## Construction and Deduction Methods for the Formal Development of Software (1995)

Venue: | In Broy and Jahnichen [2 |

Citations: | 1 - 0 self |

### BibTeX

@INPROCEEDINGS{Henke95constructionand,

author = {F. W. Von Henke and A. Dold and H. Rue and D. Schwier and M. Strecker and Abt Kunstliche Intelligenz},

title = {Construction and Deduction Methods for the Formal Development of Software},

booktitle = {In Broy and Jahnichen [2},

year = {1995},

pages = {239--254}

}

### OpenURL

### Abstract

. In this paper we present an approach towards a framework based on the type theory ECC (Extended Calculus of Constructions) in which specifications, programs and operators for modular development by stepwise refinement can be formally described and reasoned about. We demonstrate how generic software development steps can be expressed as higher-order functions and how proofs about their asserted effects can be carried out in the underlying logical calculus. For formalizing transformations that require syntactic manipulation of objects, we introduce a two-level system combining a meta-level and an object level and show how to express and reason about transformations that faithfully represent object-level operators. 1 Introduction Modern software engineering regards software development as an evolutionary process [Wir95, BP81]. One view of this process is that, starting from abstract, high-level requirement specifications, a series of refinement or implementation steps is app...

### Citations

847 |
A formulation of the simple theory of types
- Church
- 1940
(Show Context)
Citation Context ...ypes. We briefly summarize those features of the type theory that are needed in this paper. ECC, like all advanced type theories, may be regarded as an extension of the (simply typed) lambda calculus =-=[5]-=- by a more powerful type system. In our context, the most important extensions are the addition of dependent types and type universes. \Sigma-types (strong sum types) generalize Cartesian products: \S... |

534 | PVS: A Prototype Verification System
- Owre, Rushby, et al.
- 1992
(Show Context)
Citation Context ...nd the initial parameters must satisfy the invariant of f : All proof obligations have successfully been discharged using the (interactive) higher-order Gentzen prover of the PVS specification system =-=[25, 28]. The tech-=-niques outlined above can readily be used to formalize many generic development steps including "large" transformations such as divide-and-conquer , dynamic programming and those investigate... |

441 |
The formulae-as-types notion of construction
- Howard
- 1980
(Show Context)
Citation Context ... term N . 2 A type universe is a type which has types as its members. ECC offers two kind of universes, Prop and Type i , for natural numbers i . By the Curry-Howard principle of propositions-astypess=-=[7, 17]-=-, logical formulas are considered as the types of their proofs. They are included in the universe Prop and data types reside in the universes Type i . Coquand and Huet [6] demonstrate how logical conn... |

385 |
Über formal unentscheidbare Sätze der Principia Mathematica und verwandter Systeme.” Monatshefte für Mathematik und Physik
- Gödel
- 1931
(Show Context)
Citation Context ...can state and prove characteristic properties about them. Historically, meta architectures were first formalized and investigated by logicians, where the pioneering work has been carried out by Godel =-=[14]-=-. From a more application oriented 4 Note that Q need not be well-typed in context \Gamma if some x i occurs free in Q. 8 view, meta level architectures have been used extensively in the realm of mech... |

306 | Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS - Owre, Rushby, et al. - 1995 |

154 |
Prolegomena to a theory of mechanized formal reasoning
- Weyhrauch
- 1980
(Show Context)
Citation Context ... used extensively in the realm of mechanical theorem proving [3, 2, 18, 20], since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand =-=[34, 1]-=-. Here, the important issue is how meta programming and meta reasoning can be used to represent software development steps together with expressing a certain semantics of these steps. In a first step ... |

147 |
Proving and applying program transformations expressed with second-order patterns
- Huet, Lang
- 1978
(Show Context)
Citation Context ...functions, ffl by meta-functions. 4.1 Representation of Steps by Higher-Order Functions The formalization of transformations using higher-order patterns has been considered by several researchers. In =-=[19]-=-, for example, program transformations for recursion removal are expressed as second-order patterns defined in the simply typed -calculus [5]. As opposed to this treatment we use the powerful framewor... |

143 | Toward Formal Development of Programs from Algebraic Specifications
- Sannella, Tarlecki
- 1988
(Show Context)
Citation Context ...these placeholders will be replaced by members of the appropriate type. This feature, together with a refinement editor, provides for a refinement process similar to the one described for Extended ML =-=[29, 30]-=-. 6 Conclusions and Future Work In this paper we have presented an approach to formal specification and software development based on type theory. We have discussed the logical basis and illustrated t... |

102 |
Metafunctions: proving them correct and using them efficiently as new proof proceedures
- Boyer, Moore
- 1981
(Show Context)
Citation Context ...on oriented 4 Note that Q need not be well-typed in context \Gamma if some x i occurs free in Q. 8 view, meta level architectures have been used extensively in the realm of mechanical theorem proving =-=[3, 2, 18, 20]-=-, since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand [34, 1]. Here, the important issue is how meta programming and meta reasoni... |

88 | W.E.: The Semantics of Reflected Proof
- Allen, Constable, et al.
- 1990
(Show Context)
Citation Context ...on oriented 4 Note that Q need not be well-typed in context \Gamma if some x i occurs free in Q. 8 view, meta level architectures have been used extensively in the realm of mechanical theorem proving =-=[3, 2, 18, 20]-=-, since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand [34, 1]. Here, the important issue is how meta programming and meta reasoni... |

84 | An Extended Calculus of Constructions
- Luo
- 1990
(Show Context)
Citation Context ... describe and reason about specifications, programs and development operators and apply the method outlined above. Our approach is based on a type theory, the Extended Calculus of Constructions (ECC) =-=[21, 22]-=-, as the unifying logical foundation. Building on ECC, we define a specification language, QED; roughly, it introduces syntactic constructs that are closer to the style of algebraic specifications and... |

80 |
Constable et al. Implementing Mathematics with the NuPRL Proof Development System
- L
- 1986
(Show Context)
Citation Context ...proach developed by D. Smith [Smi87]. Independently of the work described here, a formal treatment of some of the "larger" steps has also been carried out by C. Kreitz [Kre93] in the context=-= of Nuprl [Con86]-=-. Global-search is a generalization of well-known search strategies such as backtrackingsand depth-first-search [Smi87]. The basic idea of global-search is to represent and manipulate sets of candidat... |

69 |
Specification and Transformation of Programs
- Partsch
- 1990
(Show Context)
Citation Context ...above can readily be used to formalize many generic development steps including "large" transformations such as divide-and-conquer , dynamic programming and those investigated by the Munich =-=CIP group [15, 26]-=-. 7 Soundness Theorem := 8 (D ; R; I ; O) : Problemspec; gs : global search theory((D ; R; I ; O)); arbsplit : : : : ; tcl : : : : ; x : fD j I (x)g; y : R: let F inst := F gs ((D ; R; I ; O); gs ; ar... |

51 | Toward formal development of ML programs: Foundations and methodology
- Sannella, Tarlecki
- 1989
(Show Context)
Citation Context ... calculus ECC by constructs for representing units of the software development process [12]. The design of these constructs is influenced mainly by the PVS specification language [28] and Extended ML =-=[29]-=-. The extensions to ECC are quite expressive in the sense that most of the mathematical and computational concepts we wish to describe can be formulated very directly and naturally. A more comprehensi... |

47 |
Structure and design of global search algorithms
- Smith
- 1987
(Show Context)
Citation Context ... sketched, the rigorous mathematical treatment and verification is presented in [9]. Global-search is a generalization of well-known search strategies such as backtracking and depth-first-search; see =-=[32]-=- for details. Starting from a requirement specification an extension of this specification is needed which defines additional datatypes and operations to realize the global-search algorithm. This exte... |

42 | The PVS Specification Language
- Owre, Shankar, et al.
- 1993
(Show Context)
Citation Context ...llowing we extend the calculus ECC by constructs for representing units of the software development process [12]. The design of these constructs is influenced mainly by the PVS specification language =-=[28]-=- and Extended ML [29]. The extensions to ECC are quite expressive in the sense that most of the mathematical and computational concepts we wish to describe can be formulated very directly and naturall... |

37 |
Computational Metatheory in Nuprl
- Howe
- 1988
(Show Context)
Citation Context ...on oriented 4 Note that Q need not be well-typed in context \Gamma if some x i occurs free in Q. 8 view, meta level architectures have been used extensively in the realm of mechanical theorem proving =-=[3, 2, 18, 20]-=-, since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand [34, 1]. Here, the important issue is how meta programming and meta reasoni... |

28 | Program specification and data refinement in type theory
- Luo
- 1993
(Show Context)
Citation Context ...d. Strong sums and type universes in ECC prove to be useful for encoding program specifications and abstract implementations between specifications, and for modular development by stepwise refinement =-=[23]-=-. The treatment of rules and proofs is based on the notion of judgement. Typing judgements are of the form \Gamma ` M : A and express the fact that in context \Gamma term M is of type A, where a conte... |

27 |
Reflection in constructive and non-constructive automated reasoning
- Giunchiglia, Smaill
- 1988
(Show Context)
Citation Context ...riv( '\Gamma' ; 'M ' ; 'A' ). This transition from object level to meta level is named reflection upwards while the corresponding change from meta level to object level is called reflection downwards =-=[13]-=-. These reflection rules are admissible inferences, and thus, in principle, dispensible. From a practical point of view, however, reflection rules are crucial since they allow to exchange results betw... |

25 |
Formalized metareasoning in type theory
- Knoblock, Constable
- 1986
(Show Context)
Citation Context |

24 | A higher-order calculus and theory abstraction
- Luo
- 1991
(Show Context)
Citation Context ... describe and reason about specifications, programs and development operators and apply the method outlined above. Our approach is based on a type theory, the Extended Calculus of Constructions (ECC) =-=[21, 22]-=-, as the unifying logical foundation. Building on ECC, we define a specification language, QED; roughly, it introduces syntactic constructs that are closer to the style of algebraic specifications and... |

11 |
Constructions : A higher-order proof system for mechanizing mathematics
- Coquand, Huet
- 1985
(Show Context)
Citation Context ... of propositions-astypess[7, 17], logical formulas are considered as the types of their proofs. They are included in the universe Prop and data types reside in the universes Type i . Coquand and Huet =-=[6]-=- demonstrate how logical connectives (, , ), ,), logical quantification (8, 9) and Leibniz equality (a = b) are coded. Strong sums and type universes in ECC prove to be useful for encoding program spe... |

10 | METASYNTHESIS: Deriving Programs that Develop Programs. Thesis for Habilitation
- Kreitz
- 1993
(Show Context)
Citation Context ...extent, this work follows the approach developed by D. Smith [Smi87]. Independently of the work described here, a formal treatment of some of the "larger" steps has also been carried out by =-=C. Kreitz [Kre93]-=- in the context of Nuprl [Con86]. Global-search is a generalization of well-known search strategies such as backtrackingsand depth-first-search [Smi87]. The basic idea of global-search is to represent... |

8 |
The extended calculus of constructions (ECC) with inductive types
- Ore
- 1992
(Show Context)
Citation Context ... if realizationsr i , i = 1; 2, fulfills the axiom part of specification imp i then ae(r 1 ; r 2 ) fulfills the axioms of exp. The mechanisms to form inductive datatypes follow Ore's extension of ECC =-=[24]-=-. Polymorphic lists, for example, are defined by means of List :=sT : Type: datatype X : Type: nil j cons : T \Theta X Note that the names of the constructors for inductive datatypes have to be introd... |

5 |
Using meta-theoretic reasoning to do algebra
- Aiello, Weyhrauch
- 1980
(Show Context)
Citation Context ... used extensively in the realm of mechanical theorem proving [3, 2, 18, 20], since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand =-=[34, 1]-=-. Here, the important issue is how meta programming and meta reasoning can be used to represent software development steps together with expressing a certain semantics of these steps. In a first step ... |

4 |
Type checking, universal polymorphism, and type ambiguity in the Calculus of Constructions
- Harper, Pollack
- 1989
(Show Context)
Citation Context ...e the anonymous universe Type instead of Type i for a given level i . The system tries then to exactly determine the universe level i by maintaining a set of inequalities and checking for consistency =-=[16]-=-. Parametric polymorphism is handled by unification. Although higher-order unification is undecidable most problems which arise in practice from type checking polymorphic functions can be solved corre... |

3 | Eine reflexive Architektur zur Darstellung von Beweis- und - Pfeifer - 1995 |

3 | Formal Meta-Programming in the Calculus of Constructions - Rue - 1995 |

2 |
Formalisierung schematischer Algorithmen
- Dold
- 1994
(Show Context)
Citation Context ...ep illustrated by a schematic algorithm global-search. Due to space limitations, only the most essential features can be sketched, the rigorous mathematical treatment and verification is presented in =-=[9]-=-. Global-search is a generalization of well-known search strategies such as backtracking and depth-first-search; see [32] for details. Starting from a requirement specification an extension of this sp... |

2 |
Report on the specification language qed. Korso working paper
- Rue
- 1993
(Show Context)
Citation Context ...t most of the mathematical and computational concepts we wish to describe can be formulated very directly and naturally. A more comprehensive informal introduction to the QED language can be found in =-=[27]-=-, while [31] provides a formal account of the rules for the extended calculus. Type constructors are introduced to form Cartesian products, (dependent) record types, semantic subtypes, and specificati... |

2 |
Entwicklung und Implementierung eines Beweisers fur konstruktive Logik
- Wagner
- 1995
(Show Context)
Citation Context ...ant can be invoked. It has been designed to solve easy problems automatically while leaving the control of major steps to the user. A detailed description of this component of Typelab can be found in =-=[Wag95]-=-. 6 Conclusions and Future Work In this paper we have presented an approach to formal specification and software development based on type theory. We have discussed the logical basis and illustrated t... |

1 |
Programming as a Formal Activity
- Broy, Pepper
- 1981
(Show Context)
Citation Context ...shown how transformations can be formalized that faithfully represent operators on the object level. 1 Introduction Modern software engineering regards software development as an evolutionary process =-=[12, 4]-=-. One view of this process is that, starting from abstract, high-level requirement specifications, a series of refinement or implementation steps is applied to successive levels of specification, even... |

1 |
A Constructive Program Development Methodology - exemplified by the casestudy LEX. Korso paper
- Dold
- 1994
(Show Context)
Citation Context ...ver, downward reflection explicitly constructs the object-level refinement map. The two-level framework as depicted above has been utilized, for example, for formal constructions of a lexical scanner =-=[8]-=- and a symbol table [10]. A particularly interesting meta function in the latter case study involves the partial implementation of a function in a specifiction. This meta function takes a specificatio... |

1 |
Formal construction of a symbol table. Korso paper
- Dold, Schwier
- 1994
(Show Context)
Citation Context ...n explicitly constructs the object-level refinement map. The two-level framework as depicted above has been utilized, for example, for formal constructions of a lexical scanner [8] and a symbol table =-=[10]-=-. A particularly interesting meta function in the latter case study involves the partial implementation of a function in a specifiction. This meta function takes a specification sp 1 , a function f de... |

1 |
et al. System architecture framework for KORSO
- Krieg-Bruckner
- 1994
(Show Context)
Citation Context ...nt (proof) steps only in a sound way. The importance of such features lies in the fact that it is unrealistic to incorporate each conceivable development step in a general--purpose development system =-=[11]-=-. Finally note that, in our approach, meta functions and meta properties are essentially the same as object functions and object properties; they only differ in the data types they are operating on. T... |

1 |
et al. A Methodology for the Development of Correct Software
- Wirsing
- 1994
(Show Context)
Citation Context ...shown how transformations can be formalized that faithfully represent operators on the object level. 1 Introduction Modern software engineering regards software development as an evolutionary process =-=[12, 4]-=-. One view of this process is that, starting from abstract, high-level requirement specifications, a series of refinement or implementation steps is applied to successive levels of specification, even... |

1 |
Type checking the specification language qed. Korso working paper, Universit at
- Schwier
- 1994
(Show Context)
Citation Context ...e mathematical and computational concepts we wish to describe can be formulated very directly and naturally. A more comprehensive informal introduction to the QED language can be found in [27], while =-=[31]-=- provides a formal account of the rules for the extended calculus. Type constructors are introduced to form Cartesian products, (dependent) record types, semantic subtypes, and specifications. All the... |

1 |
An algebraic approach to data types, program verification, and program synthesis
- Henke
- 1976
(Show Context)
Citation Context ...tural induction over inductively defined datatypes and for the definition of functions by means of (higher--order) primitive recursion; it can be seen as a variant of the concept of hom-- functionals =-=[33]-=- and exhibits the natural correspondence between the structure of a program (or proof) and the data structure. For example, the function map on polymorphic lists 2 map :=sT ; S j Type; l : List(T ); f... |

1 | The Munich Project CIP - Volume II. volume 292 of LNCS - Group - 1987 |

1 |
et al. A Method for the Development of Correct Software
- Wirsing
- 1995
(Show Context)
Citation Context ... strongly normalizable, and type checking is decidable. 3 Specification in Typelab In the following we extend the calculus ECC by constructs for representing units of the software development process =-=[Wir95]-=-. The design of these constructs is influenced mainly by the PVS [ORS92, ORSv95] specification language and Extended ML [ST89]. The extensions to ECC are quite expressive in the sense that most of the... |