Genova,
DISI-TR-96-20, Italy, 1996.

In the last ten years we have developed and experimented in a series of projects, including industry test cases, a method for the specification of reactive concurrent systems both at the requirement and at the design level. We present here in outline its main technical features, providing pointers to appropriate references for more detailed presentations of single aspects and of the associated tools and reference manuals.
The overall main feature of the method is its logical\algebraic character, since it extends to labelled transition systems the logical\algebraic specification method of abstract data types and processes are viewed as data within first-order structures called LT-structures. Some advantages of the approach are the full integration of the specification of static data and of dynamic elements, which includes by free higher-order concurrency, and the exploitation of well-explored classical techniques in many respects, including implementation and tools.
On the other hand the use of labelled transition systems for modelling processes, inspired by CCS, allows us to take advantage, with appropriate extensions, of some important concepts, like communication mechanisms and observational semantics, developed in the area of concurrency around CCS, CSP and related approaches.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio96d.ps.Z


Specification of a High-Voltage Substation: Revised Tool-Checked Version
G. Reggio and V. Filippi.
Technical Report of DISI - Università di Genova,
DISI-TR-95-09, Italy, 1995.

Specification of a Hydroelectric Power Station: Revised Tool-Checked Version
G. Reggio and E. Crivelli.
Technical Report of DISI - Università di Genova,
DISI-TR-94-17, Italy, 1994.


Formally-Driven Friendly Specifications of Concurrent Systems: A Two-Rail Approach
E. Astesiano and G. Reggio.
Technical Report of DISI - Università di Genova,
DISI-TR-94-20, Italy, 1994.
Presented at ICSE'17-Workshop on Formal Methods, Seattle April 1995.

Throughout a multiannual projects with industry people on the applicability of a formal method for the specification of concurrent systems, it became apparent that, to make that method acceptable, it would be convenient, not to say necessary to have at hand, in all phases of the development process, an informal counterpart of the formal specification. As a catchword we suggest a "two-rail principle", to say that informal and formal specifications should proceed in parallel. Quite obviously the aim is twofold: on one side to overcome the skill problem, typical of most developers with an insufficient educational background and on the other one easing the interaction with clients and users, who quite often have a completely different background.
Hence we raise the question whether that principle is sensible and always advisable or just to be confined to special situations.
Here we offer the result of our experience, i.e. the instantiation of that principle to the method developed within that project. A key idea was to derive the schema for informal specifications from the formal method and not vice versa. In close analogy with what happens for program development in structured programming, in our method the development process is guided by a documentation language, whose structure is suggested by and embodies the structure of the models for the development phases and for the ultimate product (here the concurrent system).
The final document includes at every stage a natural language description (provided and\or checked by the client), a formal specification (perhaps done by a team of specialists) and a formally-driven informal specification (for the non-specialist developers and as an interface with the natural language description).

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/AstesianoReggio94a.ps.Z


The Reference Manual for the SMoLCS Methodology
G. Reggio, D. Bertello and A. Morgavi.
Technical Report of DISI - Università di Genova,
DISI-TR-94-12, Italy, 1994.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ReggioBertelloEtAl94a.ps.Z


METAL: a Metalanguage for SMoLCS
G. Reggio and F. Parodi.
Technical Report of DISI - Università di Genova,
DISI-TR-94-13, Italy, 1994.

The compressed postscript version of this paper is available through anonymous ftp at ftp.disi.unige.it, in /person/ReggioG/ParodiReggio94a.ps.Z


Formal Specification of the Cnet Inter-node Communication Architecture
E. Astesiano, F. Mazzanti, G. Reggio and E. Zucca .
n. 140 of Quaderni Cnet, ETS, Pisa, 1985.


Please send suggestions and comments to:
Gianna Reggio reggio@disi.unige.it

Last Updated: 18/4/2004