Paper-14

Report as inappropriate Your report has been received

Shared by: shilpabangalore

Tags

Stats

views:: 13
posted:: 9/14/2012
language:: English
pages:: 17

Public Domain

Document Sample

International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012

Requirement Specification Using Z
Formal Specification Language
Dr. Arvinder Kaur1 and Samridhi Gulati2
1
Assosiate Professor, USICT, Guru Gobind Singh Indraprastha University, Dwarka, Sector-16C, New Delhi, India
arvinder70@gmail.com
2
USICT, Guru Gobind Singh Indraprastha University, Dwarka, Sector-16C, New Delhi, India
sgulati87@gmail.com

Abstract

Formal methods used in developing computer systems are mathematical techniques for portraying
system properties. Such formal methods provide structures within which software system can be
specified, developed and verified in a systematic, rather than ad hoc, manner. Z is a model oriented
formal specification language based on Zermelo-Fränkel axiomatic set theory and first order predicate
logic. It is a strongly typed, mathematical specification language, with the help of which requirements
written in natural language can be converted into mathematical form. An abstract Z specification of
employee maintenance for a human resource system is presented in this paper. Then we described how
specification can be strengthened. The specification is finally checked and tested using Z/EVES and
Fastest toolset respectively.

Keywords: Formal Specification Language, Z, Testing

1. Introduction

To assure reliability of systems being designed and constructed is the most challenging tasks in
software development. With the ever-increasing complexity of computer systems, reliable and
effective design and development of high quality systems that satisfy their requirements is
extremely important. These challenges call for acceptance of proper engineering methods and
tools and have motivated the use of formal methods in software engineerin g. Z formal
specification language helps in this situation. Z notation named after Zermelo -Fränkel set theory
is a formal specification language used for describing and modeling computing systems. It is
targeted at the clear specification of computer programs and computer-based systems in general
[1].
In this paper an outline of formal specification language is described in Section 2.In Section 3 Z
specification for employee maintenance is presented to illustrate the use of language. In Section 4 test
cases are generated using Fastest tool. Conclusions are presented in Section 5.

2. An Outline

In this section we describe formal specification language and its different types.

2.1. Formal Specification Language

Formal methods used in developing computer systems are mathematical based techniques for
portraying system properties. Such formal methods provide structures within which software system can
be specified, developed and verified in a systematic, rather than ad hoc, manner [2].

Special Issue Page 115 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
The representation used in formal methods is called a formal specification language. The language is
“formal” in the sense that it has a formal semantics and as a result can be used to express specifications in
a clear and unambiguous manner. A formal specification language can be used to specify the task at hand
in a clear and concise manner. As formal methods and formal specification language has sound
mathematical basis, it provides the means of proving that specification is realizable, complete, consistent
and unambiguous. Even the most complex systems can be modeled using relatively simple mathematical
objects, such as sets, relations and functions [2].

2.2. Types of Formal Specification Languages

Different types of Formal Specification Languages are:

Z- The Z language is a model oriented, formal specification language that was proposed by Jean-
Raymond Abrail, Steve Schuman and Betrand Meyer in 1977 and it was later further developed at the
programming research group at Oxford University [3]. It is based on Zermelo-Fränkel axiomatic set
theory and first order predicate logic. The Z notation [1] is a strongly typed, mathematical, specification
language.
B-The B Formal Method is based on Abstract Machine Notation. It was developed by Jean- Raymond
Abrail in France and UK [4]. It is also based on set theory and first order predicate calculus.
RAISE –RAISE stands Rigorous Approach to Industrial Software Engineering. It was developed by
D.Bjorner in1990 [5]. It uses a set of tools based on, Raise Specification Language (RSL).
VDM-One of the longest-established Formal Methods for the development of computer-based
systems is termed as Vienna Development Method (VDM). It was developed at IBM's Vienna Laboratory
in the 1970s. It was further extended to, VDM++, which supports the modeling of object-oriented and
concurrent systems [6].

3. Overview of Z Formal Specification Language

In this section, we briefly describe Z formal specification language. A Z specification for employee
maintenance is presented to illustrate the use of language. We then describe how the specification can be
strengthened.

3.1. Description of Z Formal Specification Language

The Z language is a model oriented, formal specification language that was proposed by Jean-
Raymond Abrail, Steve Schuman and Betrand Meyer in 1977 and it was later further developed at the
programming research group at Oxford University [3]. It is based on Zermelo Fränkel axiomatic set
theory and first order predicate logic. The Z notation [1] is a strongly typed, mathematical, specification
language. It has robust commercially available tool support for checking Z texts for syntax and type
errors in much the same way that a compiler checks code in an executable programming language. It
cannot be executed, interpreted or compiled into a running program. It allows specification to be
decomposed into small pieces called schemas. The schema is the main feature that distinguishes Z from
other formal notations. In Z, both static and dynamic aspects of a system can be described using schemas.
The Z specification describes the data model, system state and operations of the system. Z specification
is useful for those who find the requirements, those who implement programs to meet those requirements,
those who test the consequences, and those who write instruction manuals for the system [1].
Z also helps in refinement towards an implementation by mathematically relating the abstract and
concrete states. Z is being used by a wide variety of companies for many different applications.
In the Z notation there are two languages [7]:

Mathematical Language
The mathematical language is used to describe various aspects of a design: objects, and the
relationships between them by using propositional logic, predicate logic, sets, relation and functions.

Special Issue Page 116 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012

Schema Language
The schema language is used to structure and compose descriptions: collecting pieces of information,
encapsulating them, and naming them for reuse.
In Z formal specification language, a set of schemas is used for structuring specifications. Schemas are
box like structure that introduces variables and specifies the relationship between these variables [1]. A
schema is shown below. All declarations are made above the central line and predicates are defined below
the central line.

SchemaName
Declarations

Predicates

 DECLARATION: All variables are declared above the central line.
 PREDICATES: Values of variables are constrained below the central line.

3.2. A Case Study

Following natural language requirement specification is converted in Z-notation.

3.2.1. Employee Maintenance

3.2.1.1 Add an employee by entering

Employee information

Salary

Dependent's information

3.2.1.2 Update employee information

Update any employee information except the social security number (SSN).

3.2.1.3 Delete employee information

Delete all information about an individual employee.

3.2.1.4 Inquire on an individual employee

Using an employee SSN, view all information about that specific employee.

Special Issue Page 117 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
3.3. Z specification for Employee Maintenance

[SSN,NAME,TYPECODE,NO_DEP]

An object is defined by declaring it. The set of all SSN, NAME, TYPECODE, NO_DEP are basic
types of the specification.

State Specification

EmployeeInfo
ssn :ℙ SSN
ename :ℙ NAME
salary:ℝ
typecode :ℙ TYPECODE
no_dep :ℙ NO_DEP
empname :SSN⇸ NAME
empsalary :SSN⇸ ℝ
empcode :SSN⇸ TYPECODE
empdep:SSN⇸ NO_DEP

ssn = dom empname
ssn = dom empcode
ssn = dom empdep
salary>0

In the above Schema, variables are declared in the part above the central dividing line and a part
below the line gives a relationship between the values of variables. In the above schema the state space of
a system is described and the nine variables represent important observations which we can make of the
state:

 ssn is the set of social security number of employees.
 ename is the set of names of employees.
 salary is the set of salary of employees.
 typecode is the set of designation of employees.
 no_dep is the set of total number of dependents of employees.
 empname is a function which, when applied to certain ssn gives the name associated with them.
 empsalaryis a function which, when applied to certain ssn gives the salary associated with them.
 empcode is a function which, when applied to certain ssn gives the type of code associated with
them.
 empdep is a function which, when applied to certain ssn gives the no of dependents associated
with them.

Special Issue Page 118 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
The part of the schema below the line gives a relationship which is true in every state of the system
and is maintained by every operation on it. In this case, it says that the set ssn is same as the domain of
the function empname, empcode, empdep (the set of names to which it can be validly applied). This
relationship is an invariant of the system.

AddEmployee
ΔEmployeeInfo
newssn? : SSN
newename? : NAME
sal? : ℝ
newtypecode? : TYPECODE
new_no_dep? : NO_DEP

newssn?∉ ssn∧
ssn′ = ssn ∪ {newssn?}
empname′ = empname ∪ {newssn?↦ newename?}∧
empsalary′ = empsalary ∪ {newssn?↦sal?}∧
empcode′ = empcode ∪ {newssn?↦ newtypecode?}∧
empdep′ =empdep ∪ {newssn?↦ new_no_dep?}

The declaration ΔEmployeeInfo defines that schema is describing a state change. It introduces ten
variables ssn, empname, empcode, empsalary, empdep, ssn′, empname′, empsalary′, empcode′, empdep′.
The first five variables are observation of the state before the change, and last five variables are
observations of the state after the change.

Invariants are satisfied by implicitly constraining each pair of variables, so invariants should hold
before or after the operation. After that five inputs to the operations are declared. According to
convention of Z language, the names of inputs end in a question mark such as newssn?,newename? , sal?
, newtypecode? , new_no_dep?. The part of the schema below the central line first of all gives the pre-
condition. For the success of any operation such as for add operation to be successful, social security
number of new employee should not be known to the system.This is reasonable, since each employee
should have unique ssn. The operation uses union (∪) operator for this purpose. The second line i.e. post
condition “ssn′ = ssn ∪ {newssn?}” states that new ssn is added to the set of ssn and “empname′ =
empname ∪ {newssn?↦ newename?}”states that empname function is extended to map the newssn to the
corresponding ename similarly , all other functions are extended to map the newssn to sal , typecode , no
of dependents respectively.

Special Issue Page 119 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
UpdateEmployee
ΔEmployeeInfo
ssn? : SSN
ename? : NAME
salary? : ℝ
typecode? : TYPECODE
no_dep? : NO_DEP

ssn?∈ ssn∧
empname′ = empname ⊕ {ssn?↦ ename?}∨
empsalary′ = empsalary ⊕ {ssn?↦salary?}∨
empcode′ = empcode ⊕ {ssn?↦ typecode?}∨
empdep′ =empdep ⊕ {ssn?↦ no_dep?}

UpdateEmployee schema describes how the details of an employee can be updated. In this,
declaration ΔEmployeeInfo defines that schema is describing a state change. It introduces ten variables
ssn, empname,empsalary, empcode, empdep , ssn′ , empname′ , empsalary′ , empcode′ , empdep′.The first
five variables are observation of the state before the change , and last five variables are observations of
the change. newssn?,newename?, sal?, newtypecode?, new_no_dep? are taken as input. The part of the
schema below the central line first of all gives the pre-condition ssn? ∈ssn i.e. employee details should
exist in the system before. The operation uses relational override (⊕) operator for this purpose. The post-
condition “empname′ = empname ⊕ {ssn?↦ename?}”asserts that for the corresponding social security
number employee name is overwritten by new name .Similarly all other details can also be updated.

DeleteEmployee
ΔEmployeeInfo
who?: SSN

who?∈ ssn
empname′ = {who?}⩤ empname
empsalary′ = {who?}⩤ empsalary
empcode′ ={who?}⩤ empcode
empdep′ = {who?}⩤ empdep

DeleteEmployee schema describes how the details of an employee can be deleted. In this, declaration
ΔEmployeeInfo defines that schema is describing a state change. It introduces ten variables ssn,
empname, empsalary, empcode, empdep , ssn′ , empname′ , empsalary′ , empcode′ , empdep′. The first
fivevariables are observation of the state before the change and last five variables are observations of the
change. who? is taken as input. The part of the schema below the central linefirst of all gives the pre-

Special Issue Page 120 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
condition who? ∈ssn i.e. employee details should exist in the system before. The operation uses domain
subtraction (⩤ ) operator for this purpose. The post-condition “empname′ = {who?}⩤ empname”asserts
that for the corresponding social security number following employee name is deleted. Similarly all other
details can also be deleted.

FindEmployee
ΞEmployeeInfo
ssn? : SSN
ename! : NAME
salary! : ℝ
typecode!: TYPECODE
no_dep! : NO_DEP

ssn?∈ SSN
ename! = empname ssn?
salary! = empsalary ssn?
typecode ! = empcode ssn?
no_dep! = empdep ssn?

The FindEmployee schema describes how the details of an employee can be found out. In
thisdeclarationΞEmployeeInfo indicates that this is an operation in which state does not change. The part
above the central line describes that the system takes social security number as input and yields ename,
salary, typecode and no_dep asoutput. According to convention of Z language , the names of outputs end
in a exclamation mark like ename ! , salary ! , typecode ! andno_dep!.The part of the schema below the
central linefirst of all gives the pre condition ssn? ∈ssn i.e ssn is one of the ssn known to the system
before. The post condition“ename! = empname ssn?” asserts that the output ename! is the value of the
empname function at argument ssn?.

3.4. Strengthening the Specification

As long as there are no mistakes in the input, specification will correctly record employee details.
But if the user will try to add details for an employee who is already known to the system, try to update or
delete any detail of an employee who is not known to system or tries to find or query about an employee
not known to the system, then the specification will result in serious flaws. These flaws can be handled by
separately creating robust schemas, which depicts that any operation can be evaluated in any
environment.

3.4.1. Employee Maintenance

Special Issue Page 121 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
REPORT :: = success|alreadyPresent|notPresent

REPORT is the set of values that describe either a schema's success or the reasons for its failure, ::=
stands for free type definition [7]. The | separates one element from the next. Each element name begins
with a lower case letter and contains no spaces. Another output result! can be added to each operation on
the system. If the operation is successful , the output result will take the value success otherwise will take
the value alreadyPresent or notPresent.
The Success schema has just two declarations and one predicate. It will be combined with
other schemas to indicate their successful outcome.

Success Schema

Success
result: REPORT
result! : REPORT

result! = success

AlreadyPresent Schema

AlreadyPresent
ΞEmployeeInfo
ssn? : SSN
result: REPORT
result! : REPORT

ssn? ∈SSN
result! = alreadyPresent

AlreadyPresent schema describes the condition under which the error occurs and specifies the
appropriate report is produced. In the part above the central line declaration ΞEmployeeInfo indicates that
this is an operation in which state does not change. The system takes ssn? as an input and yield result! as
an output. The part below the central line specifies that report alreadyPresent is produced when input ssn?
is already known to the system.

NotPresent Schema

Special Issue Page 122 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
NotPresent
ΞEmployeeInfo
ssn? : SSN
result: REPORT
result! : REPORT

ssn? ∉ SSN
result! = notPresent

NotPresent schema describes the condition under which the error occurs and specifies the
appropriate report is produced. In the part above the central line declaration ΞEmployeeInfo indicates that
this is an operation in which state does not change. The system takes ssn? as an input and yield result! as
an output. The part below the central line specifies that report notPresent is produced when input ssn? is
not known to the system.

Complete Operation

RAddEmployee ≙ (AddEmployee ∧ Success)∨AlreadyPresent

Special Issue Page 123 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
RAddEmployee
ΔEmployeeInfo
newssn? : SSN
newename? : NAME
sal? : ℝ
newtypecode? : TYPECODE
new_no_dep? : NO_DEP
Report : REPORT
result! : REPORT

(newssn?∉ ssn∧
ssn′ = ssn ∪ {newssn?}∧
empname′ = empname ∪ {newssn?↦ newename?}∧
empsalary′ = empsalary ∪ {newssn?↦sal?}∧
empcode′ = empcode ∪ {newssn?↦ newtypecode?}∧
empdep′ =empdep ∪ {newssn?↦ new_no_dep?}∧
result! = success)∨
(newssn?∈ssn ∧
empname′ = empname∧
empsalary′ = empsalary∧
empcode′ = empcode∧
empdep′ =empdep∧
result! = alreadyPresent)

To create a robust version of AddEmployee we can combine schemas. The above definition
introduces a new schema RAddEmployee which is obtained by combining three schemas. Conjunction(∧)
is used to combine two schemas AddEmployee∧Success and disjunction (∨) is used to represent
alternative (AddEmployee∧Success) ∨AlreadyPresent. If the input ssn? is not known to the system then a
new employee record is added to database and result success is returned otherwise if the input ssn? is
already known to the system then state of the system is not changed and result alreadyPresent is returned.

UpdateOk ≙ (UpdateEmploy ee∧ Success)∨ NotPresent

Special Issue Page 124 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
RUpdateEmployee
ΔEmployeeInfo
ssn? : SSN
ename? : NAME
salary? : ℝ
typecode? : TYPECODE
no_dep? : NO_DEP
Report : REPORT
result! : REPORT

(ssn?∈ ssn∧
empname′ = empname ⊕ {ssn?↦ ename?}∨
empsalary′ = empsalary ⊕ {ssn?↦salary?}∨
empcode′ = empcode ⊕ {ssn?↦ typecode?}∨
empdep′ =empdep ⊕ {ssn?↦ no_dep?}∧
result! = success)∨
(ssn?∉ ssn ∧
empname′ = empname∧
empsalary′ = empsalary∧
empcode′ = empcode∧
empdep′ =empdep∧
result! = notPresent)

To create a robust version of UpdateEmployee we can combine schemas. The above definition
introduces a new schema RUpadteEmployee which is obtained by combining three schemas. Conjunction
(∧) is used to combine two schemas UpdateEmployee∧Success and disjunction (∨) is used to represent
alternative (UpdateEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then an
employee record can be updated in the database and result success is returned otherwise if the input ssn?
is not known to the system then state of the system is not changed and result notPresent is returned.

DeleteOk ≙ (DeleteEmployee ∧ Success)∨ NotPresent

Special Issue Page 125 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
RDeleteEmployee
ΔEmployeeInfo
who?: SSN
Report : REPORT
result! : REPORT

(who?∈ ssn∧
empname′ = {who?}⩤ empname∧
result! = success)∨
(who?∉ ssn ∧
empname′ = empname∧
empsalary′ = empsalary∧
empcode′ = empcode∧
empdep′ =empdep∧
result! = notPresent)

To create a robust version of DeleteEmployee we can combine schemas. The above definition
introduces a new schema RDeleteEmployee which is obtained by combining three schemas. Conjunction
(∧) is used to combine two schemas DeleteEmployee∧Success and disjunction (∨) is used to represent
alternative (DeleteEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then a
employee record can be deleted from the database and result success is returned otherwise if the input
ssn? is not known to the system then state of the system is not changed and result notPresent is returned.

FindOk ≙ (FindEmployee ∧ Success)∨ NotPresent

Special Issue Page 126 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
RFindEmployee
ΞEmployeeInfo
ssn? : SSN
ename! : NAME
salary! : ℝ
typecode!: TYPECODE
no_dep! : NO_DEP
Report : REPORT
result! : REPORT

(ssn?∈ SSN∧
ename! = empname ssn?∧
salary! = empsalary ssn?∧
typecode ! = empcode ssn?∧
no_dep! = empdep ssn?∧
result! = success)∨
(ssn?∉ ssn ∧
result! = notPresent)

To create a robust version of FindEmployee we can combine schemas. The above definition
introduces a new schema RFindEmployee which is obtained by combining three schemas. Conjunction(∧)
is used to combine two schemas FindEmployee∧Success and disjunction (∨) is used to represent
alternative (FindEmployee∧Success) ∨NotPresent. If the input ssn? is known to the system then a
employee details can be found out from the database and result success is returned otherwise if the input
ssn? is not known to the system then state of the system is not changed and result notPresent is returned.

3.5 Verification

To type check a document clicks the fuzz button in Z/Word tool [8]. The results are displayed in a
dialog box.

Special Issue Page 127 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012

Figure 3.1: Type checking the Z specifications.

After type checking Z/Word tool generates a .tex file, which is used as input for the Z/Eves tool [9].

Figure 3.2: Verification of Z specification.

4. Testing

Testing can be the most expensive phase of software development. Almost 80% software fails
because of the improper or inefficient testing, so it is very important phase of software development. By
using formal method testing can be almost automated, thus changing the cost of testing by the cost of
formalization which is reported to be quite less expensive.

Special Issue Page 128 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
4.1. Model Based Testing

Model based testing (MBT) uses formal specification to generate test cases and to verify whether
errors are uncovered or not. The main hypothesis behind MBT is that, as a program is correct if it verifies
its specification, then the specification is an excellent source of test cases [10], [11].

4.2. Test Template Framework

The Test Template Framework (TTF) defined by [12] is a model based testing framework particular
MBT theory is appropriate for unit testing. The TTF uses Z specifications as the entry models. Each
operation within the specification is evaluated to generate abstract test cases. This evaluation consists of
the following steps:
 Consider the input space (IS) of each operation
 Derive the valid input space (VIS) of each Z operation.
 In the next step, VIS is partitioned by applying one or more tactics
 Test objectives are generated.
 Prune inconsistent test objectives.
 Find one abstract test case from each remaining test objective.

4.3. Fastest

Fastest implements the TTF allowing users to automatically produce test cases for a given Z
specification [13].

Special Issue Page 129 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012

5. Conclusions

Z is one of the formal specification languages which are being widely used around the world. Z
works on high level of abstraction of a system and provides a strong base for system designing and then
testing it. Z can be used to compactly specify any system including safety and mission critical systems. Z
has various collection of Mathematical Toolkit, which supports user to specify the requirements without
any ambiguity. It has robust commercially available tool support for checking Z texts, for syntax and type
errors. Large specifications are achievable in Z, using the schema notation for structuring. The schema is
the main feature that distinguishes Z from other formal notations. It does not require a high level of
mathematics rather it requires knowledge of basic set theory and first order logic for the analysis of a
complete system. We can also develop an object oriented system with Z. The Z/Word tool is used for
writing schemas. The specification is finally checked and tested using Z/EVES and Fastest toolset
respectively. Z language does not generate the code directly into any programming language it is the
choice of the programmer in which programming language he/she wants to code the developed design. In
future we will try to extend the work further to develop concrete Z specification and will investigate
formal refinement techniques for Real-Time Systems.

6. References
[1] J. Davies and J. Woodcock, “Using Z: Specification, Refinement, and Proof”, In Prentice Hall, 1996.
[2] R. Pressman, “Software Engineering- A Practitioner’s Approach”, McGraw Hill, 5th edition, 2000.
[3]J.R. Abrial, S. A. Schuman and B. Meyer: “A Specification Language, in On the Construction of
Programs”, Cambridge University Press, eds. A. M. Macnaghten and R. M. McKeag, 1980.
[4] J.R. Abrial, “The B Book - Assigning Programs to Meanings”, Cambridge University Press, 1996.
[5]URL http://spd-web.terma.com/Projects/RAISE/ .
[6] C. B. Jones, “Systematic Software Development using VDM”, In Prentice Hall, 1990.
[7]J.M. Spivey, “The Z Notation, Reference Manual”, 2nd edition, Prentice Hall International, 1992.
[8] URL http://sourceforge.net/projects/zwordtools/.
[9] M. Saaltink, “The Z/EVES System,” in ZUM ’97: The Z Formal Speciﬁcation Notation, J. Bowen,

Special Issue Page 130 of 146 ISSN 2229 5216
International Journal of Advances in Science and Technology,
Vol. 5, No.1, 2012
M. Hinchey and D. Till, Eds., 1997, pp. 72–85.
[10] M. Utting and B. Legeard, Practical Model-Based Testing: A Tools Approach. San Francisco, CA,
USA:Morgan Kaufmann Publishers Inc., 2006.
[11] R. M. Hierons and et al., “Using formal specifications to support testing,” ACM Comput.Surv.vol.
41, no. 2, pp. 1–76, 2009.
[12] P. Stocks and D. Carrington, “A Framework for Specification-Based Testing,” IEEE Transactions
on Software Engineering, vol. 22, no. 11, pp. 777–793, Nov. 1996.
[13] M. Crista and P. R.Monetti, “Implementing and applying the Stocks-Carrington framework for
model-based testing,” in ICFEM, ser. Lecture Notes in Computer Science,K. Breitman and A.
CavalcantiEds., Springer, vol. 5885, pp. 167–185, 2009.

Authors Profile

Dr. Arvinder Kaur is an Associate Professor with the University School of Information
Technology, Guru Gobind Singh Indraprastha University, India. She obtained her doctorate
from Guru Gobind Singh Indraprastha University and her master‟s degree in computer
science from Thapar Institute of Engineering and Technology. Prior to joining the school, she
worked with B.R. Ambedkar Regional Engineering College, Jalandhar and Thapar Institute of
Engineering and Technology. She is a recipient of the Career Award for Young Teachers
from the All India Council of Technical Education, India. Her research interests include
software engineering, object-oriented software engineering, software metrics, software
quality, software project management, and software testing. She also is a lifetime member of
ISTE and CSI. Kaur has published more than 80 research papers in national and international
journals and conferences.

Ms. Samridhi Gulati received B. Tech in CSE from Uttar Pradesh Technical University in
2009. She is currently pursuing M.Tech in IT from Guru Gobind Singh Indraprastha
University. Her area of interest is Software Engineering.

Special Issue Page 131 of 146 ISSN 2229 5216