The main ideas underlying work on the model-theoretic foundations of algebraic specification and formal program development are presented in an informal way. An attempt is made to offer an overall view, rather than new results, and to focus on the basic motivation behind the technicalities presented elsewhere.

A formal methodology is presented for the systematic evolution of modular Standard ML programs from specifications by means of verified refinement steps, in the framework of the Extended ML specification language. Program development proceeds via a sequence of design (modular decomposition), coding and refinement steps. For each of these three kinds of steps, conditions are given which ensure the correctness of the result. These conditions seem to be as weak as possible under the constraint of being expressible as "local" interface matching requirements. Interfaces are only required to match up to behavioural equivalence, which is seen as vital to the use of data abstraction in program development. Copyright c fl 1989 by D. Sannella and A. Tarlecki. All rights reserved. An extended abstract of this paper will appear in Proc. Colloq. on Current Issues in Programming Languages, Joint Conf. on Theory and Practice of Software Development (TAPSOFT), Barcelona, Springer LNCS (1989)....

In the area of Petri nets, many different developments have taken place within the last 30 years, in academia as well as in practice. For an adequate use in practice, a coherent and application oriented combination of various types and techniques for Petri nets is necessary. In order to attain a formal basis for different classes of Petri nets we introduce the concept of abstract Petri nets. The essential point of abstract Petri nets is to allow different kinds of net structures as well as the combination of various kinds of data types. This means that in abstract Petri nets the data type and the net structure part can be considered as abstract parameters which can be instantiated to different concrete net classes. We show that several net classes, like place/transition nets, elementary nets, S-graphs, algebraic high-level net...

This paper is part of a broader research program to explore a mechanizable model of software development based on algebraic specifications and specification morphisms. An algebraic specification (or simply a specification) defines a language and constrains its possible meanings via axioms and inference rules. Specifications can be used to express many kinds of software-related artifacts, including domain models (Srinivas(1991)), formal requirements (Astesiano and Wirsing (1987), Ehrig and Mahr (1990), Partsch (1990), Sannella and Tarlecki (1985)), programming languages (Broy et al. (1987), Goguen and Winkler (1988), Hoare (1989)), abstract data types (Goguen et al. (1978), Guttag and Horning (1978)), and abstract algorithms (Smith and Lowry (1990)). There has been much work on operations for constructing larger specifications from smaller specifications (Astesiano and Wirsing (1987), Burstall and Goguen (1977), Sannella and Tarlecki (1988)). A specification morphism translates the language of one specification into the language of another specification in a way that preserves theorems. Specification morphisms underlie several aspects of software development, including specification refine-

Extended ML is a framework for the formal development of programs in the Standard ML programming language from high-level specifications of their required input/output behaviour. It strongly supports the development of modular programs consisting of an interconnected collection of generic and reusable units. The Extended ML framework includes a methodology for formal program development which establishes a number of ways of proceeding from a given specification of a programming task towards a program. Each such step gives rise to one or more proof obligations which must be proved in order to establish the correctness of that step. This paper is intended as a user-oriented summary of the Extended ML language and methodology. Theoretical technicalities are avoided whenever possible, with emphasis placed on the practical aspects of formal program development. An extended example of a complete program development in Extended ML is included.

Extended ML (EML) is a framework for the formal development of modular Standard ML (SML) software systems. Development commences with a specification of the behaviour required and proceeds via a sequence of partial solutions until a complete solution, an executable SML program, is obtained. All stages in this development process are expressed in the EML language, an extension of SML with axioms for describing properties of module components. This is an overview of the formal definition of the EML language. To complement the full technical details presented elsewhere, it provides an informal explanation of the main ideas, gives the rationale for certain design decisions, and outlines some of the technical issues involved. EML is unusual in being built around a "real" programming language having a formally-defined syntax and semantics. Interesting and complex problems arise both from the nature of this relationship and from interactions between the features of the language.

An overview of past, present and future work on the Extended ML formal program development framework is given, with emphasis on two topics of current active research: the semantics of the Extended ML specification language, and tools to support formal program development.

The purpose of a logical framework such as LF is to provide a language for defining logical systems suitable for use in a logic-independent proof development environment. All inferential activity in an object logic (in particular, proof search) is to be conducted in the logical framework via the representation of that logic in the framework. An important tool for controlling search in an object logic, the need for which is motivated by the difficulty of reasoning about large and complex systems, is the use of structured theory presentations. In this paper a rudimentary language of structured theory presentations is presented, and the use of this structure in proof search for an arbitrary object logic is explored. The behaviour of structured theory presentations under representation in a logical framework is studied, focusing on the problem of "lifting" presentations from the object logic to the metalogic of the framework. The topic of imposing structure on logic presentations...

This document formally defines the syntax and semantics of the Extended ML language. It is based directly on the published semantics of Standard ML in an attempt to ensure compatibility between the two languages. LFCS, Department of Computer Science, University of Edinburgh, Edinburgh, Scotland. y Institute of Informatics, Warsaw University, and Institute of Computer Science, Polish Academy of Sciences, Warsaw, Poland. ii CONTENTS Contents 1 Introduction 1 1.1 Behavioural equivalence : : : : : : : : : : : : : : : : : : : : : : : : 3 1.2 Metalanguage : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2 Syntax of the Core 8 2.1 Reserved Words : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 8 2.2 Special constants : : : : : : : : : : : : : : : : : : : : : : : : : : : : 8 2.3 Comments : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.4 Identifiers : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.5 Lexical analysis : : : :...

This paper is a survey of the current state of the art of research on methods for formal software development. The scope of this paper is necessarily restricted so as to avoid discussion of a great many approaches at a very superficial level. First, although some of the ideas discussed below could be (and have been) applied to hardware development as well as to software development, this topic will not be treated here. Second, the special problems involved in the development of concurrent systems will not be discussed here although again many of the approaches mentioned below could be applied in this context. Third, no attempt is made to treat programming methodologies such as Jackson's method and program development systems such as the MIT Programmer's Apprentice which are not formally based. Finally, this survey does not claim to be fully exhaustive although an attempt has been made to cover most of the main approaches. Many of the technical details of the different approaches discussed have been glossed over or simplified for the purposes of this presentation; full details may be found in the cited references.