## Specification Styles in Distributed Systems Design and Verification," in "Theoretical Computer Science '89", North-Holland (1991)

### Cached

### Download Links

Venue: | University of Pisa. From |

Citations: | 56 - 6 self |

### BibTeX

@INPROCEEDINGS{Vissers91specificationstyles,

author = {Chris A. Vissers and Marten Van Sinderen},

title = {Specification Styles in Distributed Systems Design and Verification," in "Theoretical Computer Science '89", North-Holland},

booktitle = {University of Pisa. From},

year = {1991},

pages = {179206}

}

### Years of Citing Articles

### OpenURL

### Abstract

Substantial experience with the use of formal specification languages in the design of distributed systems has shown that finding appropriate structures for formal specifications presents a serious, and often underestimated problem. Its solutions are of great importance for ensuring the quality of the various designs that need to be developed at different levels of abstraction along the design trajectory of a system. This paper introduces four specification styles that allow to structure formal specifications in different ways: the monolithic, the constraint-oriented, the state-oriented, and the resource-oriented style. These styles have been selected on the basis of their suitability to express design concerns by structuring specifications and their suitability to pursue qualitative design principles such as generality, orthogonality, and open-endedness. By giving a running example, a queryanswer service, in the ISO specification language LOTOS, these styles are discussed in detail. The support of verification and correctness preserving transformation by these styles is shown by verifying designs, expressed in different styles, with respect to each other. This verification is based on equational laws for (weak) bisimulation equivalence. 1.

### Citations

3606 | Communicating sequential processes
- Hoare
- 1978
(Show Context)
Citation Context ...nt-oriented style, on the other hand, should be evaluated on the basis of its adequacy to capture specification requirements. In the case of LOTOS, and other process-algebraic formalisms such as TCSP =-=[7]-=- or CIRCAL [23], the mechanism that is used to achieve this can be explained in a formal setting. As this mechanism is less known than it should be, we digress shortly on this topic. 5.2 Parallel comp... |

693 |
Concurrency and automata on infinite sequences
- Park
- 1981
(Show Context)
Citation Context ... equivalence of observable behaviour. The LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. =-=[24, 22, 1]-=-) and testing equivalence (cf. [8, 4, 9]). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessaril... |

231 |
Fundamentals of Algebraic Specification 1
- Ehrig, Mahr
- 1985
(Show Context)
Citation Context ...s a complete treatment would require additional reasoning concerning the role of the data types that are used. Standard theory on the verification of abstract data types can be found in, for example, =-=[10, 11]-=-. This limitation means that the specifications presented in Section 3 can be simplified by replacing the events that model the communication of data with 11events that model merely synchronization (... |

98 |
Extensional equivalences for transition systems
- Nicola
- 1987
(Show Context)
Citation Context ...LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. [24, 22, 1]) and testing equivalence (cf. =-=[8, 4, 9]-=-). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessarily vice versa. We will show that the spec... |

71 |
Lotos Specifications, their Implementations, and their Tests
- Brinksma, Scollo, et al.
- 1987
(Show Context)
Citation Context ...LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. [24, 22, 1]) and testing equivalence (cf. =-=[8, 4, 9]-=-). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessarily vice versa. We will show that the spec... |

61 |
Lotos — a formal description technique based on the temporal ordering of observational behaviour
- ISO
- 1989
(Show Context)
Citation Context ...d principles that characterize distinct phases of the system design trajectory. We also address the relationship between specification style and formal description in the specification language LOTOS =-=[17, 3]-=-. We illustrate this with simple examples in LOTOS. The interested reader may find more complex examples of these styles, based on the application of LOTOS for large scale specifications, in [29, 32, ... |

29 |
Testing equivalence for processes. Theoret
- Nicola, Hennessy
- 1984
(Show Context)
Citation Context ...LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. [24, 22, 1]) and testing equivalence (cf. =-=[8, 4, 9]-=-). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessarily vice versa. We will show that the spec... |

25 |
Introduction to the ISO
- Bolognesi, Brinksma
- 1987
(Show Context)
Citation Context ...d principles that characterize distinct phases of the system design trajectory. We also address the relationship between specification style and formal description in the specification language LOTOS =-=[17, 3]-=-. We illustrate this with simple examples in LOTOS. The interested reader may find more complex examples of these styles, based on the application of LOTOS for large scale specifications, in [29, 32, ... |

18 |
An Initial Algebra Approach to the Specification
- Goguen, Thatcher, et al.
- 1978
(Show Context)
Citation Context ...s a complete treatment would require additional reasoning concerning the role of the data types that are used. Standard theory on the verification of abstract data types can be found in, for example, =-=[10, 11]-=-. This limitation means that the specifications presented in Section 3 can be simplified by replacing the events that model the communication of data with 11events that model merely synchronization (... |

17 |
R.: Calculi for Synchrony and Asynchrony. TheorcIiüil Computer Science, 25:267-310. 1983.[Mi185] Milne, G.: CIRCAL and the Representalion of Communication, Concurrency ard TimeACM
- Milner
- 1985
(Show Context)
Citation Context ... equivalence of observable behaviour. The LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. =-=[24, 22, 1]-=-) and testing equivalence (cf. [8, 4, 9]). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessaril... |

14 |
Observation equivalence as a testing equivalence. Theoretical Corn- put. ScL
- Abramsky
(Show Context)
Citation Context ... equivalence of observable behaviour. The LOTOS standard [17] contains definitions of, and laws for, two well-established notions of observational equivalence, viz. weak bisimulation equivalence (cf. =-=[24, 22, 1]-=-) and testing equivalence (cf. [8, 4, 9]). Of the two, weak bisimulation is the strongest, i.e. if two behaviours are weak bisimulation equivalent, they are also testing equivalent, but not necessaril... |

10 |
On the Design of Extended LOTOS
- Brinksma
- 1988
(Show Context)
Citation Context ...the expression of conjunction is indicated by the following lemma. Lemma. If B1 satA P and B2 satA Q then (B1 |[A]| B2) satA (P∧Q). The proof is an adaptation of the work in [13], and can be found in =-=[5, 6]-=-. It can be modified in various ways, e.g. when the gates that are common to B1 and B2 are all in A. Also, in the above only properties of trace sets are dealt with, which suffices for dealing with sa... |

7 |
Specifying Abstract Data Types with LOTOS
- Gotzhein
- 1987
(Show Context)
Citation Context ...these styles, based on the application of LOTOS for large scale specifications, in [29, 32, 20]. Some considerations concerning styles of specification of abstract data types in LOTOS can be found in =-=[12]-=-. Specification styles can be characterized as being supportive of either extensional or intentional description. This characterization relates the styles to their effectiveness for the different phas... |

5 |
Basic Reference Model for Open Systems
- ISO
- 1983
(Show Context)
Citation Context ...d by standardizing precise specifications of the rules of interworking. Important examples of such specifications are the ISO and CCITT protocol and service standards for Open Systems Interconnection =-=[14]-=-. An important requirement is that the standards are defined in an implementation independent way. Manufacturers should have a maximal freedom to implement products according to their own insights, ca... |

3 |
Constraint-oriented specification in a constructive specification technique
- Brinksma
- 1990
(Show Context)
Citation Context ...the expression of conjunction is indicated by the following lemma. Lemma. If B1 satA P and B2 satA Q then (B1 |[A]| B2) satA (P∧Q). The proof is an adaptation of the work in [13], and can be found in =-=[5, 6]-=-. It can be modified in various ways, e.g. when the gates that are common to B1 and B2 are all in A. Also, in the above only properties of trace sets are dealt with, which suffices for dealing with sa... |

2 |
On the Use of LOTOS for the Formal Description of a Transport Protocol
- Lagemaat, Scollo
- 1989
(Show Context)
Citation Context ...S [17, 3]. We illustrate this with simple examples in LOTOS. The interested reader may find more complex examples of these styles, based on the application of LOTOS for large scale specifications, in =-=[29, 32, 20]-=-. Some considerations concerning styles of specification of abstract data types in LOTOS can be found in [12]. Specification styles can be characterized as being supportive of either extensional or in... |

2 |
CIRCAL and the Representation of Communication
- Milne
- 1985
(Show Context)
Citation Context ...yle, on the other hand, should be evaluated on the basis of its adequacy to capture specification requirements. In the case of LOTOS, and other process-algebraic formalisms such as TCSP [7] or CIRCAL =-=[23]-=-, the mechanism that is used to achieve this can be explained in a formal setting. As this mechanism is less known than it should be, we digress shortly on this topic. 5.2 Parallel composition as logi... |

1 |
Proposal for a New Work Item
- ISO
- 1987
(Show Context)
Citation Context ...paque encoding tricks. We use the term “architectural semantics” to denote the relationship between the primitive language constructs and their interpretation in terms of basic architectural concepts =-=[19]-=-. 1.2 Pragmatics of architectural specification Having emphasized the great importance of the above abstraction criteria, we observe that in practice they are very difficult to meet for the specificat... |