Data Types and Software Validation ," Communications of the ACM, Vol. 21, No. 12, 1978, pp. 1048-1064.

We address the problem of message authentication using the pi-calculus, which has been given an operational semantics in [2] that provides each sequential process of a system with its own local space of names. We exploit here that semantics and its localized names to guarantee by construction that a message has been generated by a given entity. Therefore, our proposal can be seen as a reference for the analysis of "real" protocols. As an example, we study the way authentication is ensured by encrypting messages in the spi-calculus [1].

Service rebalancing is a method for designing programs that adhere to the client/server model. Decisions about the division of labor between client and server are made dynamically at runtime rather than at design time. Service rebalancing may improve performance, because the division of effort is based upon an evaluation of the current environment. Other benefits of service rebalancing include on-the-fly updating of modules, a degree of load balancing, sharing of code common to several clients, encouragement of neatly modularized programs, and the elimination of an absolute division of effort between client and server. In this paper we discuss the benefits, problems and issues of service rebalancing. Our implementation, Equanimity, is described in some detail. Finally, we compare service rebalancing with previous work and discuss future plans.

... level that individual work practice—collaboration, communication, ‘off-task ’ behaviors, multi-tasking, interrupted and resumed activities, informal interactions, use of tools and movements—is left out, making the description of how the work in an organization actually gets done impossible. This paper describes the Brahms modeling and simulation environment, developed at NASA Ames Research Center. The Brahms modeling language is geared towards modeling people’s activity behavior, making it an ideal environment for simulating organizational processes at a level that allows the analysis of the work practice and designing new work processes at the implementation level.

An important challenge in software reengineering is to encapsulate collections of related data that, due to the absence of appropriate constructs for encapsulation in legacy programming languages, may be distributed throughout the code. The encapsulation of such collections is a necessary step for reengineering a legacy system into an objectoriented design or implementation. Encapsulating a set of related symbolic constants into an enumeration type is an instance of this problem. We present a classification of how enumeration types are modeled using symbolic constants in real-world programs, a set of heuristics to identify candidate enumeration types, and an experimental evaluation of these heuristics.

As software is increasingly used to control safety-critical systems, correctness becomes paramount. Formal methods in software development provide many benefits in the forward engineering aspect of software development. Reverse Engineering is the process of constructing a high level representation of a system from existing lower level instantiations of that system. Reverse engineering of program code into formal specifications facilitates the utilization of the benefits of formal methods in projects where formal methods may not have previously been used, thus facilitating the maintenance of safety-critical systems. Keywords: formal methods, formal specifications, reverse engineering, maintenance, safetycritical systems 1 Introduction As software is increasingly used to control safety-critical systems, correctness becomes paramount. The demand for software correctness becomes more evident when accidents, sometimes fatal, are due to software errors. For example, recently it was repor...

This paper describes an alternative technique to provide multithreading in an enhanced C language. In contrast to the traditional design of a thread library, which usually utilizes a few lines of assembly code to switch control between threads, the technique we use is based on compile-time program transformations and a run-time library. Since this approach transforms a thread's physical states into logical forms, thread migration in a heterogeneous distributed environment becomes practically feasible. Performance measurements of the current implementation are reported. 1 Introduction Lightweight processes or threads have emerged as a representation of computational entities, cooperating with each other within a process. As compared to a process, a lightweight process is lighter in terms of the overhead associated with creation, context-switching, interprocess communication, and other routine functions. This is because these primitives can be executed within the same address space. Th...

Currently available programming and database systems are insufficient for engineering applications. The authors contend that a logical progression from a formal conceptual model of the engineering domain to a computational model will lead to new programming paradigms capable of directly supporting engineering applications in a rigorous, concise manner. A formal domain model devised by the authors, the Hybrid Model (HM) of design information, is briefly introduced. It is an extension of axiomatic set theory and is discussed in detail elsewhere. HM forms the basis of Designer, a prototype-based object-oriented programming language supporting a signature-based canonical message passing mechanism and multiple inheritance. Designer is implemented using the Scheme programming language. Because Designer satisfies a formal conceptual model, and because it is based on a formally specified language, its robustness and logical validity is superior to that of other languages not founded on formal ...

A visual execution model for Ada tasking can help programmers attain a deeper understanding of the tasking semantics. It can illustrate subtleties in semantic definitions that are not apparent in natural language descriptions of Ada tasking, as well as the consequences of choices made in the language design. We describe a contour model of Ada tasking that depicts asynchronous tasks (threads of control), relationships between the environments in which tasks execute, and the manner in which tasks interact. The use of this high-level execution model makes it possible to see what happens during execution of a program. The paper provides an introduction to the contour model of Ada tasking and demonstrates its use. 1 Introduction The Ada programming language is intended for use in real-time applications such as flight navigation or process control software. For this reason, tasking figures prominently in the language design. The semantics of tasking, however, is extremely complex. At the sa...

The programming walkthrough is a method for assessing how easy or hard...