We review the various arguments which have been advanced for and against the use of executable specifications. Examples are given of the problems which may arise in applying this technique and of the benefits which may accrue. A case study is reported in which execution is used to validate the published specification of a commercially available package. We conclude that there are circumstances when executable specifications can be of high value but that execution must be used together with, and as a supplement to, other methods of validating specifications such as inspection and proof. 1 Introduction Formal specifications have been accepted as having value in a number of areas, including critical systems. A specification that does not correctly capture requirements, however, is of dubious benefit. Validating a specification, whether formal or informal, is known to be difficult. With a formal specification there are a number of techniques available for validation, including r...

A dynamic system is one which changes its configuration as it runs. It is a system into which we can drop new components which then cooperate with the existing ones. Such systems are necessarily built from reusable components, since as soon as the system is reconfigured to use some new components, those new components must reuse the existing, still running, ones. Design of reusable components in this context is an important problem. We suggest three laws which such reusable components might be required to obey, if dynamic systems are to be effective and to be economically built. We illustrate our conjecture that the laws are effective by describing a generic architecture based on the familiar registry services of OLE or CORBA and by describing a simple point-of-sale system built according to this architecture. We conclude, of course, that some interesting open questions remain. But we suggest that an approach to reuse based on refining the three laws is a promising direction for system...

Research into providing support for long term data in lazy functional programming systems is presented in this thesis. The motivation for this work has been to reap the benefits of integrating lazy functional programming languages and persistence. The benefits are . the programmer need not write code to support long term data since this is provided as part of the programming system . persistent data can be used in a type safe way since the programming language type system applies to data with the whole range of persistence . the benefits of lazy evaluation are extended to the full lifetime of a data value. Whilst data is reachable, any evaluation performed on the data persists. A data value changes monotonically from an unevaluated state towards a completely evaluated state over time. . interactive data intensive applications such as functional databases can be developed. These benefits are realised by the development of models for persistence in lazy functional programming systems. Tw...

The way we have come to expect computer systems to behave is that we can simply add a new component to a running system and then this new component will begin to interwork with the running system without interuption of service. Describing and validating such systems of dynamic, reconfigurable components presents a challenge for contemporary methods of formal description. Milner's pi-calculus goes some way towards addressing this issue. In this short paper we show that the pi-calculus is particularly good at describing the behaviour of components of a distributed system. We give a pragmatic introduction to the picalculus and illustrate this conjecture, using an example of clients and servers collaborating on the Web. The formalisation gives us the capability to define distributable components and to formulate properties of systems built from such components. The formalisation is different from, and probably complementary to, object-oriented formulations of such components. We describe h...

Mere academic toys or the tools of the future? Lazy functional programming languages have undoubted attractive properties. This thesis explores their potential, from the programmer's point of view, for implementing interactive and graphical applications to which they do not seem immediately suited. The discussion is centred round two example applications. One is a graphical design program based on an idea of the artist M. C. Escher. The thesis argues that the graphical user interface may be encapsulated in an "interpret " function that when applied by a mouse click to an interface of appropriate type yields the required behaviour. The second example is a monitoring interpreter for a functional language. The idea is that if the mechanics of the reduction are presented at a suitable level of abstraction, this may be used to give insight into what is going on. On the basis of this the programmer might modify the code so that a program runs more efficiently in terms of speed and memory requirements. Problems of displaying the reduction are addressed, and solutions proposed for overcoming these: displaying the graph as a spanning tree, to ensure planarity, with extra leaves

and concrete predicates for Leaveok---design one s? P enrolled s? P ran (testlist nottested) ((testlist9 = testlist e {s?} ` nottested9 = nottested) ~ enrolled9 = enrolled\{s?} (testlist9 = testlist ` nottested 9 = nottested e {s?})) ((s? P tested ` tested9 = tested\{s?} ((s9 P ran testlist ` testlist9 = testlist e {s?} ` r! = cert) ` r! = cert) ~ (s? P/ tested ` tested9 = tested ~ (s? P/ ran testlist ` testlist9 = testlist ` r! = nocert)) ` r! = nocert)) of the Leave operation, Table I illustrates each of its predicates on both the abstract state Class and the concrete state ConClass. Schema CNotEnrolled appears below without explanation since its derivation is straightforward.

We have implemented a technique for execution of formal, model-based specifications. The specifications we can execute are written at a level of abstraction that has not previously been supported in executable specification languages. The specification abstractions supported by our execution technique include quantified assertions that reference post-state values, and indirect definitions of post-state values (definitions that do not use equality). Our approach is based on translating specifications to the concurrent constraint programming language AKL. While there are, of course, expressible assertions that are not executable, our technique is amenable to any formal specification language based on a finite number of intrinsic types and pre- and postcondition assertions.

Software metrics have been investigated for the assessment of programs written in a functional programming language. The external attribute of programs considered in this thesis is their comprehensibility to novice programmers. This attribute has been operationalized in a number of experiments. The internal attribute of software which is examined is the structure. Two models for the structure of software have been employed: callgraphs and flowgraphs. The proposed control-flow model captures the operational semantics of function definitions. The objective measurement of the attributes has been supported by tools. The validation of structure metrics has been addressed in certain experiments for programming-in-the-small. The structure of type expressions in functional programs has been analysed in a case study. A simple framework for software metrication proved to be useful. The validation of metrics has been linked with axioms from the representational measurement theory. The control-flow model for functional programs showed its value in the set-up of an

This document provides a comparative study of the different alternatives for the executable (sequential) specification language which must be selected for the IPTES mini-specifications. This investigation will be focussed on notations from existing model-oriented methods where appropriate subsets can be extracted. However, existing executable languages inspired from such model-oriented methods also form a basis for this investigation. An Investigation of Executable Specification Languages for the IPTES Mini-: : : Contents 1 Introduction 2 2 Background about the VDM history 2 3 An overview of the considered notations 3 3.1 BSI/VDM-SL : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 3.2 VIP VDM SL : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 3.3 RAISE SL : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 3.4 Me too : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 6 3.5 EPROL : : : : : : : : : : : : : : : : : : : : : : : : : : ...

Application Engineers, responding to changes in the market place, are faced with the challenge of building increasingly complex and varied information systems. Formal approaches and modeling tools, incorporated in the CASE technology, are used to aid the Requirements Engineering (RE) activity, which leads to a high level specification of Information Systems. It is widely accepted that the Validation of these specifications early in the Information Systems life cycle will save customer organizations both time and money. The success of this activity is dependent on the communication and understanding among the actors of the system, i.e. managers, users, developers, etc. Recently, visualization techniques, which have been successfully used in programming, have been also employed in various phases of the RE process. Attending this shift in focus towards the use of visual environments in the RE process, there is considerable evidence that it could greatly improve, both the communi...