A wide spectrum language is presented, which is designed to facilitate the proof of the correctness of refinements and transformations. Two different proof methods are introduced and used to prove some fundamental transformations, including a general induction rule (Lemma 3.9) which enables transformations of recursive and iterative programs to be proved by induction on their finite truncations. A theorem for proving the correctness of recursive implementations is presented (Theorem 3.21), which provides a method for introducing a loop, without requiring the user to provide a loop invariant. A powerful, general purpose, transformation for removing or introducing recursion is described and used in a case study (Section 5) in which we take a small, but highly complex, program and apply formal transformations in order to uncover an abstract specification of the behaviour of the program. The transformation theory supports a transformation system, called FermaT, in which the applicability conditions of each transformation (and hence the correctness of the result) are mechanically verified. These results together considerably simplify the construction of viable program transformation tools; practical consequences are briefly discussed.

In this paper we briey introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. This theorem includes as special cases the two techniques discussed by Knuth [12] and Bird [7]. We describe some applications of the theorem to cascade recursion, binary cascade recursion, Gray codes, the Towers of Hanoi problem, and an inverse engineering problem. 1 Introduction In this paper we briey introduce some of the ideas behind the transformation theory we have developed over the last eight years at Oxford and Durham Universities and describe a recent result: a general recursion removal theorem. We use a Wide Spectrum Language (called WSL), developed in [19,20,21] which includes lowlevel programming constructs and high-level abstract specications within a single language. Working within a single language means that the proof that a program correctly implements a specication, or that a specication correct...

Reverse engineering of interrupt-driven real-time programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the non-functional timing requirements, are implicit and can be very difficult to discover. However, in this paper we present a significant advance in this area, which is achieved by modelling realtime programs with interrupts in the wide spectrum language WSL. A small example program is modelled in this way, and formal program transformations are used to derive various timing constraints and to inverse engineer a formal specification of the program. (We use the term inverse engineering to mean reverse engineering achieved by formal program transformations).

In this paper we briefly introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. Recursion removal often forms an important step in the systematic development of an algorithm from a formal specification. We use semantic-preserving transformations to carry out such developments and the theorem proves the correctness of many different classes of recursion removal. This theorem includes as special cases the two techniques discussed by Knuth [13] and Bird [7]. We describe some applications of the theorem to cascade recursion, binary cascade recursion, Gray codes, and an inverse engineering problem.

We describe a method for extracting high-level specifications from unstructured source code. The method is based on a theory of program re nement and transformation, which is used as the bases for the development of a catalogue of powerful semantics-preserving transformations. Each transformation is an operation on a program which has a mechanically-checkable correctness condition, and which has been rigorously proved to produce a semantically equivalent result. The transformations are carried out in a wide spectrum programming language (called WSL). This language includes high-level specifications as well as low-level programming constructs. As a result, the formal reverse engineering process (from source code to equivalent specifications) and the redevelopment process (refinement of specifications into source code) can both be carried out within a single language and transformation theory. We also discuss a tool (FermaT) which has been developed to support this approach to reengineerin...