Results 1  10
of
11
Observational logic
 IN ALGEBRAIC METHODOLOGY AND SOFTWARE TECHNOLOGY (AMAST'98
, 1999
"... We present an institution of observational logic suited for statebased systems specifications. The institution is based on the notion of an observational signature (which incorporates the declaration of a distinguished set of observers) and on observational algebras whose operations are required ..."
Abstract

Cited by 52 (10 self)
 Add to MetaCart
We present an institution of observational logic suited for statebased systems specifications. The institution is based on the notion of an observational signature (which incorporates the declaration of a distinguished set of observers) and on observational algebras whose operations are required to be compatible with the indistinguishability relation determined by the given observers. In particular, we introduce a homomorphism concept for observational algebras which adequately expresses observational relationships between algebras. Then we consider a flexible notion of observational signature morphism which guarantees the satisfaction condition of institutions w.r.t. observational satisfaction of arbitrary firstorder sentences. From the proof theoretical point of view we construct a sound and complete proof system for the observational consequence relation. Then we consider structured observational specifications and we provide a sound and complete proof system for such specifications by using a general, institutionindependent result of [6].
Behavioural Theories and The Proof of Behavioural Properties
, 1996
"... Behavioural theories are a generalization of firstorder theories where the equality predicate symbol is interpreted by a behavioural equality of objects (and not by their identity). In this paper we first consider arbitrary behavioural equalities determined by some (partial) congruence relation and ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Behavioural theories are a generalization of firstorder theories where the equality predicate symbol is interpreted by a behavioural equality of objects (and not by their identity). In this paper we first consider arbitrary behavioural equalities determined by some (partial) congruence relation and we show how to reduce the behavioural theory of any class of algebras to (a subset of) the standard theory of some corresponding class of algebras. This reduction is the basis of a method for proving behavioural theorems whenever an axiomatization of the behavioural equality is provided. Then we focus on the important special case of (partial) observational equalities where two elements are observationally equal if they cannot be distinguished by observable computations over some set of input values. We provide general conditions under which an obvious infinite axiomatization of the observational equality can be replaced by a finitary one and we provide methodological guidelines for finding such...
Modular Correctness Proofs of Behavioural Implementations
, 1995
"... . We introduce a concept of behavioural implementation for algebraic specifications which is based on an indistinguishability relation (called behavioural equality). The central objective of this work is the investigation of proof rules that first allow us to establish the correctness of behavioural ..."
Abstract

Cited by 30 (13 self)
 Add to MetaCart
. We introduce a concept of behavioural implementation for algebraic specifications which is based on an indistinguishability relation (called behavioural equality). The central objective of this work is the investigation of proof rules that first allow us to establish the correctness of behavioural implementations in a modular (and stepwise) way and, moreover, are practicable enough to induce proof obligations that can be discharged with existing theorem provers. Under certain conditions our proof technique can also be applied for proving the correctness of implementations based on an abstraction equivalence between algebras in the sense of Sannella and Tarlecki. The whole approach is presented in the framework of total algebras and firstorder logic with equality. 1 Introduction Algebraic specification techniques allow one to formalize correctness notions for program development steps. Thereby an important role is played by observability concepts since it is often essential to abst...
On Behavioural Abstraction and Behavioural Satisfaction in HigherOrder Logic
, 1996
"... The behavioural semantics of specifications with higherorder logical formulae as axioms is analyzed. A characterization of behavioural abstraction via behavioural satisfaction of formulae in which the equality symbol is interpreted as indistinguishability, which is due to Reichel and was recently g ..."
Abstract

Cited by 25 (5 self)
 Add to MetaCart
The behavioural semantics of specifications with higherorder logical formulae as axioms is analyzed. A characterization of behavioural abstraction via behavioural satisfaction of formulae in which the equality symbol is interpreted as indistinguishability, which is due to Reichel and was recently generalized to the case of firstorder logic by Bidoit et al, is further generalized to this case. The fact that higherorder logic is powerful enough to express the indistinguishability relation is used to characterize behavioural satisfaction in terms of ordinary satisfaction, and to develop new methods for reasoning about specifications under behavioural semantics. 1 Introduction An important ingredient in the use of algebraic specifications to describe data abstractions is the concept of behavioural equivalence between algebras, which seems to appropriately capture the "black box" character of data abstractions, see e.g. [GGM76], [GM82], [ST87] and [ST95]. Roughly speaking (since there ...
BehaviourRefinement of Coalgebraic Specifications with Coinductive Correctness Proofs
 Proofs, Proc. TAPSOFT '97, Springer LNCS 1214
, 1997
"... . A notion of refinement is defined in the context of coalgebraic specification of classes in objectoriented languages. It tells us when objects in a "concrete" class behave exactly like (or: simulate) objects in an "abstract" class. The definition of refinement involves certain ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
. A notion of refinement is defined in the context of coalgebraic specification of classes in objectoriented languages. It tells us when objects in a "concrete" class behave exactly like (or: simulate) objects in an "abstract" class. The definition of refinement involves certain selection functions between procedureinputs and attributeoutputs, which gives this notion considerable flexibility. The coalgebraic approach allows us to use coinductive proof methods in establishing refinements (via (bi)simulations). This is illustrated in several examples. 1 Introduction Refinement is an important notion in the stepwise construction of reliable software. It is used to express that an abstract description is realised by a concrete one, typically by fillingin some implementation details. This paper concentrates on refinement in an objectoriented setting. What is typical there is reuse of classes 1 : one tries to refine towards existing classes (available in some library). There are two ...
ObjectOriented Hybrid Systems of Coalgebras plus Monoid Actions
 Algebraic Methodology and Software Technology (AMAST
, 1996
"... . Hybrid systems combine discrete and continuous dynamics. We introduce a semantics for such systems consisting of a coalgebra together with a monoid action. The coalgebra captures the (discrete) operations on a state space that can be used by a client (like in the semantics of ordinary (nontempora ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
. Hybrid systems combine discrete and continuous dynamics. We introduce a semantics for such systems consisting of a coalgebra together with a monoid action. The coalgebra captures the (discrete) operations on a state space that can be used by a client (like in the semantics of ordinary (nontemporal) objectoriented systems). The monoid action captures the influence of time on the state space, where the monoids that we consider are the natural numbers monoid (N; 0; +) of discrete time, and the positive reals monoid (R0 ; 0; +) of real time. Based on this semantics we develop a hybrid specification formalism with timed method applications: it involves expressions like s:meth@ff, with the following meaning: in state s let the state evolve for ff units of time (according to the monoid action), and then apply the (coalgebraic) method meth. In this formalism we specify various (elementary) hybrid systems, investigate their correctness, and display their behaviour in simulations. We furthe...
Swinging Data Types: The Dielectic between Actions and Constructors
 REPORT, FB INFORMATIK, UNIVERSITÄT DORTMUND
, 1998
"... Initial structures are good for modelling constructorbased data types because they fit the intuition about these types and admit resolution and rewriteoriented inductive theorem proving. The corresponding specification and verification methods do not comply so well with nonfree or permutative ty ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Initial structures are good for modelling constructorbased data types because they fit the intuition about these types and admit resolution and rewriteoriented inductive theorem proving. The corresponding specification and verification methods do not comply so well with nonfree or permutative types such as sets, bags and maps and are still less appropriate when infinite structures like streams or processes come into play. Nonfree and infinite structure are better modelled as dynamic objects, which are identified through reactions upon actions (methods, messages, state transitions) rather than through constructors they might be built of. Extensional, contextual, behavioural, observational or bisimilarity relations model object equality and the suitable domains are final structures that are conservative with respect to visible subtypes. Consequently, a collection of data types and programs should be designed hierarchically as a &quot;swinging &quot; chain of specifications each of which extends its predecessor by either constructor types or action types. Constructor types introduce the visible domains and come with inductively defined total functions, structural equality and safety predicates with Horn clause axioms, while action types provide the hidden domains together with coinductively defined partial functions, behavioural equality and liveness predicates with liveness axioms that are dual to Horn clauses. A swinging specification is interpreted as a sequence of initial and final models. General proof
Verifying the SpecificationtoCode Correspondence for Abstract Data Types
, 1997
"... Data Types Daniel Schweizer and Christoph Denzler Computer Engineering and Networks Laboratory ETH Z urich, Gloriastrasse 35 CH8092 Z urich, Switzerland fschweizer, denzlerg@tik.ee.ethz.ch Abstract Formal specification has become an important issue in the development of safety critical soft ..."
Abstract
 Add to MetaCart
Data Types Daniel Schweizer and Christoph Denzler Computer Engineering and Networks Laboratory ETH Z urich, Gloriastrasse 35 CH8092 Z urich, Switzerland fschweizer, denzlerg@tik.ee.ethz.ch Abstract Formal specification has become an important issue in the development of safety critical software. Automatic code generation from specifications in general leads to inefficient implementations. Instead, we present a verification method that allows verifying an implementation against a given specification, using specification generation from program source code. Generated specifications can be compared with the original ones, using an interactive theorem prover. Proofs are based on symbolic execution of abstract data type operations. This paper provides an overview of this approach guided by an example. We show how generic language translation techniques can be employed to translate implementations to specifications. Verification is done by proving that the generated specification semantically implies the original one. Keywords: formal verification, algebraic specification, formal language translation, abstract data types, symbolic execution 1
Observational Logic
, 1998
"... . We present an institution of observational logic which generalizes earlier approaches to observational systems specification in various ways. First, we introduce a notion of an observational signature which incorporates the declaration of a distinguished set of observers. Then, we define observati ..."
Abstract
 Add to MetaCart
. We present an institution of observational logic which generalizes earlier approaches to observational systems specification in various ways. First, we introduce a notion of an observational signature which incorporates the declaration of a distinguished set of observers. Then, we define observational algebras whose operations are required to be compatible with the indistinguishability relation determined by the observers of an observational signature. In particular, we introduce a homomorphism concept for observational algebras which adequately expresses observational relationships between algebras. Then we consider a flexible notion of observational signature morphism which guarantees the satisfaction condition of institutions w.r.t. observational satisfaction for arbitrary firstorder sentences. From the proof theoretical point of view we construct a sound and complete proof system for the observational consequence relation. Then we consider structured observational specification...