A wide spectrum language is presented, which is designed to facilitate the proof of the correctness of refinements and transformations. Two different proof methods are introduced and used to prove some fundamental transformations, including a general induction rule (Lemma 3.9) which enables transformations of recursive and iterative programs to be proved by induction on their finite truncations. A theorem for proving the correctness of recursive implementations is presented (Theorem 3.21), which provides a method for introducing a loop, without requiring the user to provide a loop invariant. A powerful, general purpose, transformation for removing or introducing recursion is described and used in a case study (Section 5) in which we take a small, but highly complex, program and apply formal transformations in order to uncover an abstract specification of the behaviour of the program. The transformation theory supports a transformation system, called FermaT, in which the applicability conditions of each transformation (and hence the correctness of the result) are mechanically verified. These results together considerably simplify the construction of viable program transformation tools; practical consequences are briefly discussed.

Invariants allow a rigorous treatment of types as sets in the refinement calculus, a method for developing imperative programs. The interaction of procedures and invariants is explored, resulting in a practical formalisation of existing programming practice. 1 Introduction The notion of local invariants [9] was introduced to give rigorous treatment to types in the refinement calculus [7, 6, 8, 10]. Typing is a special kind of invariant. For example, in the scope of the declaration n : N, which introduces a new local variable n of type N (the natural numbers), the invariant is n 2 N, and all commands preserve it. The exploration [9] of the interaction between invariants and statements of a simple language---Dijkstra's language [2] with extensions---considered only language constructs including assignment, iteration, selection and recursion. We extend that work by examining a more complex language structure: the procedure. Although this paper deals only with parameterless procedures, th...

In this paper we give a brief introduction to the foundations of WSL transformation theory and describe how the concept of program slicing can be formalised in the theory. This formalism naturally lends itself to several generalisations including amorphous slicing and conditioned slicing. One novel generalisation is "semantic slicing" which combines slicing and abstraction to a specification. Interprocedural semantic slicing has been implemented in the FermaT transformation system [16]: an industrial-strength transformation system designed for forward and reverse engineering, re-engineering and program comprehension.

There is a vast collection of operational software systems which are vitally important to their users, yet are becoming increasingly difficult to maintain, enhance and keep up to date with rapidly changing requirements. For many of these so called legacy systems the option of throwing the system away an re-writing it from scratch is not economically viable. Methods are therefore urgently required which enable these systems to evolve in a controlled manner. The approach described in this paper uses formal proven program transformations, which preserve or refine the semantics of a program while changing its form. These transformations are applied to restructure ans simplify the legacy systems and to extract higher-level representations. By using an appropriate sequence of transformations, the extracted representation is guaranteed to be equivalent to the code. The method is based on a formal wide spectrum language, called WSL, with accompanying formal method. Over the last ten years we h...

In this thesis, the refinement calculus is extended to support a variety of object-oriented programming styles. The late binding of procedure calls in object-oriented languages is modelled by defining an object-oriented system to be a function from procedure names and argument values to the procedures that are invoked by late binding. The first model allows multiple dispatch late binding, in the style of CLOS. This model is then specialised to the single dispatch case, giving a model that associates types with objects, which is similar to existing class based object-oriented languages. Both models are then restricted so that they support modular reasoning. The concept of modular reasoning has been defined informally in the literature, both for non-object-oriented systems and for object-oriented systems. This thesis gives the first formal definition of modular reasoning for object-oriented languages. Intuitively, the definition seems to capture the minimum possible requirements necessa...

Software reengineering has been described as being "about as easy as reconstructing a pig from a sausage" [11]. But the development of program transformation theory, as embodied in the FermaT transformation system, has made this miraculous feat into a practical possibility. This paper describes the theory...

A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information about the variables that are in scope and what their types are. The refinement can also take advantage of additional information, such as any precondition the component can assume. The aim of this paper is to introduce a technique, which we call program window inference, to handle such contextual information during derivations in the refinement calculus. The idea is borrowed from a technique, called window inference, for handling context in theorem proving. Window inference is the primary proof paradigm of the Ergo proof editor. This tool has been extended to mechanize refinement using program window inference.

In this paper we briefly introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. Recursion removal often forms an important step in the systematic development of an algorithm from a formal specification. We use semantic-preserving transformations to carry out such developments and the theorem proves the correctness of many different classes of recursion removal. This theorem includes as special cases the two techniques discussed by Knuth [13] and Bird [7]. We describe some applications of the theorem to cascade recursion, binary cascade recursion, Gray codes, and an inverse engineering problem.

In this paper we give a brief introduction to the foundations of WSL transformation theory and describe some applications to program slicing. We introduce some generalisations of traditional slicing, amorphous slicing and conditioned slicing which are possible in the framework of WSL transformations. One generalisation is "semantic slicing" which combines slicing and abstraction to a specification.

The aim of this paper is to provide a unified mathematical framework for program slicing which places all slicing work, for sequential programs, on a sound theoretical foundation. The main advantage to a mathematical approach is that it is not tied to a particular representation. In fact the mathematics provides a sound basis for any particular representation. We use the WSL (Wide Spectrum Language) program transformation theory as our framework. Within this framework we define a new semantic relation, semi-refinement which lies between semantic equivalence and semantic refinement. Combining this semantic relation, a syntactic relation (called reduction) and WSL’s remove statement, we can give mathematical definitions for backwards slicing, conditioned slicing, static and dynamic slicing and semantic slicing as program transformations in the WSL transformation theory. A novel technique of “encoding ” operational semantics within a denotational semantics allows the framework to handle “operational slicing”. The theory also enables the concept of slicing to be applied to nondeterministic programs. These transformations are implemented in the industry-strength FermaT transformation system.