•  Software Quality - Prevention Versus Cure? April 2003
R.Geoff Dromey
Abstract: In traditional engineering disciplines a preventative approach is used to tackle defects and thereby produce quality products and systems. A recent case study suggests that in software engineering a curative approach to finding defects and producing quality software may be the most practical way to proceed. Here, the argument for a curative approach to software quality is challenged, and suggestions are made on how appropriate component-based quality models, that contain both generic and domainspecific quality knowledge, may be used to support a preventative approach to producing quality software products and systems.

•  Making Requirements Defect Detection Repeatable January 2003
X. Zheng, R.G. Dromey
Abstract: Given a set of functional requirements, if they are subject to a repeatable requirements defect detection process by different parties, the same set of defects should be detected. And, at the same time, when a model we propose fails, we want to be able to detect failure and easily correct the model. To make progress towards realizing these goals three things are needed: (1) representations of requirements information that reveal or make it much easier to “see” defects, (2) a clear formal characterization of defects with respect to each representation, and (3) well-defined and independently repeatable processes for first constructing then using each representation to elicit the defects it reveals. The representations we choose must accurately capture not only the behaviour expressed in the original individual functional requirements, but equally importantly, the integrated behaviour of a set of requirements - many defects only arise from the combined effect of more than one functional requirement.
•  From Requirements To Design – Without Miracles September 2002
R.G.Dromey
Abstract: Despite the advances in software engineering since 1968, current methods for going from a set of functional requirements to a design are not as direct, repeatable and constructive as we would like. Progress with this fundamental problem is possible once we recognize that individual functional requirements represent fragments of behaviour, while a design that satisfies a set of functional requirements represents integrated behaviour. This perspective admits the prospect of constructing a design out of its requirements. A formal representation for individual functional requirements, called behavior trees makes this possible. Behaviour trees of individual functional requirements may be composed, one at a time, to create an integrated design behaviour tree. From this problem domain representation it is then possible to transition directly and systematically to a solution domain representation of the component architecture of the system and the behaviour designs of the individual components that make up the system – both are emergent properties.

•  On Expressing and Monitoring Behaviour in Contracts September 2002
Z. Milosevic, R.G. Dromey,
Abstract: This paper addresses the problem of transforming natural language descriptions of contracts into a form that is suitable for automating various contract management functions. We investigate two complementary methods that can be used to achieve this.
One method is suitable for the contract specification phase – to specify expected behaviour of contracting parties so that they can satisfy policies stated in a contract. This method also allows for checking aspects of contract consistency as well as flexible integration of internal organisational policies with the contract policies. Another method targets the contact run-time phase – for monitoring behaviour of parties to the contract and other aspects of contract performance. When combined, these two methods provide a basis to support an increasing level of automation of many mundane contract activities, while allowing humans to be involved in ultimate decision making.

•  GENES, JIGSAW PUZZLES AND SOFTWARE ENGINEERING July 2002
R.G. Dromey,
Abstract: This paper discusses the use of a representation called behaviour trees that allows significant reduction in the complexity of the software design process. Functional requirements are first translated, one at a time, into behaviour trees. The resulting set of composable requirements behaviour trees may then be integrated one at a time to create a design behaviour tree. A component architecture, and the component behaviour trees for each of the components in the system, can then be systematically derived from the design behaviour tree. This provides a design specification which can be directly used to guide the detailed design and implementation of the system. This amounts to building a system out of its functional requirements rather than the conventional process of building a system that will satisfy its functional requirements. The whole process relies on the observation, that like genes and jigsaw puzzles, a set of functional requirements for a system, when represented as behaviour trees contain enough information to allow their composition to realize a design. This approach to software
design fits well as a front-end method for developing object-oriented and component-based implementations.

•  GENETIC SOFTWARE ENGINEERING April 2002
R.G. Dromey,
Abstract: Many software projects have large numbers of functional requirements and constraints. The challenge is always how to use this information systematically to create a software design that will satisfy all of its requirements. Direct translation of individual requirements, each to a component/state-based behavior-tree representation, allows us to reduce the design process to a systematic, incremental, requirements integration process. Individual requirements, in behavior-tree form, can be grafted, one at a time, onto the behavior tree representing the evolving design. Once the design behavior tree has been assembled, it can be used to derive the supporting component-based software architecture, the design for each individual component and their interfaces. The method provides constructive support for component-based development, objected-oriented implementation, requirements traceability, and the creation of reusable software components and systems. The method also provides an effective means for identifying individual requirements defects and requirements integration defects.

•  SOFTWARE PRODUCT QUALITY: Theory, Model, and Practice March 1998
R.G.Dromey
Abstract: Existing proposals for software product qua lity have not been underpinned by the sort of empirical theory and supporting models that are found in most scientific endeavours. The present proposal provides a set of axioms and supporting software and quality models needed to construct a comprehensive model for software product quality.

• Re-engineering Loops February 1995
Si Pan, R.Geoff Dromey
Abstract: Loops with multiple-exits and flags detract from the quality of imperative programs. They tend to make control-structures difficult to understand and, at the same time, introduce the risk of non-termination and other correctness problems. A systematic, generally applicable procedure, called loop rationalization, which removes such features and simplifies loop structures is presented. This method, which is founded on the principle of separation of concerns, is based on strongest postcondition calculations and congruent equivalence transformations. Not only does this method logically simplify loop structures; it also detects a range of defects including a class of non-termination problems and unreachable code.

• Software Quality Improvement using Formal Methods February 1995
Si Pan, R.Geoff Dromey

• Using Strongest Postconditions To Improve Software Quality February 1995
Si Pan, R.Geoff Dromey
Abstract: The cost of developing and maintaining high quality software remains at a premium. In this paper we introduce a practical approach for enhancement of software quality, based on calculation of strongest postconditions of program components. The method provides a powerful means for detecting and removing by transformation various forms of redundancy and inconsistency in programs. The feasibility of this approach depends upon calculations of strongest postconditions for iterative constructs and assignments.

• A Formal Basis for Removing GOTO Statements January 1995
Si Pan, R.Geoff Dromey
Abstract: Goto statements detract from the quality of imperative programs. They tend to make control-structures difficult to understand and, at the same time, introduce the risk of non-termination and other correctness problems. A new, formal, generally applicable procedure, for removing all goto statements from program structures is presented. This method, is based on formal semantics and congruent equivalence transformations. Not only does the method logically simplify program structures; it also detects a range of defects including a class of non-termination problems, unreachable code and redundancy problems. The method can also be used to eliminate recursion.

• Applying Formal Methods to Restructure Loops with Multiple Exits January 1995
Si Pan, R.Geoff Dromey
Abstract: Loops with multiple-exits and flags detract from the quality of imperative programs. They tend to make control structures difficult to understand and, at the same time, introduce the risk of non-termination and other correctness problems. A systematic, generally applicable procedure, called loop rationalization which removes such features and simplifies loop structures is presented. This method, which is founded on the principle of separation of concerns is based on strongest postcondition calculations and congruent equivalence transformations. Not only does this method logically simplify loop structures; it also detects a range of defects including non-termination problems and unreachable code.

• A Model for Software Product Quality October 1994
R.G. Dromey
Abstract: A model for software product quality is defined. It has been formulated by associating a set of quality carrying properties with each of the structural forms that are used to define the statements and statement components of a programming language. These quality-carrying properties are in turn linked to the high level quality attributes of the International Standard for Software Product Evaluation ISO-9126. The model supports building quality into software, definition of language-specific coding standards, systematically classifying quality defects, and the development of automated code auditors for detecting quality defects in software.

• Stepwise Programming Derivation 1991
R.G.Dromey and D.Billington
Abstract: Our understanding of the program derivation process has evolved to the point where it can be described in terms of a clearly defined sequence of steps. In this paper, we will identify those steps and show how they may be used to derive programs from formal
specifications. In describing the program derivation process we will focus on two things, its broad structure, and some detail for each of the principal steps. The suggestions made are practical and easily integrated with conventional methodologies for handling larger problems. The detailed steps described also provide the basis for the construction of a system for computer-assisted program derivation from formal specifications.