Results 1  10
of
69
Linearizability: a correctness condition for concurrent objects
, 1990
"... A concurrent object is a data object shared by concurrent processes. Linearizability is a correctness condition for concurrent objects that exploits the semantics of abstract data types. It permits a high degree of concurrency, yet it permits programmers to specify and reason about concurrent object ..."
Abstract

Cited by 927 (26 self)
 Add to MetaCart
A concurrent object is a data object shared by concurrent processes. Linearizability is a correctness condition for concurrent objects that exploits the semantics of abstract data types. It permits a high degree of concurrency, yet it permits programmers to specify and reason about concurrent objects using known techniques from the sequential domain. Linearizability provides the illusion that each operation applied by concurrent processes takes effect instantaneously at some point between its invocation and its response, implying that the meaning of a concurrent object’s operations can be given by pre and postconditions. This paper defines linearizability, compares it to other correctness conditions, presents and demonstrates a method for proving the correctness of implementations, and shows how to reason about concurrent objects, given they are linearizable.
Laws of programming
 Communications of the ACM
, 1987
"... A complete set of algebraic laws is given for Dijkstra’s nondeterministic sequential programming language. Iteration and recursion are explained in terms of Scott’s domain theory as fixed points of continuous functionals. A calculus analogous to weakest preconditions is suggested as an aid to derivi ..."
Abstract

Cited by 90 (4 self)
 Add to MetaCart
A complete set of algebraic laws is given for Dijkstra’s nondeterministic sequential programming language. Iteration and recursion are explained in terms of Scott’s domain theory as fixed points of continuous functionals. A calculus analogous to weakest preconditions is suggested as an aid to deriving programs from their specifications.
Verification of NonFunctional Programs using Interpretations in Type Theory
"... We study the problem of certifying programs combining imperative and functional features within the general framework of type theory. Type theory constitutes a powerful specification language, which is naturally suited for the proof of purely functional programs. To deal with imperative programs, we ..."
Abstract

Cited by 52 (4 self)
 Add to MetaCart
We study the problem of certifying programs combining imperative and functional features within the general framework of type theory. Type theory constitutes a powerful specification language, which is naturally suited for the proof of purely functional programs. To deal with imperative programs, we propose a logical interpretation of an annotated program as a partial proof of its specification. The construction of the corresponding partial proof term is based on a static analysis of the effects of the program, and on the use of monads. The usual notion of monads is refined in order to account for the notion of effect. The missing subterms in the partial proof term are seen as proof obligations, whose actual proofs are left to the user. We show that the validity of those proof obligations implies the total correctness of the program. We also establish a result of partial completeness. This work has been implemented in the Coq proof assistant. It appears as a tactic taking an ann...
Toward formal development of ML programs: foundations and methodology
, 1989
"... A formal methodology is presented for the systematic evolution of modular Standard ML programs from specifications by means of verified refinement steps, in the framework of the Extended ML specification language. Program development proceeds via a sequence of design (modular decomposition), codi ..."
Abstract

Cited by 51 (20 self)
 Add to MetaCart
A formal methodology is presented for the systematic evolution of modular Standard ML programs from specifications by means of verified refinement steps, in the framework of the Extended ML specification language. Program development proceeds via a sequence of design (modular decomposition), coding and refinement steps. For each of these three kinds of steps, conditions are given which ensure the correctness of the result. These conditions seem to be as weak as possible under the constraint of being expressible as "local" interface matching requirements. Interfaces are only required to match up to behavioural equivalence, which is seen as vital to the use of data abstraction in program development. Copyright c fl 1989 by D. Sannella and A. Tarlecki. All rights reserved. An extended abstract of this paper will appear in Proc. Colloq. on Current Issues in Programming Languages, Joint Conf. on Theory and Practice of Software Development (TAPSOFT), Barcelona, Springer LNCS (1989)....
Formal program development in Extended ML for the working programmer
, 1991
"... Extended ML is a framework for the formal development of programs in the Standard ML programming language from highlevel specifications of their required input/output behaviour. It strongly supports the development of modular programs consisting of an interconnected collection of generic and reusab ..."
Abstract

Cited by 34 (10 self)
 Add to MetaCart
Extended ML is a framework for the formal development of programs in the Standard ML programming language from highlevel specifications of their required input/output behaviour. It strongly supports the development of modular programs consisting of an interconnected collection of generic and reusable units. The Extended ML framework includes a methodology for formal program development which establishes a number of ways of proceeding from a given specification of a programming task towards a program. Each such step gives rise to one or more proof obligations which must be proved in order to establish the correctness of that step. This paper is intended as a useroriented summary of the Extended ML language and methodology. Theoretical technicalities are avoided whenever possible, with emphasis placed on the practical aspects of formal program development. An extended example of a complete program development in Extended ML is included.
Mechanical Proofs about Computer Programs
, 1984
"... The Gypsy verification environment is a large computer program that supports the development of software systems and formal, mathematical proofs about their behavior. The environment provides conventional development tools, such as a parser for the Gypsy language, an editor and a compiler. These are ..."
Abstract

Cited by 28 (0 self)
 Add to MetaCart
The Gypsy verification environment is a large computer program that supports the development of software systems and formal, mathematical proofs about their behavior. The environment provides conventional development tools, such as a parser for the Gypsy language, an editor and a compiler. These are used to evolve a library of components that define both the software and precise specifications about its desired behavior. The environment also has a verification condition generator that automatically transforms a software component and its specification into logical formulas which are sufficient to prove that the component always runs according to specification. Facilities for constructing formal, mechanical proofs of these formulas also are provided. Many of these proofs are completed automatically without human intervention. The capabilities of the Gypsy system and the results of its applications are discussed.
Specification Directed Module Testing
 IEEE Transactions on Software Engineering
, 1986
"... Abstract — If a program is developed from a specification in a mathematically rigorous manner, work done in the development can be utilized in the testing of the program. We can apply the better understanding afforded by these methods to provide a more thorough check on the correct operation of the ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract — If a program is developed from a specification in a mathematically rigorous manner, work done in the development can be utilized in the testing of the program. We can apply the better understanding afforded by these methods to provide a more thorough check on the correct operation of the program under test. This should lead to earlier detection of faults (making it easier to determine their causes), more useful debugging information, and a greater confidence in the correctness of the final product. Overall, a more systematic approach should expedite the task of the program tester, and improve software reliability. The testing techniques described in this paper apply to testing of abstract data types (modules, packages). The techniques utilize information generated during refinement of a data type, such as the data type invariant and the relationship between the specification and implementation states; this information is used to specify parts of the code to be written for testing. The techniques are illustrated by application to the implementation of a symbol table as an ordered list and as a heightbalanced tree. Index Terms — Abstract data types, data type invariant, modules, module testing, packages, pre and postconditions, retrieval function, software reliability, specification language—Z.
Formal Object Oriented Development of Software Systems using LOTOS
, 1993
"... Formal methods are necessary in achieving correct software: that is, software that can be proven to fulfil its requirements. Formal specifications are unambiguous and analysable. Building a formal model improves understanding. The modelling of nondeterminism, and its subsequent removal in formal ste ..."
Abstract

Cited by 25 (14 self)
 Add to MetaCart
Formal methods are necessary in achieving correct software: that is, software that can be proven to fulfil its requirements. Formal specifications are unambiguous and analysable. Building a formal model improves understanding. The modelling of nondeterminism, and its subsequent removal in formal steps, allows design and implementation decisions to be made when most suitable. Formal models are amenable to mathematical manipulation and reasoning, and facilitate rigorous testing procedures. However, formal methods are not widely used in software development. In most cases, this is because they are not suitably supported with development tools. Further, many software developers do not recognise the need for rigour. Object oriented techniques are successful in the production of large, complex software systems. The methods are based on simple mathematical models of abstraction and classification. Further, the object oriented approach offers a conceptual consistency across all stages of soft...
A Reification Calculus for ModelOriented Software Specification
 Formal Aspects of Computing
, 1990
"... Abstract. This paper presents a transformational approach to the derivation of implementations from modeloriented specifications of abstract data types. The purpose of this research is to reduce the number of formal proofs required in model refinement, which hinder software development. It is shown ..."
Abstract

Cited by 21 (11 self)
 Add to MetaCart
Abstract. This paper presents a transformational approach to the derivation of implementations from modeloriented specifications of abstract data types. The purpose of this research is to reduce the number of formal proofs required in model refinement, which hinder software development. It is shown to be applicable to the transformation of models written in Metaiv (the specification language of Vdm) towards their refinement into, for example, Pascal or relational DBMSs. The approach includes the automatic synthesis of retrieve functions between models, and datatype invariants. The underlying algebraic semantics is the socalled final semantics “à la Wand”: a specification “is ” a model (heterogeneous algebra) which is the final object (up to isomorphism) in the category of all its implementations. The transformational calculus approached in this paper follows from exploring the properties of finite, recursively defined sets. This work extends the wellknown strategy of program transformation to model transformation, adding to previous work on a transformational style for operationdecomposition in METAIV. The modelcalculus is also useful for improving modeloriented specifications.