Formal Modeling of Complex Commands in Industrial Software Specifications

We present a formal approach for modeling complex commands characterized by heavy overloading of function, large numbers of parameters, dependencies among parameters, subtle side effects, and lack of abstraction. Complex commands arise in a variety of business settings such as requesting a brokerage order, enrolling in a course, and specifying a product order. In addition, complex commands are also prevalent where specification of commands is strictly separated from multiple, independent implementations as in open software standards. Our approach is based on an inheritance structure known as a command lattice. Like other forms of inheritance, command lattices support incremental definition and abbreviation of specifications. Because a complete command lattice can have a large number of specifications, we develop another structure known as a minimal command tree in which a command lattice is derived from a much smaller number of independent specifications. To map from a minimal command tree to a command lattice, we present algorithms that materialize an arbitrary node of a command lattice and compactly generate the behavior of a command lattice. To demonstrate the potential of command lattices, we have implemented a set of tools that provide convenient specification and powerful reasoning capabilities. Our tool collection includes the Command Specification Language that supports a precise and rich specification of the structural and behavioral properties of commands, the incremental definition tool that ensures consistency of command lattices, the browsing tool that displays a command's inheritance structure, the type checker that ensures structural consistency of commands in expressions, and the target system tracer that simulates a sequence of command executions. We discuss our experiences applying the tools to IBM's Distributed Data Management, a large scale specification of data access on remote and heterogeneous IBM systems.