In this paper we consider a particular class of algorithms which present certain difficulties to formal verification. These are algorithms which use a single data structure for two or more purposes, which combine program control information with other data structures or which are developed as a combination of a basic idea with an implementation technique. Our approach is based on applying proven semantics-preserving transformation rules in a wide spectrum language. Starting with a set theoretical specification of "reachability" we are able to derive iterative and recursive graph marking algorithms using the "pointer switching" idea of Schorr and Waite. There have been several proofs of correctness of the Schorr-Waite algorithm, and a small number of transformational developments of the algorithm. The great advantage of our approach is that we can derive the algorithm from its specification using only general-purpose transformational rules: without the need for complicated induction arg...

In this paper we give a brief introduction to the foundations of WSL transformation theory and describe how the concept of program slicing can be formalised in the theory. This formalism naturally lends itself to several generalisations including amorphous slicing and conditioned slicing. One novel generalisation is "semantic slicing" which combines slicing and abstraction to a specification. Interprocedural semantic slicing has been implemented in the FermaT transformation system [16]: an industrial-strength transformation system designed for forward and reverse engineering, re-engineering and program comprehension.

ion Martin Ward Computer Science Dept Science Labs South Rd Durham DH1 3LE April 9, 1996 Abstract What does it mean to say that one program is "more abstract" then another? What is "abstract" about an abstract data type? What is the difference between a "high-level" program and a "low-level" program? In this paper we attempt to answer these questions by formally defining an abstraction relation between programs which matches our intuitive ideas about abstraction. The relation is based on examining the operational semantics of the programs, expressed as a set of traces (sequences of states) from a given initial state to a possible final state. KEY WORDS: Abstraction, Software Maintenance, Transformations, Refinement, Transformational Programming 1 Introduction In discussing software development, refinement of specifications into programs, reverse engineering from programs into specifications, and other related areas, concepts such as "high-level program" verses "low-level program", ...

Software reengineering has been described as being "about as easy as reconstructing a pig from a sausage" [11]. But the development of program transformation theory, as embodied in the FermaT transformation system, has made this miraculous feat into a practical possibility. This paper describes the theory...

We describe how proof rules for three advanced refinement features are mechanically verified using the HOL theorem prover. These features are data refinement, backwards data refinement and superposition refinement of initialised loops. We also show how applications of these proof rules to actual program refinement can be checked using the HOL system, with the HOL system generating the verification conditions. 1 Introduction Stepwise refinement is a methodology for developing programs from high-level program specifications into efficent implementations. The refinement calculus of Back [1, 2] is a formalisation of this approach, based on the weakest precondition calculus of Dijkstra [9]. Practical program derivation within the refinement calculus [5] has shown that refinement steps often tend to be very similar to each other. Rather than always inventing a refining statement and proving the correctness of the refinement, it is convenient to have access to a collection of program transfo...

In this paper we give a brief introduction to the foundations of WSL transformation theory and describe some applications to program slicing. We introduce some generalisations of traditional slicing, amorphous slicing and conditioned slicing which are possible in the framework of WSL transformations. One generalisation is "semantic slicing" which combines slicing and abstraction to a specification.

We describe a method for extracting high-level specifications from unstructured source code. The method is based on a theory of program re nement and transformation, which is used as the bases for the development of a catalogue of powerful semantics-preserving transformations. Each transformation is an operation on a program which has a mechanically-checkable correctness condition, and which has been rigorously proved to produce a semantically equivalent result. The transformations are carried out in a wide spectrum programming language (called WSL). This language includes high-level specifications as well as low-level programming constructs. As a result, the formal reverse engineering process (from source code to equivalent specifications) and the redevelopment process (refinement of specifications into source code) can both be carried out within a single language and transformation theory. We also discuss a tool (FermaT) which has been developed to support this approach to reengineerin...

We describe two approaches for context handling in the Refinement Calculus framework. They show how information relevant for total correctness can be transported from one place of a program to another and then used for refinement of program components. Both approaches have been formalised in the HOL theorem proving system and integrated into a tool for transformational reasoning about programs. TUCS Research Group Programming Methodology Research Group 1 Introduction The Refinement Calculus [2, 3] is a calculus for development of programs using the stepwise refinement paradigm. In the Refinement Calculus, specifications are refined into programs through a sequence of transformations (refinements). Each such refinement provably preserves all total correctness properties of the initial specification. Programs can be very large and complex. Therefore, it is usually very difficult to prove refinement of the whole program directly. Instead, one can refine a program by focusing on some sm...