## NORA/HAMMR: Making Deduction-Based Software Component Retrieval Practical (1997)

### Cached

### Download Links

- [ftp.ips.cs.tu-bs.de]
- [wwwjessen.informatik.tu-muenchen.de]
- DBLP

### Other Repositories/Bibliography

Citations: | 40 - 4 self |

### BibTeX

@INPROCEEDINGS{Schumann97nora/hammr:making,

author = {Johann Schumann and Bernd Fischer},

title = {NORA/HAMMR: Making Deduction-Based Software Component Retrieval Practical},

booktitle = {},

year = {1997},

pages = {246--254},

publisher = {IEEE}

}

### Years of Citing Articles

### OpenURL

### Abstract

Deduction-based software component retrieval uses preand postconditions as indexes and search keys and an automated theorem prover (ATP) to check whether a component matches. This idea is very simple but the vast number of arising proof tasks makes a practical implementation very hard. We thus pass the components through a chain of filters of increasing deductive power. In this chain, rejection filters based on signature matching and model checking techniques are used to rule out non-matches as early as possible and to prevent the subsequent ATP from "drowning." Hence, intermediate results of reasonable precision are available at (almost) any time of the retrieval process. The final ATP step then works as a confirmation filter to lift the precision of the answer set. We implemented a chain which runs fully automatically and uses MACE for model checking and the automated prover SETHEO as confirmation filter. We evaluated the system over a medium-sized collection of components. The resul...

### Citations

3393 |
Introduction to Modern Information Retrieval
- Salton, McGill
- 1983
(Show Context)
Citation Context ...nst the entire library, using partial compatibility as match relation. This yielded a total of 3025 proof tasks where 375 or 12.4% were valid. 7.2. Evaluation of Filters Information retrieval methods =-=[29]-=- are evaluated by the two criteria precision and recall. Both are calculated from the set REL of relevant components which satisfy the given match relation wrt. to the query and RET, the set of retrie... |

1995 |
Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...nfinite domains onto finite representations, either by abstraction or by approximation. 5.1. Mapping by Abstraction One approach to establish this mapping uses techniques from abstract interpretation =-=[6]-=- where the infinite domain is partioned into a small finite number of sets which are called abstract domains. For each function f an abstract counterpartsf is constructed such that f andsf commute wit... |

667 | Model checking and abstraction
- Clarke, Grumberg, et al.
- 1994
(Show Context)
Citation Context ...th an ATP. However, the authors give no evidence of how successful their approach is. Related work on the use of model checking techniques for infinite domains is much rarer. Jackson [10] is based on =-=[5]-=- and also investigates abstract model checking of software specifications. His goal, however, is to prove the conjectures and not to disprove them. This requires sound approximations which forced him ... |

310 |
A Useful Four-Valued Logic
- Belnap
- 1977
(Show Context)
Citation Context ...our current model-checking filter rejects too much valid matches due to the necessary approximate abstractions. We are thus trying to model exact predicate abstractions with Belnap's fourvalued logic =-=[2]-=- which extends the three-valued LPF consistently. A translation into FOL which reflects the explicit falsehood conditions of Belnap's logic then yields a sound rejection filter. Future work will inclu... |

305 | Specification Matching of Software Components
- Zaremski, Wing
(Show Context)
Citation Context ...SCR is configured to ensuresplug-in compatibility of the retrieved components: c matches if it has a weaker precondition and a stronger postcondition than the search key q. This is usually (cf. e.g., =-=[34]-=-) formalized as (pre q ) pre c )s(post c ) post q ) 4 . However, this is not adequate for partial functions. If q is a partial function (e.g. tail) and c its total completion (e.g., c(nil) returns nil... |

254 | Software reuse
- Krueger
- 1992
(Show Context)
Citation Context ... construction of the actual proof tasks becomes itself a major task. Short response times are also essential as the Fourth Reuse Truism demands that "you must find it faster than you can rebuild =-=it!" [15]. However,-=- due to the computational complexity of ATP, truly interactive ("sub-second") behavior is still far out of reach. Instead, anytime behaviorsis acceptable: intermediate results of sufficient ... |

130 |
Setheo: A high-performance theorem prover
- Letz, Schumann, et al.
- 1992
(Show Context)
Citation Context ...h returns "proof found" or "failed to find proof" after the given time-limit. Hence, no further details about SETHEO are given in this paper. For a description of the system and it=-=s features see e.g. [16, 24]-=-. With SETHEO's soundness, we obtain a confirmation filter which guarantees that proof tasks which pass it successfully actually select matching components. Due to our hard time constraints, however, ... |

99 |
Storing and retrieving software components: A refinement based system
- Mili, Mili, et al.
- 1997
(Show Context)
Citation Context ...re scaling problems as in our experience only a small fraction of the tasks is provable without interaction. Unfortunately, the paper does not contain any larger experimental evaluation. Mili et. al. =-=[23]-=- describe a system in which specifications are given as binary relations of legal (input, output)-pairs. They then define a subsumption relation on such pairs and use this for retrieval, relying on Ot... |

97 | A Davis-Putnam program and its application to finite first-order model search: Quasigroup existence problems
- McCune
- 1994
(Show Context)
Citation Context ...tion filters. Generally, we may reject a component c if we find a "counterexample" for its associated proof task T c because it then cannot be valid. Model generators for FOL like Finder [31=-=] or MACE [21]-=- try to find such counterexamples (which are simply interpretations under which T c evaluates to false) by systematically checking all possible interpretations. This obviously terminates only if all i... |

71 |
The VDM-SL Reference Guide
- Dawes
- 1991
(Show Context)
Citation Context ...as libraries for subsequent retrieval runs. The objective of the GUI is precisely to hide all evidence of ATP usage. Hence, the knowledge necessary to use NORA/HAMMR as a tool is restricted to VDM-SL =-=[7]-=- which we use as our input language and to the target language which is required for signature matching. 4. Proof Tasks and Reuse The overall structure of the generated proof tasks depends on the defi... |

52 |
Proving theorems with the modification method
- Brand
(Show Context)
Citation Context ...ymmetry, transitivity and substitution rules are compiled into the terms of the formula such that these axioms need not be added. This transformation, an optimised variant of Brand's STE modification =-=[3]-=-, usually increases the size of the formula, but in many cases the length of the proof and the size of the search space becomes substantially smaller. 7 Although it would be sufficient to have cases 1... |

40 | PROTEIN: A PROver with a theory extension INterface
- Baumgartner, Furbach
- 1994
(Show Context)
Citation Context ...atible is handled by the usual unification. Thus there is no need to modify SETHEO and the overall loss of efficiency is minimal. Our current prototype uses the tool ProSpec (developed within Protein =-=[1]-=-). 6.4. Selection of Axioms Each proof task has to contain---besides the theorem and the hypotheses---the features of each data type (e.g., List, Nat) as a set of axioms. Automated theorem provers, ho... |

33 | A typed logic of partial functions reconstructed classically
- Jones, Middelburg
- 1994
(Show Context)
Citation Context ...ertion of additional preconditions into the proof task to prevent reasoning from undefined terms as well as a translation of the connectives which takes care of the missing law of the excluded middle =-=[12, 22]-=-. In our example, this results in the proof task 8l; l 0 ; x; x 0 : List \Delta (l = xsl 0 = x 0strue ) true)s(l = xsl 0 = x 0s(l = [] ) l 0 = [])s(l 6= [] ) (l 6= [] ) l 0 = (tl l) [hd l])) ) (8i : I... |

33 |
Full text indexing based on lexical relations an application: Software libraries
- Maarek, Smadja
- 1989
(Show Context)
Citation Context ... of Inference Systems). Part of the work was done while visiting the ICSI Berkeley. Reuse: "You must find it before you can reuse it!" 1 Most earlier software component retrieval (SCR) metho=-=ds (e.g., [19]-=-) grew out of classical information retrieval for unstructured texts. However, since software components are highly structured, more specialized approaches may lead to better results. In this paper we... |

25 | Amphion: Automatic programming for scientific subroutine libraries
- Lowry, Philpot, et al.
- 1994
(Show Context)
Citation Context ...eduction-based SCR practical. We concentrate on deduction-based SCR because it is the key technique which underlies more ambitious logic-based software engineering approaches, e.g., program synthesis =-=[17]-=- or component adaptation [25]. For a discussion of benefits and the integration into software engineering processes we refer to [9]. In the next two sections we outline the user requirements for a pra... |

25 | Toward automated component adaptation
- Penix, Alexander
- 1997
(Show Context)
Citation Context ... We concentrate on deduction-based SCR because it is the key technique which underlies more ambitious logic-based software engineering approaches, e.g., program synthesis [17] or component adaptation =-=[25]-=-. For a discussion of benefits and the integration into software engineering processes we refer to [9]. In the next two sections we outline the user requirements for a practical reuse tool and present... |

21 | Meta-amphion: Synthesis of efficient domain-specific program synthesis systems
- Lowry, Baalen
- 1995
(Show Context)
Citation Context ...I to foster a more uniform specification style which in turn allows an appropriate finetuning of the prover. Additional speed-up is achieved by automatically "compiling" axioms into decision=-= theories [18]. The-=-se techniques have successfully been applied to to assemble over 100 FORTRAN programs from a scientific component library for solar system kinematics. Penix, Baraona and Alexander [26] use "seman... |

18 | Inquire: Predicate-based use and reuse
- Perry, Popovitch
- 1993
(Show Context)
Citation Context ...so shares the same problematic confidence in the choice of predicate names. Again, no statistical evaluation is presented. Scaling problems have been addressed differently. The Inscape/Inquire-system =-=[27]-=- limits the specification language to make retrieval more efficient. Similarly, AMPHIONs[17] uses a GUI to foster a more uniform specification style which in turn allows an appropriate finetuning of t... |

16 | Model checking software systems: A case study
- Wing, Vaziri-Farahani
- 1995
(Show Context)
Citation Context ...ich forced him to restrict his logic severely---no negations and exact abstractions only. As soon as approximate abstractions are allowed, this approach also becomes unsound. Wing and Vaziri-Farahani =-=[32]-=- also use abstractions but don't discuss any correctness aspects which are related with them. 9. Conclusions and Further Work In this paper, we have presented NORA/HAMMR, a deduction-based software co... |

15 | Abstract model checking of infinite specifications
- Jackson
- 1994
(Show Context)
Citation Context ...accordingly. For example, for the multiplication \Theta, we get the abstract multiplications\Theta which actually mirrors the "sign rule": negs\Thetapos = poss\Thetaneg = neg. Abstract model=-= checking [10]-=- then represents the abstract domains by single model elements and tries to find an abstract countermodel, using an axiomatization of the abstract functions and predicates with a standard FOL model ge... |

10 | Classification and retrieval of reusable components using semantic features
- Penix, Baraona, et al.
- 1995
(Show Context)
Citation Context ...n theories [18]. These techniques have successfully been applied to to assemble over 100 FORTRAN programs from a scientific component library for solar system kinematics. Penix, Baraona and Alexander =-=[26] use "-=-;semantic features" (i.e., user-defined abstract predicates which follow from the components ' specifications) to classify the components and perform case-based reasoning along this classificatio... |

9 |
Logic and Specification: Extending VDM-SL for advanced formal specification
- Middelburg
- 1993
(Show Context)
Citation Context ...ertion of additional preconditions into the proof task to prevent reasoning from undefined terms as well as a translation of the connectives which takes care of the missing law of the excluded middle =-=[12, 22]-=-. In our example, this results in the proof task 8l; l 0 ; x; x 0 : List \Delta (l = xsl 0 = x 0strue ) true)s(l = xsl 0 = x 0s(l = [] ) l 0 = [])s(l 6= [] ) (l 6= [] ) l 0 = (tl l) [hd l])) ) (8i : I... |

9 |
FINDER: Finite Domain Enumerator
- Slaney
- 1994
(Show Context)
Citation Context ...plement rejection filters. Generally, we may reject a component c if we find a "counterexample" for its associated proof task T c because it then cannot be valid. Model generators for FOL li=-=ke Finder [31]-=- or MACE [21] try to find such counterexamples (which are simply interpretations under which T c evaluates to false) by systematically checking all possible interpretations. This obviously terminates ... |

7 |
A Knowledge And Deduction Based Software Retrieval Tool," presented at 6th Annual Knowledge-Based Software Engineering Conference
- Meggendorfer, Manhart
- 1991
(Show Context)
Citation Context ...onger postcondition than the search key. From this matching relation a proof task is constructed and an ATP is used to establish (or disprove) the match. This approach has been proposed before (e.g., =-=[28, 20]-=-) but without convincing success because essential user requirements have been neglected. In this paper we follow a more user-oriented approach and describe steps for making deduction-based SCR practi... |

6 |
A formal approach to using more general components
- Jeng, Cheng
- 1994
(Show Context)
Citation Context ...ted. The examples heavily use auxiliary predicates which are not axiomatized further and thus rely on the arbitrary choice of predicate names to represent domain knowledge. The work of Jeng and Cheng =-=[11]-=- also uses a subsumption test and unfortunately also shares the same problematic confidence in the choice of predicate names. Again, no statistical evaluation is presented. Scaling problems have been ... |

6 |
The Model Elimination Provers SETHEO and E-SETHEO
- Moser, Ibens, et al.
- 1997
(Show Context)
Citation Context ...h returns "proof found" or "failed to find proof" after the given time-limit. Hence, no further details about SETHEO are given in this paper. For a description of the system and it=-=s features see e.g. [16, 24]-=-. With SETHEO's soundness, we obtain a confirmation filter which guarantees that proof tasks which pass it successfully actually select matching components. Due to our hard time constraints, however, ... |

5 |
Software reuse: Current status and trends
- Zand, Samadzadeh
- 1995
(Show Context)
Citation Context ...ion Reuse of approved software components has been identified as one of the key factors for successful software engineering projects. Although the reuse process also covers many non-technical aspects =-=[33]-=-, retrieving appropriate software components from a reuse library is a central task. This is best captured by the First Golden Rule for Software This work is supported by the DFG within the Schwerpunk... |

4 | Reuse by Contract
- Snelting
- 1997
(Show Context)
Citation Context ...ogic-based software engineering approaches, e.g., program synthesis [17] or component adaptation [25]. For a discussion of benefits and the integration into software engineering processes we refer to =-=[9]-=-. In the next two sections we outline the user requirements for a practical reuse tool and present our system architecture, featuring the filter pipeline and a graphical user interface. Then, we discu... |

4 | SicoTHEO: Simple competitive parallel theroem provers
- Schumann
- 1996
(Show Context)
Citation Context ...exist for our application domain. In order to obtain optimal efficiency combined with short answer times, parallel competition over parameters is used. The basic ideas has been developed for SiCoTHEO =-=[30]-=- and could be adapted easily: on all available processors (e.g., a network of workstations), a copy of SETHEO is started to process the entire given proof task. On each processor, a different setting ... |

3 |
A system for reusing partially interpreted schemas
- PARIS
- 1987
(Show Context)
Citation Context ...ious queries. Since SETHEO's proof procedure is sound, all solved proof tasks correspond to matches, hence the precision is 100%. 8. Related Work Most early publications on deduction-based SCR (e.g., =-=[20, 28, 14]-=-) were mainly concerned with general conceptual issues and ignored the usability and scaling problems. We will thus discuss only more recent related work. Zaremski and Wing [34] have investigated spec... |

3 |
Specifications as Search Keys for Software Libraries
- Rollings, Wing
- 1991
(Show Context)
Citation Context ...onger postcondition than the search key. From this matching relation a proof task is constructed and an ATP is used to establish (or disprove) the match. This approach has been proposed before (e.g., =-=[28, 20]-=-) but without convincing success because essential user requirements have been neglected. In this paper we follow a more user-oriented approach and describe steps for making deduction-based SCR practi... |

1 |
A systematic approach to type-based software component retrieval
- Fischer
- 1997
(Show Context)
Citation Context ...ms to handle associativity and commutativity of parameter lists and records, currying (for functional languages) , pointer types and VAR-parameters (for imperative languages), and coercion rules (see =-=[8] for a det-=-ailed discussion) . Then, rejection filters try to eliminate non-matches as fast as possible. This is a crucial step to prevent the ATP from "drowning" as there are many more non-matching th... |