Forgot your password?

Tools To Automate Checking of Software Design 128

Posted by Zonk
from the looks-good-chief dept.
heck writes "Scientific American describes some of the work to develop tools for examining the design of software for logical inconsistencies. The article is by one of the developers of Alloy, but the article does reference other tools (open and closed source) in development. The author admits that widespread usage of the tools are years away, but it is interesting reading the approach they are taking regarding validation of design."
This discussion has been archived. No new comments can be posted.

Tools To Automate Checking of Software Design

Comments Filter:
  • by aeroz3 (306042) on Friday June 02, 2006 @10:56PM (#15459929)
    The point of these tools, is to simply verify the consistency of a design, not to execute or examine existing source code. The steps involved are:
    1) Come up with software design
    2) Implement software design in one of these tools (model it in Z, or as a state machine using fsp/ltsa)
    3) Use said tool to verify the consistency of the design.

    Now, this activity, of course, takes a lot of time, and is unlikely to ever be of any use to your average J2EE/Ajax/Enterprise application. Areas where they CAN be of use are in things such as life-critical systems. For instance medical devices, or air plane control systems. Using something like FSP/LTSA you can model, check, and verify that your design does not every allow the system to enter into an invalid state. Now, remember, this says nothing about the final code, there is a separate issue of the code not matching the design, but it is possible to verify that the design does not ever lead to invalid states.
  • by dwheeler (321049) on Saturday June 03, 2006 @12:33AM (#15460216) Homepage Journal
    The referenced article has a lot about formal methods tools (including "light" formal methods tools). See the paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS)... with Lots on Formal Methods [] for FLOSS programs that support this. For a list of some tools that look for security vulnerabilities, see the FlawFinder web site [], which links to others.

    Alloy is a cool tool, if it does something you want done. But nobody should be fooled into thinking that you can just run Alloy and suddenly your code is perfect. Alloy just helps you check out a model based on set theory, etc... it's a long distance from models like that to the actual code.

If you're not part of the solution, you're part of the precipitate.