A concurrent object is a data object shared by concurrent processes. Linearizability is a correctness condition for concurrent objects that exploits the semantics of abstract data types. It permits a high degree of concurrency, yet it permits programmers to specify and reason about concurrent objects using known techniques from the sequential domain. Linearizability provides the illusion that each operation applied by concurrent processes takes effect instantaneously at some point between its invocation and its response, implying that the meaning of a concurrent object’s operations can be given by pre- and post-conditions. This paper defines linearizability, compares it to other correctness conditions, presents and demonstrates a method for proving the correctness of implementations, and shows how to reason about concurrent objects, given they are linearizable.

This is an introduction to the philosophy and use of OBJ, emphasizing its operational semantics, with aspects of its history and its logical semantics. Release 2 of OBJ3 is described in detail, with many examples. OBJ is a wide spectrum first-order functional language that is rigorously based on (order sorted) equational logic and parameterized programming, supporting a declarative style that facilitates verification and allows OBJ to be used as a theorem prover.

In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Java-like classes. We build on the formalism of separation logic and introduce the new notion of an abstract predicate and, more generally, abstract predicate families. This provides a flexible mechanism for reasoning about the different forms of abstraction found in modern programming languages, such as abstract datatypes and objects. As well as demonstrating the soundness of our proof system, we illustrate its utility with a series of examples.

Current research in specifications is emphasizing the practical use of formal specifications in program design. One way to encourage their use in practice is to provide specification languages that are accessible to both designers and programmers. With this goal in mind, the Larch family of formal specification languages has evolved to support a two-tiered approach to writing specifications. This approach separates the specification of state transformations and programming language dependen-cies from the specification of underlying abstractions. Thus, each member of the Larch family has a subset derived from a programming language and another subset independent of any programming languages. We call the former interface languages, and the latter the Larch Shared Language. This paper focuses on Larch interface language specifications. Through examples, we illustrate some salient features of Larch/CLU, a Larch interface language for the programming language CLU. We give an example of writing an interface specification following the two-tiered approach and discuss in detail issues involved in writing interface specifications and their interaction with their Shared Language components.

Abstract not found

Interface specifications should express program properties in a formal, declarative, and implementation-independent way. To achieve implementation-independency, interface specifications have to support data abstraction. Program verification should enable to prove implementations correct w.r.t. such interface specifications. The presented work bridges the gap between existing specification and verification techniques for object-oriented programs. The integration is done within a formal framework for interface specifications and programming language semantics. Interface specification techniques are enhanced to support the specification of data structure sharing and destructive updating of shared variables. These extensions are necessary for the specification of real life software libraries. Moreover this generalization is needed for intermediate steps in correctness proofs. For verification, Hoare logic is extended to capture recursive classes and subtyping. Based on this extended logic, techniques are presented for proving typing properties, class and method invariants. The new

The Larch family of languages is used to specify program interfaces in a two-tiered definitional style. Each Larch specification has components written in two languages: one that is designed for a specific programming language and another that is independent of any programming language. The former are the Larch interface languages, and the latter is the Larch Shared Language (LSL). Version 2.3 of LSL is similar to previous versions, but contains a number of refinements based on experience writing specifications and developing tools to support the specification process. This report contains an informal introduction and a self-contained language definition. This report supersedes Pieces II and III of Larch in Five Easy Pieces [Guttag, Horning, and Wing 1985b] and "Report on the Larch Shared Language" [Guttag and Horning 1986]. iii Report on the Larch Shared Language, Version 2.3 Chapter 1: Overview 1.1. Introduction 1.2. Simple Algebraic Specifications 1.3. Getting Richer Theories 1.4...

Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the concept of Context Induction has been developed by Hennicker [10]. We propose in this paper to embed Context Induction in the implicit induction framework of [8]. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniques and for the refutation of false observational conjectures. Under reasonable assumptions our method is refutationally complete, i.e. it can refute any conjecture which is not observationally valid. Moreover this proof system is operational: it has been implemented within the Spike prover and interesting computer experiments are reported.

This paper unveils and motivates an ambitious programme of hidden algebraic research in software engineering, beginning with our general goals, continuing with an overview of results, and including some future plans. The main contribution is powerful hidden coinduction techniques for proving behavioral correctness of concurrent systems; several mechanical proofs are given using OBJ3. We also show how modularization, bisimulation, transition systems, concurrency and combinations of the functional, constraint, logic and object paradigms fit into hidden algebra. 1. Introduction

Abstract-Software configuration management (SCM) is an emerging discipline. An important aspect of realizing SCM is the task of maintaining the configurations of evolving software systems. In this paper, we provide an approach to resolving some ofthe conceptual and technical problems in maintaining configurations of evolving software systems. The approach provides a formal basis for existing notions of system architecture. The formal properties of this view of configurations provide the underpinnings for a rigorous notion of system integrity, and mechanisms to control the evolution of configurations. This approach is embodied in a language, NuMIL, to describe software system configurations, and a prototype environment to maintain software system configurations. We believe that the approach and the prototype environment offer a firm base to maintain software system configurations and, therefore, to implement SCM. Index Terms-Configuration, module and subsystem families, module and subsystem interfaces, software configuration maintenance system, upward compatibility. I.