Results 1  10
of
23
Reasoning about Classes in ObjectOriented Languages: Logical Models and Tools
, 1998
"... A formal language ccsl is introduced for describing specifications of classes in objectoriented languages. We show how class specifications in ccsl can be translated into higher order logic. This allows us to reason about these specifications. In particular, it allows us (1) to describe (various) i ..."
Abstract

Cited by 35 (15 self)
 Add to MetaCart
A formal language ccsl is introduced for describing specifications of classes in objectoriented languages. We show how class specifications in ccsl can be translated into higher order logic. This allows us to reason about these specifications. In particular, it allows us (1) to describe (various) implementations of a particular class specification, (2) to develop the logical theory of a specific class specification, and (3) to establish refinements between two class specifications. We use the (dependently typed) higher order logic of the proofassistant pvs, so that we have extensive tool support for reasoning about class specifications. Moreover, we describe our own frontend tool to pvs, which generates from ccsl class specifications appropriate pvs theories and proofs of some elementary results.
Behavioural Theories and The Proof of Behavioural Properties
, 1996
"... Behavioural theories are a generalization of firstorder theories where the equality predicate symbol is interpreted by a behavioural equality of objects (and not by their identity). In this paper we first consider arbitrary behavioural equalities determined by some (partial) congruence relation and ..."
Abstract

Cited by 33 (8 self)
 Add to MetaCart
Behavioural theories are a generalization of firstorder theories where the equality predicate symbol is interpreted by a behavioural equality of objects (and not by their identity). In this paper we first consider arbitrary behavioural equalities determined by some (partial) congruence relation and we show how to reduce the behavioural theory of any class of algebras to (a subset of) the standard theory of some corresponding class of algebras. This reduction is the basis of a method for proving behavioural theorems whenever an axiomatization of the behavioural equality is provided. Then we focus on the important special case of (partial) observational equalities where two elements are observationally equal if they cannot be distinguished by observable computations over some set of input values. We provide general conditions under which an obvious infinite axiomatization of the observational equality can be replaced by a finitary one and we provide methodological guidelines for finding such...
Development Graphs  Proof Management for Structured Specifications
, 2005
"... Development graphs are a tool for dealing with structured specifications in a formal program development in order to ease the management of change and reusing proofs. In this work, we extend development graphs with hiding (e.g. hidden operations). Hiding is a particularly difficult to realize operat ..."
Abstract

Cited by 25 (16 self)
 Add to MetaCart
Development graphs are a tool for dealing with structured specifications in a formal program development in order to ease the management of change and reusing proofs. In this work, we extend development graphs with hiding (e.g. hidden operations). Hiding is a particularly difficult to realize operation, since it does not admit such a good decomposition of the involved specifications as other structuring operations do. We develop both a semantics and proof rules for development graphs with hiding. The rules are proven to be sound, and also complete relative to an oracle for conservative extensions. We also show that an absolutely complete set of rules cannot exist. The whole framework is developed in a way independent of the underlying logical system (and thus also does not prescribe the nature of the parts of a specification that may be hidden). We also show how various other logic independent specification formalisms can be mapped into development graphs; thus, development graphs can serve as a kernel formalism for management of proofs and of change.
Management of Change in Structured Verification
 In Proceedings 15th IEEE International Conference on Automated Software Engineering, number 2000 in ASE
, 2000
"... The use of formal methods in large complex applications implies the need for an evolutionary formal program development in which specification and verification phases are interleaved. But any change of a specification either by adding new parts or by changing erroneous parts affects existing verific ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
The use of formal methods in large complex applications implies the need for an evolutionary formal program development in which specification and verification phases are interleaved. But any change of a specification either by adding new parts or by changing erroneous parts affects existing verification work in a subtle way. In this paper we present a truth maintenance system for structured specification and verification. It is based on the simple but powerful notion of a development graph as an underlying datastructure to represent an actual consistent state of a formal development. Based on this notion we try to minimize the consequences of changes of existing verification work. 1. Introduction The application of formal methods in an industrial setting results in an increased complexity of the specification and the corresponding verification. It comprises on the one hand different layers of specifications reflecting the iterated process to refine the requirement specification towa...
Observational Logic, ConstructorBased Logic, and their Duality
, 2002
"... Observability and reachability are important concepts for formal software development. While observability concepts are used to specify the required observable behavior of a program or system, reachability concepts are used to describe the underlying data in terms of datatype constructors. In this p ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Observability and reachability are important concepts for formal software development. While observability concepts are used to specify the required observable behavior of a program or system, reachability concepts are used to describe the underlying data in terms of datatype constructors. In this paper we first reconsider the observational logic institution which provides a logical framework for dealing with observability. Then we develop in a completely analogous way the constructorbased logic institution which formalizes a novel treatment of reachability. Both institutions are tailored to capture the semantically correct realizations of a specification from either the observational or the reachability point of view. We show that there is a methodological and even formal duality between both frameworks. In particular, we establish a correspondence between observer operations and datatype constructors, observational and constructorbased algebras, fully abstract and reachable algebras, and observational and inductive consequences of specifications. The formal duality between the observability and reachability concepts is established in a categorytheoretic setting.
Specification Refinement with System F
 In Proc. CSL'99, volume 1683 of LNCS
, 1999
"... . Essential concepts of algebraic specification refinement are translated into a typetheoretic setting involving System F and Reynolds' relational parametricity assertion as expressed in Plotkin and Abadi's logic for parametric polymorphism. At first order, the typetheoretic setting ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
. Essential concepts of algebraic specification refinement are translated into a typetheoretic setting involving System F and Reynolds' relational parametricity assertion as expressed in Plotkin and Abadi's logic for parametric polymorphism. At first order, the typetheoretic setting provides a canonical picture of algebraic specification refinement. At higher order, the typetheoretic setting allows future generalisation of the principles of algebraic specification refinement to higher order and polymorphism. We show the equivalence of the acquired typetheoretic notion of specification refinement with that from algebraic specification. To do this, a generic algebraicspecification strategy for behavioural refinement proofs is mirrored in the typetheoretic setting. 1 Introduction This paper aims to express in type theory certain essential concepts of algebraic specification refinement. The benefit to algebraic specification is that inherently firstorder concepts are tra...
Test Selection Criteria for QuantifierFree FirstOrder Specifications
, 2007
"... This paper deals with test case selection from axiomatic specifications whose axioms are quantifierfree firstorder formulae. Test cases are modeled as ground formulae and any specification has an exhaustive test data set whose successful submission means correctness, provided that the software u ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
This paper deals with test case selection from axiomatic specifications whose axioms are quantifierfree firstorder formulae. Test cases are modeled as ground formulae and any specification has an exhaustive test data set whose successful submission means correctness, provided that the software under verification can be modeled as a firstorder structure over the same signature. As it has already been done for positive conditional equational specifications, we derive test cases from selection criteria based on axiom coverage. Our selection criteria allows us to select test cases by iteratively unfolding an initial target test purpose, given as a formula. The initial reference test set is iteratively split into successive subsets. Each subset of test cases is defined by constraints which are increasingly introduced by the unfolding procedure to ensure an appropriate matching between the current test purpose under unfolding and specification axioms. Our unfolding procedure is sound (no test is added) and complete (no test is lost) with respect to the starting test purpose. It is exemplified on a simple example.
Relating abstract datatypes and Zschemata
 In Recent Trends in Algebraic Development Techniques  Selected Papers, volume 1827 of Lect. Notes in Comput. Sci
, 1999
"... Abstract. In this paper we investigate formally the relationship between the notion of abstract datatypes in an arbitrary institution, found in algebraic specification languages like Clear, ASL, and CASL; and the notion of schemata from the modeloriented specification language Z. To this end the in ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. In this paper we investigate formally the relationship between the notion of abstract datatypes in an arbitrary institution, found in algebraic specification languages like Clear, ASL, and CASL; and the notion of schemata from the modeloriented specification language Z. To this end the institution S of the logic underlying Z is defined, and a translation of Zschemata to abstract datatypes over S is given. The notion of a schema is internal to the logic of Z, and thus specification techniques of Z relying on the notion of a schema can only be applied in the context of Z. By translating Zschemata to abstract datatypes, these specification techniques can be transformed to specification techniques using abstract datatypes. Since the notion of abstract datatypes is institution independent, this results in a separation of these specification techniques from the specification language Z and allows them to be applied in the context of other, e.g. algebraic, specification languages. 1
Extraction of Structured Programs from Specification Proofs
 Workshop on Algebraic Development Techniques, volume 1827 of Lecture Notes in Computer Science
"... We present a method using an extended logical system for obtaining "correct" programs from specifications written in a sublanguage of CASL. By "correct" we mean programs that satisfy their specifications. The technique we use is to extract programs from proofs in formal logic by ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We present a method using an extended logical system for obtaining "correct" programs from specifications written in a sublanguage of CASL. By "correct" we mean programs that satisfy their specifications. The technique we use is to extract programs from proofs in formal logic by techniques due to Curry and Howard. The logical calculus, however, has the novel feature that as well as the conventional logical rules it includes structural rules corresponding to the standard ways of modifying specifications: translating (renaming), taking unions of specifications and hiding signatures. Although programs extracted by the CurryHoward process can be very cumbersome, we use a number of simplifications that ensure that the programs extracted are in a language close to a standard highlevel programming language. We use this to produce an executable refinement of a given specification and we then provide a method for producing a program module which respects the original structure of the specific...