The main ideas underlying work on the model-theoretic foundations of algebraic specification and formal program development are presented in an informal way. An attempt is made to offer an overall view, rather than new results, and to focus on the basic motivation behind the technicalities presented elsewhere.

Institutions formalize the intuitive notion of logical system, including syntax, semantics, and the relation of satisfaction between them. Our exposition emphasizes the natural way that institutions can support deduction on sentences, and inclusions of signatures, theories, etc.; it also introduces terminology to clearly distinguish several levels of generality of the institution concept. A surprising number of different notions of morphism have been suggested for forming categories with institutions as objects, and an amazing variety of names have been proposed for them. One goal of this paper is to suggest a terminology that is uniform and informative to replace the current chaotic nomenclature; another goal is to investigate the properties and interrelations of these notions in a systematic way. Following brief expositions of indexed categories, diagram categories, twisted relations, and Kan extensions, we demonstrate and then exploit the duality between institution morphisms in the original sense of Goguen and Burstall, and the "plain maps" of Meseguer, obtaining simple uniform proofs of completeness and cocompleteness for both resulting categories. Because of this duality, we prefer the name "comorphism" over "plain map;" moreover, we argue that morphisms are more natural than comorphisms in many cases. We also consider "theoroidal" morphisms and comorphisms, which generalize signatures to theories, based on a theoroidal institution construction, finding that the "maps" of Meseguer are theoroidal comorphisms, while theoroidal morphisms are a new concept. We introduce "forward" and "semi-natural" morphisms, and develop some of their properties. Appendices discuss institutions for partial algebra, a variant of order sorted algebra, two versions of hidden algebra, and...

This paper generalizes the hidden algebra approach to allow: (P1) operations with multiple hidden arguments, and (P2) defining behavioral equivalence with a subset of operations, in addition to the already present (P3) built-in data types, (P4) nondeterminism, (P5) concurrency, and (P6) non-congruent operations. All important results generalize, but more elegant formulations use the new institution in Section 5. Behavioral satisfaction appeared 1981 in [20], hidden algebra 1989 in [9], multiple hidden arguments 1992 in [1], congruent and behavioral operations in [1, 18], behavioral equivalence defined by a subset of operations in [1], and non-congruent operations in [5]; all this was previously integrated in [21], but this paper gives new examples, institutions, and results relating hidden algebra to information hiding. We assume familiarity with basics of algebraic specification, e.g., [11, 13].

Although formal methods have been successfully applied in various industrial applications, their use in software development is still restricted to individual case studies. To overcome this situation we aim at a methodology for an evolutionary formal software development which allows for a stepwise and incremental development process along the line of rapid prototyping. The approach is based on work on a formal management of change for formal developments which is able to maintain proofs when changing specifications.

We study proof systems for reasoning about logical consequences and refinement of structured specifications, based on similar systems proposed earlier in the literature [ST 88, Wir 91]. Following Goguen and Burstall, the notion of an underlying logical system over which we build specifications is formalized as an institution and extended to a more general notion, called (D, T )-institution. We show that under simple assumptions (essentially: amalgamation and interpolation) the proposed proof systems are sound and complete. The completeness proofs are inspired by proofs due to M. V. Cengarle (see [Cen 94]) for specifications in first-order logic and the logical systems for reasoning about them. We then propose a methodology for reusing proof systems built over institutions rich enough to satisfy the properties required for the completeness results for specifications built over poorer institutions where these properties need not hold.

For the recently developed specification language Casl, there exist two different kinds of proof support: while HOL-Casl has its strength in proofs about specifications in-the-small, Maya has been designed for management of proofs in (Casl) specifications in-the-large, within an evolutionary formal software development process involving changes of specifications. In this work, we discuss our integration of HOL-Casl and Maya into a powerful system providing tool support for Casl, which will also serve as a basis for the integration of further proof tools.

Development graphs are a tool for dealing with structured specifications in a formal program development in order to ease the management of change and reusing proofs. In this work, we extend development graphs with hiding (e.g. hidden operations). Hiding is a particularly difficult to realize operation, since it does not admit such a good decomposition of the involved specifications as other structuring operations do. We develop both a semantics and proof rules for development graphs with hiding. The rules are proven to be sound, and also complete relative to an oracle for conservative extensions. We also show that an absolute complete set of rules cannot exist. The whole framework is developed in a way independent of the underlying logical system (and thus also does not prescribe the nature of the parts of a specification that may be hidden).

This paper studies the composition of modules that can hide information, over a very general class of logical systems called inclusive institutions. Two semantics are given for composition of such modules using five familiar operations, and a property called conservativity is shown necessary and sufficient for these semantics to agree. The first semantics extracts the visible properties of the result of composing the visible and hidden parts of modules, while the second uses only the visible properties of the components; the semantics agree when the visible consequences of hidden information are enough to determine the result of the composition. A number of "laws of software composition" are proved relating the composition operations. Inclusive institutions simplify many proofs.

The use of formal methods in large complex applications implies the need for an evolutionary formal program development in which specification and verification phases are interleaved. But any change of a specification either by adding new parts or by changing erroneous parts affects existing verification work in a subtle way. In this paper we present a truth maintenance system for structured specification and verification. It is based on the simple but powerful notion of a development graph as an underlying datastructure to represent an actual consistent state of a formal development. Based on this notion we try to minimize the consequences of changes of existing verification work. 1. Introduction The application of formal methods in an industrial setting results in an increased complexity of the specification and the corresponding verification. It comprises on the one hand different layers of specifications reflecting the iterated process to refine the requirement specification towa...

Abstract. An important aspect of the feature interaction problem is to formally capture the notion of feature interactions. Although this notion is quite well informally understood by the researchers of the domain, the way, they handle it, strongly depends on the field of investigation they decide to work on (formal method application, architectural conception, technological research...). In this article, we focus on how formally specifying and studying feature systems, and both integration and interaction of features. More precisely, we aim to give a logic-independent framework to deal with the notions of feature, feature-based systems and feature interactions. Then, to help the reader's intuition, we instantiate it by a dynamic algebraic formalism and we give concrete examples of interactions between two features previously described in this formalism.