Lecture Notes in Computer Science 5503Commenced Publication in 1973Founding and Former Series Editors:Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board

David HutchisonLancaster University, UK

Takeo KanadeCarnegie Mellon University, Pittsburgh, PA, USA

Josef KittlerUniversity of Surrey, Guildford, UK

Jon M. KleinbergCornell University, Ithaca, NY, USA

Alfred KobsaUniversity of California, Irvine, CA, USA

Friedemann MatternETH Zurich, Switzerland

John C. MitchellStanford University, CA, USA

Moni NaorWeizmann Institute of Science, Rehovot, Israel

Oscar NierstraszUniversity of Bern, Switzerland

C. Pandu RanganIndian Institute of Technology, Madras, India

Bernhard SteffenUniversity of Dortmund, Germany

Madhu SudanMassachusetts Institute of Technology, MA, USA

Demetri TerzopoulosUniversity of California, Los Angeles, CA, USA

Doug TygarUniversity of California, Berkeley, CA, USA

Gerhard WeikumMax-Planck Institute of Computer Science, Saarbruecken, Germany

Marsha Chechik Martin Wirsing (Eds.)

Fundamental Approachesto Software Engineering

12th International Conference, FASE 2009Held as Part of the Joint European Conferenceson Theory and Practice of Software, ETAPS 2009York, UK, March 22-29, 2009Proceedings

13

Volume Editors

Marsha ChechikUniversity of TorontoDepartment of Computer Science10 King’s College Road, Toronto, ON, M5S 3G4, CanadaE-mail: chechik@cs.toronto.edu

Martin WirsingLMU MunichInstitute of Computer ScienceOettingenstr. 67, 80538 Munich, GermanyE-mail: wirsing@pst.ifi.lmu.de

Library of Congress Control Number: Applied for

CR Subject Classification (1998): D.2, F.3, D.3, F.4, G.4

LNCS Sublibrary: SL 1 – Theoretical Computer Science and General Issues

ISSN 0302-9743ISBN-10 3-642-00592-6 Springer Berlin Heidelberg New YorkISBN-13 978-3-642-00592-3 Springer Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material isconcerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting,reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publicationor parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965,in its current version, and permission for use must always be obtained from Springer. Violations are liableto prosecution under the German Copyright Law.

springer.com

© Springer-Verlag Berlin Heidelberg 2009Printed in Germany

Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, IndiaPrinted on acid-free paper SPIN: 12633227 06/3180 5 4 3 2 1 0

Foreword

ETAPS 2009 was the 12th instance of the European Joint Conferences on The-ory and Practice of Software. ETAPS is an annual federated conference thatwas established in 1998 by combining a number of existing and new confer-ences. This year it comprised five conferences (CC, ESOP, FASE, FOSSACS,TACAS), 22 satellite workshops (ACCAT, ARSPA-WITS, Bytecode, COCV,COMPASS, FESCA, FInCo, FORMED, GaLoP, GT-VMT, HFL, LDTA, MBT,MLQA, OpenCert, PLACES, QAPL, RC, SafeCert, TAASN, TERMGRAPH,and WING), four tutorials, and seven invited lectures (excluding those that werespecific to the satellite events). The five main conferences received this year 532submissions (including 30 tool demonstration papers), 141 of which were ac-cepted (10 tool demos), giving an overall acceptance rate of about 26%, withmost of the conferences at around 25%. Congratulations therefore to all the au-thors who made it to the final programme! I hope that most of the other authorswill still have found a way of participating in this exciting event, and that youwill all continue submitting to ETAPS and contributing towards making it thebest conference on software science and engineering.

The events that comprise ETAPS address various aspects of the system de-velopment process, including specification, design, implementation, analysis andimprovement. The languages, methodologies and tools which support these ac-tivities are all well within its scope. Different blends of theory and practiceare represented, with an inclination towards theory with a practical motivationon the one hand and soundly based practice on the other. Many of the issuesinvolved in software design apply to systems in general, including hardware sys-tems, and the emphasis on software is not intended to be exclusive.

ETAPS is a confederation in which each event retains its own identity, witha separate Programme Committee and proceedings. Its format is open-ended,allowing it to grow and evolve as time goes by. Contributed talks and systemdemonstrations are in synchronised parallel sessions, with invited lectures inplenary sessions. Two of the invited lectures are reserved for ‘unifying’ talks ontopics of interest to the whole range of ETAPS attendees. The aim of crammingall this activity into a single one-week meeting is to create a strong magnet foracademic and industrial researchers working on topics within its scope, givingthem the opportunity to learn about research in related areas, and thereby tofoster new and existing links between work in areas that were formerly addressedin separate meetings.

ETAPS 2009 was organised by the University of York in cooperation with

� European Association for Theoretical Computer Science (EATCS)� European Association for Programming Languages and Systems (EAPLS)� European Association of Software Science and Technology (EASST)

VI Foreword

and with support from ERCIM, Microsoft Research, Rolls-Royce, Transitive,and Yorkshire Forward.

The organising team comprised:

Chair Gerald LuettgenSecretariat Ginny Wilson and Bob FrenchFinances Alan WoodSatellite Events Jeremy Jacob and Simon O’KeefePublicity Colin Runciman and Richard PaigeWebsite Fiona Polack and Malihe Tabatabaie.

Overall planning for ETAPS conferences is the responsibility of its SteeringCommittee, whose current membership is:

Vladimiro Sassone (Southampton, Chair), Luca de Alfaro (Santa Cruz), RobertoAmadio (Paris), Giuseppe Castagna (Paris), Marsha Chechik (Toronto), SophiaDrossopoulou (London), Hartmut Ehrig (Berlin), Javier Esparza (Munich), JoseFiadeiro (Leicester), Andrew Gordon (MSR Cambridge), Rajiv Gupta (Arizona),Chris Hankin (London), Laurie Hendren (McGill), Mike Hinchey (NASA God-dard), Paola Inverardi (L’Aquila), Joost-Pieter Katoen (Aachen), Paul Klint(Amsterdam), Stefan Kowalewski (Aachen), Shriram Krishnamurthi (Brown),Kim Larsen (Aalborg), Gerald Luettgen (York), Rupak Majumdar (Los Ange-les), Tiziana Margaria (Gottingen), Ugo Montanari (Pisa), Oege de Moor (Ox-ford), Luke Ong (Oxford), Catuscia Palamidessi (Paris), George Papadopoulos(Cyprus), Anna Philippou (Cyprus), David Rosenblum (London), Don Sannella(Edinburgh), Joao Saraiva (Minho), Michael Schwartzbach (Aarhus), PerditaStevens (Edinburgh), Gabriel Taentzer (Marburg), Daniel Varro (Budapest),and Martin Wirsing (Munich).

I would like to express my sincere gratitude to all of these people and or-ganisations, the Programme Committee Chairs and PC members of the ETAPSconferences, the organisers of the satellite events, the speakers themselves, themany reviewers, and Springer for agreeing to publish the ETAPS proceedings.Finally, I would like to thank the Organising Chair of ETAPS 2009, GeraldLuettgen, for arranging for us to hold ETAPS in the most beautiful city of York.

January 2009 Vladimiro Sassone, ChairETAPS Steering Committee

Preface

Software technology has become a driving factor for a rapidly growing range ofproducts and services from all sectors of economic activity. At its core is a setof technical and scientific challenges that must be addressed in order to set thestage for the development, deployment, and application of tools and methods insupport of the construction of complex software systems.

The International Conference on Fundamental Approaches to Software En-gineering (FASE) – as one of the European Joint Conferences on Theory andPractice of Software (ETAPS) – focuses on those core challenges. FASE providesthe software engineering research community with a forum for presenting the-ories, languages, methods, and tools arising from both fundamental research inthe academic community and applied work in practical development contexts.

In 2009, FASE received 132 submissions: 123 regular papers and 9 tool pa-pers. Each submission received an average of 3.1 reviews by technical expertsfrom the Program Committee, helped by the external research community. Eachpaper was further discussed during a two-week “electronic” meeting. We wishto express our sincere thanks to all of the referees for the time, effort, and caretaken in reviewing and discussing the submissions. The Program Committeeselected 30 papers and 2 tool demonstrations – an acceptance rate of 24%. Ac-cepted papers addressed topics such as model-driven development, modeling andspecification, model analysis, testing, debugging, synthesis, security, and adapta-tion. The technical program was complemented by the invited lecture of StephenGilmore on “Scalable Analysis of Scalable Systems.”

FASE 2009 was held in York (UK) as part of the 12th edition of ETAPS.Arrangements were the responsibility of the local Organizing Committee, andthe overall coordination of ETAPS was carried out by its Steering Committee.We would like to thank the Chairs of these committees, Gerald Luettgen andVladimiro Sassone, for the professional and friendly support with which we wereprovided throughout this process. The planning and coordination of the FASEseries of conferences is the responsibility of EASST (European Association ofSoftware Science and Technology). We would like to thank Reiko Heckel, asChair of the Steering Committee of FASE in 2007, for having invited us to beCo-chairs of this 2009 edition. We wish all the best to the Co-chairs of the 2010edition, Gaby Taentzer and David Rosenblum.

We used EasyChair for managing the paper selection process and for assem-bling the LNCS volume, and found this system very convenient. We are gratefulto Springer for their helpful collaboration and assistance in producing this vol-ume. As always, the real stars of the show are the authors of the papers, andespecially the presenters. We would like to thank them all for having put somuch effort into the papers and the presentations. As to the attendees of FASE

VIII Preface

2009, we are sure that they were inspired by the technical and social quality ofthe program, and we are grateful for their participation.

January 2009 Marsha ChechikMartin Wirsing

Organization

Programme Chairs

Marsha Chechik University of Toronto (Canada)Martin Wirsing LMU Munich (Germany)

Programme Committee

Michel Bidoit INRIA Saclay (France)Ruth Breu University of Innsbruck (Austria)Jim Davies University of Oxford (UK)Juergen Dingel Queen’s University (Canada)Schahram Dustdar Vienna University of Technology (Austria)Alexander Egyed Johannes Kepler University Linz (Austria)Jose Fiadeiro University of Leicester (UK)Harald C. Gall University of Zurich (Switzerland)Dimitra Giannakopolou RIACS/NASA Ames (USA)Reiko Heckel University of Leicester (UK)Mats Heimdahl University of Minnesota (USA)Paola Inverardi University of L’Aquila (Italy)Alexander Knapp University of Augsburg (Germany)Angelika Mader University of Twente (Netherlands)TSE Maibaum McMaster University (Canada)Tiziana Margaria University of Potsdam (Germany)Fabio Massacci University of Trento (Italy)Stephan Merz INRIA Nancy (France)Peter Olveczky University of Oslo (Norway)Richard Paige University of York (UK)Gregg Rothermel University of Nebraska-Lincoln (USA)Koushik Sen University of California, Berkeley (USA)Perdita Stevens University of Edinburgh (UK)Gabriele Taentzer University of Marburg (Germany)Ladan Tahvildari University of Waterloo (Canada)Tetsuo Tamai University of Tokyo (Japan)Sebastian Uchitel University of Buenos Aires (Argentina)Daniel Varro Budapest University of Technology and

Economics (Hungary)

X Organization

External Reviewers

Aboulsamh, MohammedAgreiter, BertholdArendt, ThorstenAutili, MarcoBalogh, AndrasBauer, SebastianBerard, BeatriceBeszedes, ArpadBielova, NataliiaBisztray, DenesBocchi, LauraBoronat, ArturBouza, AmancioBrooke, PhilBurnim, JacobChen, FengChetali, BoutheinaChimiak-Opoka, JoannaChoppy, ChristineClavel, ManuelCrichton, CharlesDalpiaz, Fabianode Lara, JuanDi Benedetto, PaoloDi Ruscio, DavideDonyina, AdwoaDrivalos, NikosEgger, JeffErmel, ClaudiaEscobar, SantiagoFelderer, MichaelFluri, BeatGe, XiaochengGhezzi, GiacomoGiger, EmanuelGrabe, ImmoGonczy, LaszloHabli, IbrahimHaddad, SergeHafner, Michael

Hert, MatthiasHolmes, TaidIris GroherDeepack DughanaIstenes, ZoltanJacquemard, FlorentJalbert, NickJhala, RanjitJoshi, PallaviJung, GeorgJurack, StefanJuszczyk, LukaszJuvekar, SudeepJorges, SvenKatt, BaselKhan, TamimKolovos, DimitriosKordon, FabriceKovi, AndrasKyas, MarcelLangerak, RomLapouchnian, AlexeiLi, FeiLoew, SarahManolescu, IoanaMarche, ClaudeMarincic, JelenaMarkey, NicolasMehmood, WaqarMemon, MukhtiarMezei, GergelyMinas, MarkMontresor, AlbertoMuccini, HenryNeuhaus, StephanPark, Chang-SeoPark, Myung-HwanPelliccione, PatrizioPinter, GergelyPolack, Fiona

Posse, ErnestoRadjenovic, AlekRassadko, NatalyiaReif, GeraldReiff-Marganiec, S.Rose, LouisRath, IstvanSaidane, AydaSchall, DanielSchneider, GerardoSchubert, WolfgangSchurr, AndySiahaan, Ida Sri RejekiStaats, MattSteffen, BernhardSteffen, MartinStergiou, ChristosTavakoli Kolagari, R.Tivoli, MassimoTorrini, PaoloTruong, Hong-LinhTuosto, EmilioUre, JennyVoisin, FredericVan Wyk, EricVarro, GergelyVarro-Gyapay, SzilviaVasko, MartinVillard, JulesVoigt, HorstWagner, ChristianWang, Chen-WeiWeber, MichaelWelch, JamesWierse, GerdWuersch, MichaelXu, KaiYautsiukhin, ArtsiomZannone, NicolaZhou, Yu

Table of Contents

Scalable Analysis of Scalable Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Allan Clark, Stephen Gilmore, and Mirco Tribastone

Model-Driven Development

Rewriting Logic Semantics and Verification of ModelTransformations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Artur Boronat, Reiko Heckel, and Jose Meseguer

Confluence in Domain-Independent Product Line Transformations . . . . . 34Jon Oldevik, Øystein Haugen, and Birger Møller-Pedersen

Object Flow Definition for Refined Activity Diagrams . . . . . . . . . . . . . . . . 49Stefan Jurack, Leen Lambers, Katharina Mehner,Gabriele Taentzer, and Gerd Wierse

A Category-Theoretical Approach to the Formalisation of VersionControl in MDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Adrian Rutle, Alessandro Rossini, Yngve Lamo, and Uwe Wolter

Synthesis and Adaptation

Controller Synthesis from LSC Requirements . . . . . . . . . . . . . . . . . . . . . . . . 79Hillel Kugler, Cory Plock, and Amir Pnueli

Interface Generation and Compositional Verification inJavaPathfinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Dimitra Giannakopoulou and Corina S. Pasareanu

A Formal Way from Text to Code Templates . . . . . . . . . . . . . . . . . . . . . . . . 109Guido Wachsmuth

Context-Aware Adaptive Services: The PLASTIC Approach . . . . . . . . . . . 124Marco Autili, Paolo Di Benedetto, and Paola Inverardi

Modeling

Synchronous Modeling and Validation of Priority InheritanceSchedulers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Erwan Jahier, Nicolas Halbwachs, and Pascal Raymond

XII Table of Contents

Describing and Analyzing Behaviours over Tabular Specifications Using(Dyn)Alloy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Nazareno M. Aguirre, Marcelo F. Frias, Mariano M. Moscato,Thomas S.E. Maibaum, and Alan Wassyng

Testing and Debugging

Reducing the Costs of Bounded-Exhaustive Testing . . . . . . . . . . . . . . . . . . 171Vilas Jagannath, Yun Young Lee, Brett Daniel, and Darko Marinov

Logical Testing: Hoare-style Specification Meets ExecutableValidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Kathryn E. Gray and Alan Mycroft

Cross-Entropy-Based Replay of Concurrent Programs . . . . . . . . . . . . . . . . . 201Hana Chockler, Eitan Farchi, Benny Godlin, and Sergey Novikov

Model Analysis

Control Dependence for Extended Finite State Machines . . . . . . . . . . . . . . 216Kelly Androutsopoulos, David Clark, Mark Harman, Zheng Li, andLaurence Tratt

Proving Consistency of Pure Methods and Model Fields . . . . . . . . . . . . . . 231K. Rustan M. Leino and Ronald Middelkoop

On the Implementation of @pre . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246Piotr Kosiuczenko

Formal Specification and Analysis of Timing Properties in SoftwareSystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Musab AlTurki, Dinakar Dhurjati, Dachuan Yu, Ajay Chander, andHiroshi Inamura

Patterns

Formal Foundation for Pattern-Based Modelling . . . . . . . . . . . . . . . . . . . . . 278Paolo Bottoni, Esther Guerra, and Juan de Lara

Problem-Oriented Documentation of Design Patterns . . . . . . . . . . . . . . . . . 294Alexander Fulleborn, Klaus Meffert, and Maritta Heisel

Security

Certification of Smart-Card Applications in Common Criteria: ProvingRepresentation Correspondences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Iman Narasamdya and Michael Perin

Table of Contents XIII

Transformation of Type Graphs with Inheritance for Ensuring Securityin E-Government Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Frank Hermann, Hartmut Ehrig, and Claudia Ermel

A Formal Connection between Security Automata and JMLAnnotations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Marieke Huisman and Alejandro Tamalet

Queries and Error Handling

Algorithms for Automatically Computing the Causal Paths ofFailures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

William N. Sumner and Xiangyu Zhang

Mining API Error-Handling Specifications from Source Code . . . . . . . . . . 370Mithun Acharya and Tao Xie

SNIFF: A Search Engine for Java Using Free-Form Queries . . . . . . . . . . . . 385Shaunak Chatterjee, Sudeep Juvekar, and Koushik Sen

Inquiry and Introspection for Non-deterministic Queries in MobileNetworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Vasanth Rajamani, Christine Julien, Jamie Payton, andGruia-Catalin Roman

Tools (Demos) and Program Analysis

HOL-TestGen: An Interactive Test-Case Generation Framework . . . . . . 417Achim D. Brucker and Burkhart Wolff

CADS*: Computer-Aided Development of Self-* Systems . . . . . . . . . . . . . . 421Radu Calinescu and Marta Kwiatkowska

HAVE: Detecting Atomicity Violations via Integrated Dynamic andStatic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Qichang Chen, Liqiang Wang, Zijiang Yang, and Scott D. Stoller

Accurate and Efficient Structural Characteristic Feature Extraction forClone Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Hoan Anh Nguyen, Tung Thanh Nguyen, Nam H. Pham,Jafar M. Al-Kofahi, and Tien N. Nguyen

Enhanced Property Specification and Verification in BLAST . . . . . . . . . . 456Ondrej Sery

Finding Loop Invariants for Programs over Arrays Using a TheoremProver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Laura Kovacs and Andrei Voronkov

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487