Interface specifications should express program properties in a formal, declarative, and implementation-independent way. To achieve implementation-independency, interface specifications have to support data abstraction. Program verification should enable to prove implementations correct w.r.t. such interface specifications. The presented work bridges the gap between existing specification and verification techniques for object-oriented programs. The integration is done within a formal framework for interface specifications and programming language semantics. Interface specification techniques are enhanced to support the specification of data structure sharing and destructive updating of shared variables. These extensions are necessary for the specification of real life software libraries. Moreover this generalization is needed for intermediate steps in correctness proofs. For verification, Hoare logic is extended to capture recursive classes and subtyping. Based on this extended logic, techniques are presented for proving typing properties, class and method invariants. The new

This paper gives a quick overview of Larch/C++, an interface specification language for C++. Through examples, we explain declarations, function specifications, class specifications, and template specifications. An extended example is given in the last section. The reader is assumed to have some familiarity with C++. The reader should have some familiarity with the idea of formal specification, but is not required to be familiar with the Larch approach to formal specification.

Garbage collection (GC) is an important part of many language implementations. One of the most important garbage collection techniques is copying GC. This paper consists of an informal but abstract description of copying collection, a formal specification of copying collection written in the Larch Shared Language and the Larch/C Interface Language, a simple implementation of a copying collector written in C, an informal proof that the implementation satisfies the specification, and a discussion of how the specification applies to other types of copying GC such as generational copying collectors. Limited familiarity with copying GC or Larch is needed to read the specification. This research was sponsored by the Avionics Lab, Wright Research and Development Center, Aeronautical Systems Division (AFSC), U. S. Air Force, Wright-Patterson AFB, OH 45433-6543 under Contract F33615-90-C-1465, Arpa Order No. 7597. The views and conclusions contained in this document are those of the author and ...

The paper presents the reection facilities of the speci cation language Slam-sl. Slam-sl is an object oriented speci cation language where class methods are speci ed by pre and postconditions. The reection capabilities permit managing these pre and postconditions in speci cations what means that semantic reection is possible. The range of interesting applications is very wide: formal speci cation of interfaces and abstract classes, speci cation of component based software, formalization of design pattern, using Slamsl as a pattern language, etc. The paper discusses the last two advantages in some detail.

Introduction This extended abstract gives an introduction into the development of partial correctness logics for programming languages specified by evolving algebras. A partial correctness logic is a programming logic that allows to prove program properties of the form: "whenever program point P is reached during execution, assertion A is true". We derive a basic axiom (schema) from an evolving algebra and use this axiom to prove more convenient logics correct. This work aims to develop the foundations for programming environments that support formal reasoning about programs. One of the major problems with this challenge is the systematic design of programming logics for realistic programming languages. Experiences e.g. with Hoare logic have shown that it can be difficult to design consistent programming logics even for simple languages from scratch (cf. [1]). Using evolving algebras as semantical basis has two advantages: 1. They support appropriate specificat

The paper shows the outlines of the SLAM system, that allows for an effective use of Formal Methods (FM) in Rapid Application Development (RAD) and other prototyping processes. The SLAM system, includes an expressive object oriented specification language and a development environment that, among other features, is able to generate efficient and readable code in a high level object oriented language (Java, C++, ...).

Large software systems offer to software designers complex problem to solve in an efficient and quick way. To manage such complexity several techniques have been developed to make this task easier and to allow the designer to reuse prior experience. However such techniques and frameworks often lack formal notations to support formal reasoning about the resulting products. We extend Larch family languages, by defining Larch interface language for Java modules and argue that such notation should help to design and implement software systems built of Java components. Keywords: Components, Java, Larch, formal design. 1 1 Background The design and the implementation of large software systems is an ever lasting challenge for software developers. Currently, the development of the World Wide Web and internet, and the diffusion of personal computers and local area networks complicates more and more the scenario in which software engineers have to develop new applications. From monolit...

This paper shows the debugging facilities provided by the SLAM system. The SLAM system includes i) a specification language that integrates algebraic specifications and model-based specifications using the object oriented model. Class operations are defined by using rules each of them with logical pre and post-conditions but with a functional flavour. ii) A development environment that, among other features, is able to generate readable code in a high level object oriented language. iii) The generated code includes (part of) the pre and post-conditions as assertions, that can be automatically checked in the debug mode execution of programs. We focus on this last aspect. The SLAM language is expressive enough to describe many useful properties and these properties are translated into a Prolog program that is linked (via an adequate interface) with the user program. The debugging execution of the program interacts with the Prolog engine which is responsible for checking propert...

This paper serves as a report of the literature study I performed between November '95 and February '96 concerning concepts for Isabelle Modules. It compares three proof systems which are recent and successful enough to serve as exemplaries for a study of their theory handling.

One of the most important problems in software development is the gap between the intended behaviour of a program (i.e. the specification) and the final result. We believe that the use of formal specifications in combination with a system able to generate (verified) code from them, integrated in an Iterative Rapid Prototyplng Process environment could be a solution to this problem.