## Behaviour-Refinement of Coalgebraic Specifications with Coinductive Correctness Proofs (1997)

Venue: | Proofs, Proc. TAPSOFT '97, Springer LNCS 1214 |

Citations: | 8 - 2 self |

### BibTeX

@INPROCEEDINGS{Jacobs97behaviour-refinementof,

author = {Bart Jacobs},

title = {Behaviour-Refinement of Coalgebraic Specifications with Coinductive Correctness Proofs},

booktitle = {Proofs, Proc. TAPSOFT '97, Springer LNCS 1214},

year = {1997},

pages = {787--802},

publisher = {Springer}

}

### OpenURL

### Abstract

. A notion of refinement is defined in the context of coalgebraic specification of classes in object-oriented languages. It tells us when objects in a "concrete" class behave exactly like (or: simulate) objects in an "abstract" class. The definition of refinement involves certain selection functions between procedure-inputs and attribute-outputs, which gives this notion considerable flexibility. The coalgebraic approach allows us to use coinductive proof methods in establishing refinements (via (bi)simulations). This is illustrated in several examples. 1 Introduction Refinement is an important notion in the stepwise construction of reliable software. It is used to express that an abstract description is realised by a concrete one, typically by filling-in some implementation details. This paper concentrates on refinement in an objectoriented setting. What is typical there is re-use of classes 1 : one tries to refine towards existing classes (available in some library). There are two ...

### Citations

413 |
Proof of correctness of data representations
- Hoare
- 1972
(Show Context)
Citation Context ...(in Definition 3.1) is based on simulation of behaviour, as is usual for automata. There is an important alternative approach which is based on models (especially on hidden-sorted algebras), see e.g. =-=[9, 4, 8, 2, 6, 7, 18]. It -=-defines a concrete specification C to be a refinement of an abstract specification A if all models of A, after appropriate restriction, are also models of C. We add two comments. This "appropriat... |

85 | Towards an algebraic semantics for the object paradigm
- GOGUEN, DIACONESCU
- 1994
(Show Context)
Citation Context ...n arbitrary state (i.e. inhabitant of X). Objects may be identified with such inhabitants. This coalgebraic state space X corresponds to the (product of the) hidden sorts in hiddensorted algebra, see =-=[6, 5, 18, 7, 1, 8]. In this setting we-=- define what it means for a "concrete" class to refine an "abstract" class. The idea is that every object of the concrete class (when considered with approTo appear in the Proceedi... |

46 |
Context induction: a proof principle for behavioural abstractions and algebraic implementations, Formal Aspects of Computing 3 (4
- Hennicker
- 1991
(Show Context)
Citation Context ...(in Definition 3.1) is based on simulation of behaviour, as is usual for automata. There is an important alternative approach which is based on models (especially on hidden-sorted algebras), see e.g. =-=[9, 4, 8, 2, 6, 7, 18]. It -=-defines a concrete specification C to be a refinement of an abstract specification A if all models of A, after appropriate restriction, are also models of C. We add two comments. This "appropriat... |

34 |
Behavioural and abstractor specifications
- Bidoit, Hennicker, et al.
- 1995
(Show Context)
Citation Context ...es the proof burden. Also the use of such (bi)simulations is well-established in automata-theoretic approaches. Bisimilarity corresponds to behavioural satisfaction in hidden-sorted algebra, see e.g. =-=[7, 2]-=-. Therefore, coinduction can also be used as a proof-technique in hidden sorted algebra, see [7]. The contribution of the present paper lies in the following: it adapts these automatatheoretic approac... |

30 | Mongruences and cofree coalgebras
- Jacobs
- 1995
(Show Context)
Citation Context ...s and queues. Only in the final Section 5 we briefly compare our automata-theoretic notion of behaviour-refinement to an alternative, model-based notion of refinement. This paper is the fourth (after =-=[10, 14, 13]-=-) in a series of papers by the author on using coalgebraic (in contrast to algebraic) notions in an object-oriented setting. The earlier papers are more foundational in nature. The theoretical content... |

27 | Proof of correctness of object representations
- Goguen, Malcolm
- 1994
(Show Context)
Citation Context ...n arbitrary state (i.e. inhabitant of X). Objects may be identified with such inhabitants. This coalgebraic state space X corresponds to the (product of the) hidden sorts in hiddensorted algebra, see =-=[6, 5, 18, 7, 1, 8]. In this setting we-=- define what it means for a "concrete" class to refine an "abstract" class. The idea is that every object of the concrete class (when considered with approTo appear in the Proceedi... |

13 |
An Algebraic Approach to Refinement
- Goguen
- 1990
(Show Context)
Citation Context ...ctness of such layered systems. The same is done in terms of appropriate notions of refinement between automata (see e.g. [17, 23]). 4.3 Stacks The standard way to refine stacks uses arrays, see e.g. =-=[4, 7]-=-: a stack is represented as an initial segment of an array, with pushing and popping at the end of the segment. We shall illustrate this in our coalgebraic setting, and therefore we first introduce a ... |

12 | Proving the Correctness of Behavioural Implementations
- Bidoit, Hennicker
- 1995
(Show Context)
Citation Context ...n arbitrary state (i.e. inhabitant of X). Objects may be identified with such inhabitants. This coalgebraic state space X corresponds to the (product of the) hidden sorts in hiddensorted algebra, see =-=[6, 5, 18, 7, 1, 8]. In this setting we-=- define what it means for a "concrete" class to refine an "abstract" class. The idea is that every object of the concrete class (when considered with approTo appear in the Proceedi... |

10 |
An extended abstract of a hidden agenda
- Goguen, Malcolm
- 1996
(Show Context)
Citation Context |

9 | Coalgebraic specifications and models of deterministic hybrid systems
- Jacobs
- 1996
(Show Context)
Citation Context ...l implementation. Therefore it is easy to understand. Moreover, it has a well-defined mathematical semantics (see notably [14]). Our (coalgebraic) notion of refinement scales up to a "hybrid"=-=; setting [12]-=-, combining discrete and continuous behaviour. And in future work we plan to generalise the 2 In particular, there is no way of restricting one's attention to finite state spaces in coalgebra. 3 Using... |

4 | Specification and refinement of a buffer of length one
- Broy
- 1996
(Show Context)
Citation Context ...en stronger, using the same names directly suggests how to define the selection functions f; g. We shall follow this approach in our other examples below. 4.2 Buffers Our next example is adapted from =-=[3]-=-. It involves buffers which may be empty or contain a single element from a data set A. Figure 4 contains two class specifications describing two such buffers. The first, Buffer(A), behaves as expecte... |

3 | Automata and behaviours in categories of processes
- Jacobs
- 1996
(Show Context)
Citation Context ...A. The opposite direction of these selection functions---contravariantly between inputs and covariantly between outputs--- plays an important role in a so-called behaviour-realisation adjunction (see =-=[11]-=-), giving a canonical relation between automata displaying certain behaviour, and behaviours which can be realised. In many situations the above reachable state r in the concrete class C will simply b... |