The use of hierarchy is an important component of object-oriented design. Hierarchy allows the use of type families, in which higher level supertypes capture the behavior that all of their subtypes have in common. For this methodology to be effective, it is necessary to have a clear understanding of how subtypes and supertypes are related. This paper takes the position that the relationship should ensure that any property proved about supertype objects also holds for its subtype objects. It presents two ways of defining the subtype relation, each of which meets this criterion, and each of which is easy for programmers to use. The subtype relation is based on the specifications of the sub- and supertypes; the paper presents a way of specifying types that makes it convenient to define the subtype relation. The paper also discusses the ramifications of this notion of subtyping on the design of type families.

Abstract data types have proved to be a useful technique for structuring systems. In large systems it is sometimes useful to have different regions of the system use different representations for the abstract data values. A technique is described for communicating abstract values between such regions. The method was developed for use in constructing distributed systems, where the regions exist at different computers and the values are communicated over a network. The method defines a call-by-value semantics; it is also useful in nondistributed systems wherever call by value is the desired semantics. An important example of such a use is a repository, such as a file system, for storing long-lived data.

Current research in specifications is emphasizing the practical use of formal specifications in program design. One way to encourage their use in practice is to provide specification languages that are accessible to both designers and programmers. With this goal in mind, the Larch family of formal specification languages has evolved to support a two-tiered approach to writing specifications. This approach separates the specification of state transformations and programming language dependen-cies from the specification of underlying abstractions. Thus, each member of the Larch family has a subset derived from a programming language and another subset independent of any programming languages. We call the former interface languages, and the latter the Larch Shared Language. This paper focuses on Larch interface language specifications. Through examples, we illustrate some salient features of Larch/CLU, a Larch interface language for the programming language CLU. We give an example of writing an interface specification following the two-tiered approach and discuss in detail issues involved in writing interface specifications and their interaction with their Shared Language components.

this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSL--TR--95--664, Stanford University

: The current algebraic models for nondeterminism focus on the notion of possibility rather than necessity, and con sequently equate (nondeterministic) terms that one intuitively would not consider equal. Furthermore, existing models for nondeterminism depart radically from the standard models for (equational) specifications of deterministic operators. One would prefer that a specification language for nondeterministic operators be based on an extension of the standard model concepts, preferably in such a way that the reasoning system for (possibly nondeterministic) operators becomes the standard equational one whenever restricted to the deterministic operators -- the objective should be to minimize the departure from the standard frameworks. In this paper we define a specification language for nondeterministic operators and multialgebraic semantics. The first complete reasoning system for such specifications is introduced. We also define a transformation of specifications of nondeterm...

Upgrading the software of long-lived, highly-available distributed systems is di#cult. It is not possible to upgrade all the nodes in a system at once, since some nodes may be unavailable and halting the system for an upgrade is unacceptable. Instead, upgrades must happen gradually, and there may be long periods of time when di#erent nodes run di#erent software versions and need to communicate using incompatible protocols. We present a methodology and infrastructure that make it possible to upgrade distributed systems automatically while limiting service disruption. We introduce new ways to reason about correctness in a multi-version system. We also describe a prototype implementation that supports automatic upgrades with modest overhead.

. The paper characterises compositional homomorphims of relational structures. A detailed study of three categories of such structures -- viewed as multialgebras -- reveals the one with the most desirable properties. In addition, we study analogous categories with homomorphisms mapping elements to sets (thus being relations). Finally, we indicate some consequences of our results for partial algebras which are special case of multialgebras. 1 Introduction In the study of universal algebra, the central place occupies the pair of "dual" notions of congruence and homomorphism: every congruence on an algebra induces a homomorphism into a quotient and every homomorphism induces a congruence on the source algebra. Categorical approach attempts to express all (internal) properties of algebras in (external) terms of homomorphisms. When passing to relational structures, however, the close correspondence of these internal and external aspects seems to get lost. The most common, and natural, gene...

The use of hierarchy is an important component of object-oriented design. Hierarchy allows the use of type families, in which higher level supertypes capture the behavior that all of their subtypes have in common. For this methodology to be effective, it is necessary to have a clear understanding of how subtypes and supertypes are related. This paper takes the position that the relationship should ensure that any property proved about supertype objects also holds for its subtype objects. It presents two ways of defining the subtype relation, each of which meets this criterion, and each of which is easy for programmers to use. The subtype relation is based on the specifications of the sub- and supertypes; the paper presents a way of specifying types that makes it convenient to define the subtype relation. The paper also discusses the ramifications of this notion of subtyping on the design of type families. 1 Introduction What does it mean for one type to be a subtype of another? We arg...

: The article defines algebraic semantics of singular (call-time-choice) and plural (run-time-choice) nondeterministic parameter passing and presents a specification language in which operations with both kinds of parameters simultaneously can be defined. Sound and complete calculi for both semantics are introduced. We study the relations between the two semantics and point out that axioms for operations with plural arguments may be considered as axiom schemata for operations with singular arguments. Keywords: algebraic specification, many-sorted algebra, nondeterminism, sequent calculus. AMS classifications: 68Q65, 68Q60, 68Q10, 68Q55, 03B60, 08A70. 1. Introduction The notion of nondeterminism arises naturally in describing concurrent systems. Various approaches to the theory and specification of such systems, for instance, CCS [16], CSP [9], process algebras [1], event structures [26], include the phenomenon of nondeterminism. But nondeterminism is also a natural concept in descr...

Upgrading the software of long-lived, highly-available distributed systems is di#cult. It is not possible to upgrade all the nodes in a system at once, since some nodes may be unavailable and halting the system for an upgrade is unacceptable. Instead, upgrades may happen gradually, and there may be long periods of time when di#erent nodes are running di#erent software versions and need to communicate using incompatible protocols. We present a methodology and infrastructure that address these challenges and make it possible to upgrade distributed systems automatically while limiting service disruption.