We propose a framework for the specification of extensible database systems. A particular goal is to implement a software component for parsing and rule-based optimization that can be used with widely varying data models and query languages as well as representation and query processing systems. The key idea is to use second-order signature (and algebra), a system of two coupled many-sorted signatures, where the top-level signature offers kinds and type constructors and the bottom-level signature provides polymorphic operations over the types defined as terms of the top level. Hence the top level can be used to define a data or representation model and the bottom level to describe a query algebra or a query processing algebra. We show the applicability of this framework by examples drawn from relational modeling and query processing.

The coalgebraic view on classes and objects is elaborated to include inheritance. Inheritance in coalgebraic specification (of classes) will be understood dually to parametrization in algebraic specification. That is, inheritance involves restriction (specialization), where parametrization involves extension. And cofree constructions are "best" restrictions, like free constructions are "best" extensions. To make this view on inheritance precise we need a suitable notion of behaviour preserving morphism between classes, which will be defined as a "coalgebra map up-to-bisimulation". AMS Subject Classification (1991): 18C10, 03G30 CR Subject Classification (1991): D.1.5, D.2.1, E.1, F.1.1, F.3.0 Keywords & Phrases: object, class, inheritance, coalgebraic specification, bisimulation 1. Introduction Two basic relations in object-oriented languages are: object o belongs to class C, and: class C inherits from class C 0 (see e.g. [20]). Class membership yields what is sometimes called a...

To ease the development of distributed systems, the visual notions for the structural aspects of object-oriented analysis and design should be combined with techniques handling concurrency and distribution. A novel approach and language for the visual design of distributed software systems is introduced and illustrated by means of an example. The language of OCoNs (Object Coordination Nets) is integrated into the structuring mechanisms of the UML [1] standard for object-oriented analysis and design. Such an object-oriented notation is crucial for handling complex software systems and can be extended with the graphical expressive power of Petri-Nets to also describe concurrency and coordination. The same visual language is used to specify the interfaces and contracts of software components, the resource handling within a component as well as the control flow of services. Keywords: visual language, object-orientation, contract, coordination, concurrency, PetriNets 2 CONTENTS Contents ...

. Sound engineering approaches to user interface design require the formalization of key interaction concepts, one of them being metaphor. Work on interface metaphors has, however, been largely non-formal so far. The few existing formal theories of metaphor have been developed in the context of natural language understanding, learning, or reasoning. We propose to formalize interface metaphors by algebraic specifications. This approach provides a comprehensive formalization for the essential aspects of metaphorical user interfaces. Specifically, metaphor domains are being formalized by algebras, metaphorical mappings by morphisms, and image-schemas by categories. The paper explains these concepts and the approach, using examples of spatial and spatializing metaphors. 1. Introduction Metaphor pervades communication. Metaphorical thought, action, and language are not only essential to interpersonal communication [Lakoff and Johnson 1980], but to human-computer communication as well. Sinc...

Formal methods are necessary in achieving correct software: that is, software that can be proven to fulfil its requirements. Formal specifications are unambiguous and analysable. Building a formal model improves understanding. The modelling of nondeterminism, and its subsequent removal in formal steps, allows design and implementation decisions to be made when most suitable. Formal models are amenable to mathematical manipulation and reasoning, and facilitate rigorous testing procedures. However, formal methods are not widely used in software development. In most cases, this is because they are not suitably supported with development tools. Further, many software developers do not recognise the need for rigour. Object oriented techniques are successful in the production of large, complex software systems. The methods are based on simple mathematical models of abstraction and classification. Further, the object oriented approach offers a conceptual consistency across all stages of soft...

The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an event-based approach to distributed computing. The action-system formalism, introduced by Back & Kurki-Suonio [BKS83], is a state-based approach to distributed computing. Using weakest-precondition formulae, Morgan [Mor90a] has defined a correspondence between action systems and the failures-divergences model for CSP. Simulation is a proof technique for showing refinement of action systems. Using the correspondence of [Mor90a], Woodcock & Morgan [WM90] have shown that simulation is sound and complete in the CSP failures-divergences model. In this thesis, Morgan's correspondence is extended to the CSP infinite-traces model [Ros88] in order to deal more properly with unbounded nondeterminism. It is shown that simulation is sound in the infinite-traces model, though completeness is lost in certain cases. The new correspondence is then extended to include a notion of internal action. This allows the ...

We present an equational verification of Milner's scheduler, which we checked by computer. To our knowledge this is the first time that the scheduler is proof-checked for a general number n of scheduled processes. 1991 Mathematics Subject Classification: 68Q60, 68T15. 1991 CR Categories: F.3.1. Keywords & Phrases: Coq, micro CRL, Milner's Scheduler, proof checking, type theory. Other versions: This report is a more detailed version of [16], brought out at the University of Utrecht. An extended abstract will appear in the LNCS Proceedings of TACS'94 (International Symposium on Theoretical Aspects of Computer Software, Japan, April 1994). Support: The work of the first author took place in the context of EC Basic Research Action 7166 concur 2. The work of the second author is supported by the Netherlands Computer Science Research Foundation (SION) with financial support of the Netherlands Organisation for Scientific Research (NWO). 1

Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...

A brief overview is made of the use of temporal logic formalisms for specifying and verifying concurrent systems in general and information systems in particular. The requirements imposed by object-orientation on such formalisms are examined. A logic is proposed fulfilling those requirements (except concerning non-monotonic features), allowing the uniform treatment of both local and global properties of systems with concurrent, interacting components organized in classes, and supporting specialization. A semantics and a calculus (following an axiomatic, Hilbert style) are presented in detail. The calculus includes rules for the sound inheritance and reflection of theorems between classes. Practical aspects of the usage of such a logic for both specification and verification are considered. To this end a set of metatheorems is provided for expediting the proof of invariants. Finally, the need and availability of automatic theorem proving for systems querying is briefly discussed. Key wo...

Information system software productivity can be increased by improving the maintainability and modifiability of the software produced. This latter in turn can be achieved by the provision of comprehensive support for views, since view support allows application programs to continue to operate unchanged when the underlying information system is modified. But, supporting views depends upon a solution to the view update problem, and proposed solutions to date have only had limited, rather than comprehensive, applicability. This paper presents a new treatment of view updates for formally specified information systems. The formal specification technique we use is based on category theory and has been the basis of a number of successful major information system consultancies. We define view updates by a universal property in a subcategory of models of the formal specification, and explain why this indeed gives a comprehensive treatment of view updatability, including a solution to the view update problem. However, a definition of updatability which is based on models causes some inconvenience in applications, so we prove that in a variety of circumstances updatability is guaranteed independently of the current model. The paper is predominantly theoretical, as it develops the theoretical basis of a formal methods technique, but the methods described here are currently being used in a large consultancy for a government Department of Health. Because the application area, information systems, is rarely treated by formal methods, we include some detail about the formal methods used. In fact they are extensions of the usual category theoretic specification techniques, and the solution to the view update problem can be seen as requiring the existence of an...