We propose a structured mathematical definition of the semantics of C# programs to provide a platform-independent interpreter view of the language for the C# programmer, which can also be used for a precise analysis of the ECMA [22] standard of the language and as a reference model for teaching. The definition takes care to reflect directly and faithfully -- as much as possible without becoming inconsistent or incomplete -- the descriptions in the C# standard to become comparable with the corresponding models for Java in [37] and to provide for implementors the possibility to check their basic design decisions against an accurate highlevel model. The model sheds light on some of the dark corners of C# and on some critical differences between the ECMA standard and the implementations of the language.

Abstract. Turbo Abstract State Machines are ASMs with parallel and sequential composition and possibly recursive submachine calls. Turbo ASMs are viewed as black-boxes that can combine arbitrary many steps of one or more submachines into one big step. The intermediate steps of a turbo ASM are not observable from outside. It is not even clear what exactly the intermediate steps are, because the semantics of turbo ASMs is usually defined inductively along the call graph of the ASM and the structure of the rule bodies. The most important application of turbo ASMs are recursive algorithms. Such algorithms can directly be simulated on turbo ASMs without transforming them into multi-agent (distributed) ASMs. In this article we analyze the hidden intermediate steps of turbo ASMs and characterize them using PAR/SEQ trees. We also address the problem of the reserve in the presence of recursion and sequential composition. 1

During an attempt to prove that the Java-to-JVM compiler generates code that is accepted by the Bytecode Verifier we found examples of legal Java programs that are rejected by the verifier. We propose therefore to restrict the socalled rules of definite assignment for the try-finally statement as well as for the labeled statement such that the example programs are no longer allowed. Then we can prove, using the framework of Abstract State Machines, that each program from the slightly restricted Java language is accepted by the Bytecode Verifier. In the proof we use a new notion of bytecode type assignment without subroutine call stacks.

The Abstract State Machines (ASMs) theory has been applied to rigorously formalize the semantics of the C♯ programming language. The developed ASM model is validated here by providing an executable model which supports the experimentation with the ASM model. The executable model is a refinement of the ground model and is implemented in AsmL – the Abstract State Machine Language, which is embedded into Microsoft Visual Studio.NET. We report here on the development of AsmL Executable Specifications of the C♯ semantics by depicting our techniques on building and using AsmL as a Specification Language.

Abstract. The question raised in [15] is answered how to naturally model widely used forms of recursion by abstract machines. We show that turbo ASMs as defined in [7] allow one to faithfully reflect the common intuitive single-agent understanding of recursion. The argument is illustrated by turbo ASMs for Mergesort and Quicksort. Using turbo ASMs for returning function values allows one to seamlessly integrate functional description and programming techniques into the high-level ’abstract programming ’ by state transforming ASM rules. 1

In hardware and software design model checkers are nowadays used with success to verify properties of system components [23]. The limits of the approach to cope with the size and the complexity of modern computer-based systems are felt when it comes to provide evidence of the trustworthiness of the entire system that has been built out of verified components. To achieve this task one has to experimentally validate or to mathematically verify the composition of the system. This reveals a gap between the finite state machine (FSM) view of model-checkable components and the architectural system view. In this paper we show how Abstract State Machines (ASM) can be used to fill this gap for both design and analysis, using a flexible concept of ASM component. 1

Abstract not found

Abstract: Abstract State Machines (ASMs) have been widely used to specify software and hardware systems. Only a few of these specifications are executable, although there are several interpreters and some compilers. This paper introduces a compilation scheme to transform an ASM specification in the syntax of the ASM-Workbench into C++. In particular, we transform algebraic types, pattern matching, functional expressions, dynamic functions, and simultaneous updates to C++ code. The main aim of this compilation scheme is to preserve the specification structure in the generated code

In this lecture, we solve a robot control problem to illustrate the ASM method for building rigorous requirement models and turning them in a justifiably correct and well documented way into executable code. The problem derives from an industrial plant and was proposed in an international competition as comparative case study for the use of formal methods in software development, see [12] for a detailed report. In our ASM solution of the problem we exhibit in particular the separation of di#erent concerns, namely specification, design and analysis (i.e. validation and verification of the desired properties, by experimentation, by mathematical argument and by model checking). This separation of concerns is the key reason why---di#erently from many other methods, see [12]--- we could link the ASM ground model to a provably correct and successfully validated C ++ program. 1 The case study This lecture starts from scratch and does not presuppose any knowledge neither of the pr...