DATA TYPES A. Comparing Type Objects There has been as much confusion over type identity as there has been over object identity, although the type identity problem is usually referred to as the type equivalence problem [Aho86,s.6.3] [Wegbreit74] [Welsh77]. The type identity problem is to determine when two types are equal, so that type checking can be done in a programming language. 22 Algol-68 takes the point of view of "structural" equivalence, in which nonrecursive types that are built up from primitive types using the same type constructors in the same order should compare equal, while Ada takes the point of view of "name" equivalence, in which types are equivalent if and only if they have the same name. We will ignore the software engineering issues of which kind of type equivalence makes for better-engineered programs, and focus on the basic issue of type equivalence itself. We note that if a type system offers the type TYPE---i.e., it offers first-class representations of typ...

Modeling the storage structures of a DBMS is a prerequisite to understanding and optimizing database performance. Previously, such modeling was very difficult because the fundamental role of conceptual-to-internal mappings in DBMS implementations went unrecognized. In this paper we present a model of physical databases, called the transformation model, that makes conceptual-to-internal mappings explicit. By exposing such mappings, we show that it is possible to model the storage architectures (i.e., the storage structures and mappings) of many commercial DBMSs in a precise, systematic, and comprehendible way. Models of the INQUIRE, ADABAS, and SYSTEM 2000 storage architectures are presented as examples of the model’s utility. We believe the transformation model helps bridge the gap between physical database theory and practice. It also reveals the possibility of a technology to automate the development of physical database software.

: This paper reports about the formal specification and verification of a Bounded Retransmission Protocol (Brp) used by Philips in one of its products. We started with the descriptions of the Brp service (i.e., external behaviour) and protocol written in the ¯Crl language by Groote and van de Pol. After translating them in the Lotos language, we performed verifications by model-checking using the Cadp (Caesar/Ald' ebaran) toolbox. The models of the Lotos descriptions were generated using the Caesar compiler (by putting bounds on the data domains) and checked to be branching equivalent using the Ald' ebaran tool. Alternately, we formulated in the Actl temporal logic a set of safety and liveness properties for the Brp protocol and checked them on the corresponding model using our Xtl generic model-checker. Key-words: Formal methods, Formal description techniques, Communication protocols, Protocol engineering, Lotos, Verification, Validation, Model-checking, Labelled Transition Systems,...

Most object-oriented systems lack two useful facilities: the ability of objects to migrate to new environments, and the ability of objects to acquire new operations dynamically. This paper proposes Knos, an object-oriented environment which supports these actions. Their operations, data structures, and communication mechanisms are discussed. Kno objects "learn" by exporting and importing new or modified operations. The use of such objects as intellectual support tools is outlined. In particular, various applications involving co-operation, negotiation, and apprenticeship among objects are described. 1 Introduction One of the main reasons for the advent of Office Information Systems is related to the lack of equipment and tools in offices. It is often pointed out that an average office worker has an inferior set of capital equipment at his disposal to that of an industrial worker. A collection of tools including electronic mail, word processing, spreadsheets, graphics and data base sys...

Data Types Before we can talk about testing a class, we must have some concept of what it means for the class to be correct. Thus, we must have some means, formal or informal, of specifying the abstract data type which the class is intended to implement. We now give an overview of a formal specification technique known as algebraic specification, upon which some of our testing techniques are based. Algebraic specification techniques [GOG78, GUT77, LIS75] describe a data abstraction by describing the interaction between the operations, without reference to the underlying representation. An algebraic specification of an ADT has a syntactic part and a semantic part. The syntactic part is a list of function names, and their signatures (the types which they take as input and produce as output). The syntactic specification is similar to the interface specification part of a class definition in an object oriented language. The semantic part of the specification consists of a list of axioms ...

The purpose of this work is to develop automatic methods of semantic integrity maintenance, in support of concurrent engineering. Semantic integrity relations in any final engineering design are built up incrementally, through the use of different computer applications. Here, the structure of these integrity relations are formalized for representation within a database. When changes to a design have to be made, they can invalidate integrity relations in other parts of the design. Formal methods are defined for identifying what data and integrity relations are invalidated by any change. Methods for making changes that minimize re-design are described and formalized. Opportunities for using semantic integrity to assess progress on a design are reviewed.

: This paper deals with the description in E-Lotos of the asynchronous Link layer protocol of the Ieee-1394 Standard and its verification using model-checking. The E-Lotos descriptions are based on both the standard and the ¯Crl description written by Luttik. The verifications are performed using the Cadp (Caesar/Ald' ebaran) toolbox. We translate the E-Lotos descriptions in Lotos using the Traian tool, and then we generate the underlying Lts models corresponding to various scenarios using the Caesar compiler. We formally express in the Actl temporal logic the five correctness properties of the Link layer protocol stated in natural language by Luttik and we verify them on the Lts models using the Xtl model-checker. We detect and correct a potential deadlock caused by the ambiguous semantics of the state machines given in the standard, which can be misleading for implementors of the Ieee-1394 protocol. Key-words: E-Lotos, Formal methods, Formal description techniques, Ieee-1394, Labell...

Software design methods share many characteristics with design methods in other fields. All these methods are the progeny of philosophies of design that are in turn influenced by more general philosophic movements. This essay begins with the influence of philosophies of science on the study of design, highlighting the effects on design discourse of Cartesian rationality, the hypothetico-deductive account of scientific progress, and Kuhnian paradigms. Next, the influence of the constructivist and humanist movements on design thinking are considered, culminating in the introduction of a philosophy of design based on hermeneutics, or interpretation. The influence of design philosophy on software design methods begins a categorization of several software design methods according to the design theory framework, with some emphasis on design methods that support a hermeneutical style of design. Some justification for a pluralistic approach to software design methodology rounds out the essay. ...

The connection between some modularity properties and interpolation is revisited and restated in a general "logicindependent " framework. The presence of uniform interpolants is shown to assist in certain proof obligations, which suffice to establish the composition of refinements. The absence of the desirable interpolation properties from many logics that have been used in refinement, motivates a thorough investigation of methods to expand a specification formalism orthogonally, so that the critical uniform interpolants become available. A potential breakthrough is outlined in this paper. 1. A refinement paradigm Let us consider program development by means of stepwise refinements. One postulates some abstract data typelike specification 1 (ADT), suitable for the problem at hand, which has to be implemented on the available system. The end product consists of (the text of) an abstract program manipulating the postulated ADT, together with a suite of (texts of) modules implementin...

Abstract not found