Results 1  10
of
19
CSPOZ: A Combination of ObjectZ and CSP
, 1997
"... In this paper we define a combination of ObjectZ and CSP called CSPOZ. The basic idea is to define a CSPsemantics for every ObjectZ class. Special care is taken to capture the characteristics of input and output parameters properly and to preserve the expected refinement rules. CSPOZ is well s ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
In this paper we define a combination of ObjectZ and CSP called CSPOZ. The basic idea is to define a CSPsemantics for every ObjectZ class. Special care is taken to capture the characteristics of input and output parameters properly and to preserve the expected refinement rules. CSPOZ is well suited for the specification and development of communicating distributed systems. It provides powerful techniques to model data and controlaspects in a common framework. The language is easy to use for Z and ObjectZ users. A shorter version of this paper appeared as [10].
csp2B: A Practical Approach To Combining CSP and B
 FORMAL ASPECTS OF COMPUTING
, 1999
"... This paper describes the tool csp2B which provides a means of combining CSPlike descriptions with standard B specifications. The notation of CSP provides a convenient way of describing the order in which the operations of a B machine may occur. The function of the tool is to convert CSPlike spe ..."
Abstract

Cited by 48 (6 self)
 Add to MetaCart
This paper describes the tool csp2B which provides a means of combining CSPlike descriptions with standard B specifications. The notation of CSP provides a convenient way of describing the order in which the operations of a B machine may occur. The function of the tool is to convert CSPlike specifications into standard machinereadable B specifications which means that they may be animated and appropriate proof obligations may be generated. Use of
An Approach to the Design of Distributed Systems with B AMN (Extended Version)
 ZUM ’97: The Z Formal Specification Notation, 10th International Conference of Z Users
, 1996
"... In this paper, we describe an approach to the design of distributed systems with B AMN. The approach is based on the actionsystem formalism which provides a framework for developing statebased parallel reactive systems. More specifically, we use the socalled CSP approach to action systems in w ..."
Abstract

Cited by 30 (14 self)
 Add to MetaCart
In this paper, we describe an approach to the design of distributed systems with B AMN. The approach is based on the actionsystem formalism which provides a framework for developing statebased parallel reactive systems. More specifically, we use the socalled CSP approach to action systems in which interaction between subsystems is by synchronised message passing and there is no sharing of state. We show that the abstract machines of B may be regarded as action systems and show how reactive refinement and decomposition of action systems may be applied to abstract machines. The approach fits in closely with the stepwise refinement method of B. We illustrate the approach by the abstract specification of an email service as a single machine and it's subsequent refinement into a storeandforward network.
Exploring Summation and Product Operators in the Refinement Calculus
 Mathematics of Program Construction
, 1994
"... Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic prope ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an objectoriented programming language. 1 Introduction Dijkstra introduced weakestprecondition predicate transformers as a means of verifying total correctness properties of ...
Stepwise Refinement of Communicating Systems
, 1994
"... The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining and decomposing such action systems into distributed implementations in which internal communication is also based on synchronised valuepassing. An important feature of the composition rule is that parallel components of a distributed system may be refined independently of the rest of the system. Specification and refinement is similar to the refinement calculus approach [2, 22, 24]. The theoretical basis for communication and distribution is Hoare's CSP [11]. Use of the refinement and decomposition rules is illustrated by the design of an unordered buffer, and then of a distributed messagepassing system. 1 Introduction The action system formalism, introduced by Back & KurkiSuonio [4], i...
How to Drive a B Machine
 ZB 2000: Formal Specification and Development in Z and B, First International Conference of B and Z Users
, 2000
"... The BMethod is a statebased formal method that describes behaviour in terms of MACHINES whose states change under OPERATIONS. The process algebra CSP is an eventbased formalism that enables descriptions of patterns of system behaviour. We present a combination of the two views where a CSP process ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
The BMethod is a statebased formal method that describes behaviour in terms of MACHINES whose states change under OPERATIONS. The process algebra CSP is an eventbased formalism that enables descriptions of patterns of system behaviour. We present a combination of the two views where a CSP process acts as a control executive and its events simply drive corresponding OPERATIONS. We define consistency between the two views in terms of existing semantic models. We identify proof conditions which are strong enough to ensure consistency and thus guarantee safety and liveness properties. Keywords: BMethod, CSP, Embedded Systems, Programming Calculi, Combining Formalisms.
On the Use of Data Refinement in the Development of Secure Communications Systems
"... We report on experiences gained from the application of data re nement techniques to the development of examples of secure communications systems. The aim was to the carry the development from initial abstract speci cation of security services through to detailed designs. The development approach ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
We report on experiences gained from the application of data re nement techniques to the development of examples of secure communications systems. The aim was to the carry the development from initial abstract speci cation of security services through to detailed designs. The development approach was based on action systems, with B and CSP being used as concrete notations. The security services in question are a con dential communications service and an authenticated transaction service. Re nements include explicit representations of intruder behaviour.
Combining CSP and ObjectZ: Finite or Infinite Trace Semantics?
 Proc. FORTE/PSTV 97, Chapmann & Hall(1997
, 1997
"... In this paper we compare and contrast two alternative semantics as a means of combining CSP with ObjectZ. The purpose of this combination is to more effectively specify complex, concurrent systems: while CSP is ideal for modelling systems of concurrent processes, ObjectZ is more suitable for model ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this paper we compare and contrast two alternative semantics as a means of combining CSP with ObjectZ. The purpose of this combination is to more effectively specify complex, concurrent systems: while CSP is ideal for modelling systems of concurrent processes, ObjectZ is more suitable for modelling the data structures often needed to model the processes themselves. The first semantics, the finite trace model, is compatible with the standard CSP semantics but does not allow all forms of unbounded nondeterminism to be modelled (i. e. where a choice is made from an infinite set of options) . The second semantics, the infinite trace model, overcomes this limitation but is no longer compatible with the standard CSP semantics. Issues involving specification, refinement and modelling fairness are discussed. Keywords CSP, ObjectZ, concurrent systems, combining FDTs, semantics, refinement 1 INTRODUCTION CSP [15] is a process algebra developed for the formal specification of concurrent ...
A Singleton Failures Semantics for Communicating Sequential Processes
, 2001
"... From a software engineering perspective, is the singleton failures semantic model a useful model in its own right? The answer to this is yes. Certainly it will often be the case that the traces model is su#cient for a software engineer's needs. And at other times they may need the full strength of t ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
From a software engineering perspective, is the singleton failures semantic model a useful model in its own right? The answer to this is yes. Certainly it will often be the case that the traces model is su#cient for a software engineer's needs. And at other times they may need the full strength of the stable failures model or indeed the failuresdivergences model. But the singleton failures model lies between these. It may well be the casetesting springs to mindthat we need more information than the traces model but not as much as the stable failures model.
Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development
, 1999
"... We compare and contrast two formal approaches for system development: statebased notation with verification by deductive reasoning, exemplified here by action systems; and eventbased notation with verification by model checking, here using CSP/FDR. Our purpose is to identify specific similarit ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We compare and contrast two formal approaches for system development: statebased notation with verification by deductive reasoning, exemplified here by action systems; and eventbased notation with verification by model checking, here using CSP/FDR. Our purpose is to identify specific similarities and differences, and strengths and weaknesses of the two approaches by direct comparison on the same application. We examine a small case study of a storeandforward network specified and refined using the two notations. Our work illustrates that different approaches lead to different developmental strategies and can reveal complementary aspects of a system, indicating that unified techniques may be effective. 1 Introduction There are many varieties of formal methods, a term referring to the application of mathematics and mathematically derived techniques to the specification and development of software and hardware. They all have the same purpose: improving the quality and relia...