This paper describes an approach to module composition by executing "module expressions" to build systems out of component modules; the paper also gives a novel semantics intended to aid implementers. The semantics is based on set theoretic notions of tuple set, partial signature, and institution, thus avoiding more difficult mathematics theory. Language features include information hiding, both vertical and horizontal composition, and views for binding modules to interfaces. Vertical composition refers to the hierarchical structuring of a system into layers, while horizontal composition refers to the structure of a given layer. Modules may involve information hiding, and views may involve behavioral satisfaction of a theory by a module. Several "Laws of Software Composition" are given, which show how the various module composition operations relate. Taken together, this gives foundations for an algebraic approach to software engineering. 1.1 Introduction The approach to module compos...

. We introduce a concept of behavioural implementation for algebraic specifications which is based on an indistinguishability relation (called behavioural equality). The central objective of this work is the investigation of proof rules that first allow us to establish the correctness of behavioural implementations in a modular (and stepwise) way and, moreover, are practicable enough to induce proof obligations that can be discharged with existing theorem provers. Under certain conditions our proof technique can also be applied for proving the correctness of implementations based on an abstraction equivalence between algebras in the sense of Sannella and Tarlecki. The whole approach is presented in the framework of total algebras and first-order logic with equality. 1 Introduction Algebraic specification techniques allow one to formalize correctness notions for program development steps. Thereby an important role is played by observability concepts since it is often essential to abst...

The notions of state and observable behaviour are fundamental to many areas of computer science. Hidden sorted algebra, an extension of many sorted algebra, captures these notions through hidden sorts and the behavioural satisfaction of equations. This makes it a powerful formalisation of abstract machines, and many results suggest that it is also suitable for the semantics of the object paradigm. Another extension of many sorted algebra, namely order sorted algebra, has proved useful in system specification and prototyping because of the way it handles subtypes and errors. The combination of these two algebraic approaches, hidden order sorted algebra, has also been proposed as a foundation for object paradigm, and has much promise as a foundation for Software Engineering. This paper extends recent work on hidden order sorted algebra by investigating the refinement and implementation of hidden order sorted specifications. We present definitions of refinement and implementation for suc...

This paper presents an algebraic account of implementation that is applicable to the object paradigm. The key to its applicability is the notion of state: objects have local states that are observable only through their outputs. That is, objects may be viewed as abstract machines with hidden local state (as in [9]). Consequently, a correct implementation need only have the required visible behaviour. We use hidden order sorted algebra to formalise the object paradigm [4, 5, 8]. Advantages of an algebraic approach include a high level of intellectual rigour, a large body of supporting mathematics, and simple, efficient proofs using only equational logic. A wide variety of extensions to equational logic have been developed to treat various programming features, while preserving its essential simplicity. For example, order sorted equational logic uses a notion of subsort to treat computations that may raise exceptions or fail to terminate. Hidden sorted logic extends standard equational logic to capture an important distinction between immutable data types, such as booleans and integers, and mutable objects, such as program variables and database entities. The terms abstract data types and abstract object classes refer to these two kinds of entity. The former represent `visible' data values; the latter represent data stored in a hidden state. In hidden sorted equational logic, an equation of hidden sort need not be satisfied in the usual sense, but only up to observability, in that only its visible consequences need hold. Thus, hidden sorted logic allows greater freedom in implementations. The simplicity of the underlying logic is important, because we want a tractable

The coalgebraic view on classes and objects is elaborated to include inheritance. Inheritance in coalgebraic specification (of classes) will be understood dually to parametrization in algebraic specification. That is, inheritance involves restriction (specialization), where parametrization involves extension. And cofree constructions are "best" restrictions, like free constructions are "best" extensions. To make this view on inheritance precise we need a suitable notion of behaviour preserving morphism between classes, which will be defined as a "coalgebra map up-to-bisimulation". AMS Subject Classification (1991): 18C10, 03G30 CR Subject Classification (1991): D.1.5, D.2.1, E.1, F.1.1, F.3.0 Keywords & Phrases: object, class, inheritance, coalgebraic specification, bisimulation 1. Introduction Two basic relations in object-oriented languages are: object o belongs to class C, and: class C inherits from class C 0 (see e.g. [20]). Class membership yields what is sometimes called a...

The behavioural semantics of specifications with higher-order logical formulae as axioms is analyzed. A characterization of behavioural abstraction via behavioural satisfaction of formulae in which the equality symbol is interpreted as indistinguishability, which is due to Reichel and was recently generalized to the case of first-order logic by Bidoit et al, is further generalized to this case. The fact that higher-order logic is powerful enough to express the indistinguishability relation is used to characterize behavioural satisfaction in terms of ordinary satisfaction, and to develop new methods for reasoning about specifications under behavioural semantics. 1 Introduction An important ingredient in the use of algebraic specifications to describe data abstractions is the concept of behavioural equivalence between algebras, which seems to appropriately capture the "black box" character of data abstractions, see e.g. [GGM76], [GM82], [ST87] and [ST95]. Roughly speaking (since there ...

This paper describes the theoretical framework and an implemented system (Dtre) for the specification and verified refinement of specifications using operations on abstract data types. The system is semi-automatic in that users can specify some (possibly none) of the implementations and the system will determine the rest of the implementations. Data types are specified as parameterized theories within many-sorted first-order logic; usually these theories are centered around inductive sorts. Abstract specifications (theories) are refined in a stepwise fashion into increasingly more concrete theories. Our primary method of refinement is based on theory interpretation [1, 2, 3]. Theories and interpretations provide a clean, logically based separation between types and their implementations; thus permitting specification to proceed independently of implementation while simultaneously providing a basis for rapid and verifiably correct transformation to efficient code. Dtre provides a conven...

This paper unveils and motivates an ambitious programme of hidden algebraic research in software engineering, beginning with our general goals, continuing with an overview of results, and including some future plans. The main contribution is powerful hidden coinduction techniques for proving behavioral correctness of concurrent systems; several mechanical proofs are given using OBJ3. We also show how modularization, bisimulation, transition systems, concurrency and combinations of the functional, constraint, logic and object paradigms fit into hidden algebra. 1. Introduction

: The current algebraic models for nondeterminism focus on the notion of possibility rather than necessity, and con sequently equate (nondeterministic) terms that one intuitively would not consider equal. Furthermore, existing models for nondeterminism depart radically from the standard models for (equational) specifications of deterministic operators. One would prefer that a specification language for nondeterministic operators be based on an extension of the standard model concepts, preferably in such a way that the reasoning system for (possibly nondeterministic) operators becomes the standard equational one whenever restricted to the deterministic operators -- the objective should be to minimize the departure from the standard frameworks. In this paper we define a specification language for nondeterministic operators and multialgebraic semantics. The first complete reasoning system for such specifications is introduced. We also define a transformation of specifications of nondeterm...

To establish the correctness of some software w.r.t. its formal specification is widely recognized as a difficult task. A first simplification is obtained when the semantics of an algebraic specification is defined as the class of all algebras which correspond to the correct realizations of the specification. A software is then declared correct if it corresponds to some algebra of this class. We approach this goal by defining an observational satisfaction relation which is less restrictive than the usual satisfaction relation. Based on this notion we provide an institution for observational specifications. The idea is that the validity of an equational axiom should depend on an observational equality, instead of the usual equality. We show that it is not reasonable to expect an observational equality to be a congruence. We define an observational algebra as an algebra equipped with an observational equality which is an equivalence relation but not necessarily a congruence. We assume th...