Abstract. We present an institution of observational logic suited for state-based systems specifications. The institution is based on the notion of an observational signature (which incorporates the declaration of a distinguished set of observers) and on observational algebras whose operations are required to be compatible with the indistinguishability relation determined by the given observers. In particular, we introduce a homomorphism concept for observational algebras which adequately expresses observational relationships between algebras. Then we consider a flexible notion of observational signature morphism which guarantees the satisfaction condition of institutions w.r.t. observational satisfaction of arbitrary first-order sentences. From the proof theoretical point of view we construct a sound and complete proof system for the observational consequence relation. Then we consider structured observational specifications and we provide a sound and complete proof system for such specifications by using a general, institution-independent result of [6]. 1

We consider observational specifications of state-based systems which incorporate the declaration of a distinguished set of observer operations. These observers determine an indistinguishability relation for states which is called "observational equality". An important requirement for the non-observer operations is the compatibility with the observational equality. In the CafeOBJ language (and in extended hidden algebra) this property is called "behavioural coherence". In this presentation we introduce the notion of an "observer complete definition" and we show that any (non-observer) operation which is defined using this pattern is behaviourally coherent. We also discuss some consequences of this result for relating observational logic and extended hidden algebra semantics and for proving the correctness of observational implementations.

Observability and reachability are important concepts in formal software development. While observability concepts allow to specify the required observable behavior of a program or system, reachability concepts are used to describe the underlying data in terms of datatype constructors. In this paper, we show that there is a duality between observability and reachability, both from a methodological and from a formal point of view. In particular, we establish a correspondence between observer operations and datatype constructors, observational algebras and constructor-based algebras, and observational and inductive properties of specifications. Our study is based on the observational logic institution [11] and on a novel treatment of reachability which introduces the constructor-based logic institution. Both institutions are tailored to capture the semantically correct realizations of a specification from the observational and reachability points of view. The duality between the observability and reachability concepts is then formalized in a category-theoretic setting.

In the early stages of the software development process, formal methods are used to engineer specications in an explorative way. Changes to specifications and verification proofs are a core part of this activity, and tool support for the evolutionary aspect of formal software development is indispensable. We describe an approach to support evolution of formal developments by explicitly transforming specifications and proofs, using a set of predefined basic transformations. They implement small and controlled changes both to specifications and to proofs by adjusting them in a predictable way. Complex changes to a specification are achieved by applying several basic transformations in sequence. The result is a transformed specification and proofs, where necessary revisions of a proof are represented by new open goals.

Observability and reachability are important concepts in formal software development. While observability concepts allow to specify the required observable behavior of a program or system, reachability concepts are used to describe the underlying data in terms of data type constructors. In this paper we show that there is a duality between observability and reachability, both from a methodological and from a formal point of view. In particular, we establish a correspondence between observer operations and data type constructors, observational algebras and constructor-based algebras, and observational and inductive properties of specifications. Our study is based on the observational logic institution [7] and on a novel treatment of reachability which introduces the institution of constructor-based logic. The duality between both concepts is formalised in a category-theoretic setting.

This paper focuses on the integration of reachability and observability concepts within an algebraic, institution-based framework. We develop the essential notions that are needed to construct an institution which takes into account both the generation- and observation-oriented aspects of software systems. Thereby the underlying paradigm is that the semantics of a specification should be as loose as possible to capture all its correct realizations. We also consider the so-called "idealized models" of a specication which are useful to study the behavioral properties a user can observe when he/she is experimenting with the system. Finally, we present sound and complete proof systems that allow us to derive behavioral properties from the axioms of a given specification.