## Foundations of the Trace Assertion Method of Module Interface Specification (1997)

### Cached

### Download Links

- [www.cas.mcmaster.ca]
- [www.cas.mcmaster.ca]
- [www.cas.mcmaster.ca]
- [www.cas.mcmaster.ca]
- [www.cas.mcmaster.ca]
- DBLP

### Other Repositories/Bibliography

Venue: | ACM Transactions on Software Engineering |

Citations: | 17 - 1 self |

### BibTeX

@ARTICLE{Janicki97foundationsof,

author = {Ryszard Janicki},

title = {Foundations of the Trace Assertion Method of Module Interface Specification},

journal = {ACM Transactions on Software Engineering},

year = {1997},

volume = {27},

pages = {577--598}

}

### Years of Citing Articles

### OpenURL

### Abstract

The trace assertion method is a formal state machine based method for specifying module interfaces ([3, 15, 25, 28, 32, 36]). A module interface specification treats the module as a black-box, identifying all module's access programs (i.e. programs that can be invoked from outside of the module), and describing their externally visible effects. A formal model for the trace assertion method is proposed. The concept of step-traces is introduced and applied. The role of non-determinism, normal and exceptional behaviour, value functions and multi-object modules are discussed. The relationship with the Algebraic Specification ([9, 37]) is analyzed. Contents 1 Introduction 2 2 Introductory Examples 4 3 Alphabet 6 4 Normal and Exceptional Behaviour 7 5 Value Functions 8 6 Languages and Automata 9 6.1 Deterministic and Non-deterministic Automata : : : : : : : : : : : : : : : : : : : 9 6.2 Mealy Machines vs Automata : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 10 6.3 Right Congru...

### Citations

4057 |
Introduction to Automata Theory, Languages, and Computation
- Hopcroft, Ullman
- 1979
(Show Context)
Citation Context ...x}, 2. ∀x ∈ Plain(∆) . sem(〈x〉) ={y ∈ Plain(∆) | set(x) =set(y)}, 3. ∀x, y ∈〈∆ ∗ 〉 . sem(x.y) =sem(x).sem(y), where “.” in “sem(x).sem(y)” denotes the standard concatenation of sets of sequences (see =-=[13]-=-). For instance sem(〈a.b.c〉) ={a.b.c, a.c.b, b.a.c, b.c.a, c.a.b, c.b.a}, sem(a.〈b.a〉.c.〈a.c〉) ={a.b.a.c.a.c, a.a.b.c.a.c, a.b.a.c.c.a, a.a.b.c.c.a}. The two views of step sequences, sequences of sets... |

3579 | Communicating Sequential Processes
- Hoare
- 1985
(Show Context)
Citation Context ...tational power than the iterative programs, and the programs with coroutines are more powerful than the recursive ones. 2 Later the sequence-based techniques were used for the specification purposes (=-=[3, 14]). The fir-=-st stream has reached a saturation point in late seventies, the second is very much alive. The term "trace" seems to be overused in Computer Science. It has at least two different meanings. ... |

801 |
The B-book: assigning programs to meanings
- Abrial
- 1996
(Show Context)
Citation Context ... [3], as a possible answer for problems with algebraic specifications [7, 34], which will be discussed later. It also can avoid the problem of overspecification in model-oriented specifications, e.g. =-=[1]-=-. A typical example is the use of a sequence for specifying a stack module, where PUSH will append the new element either at the front or the tail of the sequence, the choice being arbitrary. In the t... |

494 | An introduction to input/output automata - Lynch, Tuttle - 1989 |

298 |
Introduction to Automata Theory
- Hopcroft, Motwani, et al.
- 2000
(Show Context)
Citation Context ...automata theory affect the Trace Assertion Method. We do not assume that the sets of states consider below are always finite. All the results presented in this section are classical (see for instance =-=[10, 16]). Le-=-t \Delta be an alphabet, \Delta be the set of all sequences built from the elements of \Delta including the empty sequence denoted by ". For every two sequences x; y 2 \Delta , their concatenatio... |

229 |
Fundamentals of Algebraic Specification 1
- Ehrig, Mahr
- 1985
(Show Context)
Citation Context ...es is introduced and applied. The role of non-determinism, normal and exceptional behaviour, value functions and multi-object modules are discussed. The relationship with the Algebraic Specification (=-=[9, 37]-=-) is analyzed. Contents 1 Introduction 2 2 Introductory Examples 4 3 Alphabet 6 4 Normal and Exceptional Behaviour 7 5 Value Functions 8 6 Languages and Automata 9 6.1 Deterministic and Non-determinis... |

226 | Automated Consistency Checking of Requirements Specifications
- Heitmeyer, Jeffords, et al.
- 1996
(Show Context)
Citation Context ...see Section 15). ffl State machines are natural, powerful and easy to use tools for specifying systems. For many applications they are better than algebras, and their use for specification is growing =-=[1, 2, 13]-=-. State machines (not necessary finite) are equivalent to algebras. This relationship differs for different machines and algebras, but the general idea of relationship may be illustrated as follows: f... |

224 |
Algebraic specifications
- Wirsing
- 1990
(Show Context)
Citation Context ...hancement part of the specification. 15 Trace Assertion Method and Algebraic Specification There are strong similarities between the Trace Assertion Method and the Algebraic Specification Method (see =-=[9, 37]-=-) which is one of the most well-known approaches to specifying abstract data types. Examples of similarities: 1. Syntax parts of trace assertion specifications correspond to signatures in algebraic sp... |

192 |
editors. The Book of Traces
- Diekert, Rozenberg
- 1995
(Show Context)
Citation Context ...ems calls, i.e. it is a sequence of specially interpreted elements. The other meaning is that a trace is an element of a partially commutative monoid, where the monoid operation is concatenation (see =-=[6]-=-). In the second case the name “Mazurkiewicz traces” is often used [6, 18] . Traces in the first sense can be treated as a special case of the second (the independency relation is empty, i.e. no commu... |

168 |
The B-Book
- Abrial
- 1996
(Show Context)
Citation Context ...see Section 15). ffl State machines are natural, powerful and easy to use tools for specifying systems. For many applications they are better than algebras, and their use for specification is growing =-=[1, 2, 13]-=-. State machines (not necessary finite) are equivalent to algebras. This relationship differs for different machines and algebras, but the general idea of relationship may be illustrated as follows: f... |

147 |
Fundamentals of algebraic specifications 1: Equations and initial semantics
- Ehrig, Mahr
- 1985
(Show Context)
Citation Context ...ach cluster is represented by a single canonical trace. The trace assertion method was first formulated by Bartussek and Parnas in [3], as a possible answer for problems with algebraic specifications =-=[7, 34]-=-, which will be discussed later. It also can avoid the problem of overspecification in model-oriented specifications, e.g. [1]. A typical example is the use of a sequence for specifying a stack module... |

133 | A technique for software module specification with examples - Parnas - 1972 |

124 |
Finite Transition System
- Arnold
- 1994
(Show Context)
Citation Context ...see Section 15). ffl State machines are natural, powerful and easy to use tools for specifying systems. For many applications they are better than algebras, and their use for specification is growing =-=[1, 2, 13]-=-. State machines (not necessary finite) are equivalent to algebras. This relationship differs for different machines and algebras, but the general idea of relationship may be illustrated as follows: f... |

93 | Automata, Languages and Machines, volume A - Eilenberg - 1974 |

81 | An introduction to Input/Output automata. CWIQuarterly - Lynch, Tuttle |

70 |
Data refinement refined
- HE, HOARE, et al.
- 1986
(Show Context)
Citation Context ...ed by sequences of call event occurrences only. 54 Relational Model of Programs We review the fundamentals of the relational model of programs (e.g. [30]). Data refinement is introduced according to =-=[10]-=-, except that, rather than taking relations extended by a bottom element, “demonic relational composition” and “demonic refinement” is used. We write S ↔ T for the set of all relations between S and T... |

66 |
Relations and Graphs, Discrete mathematics for Computer Scientists
- Schmidt, Ströhlein
- 1999
(Show Context)
Citation Context ...put values, if states can be unambiguously described by sequences of call event occurrences only. 54 Relational Model of Programs We review the fundamentals of the relational model of programs (e.g. =-=[30]-=-). Data refinement is introduced according to [10], except that, rather than taking relations extended by a bottom element, “demonic relational composition” and “demonic refinement” is used. We write ... |

55 |
Precise documentation of wellstructured programs
- Parnas, Madey, et al.
- 1994
(Show Context)
Citation Context ...between the first and the second meaning. The trace assertion method is a vital part of general, relation based tabular specification technique, which had several serious industrial applications (see =-=[23, 30]-=-). The trace assertion method is based on the following postulates: ffl Information hiding (Black box) principle [28, 26] is fundamental for any specification. ffl Sequences are natural, powerful and ... |

50 |
Theory of relations
- Fraïssé
- 2000
(Show Context)
Citation Context ...in mathematics and computer science for years, especially in concurrency theory. They are called step-sequences or subset languages ([22, 33]), and they represent weak (or stratified) partial orders (=-=[11, 22]-=-). Figure 4(b) illustrates this relationship. Formally step-sequences are strings over the alphabet Fin(2 \Delta ), where for every family of sets X , Fin(X ) = fX j X 2 XsX is finiteg. In this sense ... |

48 |
Forward and backward simulations. I. Untimed systems
- Lynch, Vaandrager
- 1995
(Show Context)
Citation Context ...r module specifications by associating signatures with the alphabet, similarly to [20]. Data refinement is used for forward simulation of automata. Simulations of automata are further discussed in in =-=[10, 21]-=-. Let ∆ be an alphabet, ∆ ∗ be the set of all sequences built from the elements of ∆ including the empty sequence denoted by ε. For every two sequences x, y ∈ ∆ ∗ , their concatenation is denoted by x... |

44 |
Operating System Design: The XINU Approach
- Comer
- 1984
(Show Context)
Citation Context ...re (any number in general) stacks, plus for instance the stack concatenation operation. The module may be self-initializing, i.e. the first use of PUSH(stack name; i) creates a stack stack name (c.f. =-=[6]-=-) or may require object generator like new(stack name). A very natural way of modeling such modules is to define the global states as sets of states of individual modules, with the empty set as the in... |

36 | Tabular Representations in Relational Documents
- Janicki, Parnas, et al.
- 1997
(Show Context)
Citation Context ...hich defines the value function v. A similar tabular notation is used, in this case a table consists of the columns Conditions, Trace Patterns and Value.Thenil values are specified by omission. 2 See =-=[17, 19, 26]-=- for details on tabular notation. 21Syntax of Access Programs Name Argument Value Call-Response Forms POP POP:nil PUSH integer PUSH(d):nil TOP integer TOP:d Canonical Step-traces canonical(t) ⇔ t =[P... |

35 |
Using Assertions About Traces to Write Abstract Specifications for Software Modules
- Bartussek, Parnas
- 1978
(Show Context)
Citation Context ...ence and Systems McMaster University Hamilton, Ontario, Canada L8S 4K1 janicki@mcmaster.ca Abstract The trace assertion method is a formal state machine based method for specifying module interfaces (=-=[3, 15, 25, 28, 32, 36]-=-). A module interface specification treats the module as a black-box, identifying all module's access programs (i.e. programs that can be invoked from outside of the module), and describing their exte... |

34 |
The trace assertion method of module interface specification
- Parnas, Wang
- 1989
(Show Context)
Citation Context ...ence and Systems McMaster University Hamilton, Ontario, Canada L8S 4K1 janicki@mcmaster.ca Abstract The trace assertion method is a formal state machine based method for specifying module interfaces (=-=[3, 15, 25, 28, 32, 36]-=-). A module interface specification treats the module as a black-box, identifying all module's access programs (i.e. programs that can be invoked from outside of the module), and describing their exte... |

28 |
Stepwise refinement and verification in box-structured systems
- Mills
- 1988
(Show Context)
Citation Context ...trace assertion method, state machines, Mealy machines, step-sequences, relational model, nondeterminism, module refinement, tabular notation. 1 Introduction Software modules, viewed as “black boxes” =-=[25, 23]-=-, hide some design decisions and provide abstract data types. They can be specified using the trace assertion method. A trace is a complete history of the visible behavior of a module. It includes all... |

21 |
Foundations of sequence-based software specification
- Prowell, Poore
- 2003
(Show Context)
Citation Context ...been involved in the development of the Trace Assertion Method, but the main initial ideas are due to D. L. Parnas. In recent years, there has been an increased interest in the Trace Assertion Method =-=[17, 18, 19, 27, 31, 35]-=-, however fully satisfactory foundations have not yet been developed. Like many others currently used techniques (object oriented programming, algebraic specification, etc.), the sequence-based method... |

20 |
Towards a Formal Semantics of Parnas Tables
- Janicki
- 1995
(Show Context)
Citation Context ...ular notation is slightly different, namely: ffi(t; a:d) = Conditions Trace Patterns Clusters condition1 pattern1(t) t 1;1 t 1;2 t 1;3 t 1;4 condition2 pattern2(t) t 2;1 t 2;2 ..... ..... ..... 4 See =-=[21, 23, 30]-=- for details on tabular notation. 27 In this case the rows should be read as follows: if condition1 and pattern1(t) then ffi(t; a:d) = ft 1;1 ; t 1;2 ; t 1;3 ; t 1;4 g, if condition2 and pattern2(t) t... |

20 |
Automated Consistency Checking of Requirements Speci cations
- Heitmeyer, ords, et al.
- 1996
(Show Context)
Citation Context ...nes (see Section 15). State machines are natural, powerful and easy to use tools for specifying systems. For many applications they are better than algebras, and their use for speci cation is growing =-=[1, 2,13]-=-. State machines (not necessary nite) are equivalent to algebras. This relationship di ers for di erent machines and algebras, but the general idea of relationship may be illustrated as follows: (p; a... |

18 | Fundamentals of Algebraic Speci 1: Equations and Initial Semantics - Ehrig, Mahr - 1985 |

17 | Algebraic speci - Wirsing - 1990 |

14 |
M.: Structure of Concurrency
- Janicki, Koutny
- 1993
(Show Context)
Citation Context ...e other meaning is that a trace is an element of a partially commutative monoid, where the monoid operation is concatenation (see [6]). In the second case the name “Mazurkiewicz traces” is often used =-=[6, 18]-=- . Traces in the first sense can be treated as a special case of the second (the independency relation is empty, i.e. no commutativity at all). The “step-traces” used in this paper lie somewhere betwe... |

13 | Specifying and Simulating The Externally Observable Behaviour of Modules
- Wang
- 1994
(Show Context)
Citation Context ...ence and Systems McMaster University Hamilton, Ontario, Canada L8S 4K1 janicki@mcmaster.ca Abstract The trace assertion method is a formal state machine based method for specifying module interfaces (=-=[3, 15, 25, 28, 32, 36]-=-). A module interface specification treats the module as a black-box, identifying all module's access programs (i.e. programs that can be invoked from outside of the module), and describing their exte... |

13 |
Fundamentals of Algebraic Speci cation 1
- Ehrig, Mahr
- 1985
(Show Context)
Citation Context ...ces is introduced and applied. The role of non-determinism, normal and exceptional behaviour, value functions and multi-object modules are discussed. The relationship with the Algebraic Speci cation (=-=[9, 37]-=-) is analyzed. Contents 1 Introduction 2 2 Introductory Examples 4 3 Alphabet 6 4 Normal and Exceptional Behaviour 7 5 Value Functions 8 6 Languages and Automata 9 6.1 Deterministic and Non-determinis... |

13 |
Algebraic Speci cation
- Wirsing
- 1989
(Show Context)
Citation Context ... enhancement part of the speci cation. 15 Trace Assertion Method and Algebraic Speci cation There are strong similarities between the Trace Assertion Method and the Algebraic Speci cation Method (see =-=[9, 37]-=-) which is one of the most well-known approaches to specifying abstract data types. Examples of similarities: 1. Syntax parts of trace assertion speci cations correspond to signatures in algebraic spe... |

10 |
The Trace Specification of Communication Protocols
- Hoffman
- 1985
(Show Context)
Citation Context |

9 |
On Fundamentals of the Trace Assertion Method
- Iglewski, Madey, et al.
- 1994
(Show Context)
Citation Context ...C Research Grant 1is avoided. Since its introduction the method has undergone many modifications [12, 22, 27, 33]. In recent years, there has been an increased interest in the trace assertion method =-=[14, 16, 15, 24, 28, 32]-=-. However, a satisfactory foundation has not yet been developed. The trace assertion method is based on the following postulates: • Information hiding [25, 23] is a fundamental principle for specifica... |

7 |
Program schemes, recursion schemes, and formal languages
- Garland, Luckham
- 1973
(Show Context)
Citation Context ...c.), the sequence-based methods for software analysis and specification have been born in seventies. Initially they were mainly used to analyze and to prove various properties of programming schemes (=-=[4, 12, 20, 24]-=-). Among others they were used to prove that, under the same set of operations, recursive programs have greater computational power than the iterative programs, and the programs with coroutines are mo... |

7 | Automated Consistency Checking of Requirements Speci - Heitmeyer, Jeords, et al. - 1996 |

6 | An analysis of programs by algebraic means - Blikle - 1977 |

5 |
Some experiences with specification of non-deterministic modules
- Iglewski, Mincer-Daszkiewicz, et al.
- 1994
(Show Context)
Citation Context ...been involved in the development of the Trace Assertion Method, but the main initial ideas are due to D. L. Parnas. In recent years, there has been an increased interest in the Trace Assertion Method =-=[17, 18, 19, 27, 31, 35]-=-, however fully satisfactory foundations have not yet been developed. Like many others currently used techniques (object oriented programming, algebraic specification, etc.), the sequence-based method... |

5 | L.: \A Technique for software Module Speci cation with Examples - Parnas - 1972 |

5 | A technique for software module speci with examples - Parnas - 1972 |

4 | Trace Specifications of Non-deterministic Multi-object Modules”, in
- Iglewski, Madey, et al.
- 1995
(Show Context)
Citation Context ...been involved in the development of the Trace Assertion Method, but the main initial ideas are due to D. L. Parnas. In recent years, there has been an increased interest in the Trace Assertion Method =-=[17, 18, 19, 27, 31, 35]-=-, however fully satisfactory foundations have not yet been developed. Like many others currently used techniques (object oriented programming, algebraic specification, etc.), the sequence-based method... |

4 |
A Formal Foundations for the Abstract Specification of Software
- McLean
- 1984
(Show Context)
Citation Context |

4 |
Stepwise Refinement and Verification
- Mills
- 1988
(Show Context)
Citation Context ...ects Trace Assertion Specification : : : : : : : : : : : : : : 37 15 Trace Assertion Method and Algebraic Specification 37 16 Final Comment 43 1 Introduction Software modules, viewed as "black bo=-=xes" [28, 26]-=-, hide some software decisions and provide abstract data types. They could conveniently be specified using the trace assertion method. A trace is a complete history of the visible behaviour of the obj... |

4 | Behavioural specifications
- Norvell
(Show Context)
Citation Context |

3 | On Fundamentals of the Trace Assertion Method”, RR 94/09–6, Department D’Informatique, Universite du Quebec a - Iglewski, Madey, et al. - 1994 |

3 |
Iteratively computable relations
- Mazurkiewicz
- 1972
(Show Context)
Citation Context ...c.), the sequence-based methods for software analysis and specification have been born in seventies. Initially they were mainly used to analyze and to prove various properties of programming schemes (=-=[4, 12, 20, 24]-=-). Among others they were used to prove that, under the same set of operations, recursive programs have greater computational power than the iterative programs, and the programs with coroutines are mo... |

3 |
The A-7 requirements model: Re-examination for real time systems and an application to monitoring systems
- Schouwen
- 1990
(Show Context)
Citation Context ...tions really define the stack, while the explicit equations are practically self-explained. For more complex modules, as for example parts of protocols [7, 15], parts of software for aircraft control =-=[34]-=-, or intra-processor, inter-process communication via mailboxes [35] both defining and understanding implicit equations might be difficult (how simple equational definitions of Unique Integer or Cross... |

3 | Data re re - He, Hoare, et al. - 1986 |