Results 1  10
of
28
Testing can be formal, too
, 1995
"... Abstract. The paper presents a theory of program testing based on formal specifications. The formal semantics of the specifications is the basis for a notion of an exhaustive test set. Under some minimal hypotheses on the program under test, the success of this test set is equivalent to the satisfac ..."
Abstract

Cited by 95 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The paper presents a theory of program testing based on formal specifications. The formal semantics of the specifications is the basis for a notion of an exhaustive test set. Under some minimal hypotheses on the program under test, the success of this test set is equivalent to the satisfaction of the specification. The selection of a finite subset of the exhaustive test set can be seen as the introduction of more hypotheses on the program, called selection hypotheses. Several examples of commonly used selection hypotheses are presented. Another problem is the observability of the results of a program with respect to its specification: contrary to some common belief, the use of a formal specification is not always sufficient to decide whether a test execution is a success. As soon as the specification deals with more abstract entities than the program, program results may appear in a form which is not obviously equivalent to the specificied results. A solution to this problem is proposed in the case of algebraic specifications. 1
Specification and verification challenges for sequential objectoriented programs
 UNDER CONSIDERATION FOR PUBLICATION IN FORMAL ASPECTS OF COMPUTING
"... The state of knowledge in how to specify sequential programs in objectoriented languages such as Java and C# and the state of the art in automated verification tools for such programs have made measurable progress in the last several years. This paper describes several remaining challenges and app ..."
Abstract

Cited by 68 (5 self)
 Add to MetaCart
The state of knowledge in how to specify sequential programs in objectoriented languages such as Java and C# and the state of the art in automated verification tools for such programs have made measurable progress in the last several years. This paper describes several remaining challenges and approaches to their solution.
Toward formal development of ML programs: foundations and methodology
, 1989
"... A formal methodology is presented for the systematic evolution of modular Standard ML programs from specifications by means of verified refinement steps, in the framework of the Extended ML specification language. Program development proceeds via a sequence of design (modular decomposition), codi ..."
Abstract

Cited by 54 (23 self)
 Add to MetaCart
A formal methodology is presented for the systematic evolution of modular Standard ML programs from specifications by means of verified refinement steps, in the framework of the Extended ML specification language. Program development proceeds via a sequence of design (modular decomposition), coding and refinement steps. For each of these three kinds of steps, conditions are given which ensure the correctness of the result. These conditions seem to be as weak as possible under the constraint of being expressible as "local" interface matching requirements. Interfaces are only required to match up to behavioural equivalence, which is seen as vital to the use of data abstraction in program development. Copyright c fl 1989 by D. Sannella and A. Tarlecki. All rights reserved. An extended abstract of this paper will appear in Proc. Colloq. on Current Issues in Programming Languages, Joint Conf. on Theory and Practice of Software Development (TAPSOFT), Barcelona, Springer LNCS (1989)....
Nondeterministic algebraic specifications and nonconfluent term rewriting
 Journal of Logic Programming
, 1992
"... Algebraic specifications are generalized to the case of nondeterministic operations by admitting models with setvalued functions (multialgebras). General (in particular, nonconfluent) term rewriting systems are studied as a specification language for this semantic framework. A calculus for nondet ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
Algebraic specifications are generalized to the case of nondeterministic operations by admitting models with setvalued functions (multialgebras). General (in particular, nonconfluent) term rewriting systems are studied as a specification language for this semantic framework. A calculus for nondeterministic specifications is given which is similar to term rewriting but which employs an additional determinacy predicate. Correctness, ground completeness and initiality results are given. Small examples illustrate the range of possible applications. 1
The Requirement and Design Specification Language SPECTRUM  An Informal Introduction
, 1993
"... This paper gives a short introduction to the algebraic specification language Spectrum. Using simple, wellknown examples, the objectives and concepts of Spectrum are explained. The Spectrum language is based on axiomatic specification techniques and is oriented towards functional programs. Spectru ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
This paper gives a short introduction to the algebraic specification language Spectrum. Using simple, wellknown examples, the objectives and concepts of Spectrum are explained. The Spectrum language is based on axiomatic specification techniques and is oriented towards functional programs. Spectrum includes the following features: ffl partial functions, definedness logic and fixed point theory ffl higherorder elements and typed abstraction ffl nonstrict functions and infinite objects ffl full firstorder predicate logic with induction principles ffl predicative polymorphism with sort classes ffl parameterization and modularization Spectrum is based on the concept of loose semantics.
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
"... Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of ..."
Abstract

Cited by 24 (16 self)
 Add to MetaCart
Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Extended ML: an institutionindependent framework for formal program development
 PROC. WORKSHOP ON CATEGORY THEORY AND COMPUTER PROGRAMMING
, 1986
"... The Extended ML specification language provides a framework for the formal stepwise development of modular programs in the Standard ML programming language from specifications. The object of this paper is to equip Extended ML with a semantics which is completely independent of the logical system use ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
The Extended ML specification language provides a framework for the formal stepwise development of modular programs in the Standard ML programming language from specifications. The object of this paper is to equip Extended ML with a semantics which is completely independent of the logical system used to write specifications, building on Goguen and Burstall's work on the notion of an institution as a formalisation of the concept of a logical system. One advantage of this is that it permits freedom in the choice of the logic used in writing specifications; an intriguing sideeffect is that it enables Extended ML to be used to develop programs in languages other than Standard ML since we view programs as simply Extended ML specifications which happen to include only "executable" axioms. The semantics of Extended ML is defined in terms of the primitive specificationbuilding operations of the ASL kernel specification language which itself has an institutionindependent semantics. It is no...
Protective interface specifications
 Iowa State University, Department of Computer Science
, 1997
"... Abstract The interface specification of a procedure describes the procedure's behavior using pre and postconditions. These pre and postconditions are written using various functions. If some of these functions are partial, or underspecified, then the procedure specification may not be wellde ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
Abstract The interface specification of a procedure describes the procedure's behavior using pre and postconditions. These pre and postconditions are written using various functions. If some of these functions are partial, or underspecified, then the procedure specification may not be welldefined. We show how to write pre and postcondition specifications that avoid such problems, by having the precondition "protect " the postcondition from the effects of partiality and underspecification. We formalize the notion of protection from partiality in the context of specification languages like VDMSL and COLDK. We also formalize the notion of protection from underspecification for the Larch family of specification languages, and for Larch show how one can prove that a procedure specification is protected from the effects of underspecification.
A Total Approach to Partial Algebraic Specification
, 2002
"... Partiality is a fact of life, but at present explicitly partial algebraic specifications lack tools and have limited proof methods. We propose a sound and complete way to support execution and formal reasoning of explicitly partial algebraic specifications within the total framework of membership eq ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Partiality is a fact of life, but at present explicitly partial algebraic specifications lack tools and have limited proof methods. We propose a sound and complete way to support execution and formal reasoning of explicitly partial algebraic specifications within the total framework of membership equational logic (MEL) which has a highperformance interpeter (Maude) and proving tools. This is accomplished by a sound and complete mapping PMEL ! MEL of partial membership equational (PMEL) theories into total ones.