Results 1  10
of
10
A Tool for Data Refinement
, 1997
"... We describe a tool for data refinement based on the Refinement Calculator. The tool supports the calculational approach to data refinement. As a consequence of the program calculation, a refinement theorem is automatically derived. The operation of the tool is illustrated with a case study. ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
We describe a tool for data refinement based on the Refinement Calculator. The tool supports the calculational approach to data refinement. As a consequence of the program calculation, a refinement theorem is automatically derived. The operation of the tool is illustrated with a case study.
A Recursion Removal Theorem  Proof and Applications
, 1999
"... In this paper we briey introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. This theorem includes as special cases the two techniques discussed by Knuth [12] and Bird [7]. We describe some applications of t ..."
Abstract

Cited by 11 (8 self)
 Add to MetaCart
In this paper we briey introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. This theorem includes as special cases the two techniques discussed by Knuth [12] and Bird [7]. We describe some applications of the theorem to cascade recursion, binary cascade recursion, Gray codes, the Towers of Hanoi problem, and an inverse engineering problem. 1 Introduction In this paper we briey introduce some of the ideas behind the transformation theory we have developed over the last eight years at Oxford and Durham Universities and describe a recent result: a general recursion removal theorem. We use a Wide Spectrum Language (called WSL), developed in [19,20,21] which includes lowlevel programming constructs and highlevel abstract specications within a single language. Working within a single language means that the proof that a program correctly implements a specication, or that a specication correct...
Inverse Engineering a simple Real Time program
, 1999
"... Reverse engineering of interruptdriven realtime programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the nonfunctional timing requirements, are implicit and can be very difficult to discover. However, in this paper we pre ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Reverse engineering of interruptdriven realtime programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the nonfunctional timing requirements, are implicit and can be very difficult to discover. However, in this paper we present a significant advance in this area, which is achieved by modelling realtime programs with interrupts in the wide spectrum language WSL. A small example program is modelled in this way, and formal program transformations are used to derive various timing constraints and to inverse engineer a formal specification of the program. (We use the term inverse engineering to mean reverse engineering achieved by formal program transformations).
Fault Tolerant Software Architectures
 In Technical report, INRIA/IRISA
, 1998
"... Coping explicitly with failures during the conception and the design of software development complicates signicantly the designer's job. The design complexity leads to software descriptions difficult to understand, which have to undergo many simplifications until their first functioning version ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Coping explicitly with failures during the conception and the design of software development complicates signicantly the designer's job. The design complexity leads to software descriptions difficult to understand, which have to undergo many simplifications until their first functioning version. To support the systematic development of complex, fault tolerant software, this paper proposes a layered framework for the analysis of the fault tolerance software properties, where the topmost layer provides the means for specifying the abstract failure semantics expressed in the initial conception stage, and each successive layer is a renement towards an elaborated description of a fault tolerant software architecture. We present the logical vehicle that permits reasoning on the equivalence or the compatibility of the various expressions of fault tolerance properties at various abstraction levels. In addition, we propose a mapping schema, which permits the correct transformation of abstract ent...
System development using Z generics
 In FM99
, 1999
"... In this paper we present a method for using generic components in formal speci�cations. This approach results in a �exible generic system description that separates the concerns of structure and data types. The generic speci�cation can be extended and modi�ed in a natural manner, to track requiremen ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In this paper we present a method for using generic components in formal speci�cations. This approach results in a �exible generic system description that separates the concerns of structure and data types. The generic speci�cation can be extended and modi�ed in a natural manner, to track requirements as
Specifying Algorithms Using Evolving Algebra. Implementation of Functional Programming Languages. Dr. scient. degree thesis
, 1995
"... ..."
Understanding Concurrent Programs using Program Transformations
 PROCEEDINGS OF THE 1993 2ND WORKSHOP ON PROGRAM COMPREHENSION, 8TH9TH JULY
, 1993
"... Reverse engineering of concurrent realtime programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the nonfunctional timing requirements, are implicit and can be very difficult to discover. In this paper we present a signific ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Reverse engineering of concurrent realtime programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the nonfunctional timing requirements, are implicit and can be very difficult to discover. In this paper we present a significant advance in this area, which is achieved by modelling realtime concurrent programs in the wide spectrum language WSL. We show how a sequential program with interrupts can be modelled in WSL, and the method is then extended to model more general concurrent programs. We show how a program modelled in this way may subsequently be "inverse engineered" by the use of formal program transformations, to discover a specification for the program. (We use the term "inverse engineering" to mean "reverse engineering achieved by formal program transformations").
Systems Prototyping in CAMILA
, 1996
"... From school physics we got used to a basic problem solving strategy: create a mathematical model, reason on it, calculate a solution. The Camila approach is an attempt to make such a strategy available at the software engineering level. Based on a notion of formal software component it encompasses a ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
From school physics we got used to a basic problem solving strategy: create a mathematical model, reason on it, calculate a solution. The Camila approach is an attempt to make such a strategy available at the software engineering level. Based on a notion of formal software component it encompasses a settheoretic notation, a prototyping environment, fully connectable to external applications and equipped with communication facilities, and an inequational refinement calculus.
A Refinement Calculus for VHDL
, 1996
"... A refinement calculus for the specification of realtime systems and their refinement to a VHDL behavioural description is set out here. The specification format is alogical triple with the look of a ZorVDM schema. Choices from a short menu of refinement operations gradually convert an initial speci ..."
Abstract
 Add to MetaCart
A refinement calculus for the specification of realtime systems and their refinement to a VHDL behavioural description is set out here. The specification format is alogical triple with the look of a ZorVDM schema. Choices from a short menu of refinement operations gradually convert an initial specification to VHDL code through a series of mixed mode intermediates. The calculus is complete in the sense that if thereisacode of the VHDL subset considered here (unitdelay waits and signal assignments but no delta delays) satisfying the specification, then it can be obtained by applying some sequence of the refinement operations. The result is "correct by construction".
BHDL, an experiment to formalizing hardware by software formal specifications
, 2002
"... In this paper, we presented a part of our work to create B libraries which correspond to some VHDL packages, as the STD_LOGIC_1164 package (see also [5]). This project enables us to take advantage of the power of the B method to develop a secure circuit. We write the speci cation of a desired circui ..."
Abstract
 Add to MetaCart
In this paper, we presented a part of our work to create B libraries which correspond to some VHDL packages, as the STD_LOGIC_1164 package (see also [5]). This project enables us to take advantage of the power of the B method to develop a secure circuit. We write the speci cation of a desired circuit, then little by little we re ne our speci cations to reach to the implementation of this circuit which depends on the desired libraries. The B method due to J.R Abrial [2] is a formal method for the incremental development of specifications and their re nements down to an implementation. It is a modelbased approach similar to Z [8] and VDM [6]. The software design in B starts from mathematical specifiations. Little by little, through many re nement steps ([7]), the designer tries to obtain a complete and executable specifi cation. This process must be monotonic, that is any re nement has to be proven coherent according to the previous steps of refinement. The B tool can automatically decide which induced proofs are necessary to verify this correctness. Then these proofs are produced either automatically for the simple ones or in cooperation with the designer for the comlex ones. The abstract machine is the basic element of a B development. It encapsulates some state data and offers some operations. In the B development, the proofs accompany the construction of software. Each time an abstract machine is defined or modified, there are proof obligations related to its mathematical consistency; if the machine is a refinement or an implementation, there are also proofs of its correctness with respect to the previous steps of the development chain. The B tool allow to generate automatically the proof obligations for each abstract machine. Generally speaking, the proof obligations will be...