Results 11  20
of
106
Machine code programs are predicates too
 Sixth Refinement Workshop
, 1994
"... I present aninterpretation of machine language programs as boolean expressions. Source language programs may also be so interpreted. The correctness of a code generator can then be expressed as a simple relationship between boolean expressions. Code generators can then be calculated from their speci ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
I present aninterpretation of machine language programs as boolean expressions. Source language programs may also be so interpreted. The correctness of a code generator can then be expressed as a simple relationship between boolean expressions. Code generators can then be calculated from their speci cation. 1
Developing BON as an IndustrialStrength Formal Method
, 1999
"... The emerging Unified Modelling Language has been touted as merging the best features of existing modelling languages, and has been adopted by leading companies and vendors as a universal software modelling language. Some researchers are also looking to UML as a basis for formal methods development. ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
The emerging Unified Modelling Language has been touted as merging the best features of existing modelling languages, and has been adopted by leading companies and vendors as a universal software modelling language. Some researchers are also looking to UML as a basis for formal methods development. A less known approach is BON (the Business Object Notation), which is based on the principles of seamlessness, reversibility and design by contract, making it an ideal basis for industrialstrength formal methods development of objectoriented software. In this paper, we argue that BON is much more suited for the application of formal methods than UML. We describe the properties that an industrialstrength formal method must have, show how algorithm refinement can be done in BON (as an example of using BON for formal development), and contrast BON with other approaches, including UML, Z, B and VDM.
Inductive Definability and the Situation Calculus
 In Transaction and Change in Logic Databases
, 1998
"... . We explore the situation calculus within the framework of inductive definability. A consequence of this view of the situation calculus is to establish direct connections with different variants of the  calculus [Park, 1970; Hitchcock and Park, 1973; Pratt, 1981; Kozen, 1983; Emerson and Clark ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
. We explore the situation calculus within the framework of inductive definability. A consequence of this view of the situation calculus is to establish direct connections with different variants of the  calculus [Park, 1970; Hitchcock and Park, 1973; Pratt, 1981; Kozen, 1983; Emerson and Clarke, 1980], structural operational semantics of concurrent processes [Plotkin, 1981], and logic programming [Apt, 1990]. First we show that the induction principle on situations [Reiter, 1993] is implied by an inductive definition of the set of situations. Then we consider the frame problem from the point of view of inductive definability and by defining fluents inductively we obtain essentially the same form of successor state axioms as [Reiter, 1991]. Our approach allows extending this result to the case where ramification constraints are present. Finally we demonstrate a method of applying inductive definitions for computing fixed point properties of GOLOG programs. 1 Introduction...
A Relational Basis for Program Construction by Parts
, 1995
"... Program construction by parts consists in tackling a complex specification one component at a time, developing a partially defined solution for each component, then combining the partial solutions into a global solution for the aggregate specification. This method is desirable whenever the specifica ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Program construction by parts consists in tackling a complex specification one component at a time, developing a partially defined solution for each component, then combining the partial solutions into a global solution for the aggregate specification. This method is desirable whenever the specification at hand is too complex to be grasped in all its detail. It is feasible whenever the specification at hand is structured as an aggregate of clearly defined subspecifications —where each subspecification represents a simple functional requirement. Our approach is based on relational specifications, whereby a specification is described by a binary relation. The set of relational specifications is naturally ordered by the refinement ordering, which provides a latticelike structure. The join of two specifications S and S ′ is the specification that carries all the functional features of S and all the functional features of S ′. Complex specifications are naturally structured as the join of simpler subspecifications. On this basis, we have defined a language where specifications and programs can be represented. This language can represent specifications (structured as joins), programs (structured by means of traditional Pascallike control structures) and intermediate designs (by means of a mixture of specification constructs and program constructs). Also, we have provided a set
Adding Real Time to Formal Program Development
 FME'94: Industrial Benefit of Formal Methods, volume 873 of Lecture Notes in Computer Science
, 1994
"... Rules are presented for efficiently adding realtime requirements to existing functional program refinements. 1 Introduction Existing refinement rules allow us to formally derive a program from its functional specification. However nonfunctional requirements, such as timeliness, reliability, sec ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
(Show Context)
Rules are presented for efficiently adding realtime requirements to existing functional program refinements. 1 Introduction Existing refinement rules allow us to formally derive a program from its functional specification. However nonfunctional requirements, such as timeliness, reliability, security, etc., cannot be handled. A number of recent proposals have suggested ways of adding "hard" realtime requirements to the refinement process. Unfortunately the inherent complexity of analysing timing behaviour either made the proof obligations very complex, or led to unrealistic simplifying assumptions. Here we improve the ease and efficiency with which "realtime refinements" can be performed, while retaining a realistic timing model. To do this we define rules that directly build on existing functional refinements by adding time in a separate step. This allows us to divorce, as far as possible, the discharge of functional and timing obligations. Nevertheless, situations in which th...
Teaching Binary Tree Algorithms through Visual Programming
 IN: PROCEEDINGS OF THE 12THIEEE SYMPOSIUM ON VISUAL LANGUAGES IEEE COMPUTER SOCIETY PRESS, LOS ALAMITOS, CA
, 1996
"... In this paper, we show how visual programming can be used to teach binary tree algorithms. In our approach, the student implements a binary tree algorithm by manipulating abstract tree fragments (not necessarily just single nodes) in a visual way. This work contributes to visual programming research ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
In this paper, we show how visual programming can be used to teach binary tree algorithms. In our approach, the student implements a binary tree algorithm by manipulating abstract tree fragments (not necessarily just single nodes) in a visual way. This work contributes to visual programming research by combining elements of animation, programming, and proof to produce an educational visual programming tool. In addition, we introduce Opsis, a system we built to demonstrate the ideas in this paper. (Opsis is a Java applet and can be accessed at http://www.cs.washington.edu/homes/amir/Opsis.html.) We describe our experience with using Opsis in a data structures and algorithms course at the University of Washington. Finally, we make the claim that visual programming is an ideal way to teach data structure algorithms.
Logical Specifications for Functional Programs
, 1993
"... We present a formal method of functional program development based on stepbystep transformation. In their most abstract form, specifications are essentially predicates that relate the result of the specified program to the free variables of that program. In their most concrete form, specifications ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
We present a formal method of functional program development based on stepbystep transformation. In their most abstract form, specifications are essentially predicates that relate the result of the specified program to the free variables of that program. In their most concrete form, specifications are simply programs in a functional programming language. Development from abstract specifications to programs is calculational. Using logic in the specification language has many advantages. Importantly it allows nondeterministic specifications to be given, and thus does not force overspecification.
MultiValued Symbolic ModelChecking: Fairness, CounterExamples, Running Time
, 2003
"... Multivalued modelchecking is an effective technique for reasoning about systems with incomplete or inconsistent information. In particular, it is well suited for reasoning about abstract, partial, and featurebased system descriptions. The technique is based on extending the classical modelchec ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Multivalued modelchecking is an effective technique for reasoning about systems with incomplete or inconsistent information. In particular, it is well suited for reasoning about abstract, partial, and featurebased system descriptions. The technique is based on extending the classical modelchecking algorithm over twovalued logic to arbitrary finite logics whose truth values form a distributive De Morgan lattice. In this thesis we address several issues surrounding the usability of multivalued modelchecking. Firstly, we provide an improved analysis of the worstcase complexity of the symbolic multivalued modelchecking algorithm, and show that it is independent of the height of the lattice. Secondly, we extend the notion of fairness to a multivalued models, thus enabling application of multivalued modelchecking to asynchronous concurrent systems. Thirdly, we introduce multivalued witnesses and counterexamples that aid in interpreting the results of the modelchecker. Finally, we describe the design and implementation of a multivalued modelchecker χChek.
Supporting Contexts in Program Refinement
 SCIENCE OF COMPUTER PROGRAMMING
, 1996
"... A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information a ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information about the variables that are in scope and what their types are. The refinement can also take advantage of additional information, such as any precondition the component can assume. The aim of this paper is to introduce a technique, which we call program window inference, to handle such contextual information during derivations in the refinement calculus. The idea is borrowed from a technique, called window inference, for handling context in theorem proving. Window inference is the primary proof paradigm of the Ergo proof editor. This tool has been extended to mechanize refinement using program window inference.
Program Construction by Parts
, 1995
"... . Given a specification that includes a number of user requirements, we wish to focus on the requirements in turn, and derive a partly defined program for each; then combine all the partly defined programs into a single program that satisfies all the requirements simultaneously. In this paper we int ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
. Given a specification that includes a number of user requirements, we wish to focus on the requirements in turn, and derive a partly defined program for each; then combine all the partly defined programs into a single program that satisfies all the requirements simultaneously. In this paper we introduces a mathematical basis for solving this problem; and we illustrate it by means of a simple example. 1 Introduction and Motivation We propose a program construction method whereby, given a specification that includes a number of user requirements, we focus on the requirements in turn, and derive a partly defined program for each; then combine all the partly defined programs into a single program that satisfies all the requirements simultaneously. In this paper we discuss this programming paradigm, which we call program construction by parts, and introduce a mathematical foundation for this paradigm. Our paradigm is based on the premise that program specifications are represented by hom...