This paper formulates representation independence for classes, in an imperative, object-oriented language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and a simple form of module. An instance of a class is considered to implement an abstraction using private fields and so-called representation objects. Encapsulation of representation objects is expressed by a restriction, called confinement, on aliasing. Representation independence is proved for programs satisfying the confinement condition. A static analysis is given for confinement that accepts common designs such as the observer and factory patterns. The formalization takes into account not only the usual interface between a client and a class that provides an abstraction but also the interface (often called "protected") between the class and its subclasses

Kernel Implements Processes The relationship between the abstract kernel and an individual task is pictured in Figure 4, and is formalized by the theorem AK-IMPLEMENTS-PARALLEL-TASKS. Intuitively, this theorem says that for a given good abstract kernel state AK and abstract kernel oracle ORACLE, the final state reached by task I can equivalently be achieved by running TASK-PROCESSOR on the initial task state, with an oracle constructed by the function CONTROL-ORACLE. The oracle constructed for TASK-PROCESSOR accounts for the precise sequence of delays to task I in the abstract kernel. Task project AK Figure 4: AK Implements Parallel Tasks THEOREM AK-IMPLEMENTS-PARALLEL-TASKS (IMPLIES (AND (GOOD-AK AK) (FINITE-NUMBERP I (LENGTH (AK-PSTATES AK)))) (EQUAL (PROJECT I (AK-PROCESSOR AK ORACLE)) (TASK-PROCESSOR (PROJECT I AK) I (CONTROL-ORACLE I AK ORACLE)))) 6. The Target Machine The target machine TM is a simple von Neumann computer. It is not based on an existing physical machine becaus...

The main ideas underlying work on the model-theoretic foundations of algebraic specification and formal program development are presented in an informal way. An attempt is made to offer an overall view, rather than new results, and to focus on the basic motivation behind the technicalities presented elsewhere.

Abstract not found

Abstract not found

Goal orientation is an increasingly recognized paradigm for eliciting, modeling, specifying and analyzing software requirements. Goals are statements of intent organized in AND/OR refinement structures; they range from high-level, strategic concerns to lowlevel, technical requirements on the software-to-be and assumptions on its environment. The operationalization of system goals into specifications of software services is a core aspect of the requirements elaboration process for which little systematic and constructive support is available. In particular, most formal methods assume such operational specifications to be given and focus on their a posteriori analysis. The paper considers a formal, constructive approach in which operational software specifications are built incrementally from higher-level goal formulations in a way that guarantees their correctness by construction. The operationalization process is based on formal derivation rules that map goal specifications to specifications of software operations; more specifically, these rules map real-time temporal logic specifications to sets of pre-, post- and trigger conditions. The rules define operationalization patterns that may be used for guiding and documenting the operationalization process while hiding all formal reasoning details; the patterns are formally proved correct once and for all. The catalog of operationalization patterns is structured according to a rich taxonomy of goal specification patterns. Our constructive approach to requirements elaboration requires a multiparadigm specification language that supports incremental reasoning about partial models. The paper also provides a formal semantics for goal operationalization and discusses several semantic features of our language that allow for such incremental reasoning.

. The notion of bilattice was introduced by Ginsberg, and further examined by Fitting, as a general framework for many applications. In the present paper we develop proof systems, which correspond to bilattices in an essential way. For this goal we introduce the notion of logical bilattices. We also show how they can be used for efficient inferences from possibly inconsistent data. For this we incorporate certain ideas of Kifer and Lozinskii, which happen to suit well the context of our work. The outcome are paraconsistent logics with a lot of desirable properties 1 . 1. Introduction When using multiple-valued logics, it is usual to order the truth values in a lattice structure. In most cases such a partial order intuitively reflects differences in the "measure of truth" that the lattice elements are supposed to represent. There exist, however, other intuitive criteria of ordering that might be useful. Another reasonable ordering might reflect, for example, differences in the amoun...

We study the problem of certifying programs combining imperative and functional features within the general framework of type theory. Type theory constitutes a powerful specification language, which is naturally suited for the proof of purely functional programs. To deal with imperative programs, we propose a logical interpretation of an annotated program as a partial proof of its specification. The construction of the corresponding partial proof term is based on a static analysis of the effects of the program, and on the use of monads. The usual notion of monads is refined in order to account for the notion of effect. The missing subterms in the partial proof term are seen as proof obligations, whose actual proofs are left to the user. We show that the validity of those proof obligations implies the total correctness of the program. We also establish a result of partial completeness. This work has been implemented in the Coq proof assistant. It appears as a tactic taking an ann...

The state of knowledge in how to specify sequential programs in object-oriented languages such as Java and C# and the state of the art in automated verification tools for such programs have made measurable progress in the last several years. This paper describes several remaining challenges and approaches to their solution.

Much of the work on developing program transformation systems has concentrated on systems to assist in program development. However, the four separate surveys carried out between 1977 and 1990 [18,20,22,24], summarised in [17], show that between 40% and 60% of all commercial software effort is devoted to software maintenance rather than the development of new systems. In this paper we describe a joint project between the University of Durham and CSM Ltd to develop a method and tool for reverse engineering and software maintenance based on program transformation theory. We present an example which illustrates how such a tool can extract a high-level abstract specification from the low-level source code of a program by a process of formal program transformation based on a theory of program equivalence [27]. All the code-level reverse engineering of the example progr...