Results 1  10
of
54
Runtime Assurance Based On Formal Specifications
, 1999
"... We describe the Monitoring and Checking (MaC) framework which assures the correctness of the current execution at runtime. Monitoring is performed based on a formal specification of system requirements. MaC bridges the gap between formal specification and verification, which ensures the correctness ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
We describe the Monitoring and Checking (MaC) framework which assures the correctness of the current execution at runtime. Monitoring is performed based on a formal specification of system requirements. MaC bridges the gap between formal specification and verification, which ensures the correctness of a design rather than an implementation, and testing, which partially validates an implementation. An important aspect of the framework is a clear separation between implementationdependent description of monitored objects and highlevel requirements speci cation. Another salient feature is automatic instrumentation of executable code. The paper presents an overview of the framework and two languages to specify monitoring scripts and requirements, and briefly explain our ongoing prototype implementation.
Little Theories
 Automated DeductionCADE11, volume 607 of Lecture Notes in Computer Science
, 1992
"... In the "little theories" version of the axiomatic method, different portions of mathematics are developed in various different formal axiomatic theories. Axiomatic theories may be related by inclusion or by theory interpretation. We argue that the little theories approach is a desirable way to forma ..."
Abstract

Cited by 48 (15 self)
 Add to MetaCart
In the "little theories" version of the axiomatic method, different portions of mathematics are developed in various different formal axiomatic theories. Axiomatic theories may be related by inclusion or by theory interpretation. We argue that the little theories approach is a desirable way to formalize mathematics, and we describe how imps, an Interactive Mathematical Proof System, supports it.
JavaMaC: A runtime assurance approach for Java programs
 Formal Methods in System Design
"... Abstract. We describe JavaMaC, a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs. The MaC architecture provides assurance that the target program is running correctly with respect to a formal requirements specification by monitoring and checking the exec ..."
Abstract

Cited by 42 (13 self)
 Add to MetaCart
Abstract. We describe JavaMaC, a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs. The MaC architecture provides assurance that the target program is running correctly with respect to a formal requirements specification by monitoring and checking the execution of the target program at runtime. MaC bridges the gap between formal verification, which ensures the correctness of a design rather than an implementation, and testing, which does not provide formal guarantees about the correctness of the system. Use of formal requirement specifications in runtime monitoring and checking is the salient aspect of the MaC architecture. MaC is a lightweight formal method solution which works as a viable complement to the current heavyweight formal methods. In addition, analysis processes of the architecture including instrumentation of the target program, monitoring, and checking are performed fully automatically without human direction, which increases the accuracy of the analysis. Another important feature of the architecture is the clear separation between monitoring implementationdependent lowlevel behaviors and checking highlevel behaviors, which allows the reuse of a highlevel requirement specification even when the target program implementation changes. Furthermore, this separation makes the architecture modular and allows the flexibility of incorporating third party tools into the architecture. The paper presents an overview of the MaC architecture and a prototype implementation JavaMaC.
Theory Interpretation in Simple Type Theory
 HIGHERORDER ALGEBRA, LOGIC, AND TERM REWRITING, VOLUME 816 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1993
"... Theory interpretation is a logical technique for relating one axiomatic theory to another with important applications in mathematics and computer science as well as in logic itself. This paper presents a method for theory interpretation in a version of simple type theory, called lutins, which admit ..."
Abstract

Cited by 36 (17 self)
 Add to MetaCart
Theory interpretation is a logical technique for relating one axiomatic theory to another with important applications in mathematics and computer science as well as in logic itself. This paper presents a method for theory interpretation in a version of simple type theory, called lutins, which admits partial functions and subtypes. The method is patterned on the standard approach to theory interpretation in rstorder logic. Although the method is based on a nonclassical version of simple type theory, it is intended as a guide for theory interpretation in classical simple type theories as well as in predicate logics with partial functions.
Generating A Test Oracle From Program Documentation
, 1995
"... Software testing involves execution of a program under test using some fault revealing input data and examination of the output to determine success or failure. A fundamental assumption of this testing is that there is some mechanism, an oracle, that will determine whether or not the results of a te ..."
Abstract

Cited by 33 (7 self)
 Add to MetaCart
Software testing involves execution of a program under test using some fault revealing input data and examination of the output to determine success or failure. A fundamental assumption of this testing is that there is some mechanism, an oracle, that will determine whether or not the results of a test execution are correct. In practice, this is often done by comparing the output, either automatically or manually, to some precalculated, presumably correct, output [39]. However, if the program is formally documented it is possible to use the specification to determine the success or failure of a test execution, as in [1], for example. This thesis discusses the development of a prototype tool that automatically generates a test oracle from formal program documentation. In [25], [27] and [28] Parnas et al. advocate the use of a relational model for documenting the intended behaviour of programs. In this method, tabular expressions are used to improve readability so that formal documentati...
Subtypes for Specifications: Predicate Subtyping in PVS
 IEEE Transactions on Software Engineering
, 1998
"... A specification language used in the context of an effective theorem prover can provide novel features that enhance precision and expressiveness. In particular, typechecking for the language can exploit the services of the theorem prover. We describe a feature called "predicate subtyping" that uses ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
A specification language used in the context of an effective theorem prover can provide novel features that enhance precision and expressiveness. In particular, typechecking for the language can exploit the services of the theorem prover. We describe a feature called "predicate subtyping" that uses this capability and illustrate its utility as mechanized in PVS.
A Mechanization of Strong Kleene Logic for Partial Functions
 PROCEEDINGS OF THE 12TH CADE
, 1994
"... Even though it is not very often admitted, partial functions do play a significant role in many practical applications of deduction systems. Kleene has already given a semantic account of partial functions using threevalued logic decades ago, but there has not been a satisfactory mechanization. ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
Even though it is not very often admitted, partial functions do play a significant role in many practical applications of deduction systems. Kleene has already given a semantic account of partial functions using threevalued logic decades ago, but there has not been a satisfactory mechanization. Recent years have seen a thorough investigation of the framework of manyvalued truthfunctional logics. However, strong Kleene logic, where quantification is restricted and therefore not truthfunctional, does not fit the framework directly. We solve this problem by applying recent methods from sorted logics. This paper presents a resolution calculus that combines the proper treatment of partial functions with the efficiency of sorted calculi.
HasCASL: Towards Integrated Specification and Development of Functional Programs
, 2002
"... The development of programs in modern functional languages such as Haskell calls for a widespectrum specification formalism that supports the type system of such languages, in particular higher order types, type constructors, and parametric polymorphism, and contains a functional language as an exe ..."
Abstract

Cited by 25 (11 self)
 Add to MetaCart
The development of programs in modern functional languages such as Haskell calls for a widespectrum specification formalism that supports the type system of such languages, in particular higher order types, type constructors, and parametric polymorphism, and contains a functional language as an executable subset in order to facilitate rapid prototyping. We lay out the design of HasCasl, a higher order extension of the algebraic specification language Casl that is geared towards precisely this purpose. Its semantics is tuned to allow program development by specification refinement, while at the same time staying close to the settheoretic semantics of first order Casl. The number of primitive concepts in the logic has been kept as small as possible; we demonstrate how various extensions to the logic, in particular general recursion, can be formulated within the language itself.