: Hyperprogramming is an emerging semantics-based technique for the integration of diverse features of programming environments, in particular, rapid prototyping and formal methods. This approach generalizes the notion of module to that of module cluster , which is an association around a central formal specification of various items of programming information, such as interface, source code, compiled code, rapid prototypes, formal proofs, test cases, performance estimates, documentation, history and accounting information. This allows all information items to be composed at the same time, by evaluating a master text called a module expression, which tells how to compose and transform module clusters. Hyperprogramming thus integrates design, specification, prototyping, coding, configuration, proof, testing, documentation and accounting into a single framework significantly generalizing both Ada generics and Unix 1 make. Hyperprogramming can also support a variety of different progra...

This document describes FOOPS, an object-oriented specification language with an executable subset. The main distinguishing aspect of FOOPS is its advanced facilities for defining and interconnecting modules, which go beyond what other object-oriented languages offer. We present all the language features, explain their formal semantics, and provide a guide to its current implementation at Oxford. Further copies of this Technical Report may be obtained from the Librarian, Oxford University Computing Laboratory, Programming Research Group, 11 Keble Road, Oxford OX1 3QD, England (Telephone: +44-865-273837, Email: library@comlab.ox.ac.uk). y This work was performed while on leave from Dipartimento di Scienze dell'Informazione, Universit'a degli Studi di Milano, Italy. E-mail address: lucia.rapanotti@newcastle.ac.uk. z E-mail address: Adolfo.Socorro@prg.oxford.ac.uk. 1 Introduction This document describes FOOPS and its current implementation at Oxford University. FOOPS is a very hi...

We describe the formal environment at Kestrel for synthesizing programs. We show that straightforward formalization, persistently applied at all levels of system description and system derivation, produces a scalable architecture for a synthesis environment. The primitive building blocks of our framework are specifications, which encapsulate types and operations, and specification arrows, which are relations between specifications. The design of a system is represented as a diagram of specifications and arrows. Synthesis steps manipulate such diagrams, for example, by adding design detail to some specification, or by building new diagrams. A design history is a diagram of diagrams. Thus, we have a formal, knowledge-based, and machine-supported counterpart to such software engineering methodologies as CASE and OOP. 1 Introduction At the heart of the software problem lies the lack of adequate means to express and manage (1) clear, wellstructured problem specifications, (2) efficient sof...

The purpose of a logical framework such as LF is to provide a language for defining logical systems suitable for use in a logic-independent proof development environment. All inferential activity in an object logic (in particular, proof search) is to be conducted in the logical framework via the representation of that logic in the framework. An important tool for controlling search in an object logic, the need for which is motivated by the difficulty of reasoning about large and complex systems, is the use of structured theory presentations. In this paper a rudimentary language of structured theory presentations is presented, and the use of this structure in proof search for an arbitrary object logic is explored. The behaviour of structured theory presentations under representation in a logical framework is studied, focusing on the problem of "lifting" presentations from the object logic to the metalogic of the framework. The topic of imposing structure on logic presentations...

ing yet further from reality, we might proscribe the simultaneous effect of two or more methods on an object's state; doing so, we impose a monoid structure on the fixed set of methods proper to an object class. Applying methods one after the other corresponds to multiplication in the monoid, and applying no methods corresponds to the identity of the monoid. A monoid is a set M with an associative binary operation ffl M : M \ThetaM ! M , usually referred to as `multiplication', which has an identity element e M 2 M . If M = (M; ffl M ; e M ) is a monoid, we often write just M for M, and e for e M ; moreover for m;m 0 2 M , we usually write mm 0 instead of m ffl M m 0 . For example, A , the set of lists containing elements of A, together with concatenation ++ : A \ThetaA ! A and the empty list [ ] 2 A , is a monoid. This example is especially important for the material in later sections. A monoid homomorphism is a structure preserving map between the carriers of ...

Data Types and Algebraic Semantics The history of programming languages, and to a large extent of software engineering as a whole, can be seen as a succession of ever more powerful abstraction mechanisms. The first stored program computers were programmed in binary, which soon gave way to assembly languages that allowed symbolic codes for operations and addresses. fortran began the spread of "high level" programming languages, though at the time it was strongly opposed by many assembly programmers; important features that developed later include blocks, recursive procedures, flexible types, classes, inheritance, modules, and genericity. Without going into the philosophical problems raised by abstraction (which in view of the discussion of realism in Section 4 may be considerable), it seems clear that the mathematics used to describe programming concepts should in general get more abstract as the programming concepts get more abstract. Nevertheless, there has been great resistance to u...

Over the last two years, we have demonstrated the feasibility of applying category-theoretic methods in specifying, synthesizing, and maintaining industrial strength software systems. We have been using a first-of-its-kind tool for this purpose, Kestrel's Specware^TM software development system. In this paper, we describe our experiences and give an industrial perspective on what is needed to make this technology have broader appeal to industry. Our overall impression is that the technology does work for industrial strength applications, but that it needs additional work to make it more usable. We believe this work marks a turning point in the use of mathematically rigorous approaches to industrial strength software development and maintenance. It is interesting to note that when this technology is applied to software systems whose outputs are designs for airplane parts, the design rationale that is captured is not only software engineering design rationale, but also design rationale ...

Parameterized programming is extended to higher order modules, by extending views, which fit actual parameters to formal parameters in a flexible way, to morphisms, with higher order module expressions to compose modules into systems. A category theoretic semantics is outlined, and examples in BOBJ show the power of morphisms.

this paper we present an approach we call `Distributed Operational Semantics', which models systems of concurrent, interacting objects by diagrams which assign an operational semantics to each object in a system. The behaviour of the whole system is given by a limit construction. In modelling behaviour by limits we follow earlier work by Goguen on Categorical Systems Theory [4, 5, 6]. This approach pays particular attention to the hierarchical structure of systems, and provides means of constructing systems from component parts in a way that captures both complex objects and parallel composition with synchronisation [16]. The operational semantics of objects can be very general: for example, a semantics for the object-oriented specification language FOOPS has been given by modelling objects as unlabelled transition systems; this semantics is summarised in Section 4.2, and a full account is given in [2]. We shall also present examples of systems that use labelled transition systems. A useful property of the examples we present is that they can be readily translated into specifications in the logic programming language Eqlog [9], which provides both a simulator for the system and a logic for reasoning about systems. Like the sheaf semantics for concurrent objects originating with Goguen [8, 3] and further investigated in [22, 16, 2], our approach is essentially constraint based: interactions between objects constrain their possible behaviours, primarily by synchronising on shared subobjects. Constructing the behaviour of a system by taking its limit corresponds to solving those constraints. It is because of its constraint based nature that the translation into Eqlog is so natural. This paper provides a short introduction to Distributed Operational Semantics; a fuller acco...

This paper motivates and describes a new paradigm and discipline for knowledge, software, and system development and maintenance. This paradigm promises to improve system quality and make systems development and maintenance faster and cheaper.