We describe two tools---ETF and Mathmodels---for developing reliable software by eliciting precise specifications, validating them and verifying that the final software product satisfies the requirements. Mathmodels extends the classical Eiffel contracting notation with the use of mathematical models (sets, sequences, relations, functions, bags) to describe abstract state machines. Classical contracts are incomplete or are low level implementation assertions. Mathmodel contracts provide complete specifications of components and systems that can be verified via runtime contract checking scaling up to large systems. Mathmodels are void safe and have immutable queries (for specifications) as well as relatively efficient mutable commands for the abstract description of algorithms. The ETF tool is used in requirements elicitation to derive specifications, to describe the user interface, to identify the abstract state, and to develop use cases before the software product is constructed. The ETF tool generates code that decouples the user interface from the design (the business logic). The ETF Tool supports the derivation of important system safety invariants which become Mathmodel class invariants in the production code. The ideas can be extended to other contracting languages and frameworks and are placed in the context of best practices for software engineering. We also discuss this work in the light of proposals for software engineering education.

Download paper in PDF format.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.