## Observational Proofs with Critical Contexts (1998)

Venue: | In Fundamental Approaches to Software Engineering |

Citations: | 26 - 3 self |

### BibTeX

@INPROCEEDINGS{Berregeb98observationalproofs,

author = {Narjes Berregeb and Adel Bouhoula and Michael Rusinowitch},

title = {Observational Proofs with Critical Contexts},

booktitle = {In Fundamental Approaches to Software Engineering},

year = {1998},

pages = {38--53},

publisher = {Springer}

}

### OpenURL

### Abstract

Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the concept of Context Induction has been developed by Hennicker [10]. We propose in this paper to embed Context Induction in the implicit induction framework of [8]. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniques and for the refutation of false observational conjectures. Under reasonable assumptions our method is refutationally complete, i.e. it can refute any conjecture which is not observationally valid. Moreover this proof system is operational: it has been implemented within the Spike prover and interesting computer experiments are reported.

### Citations

224 |
Algebraic specifications
- Wirsing
- 1990
(Show Context)
Citation Context ...r to be sound (in our case, ground convergence is needed only for refutational completeness). 3 Basic notions We assume that the reader is familiar with the basic concepts of algebraic specifications =-=[18]-=-, term rewriting and equational reasoning. A many sorted signature \Sigma is a pair (S; F ) where S is a set of sorts and F is a set of function symbols. For short, a many sorted signature \Sigma will... |

62 | Implicit induction in conditional theories
- Bouhoula, Rusinowitch
- 1995
(Show Context)
Citation Context ...er to prove observational properties, the concept of Context Induction has been developed by Hennicker [10]. We propose in this paper to embed Context Induction in the implicit induction framework of =-=[8]-=-. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniques and for the refutation of false observational conjectures. Under reasonable assumptions our ... |

62 |
The speci and application to programming of abstract data types
- Guttag
- 1975
(Show Context)
Citation Context ...ot be distinguished by experiments with observable result. The idea that the semantics of a specification must describe the behaviour of an abstract data type as viewed by an external user, is due to =-=[9]-=-. Though a lot of work has been devoted to the semantical aspects of observability (see [2] for a classification), few proof techniques have been studied [17,5,14,13], and even less have been implemen... |

54 | Toward formal development of ML programs: foundations and methodology
- Sannella, Tarlecki
- 1989
(Show Context)
Citation Context ...e as viewed by an external user, is due to [9]. Though a lot of work has been devoted to the semantical aspects of observability (see [2] for a classification), few proof techniques have been studied =-=[17,5,14,13]-=-, and even less have been implemented. In this paper we propose an automatic method for proving observational properties of conditional specifications. The method relies on computing families of well ... |

51 |
Context induction: a proof principle for behavioural abstractions and algebraic implementations
- Hennicker
- 1991
(Show Context)
Citation Context ...ract. Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the concept of Context Induction has been developed by Hennicker =-=[10]-=-. We propose in this paper to embed Context Induction in the implicit induction framework of [8]. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniq... |

33 | Behavioural theories and the proof of behavioural properties
- Bidoit, Hennicker
- 1996
(Show Context)
Citation Context ...e as viewed by an external user, is due to [9]. Though a lot of work has been devoted to the semantical aspects of observability (see [2] for a classification), few proof techniques have been studied =-=[17,5,14,13]-=-, and even less have been implemented. In this paper we propose an automatic method for proving observational properties of conditional specifications. The method relies on computing families of well ... |

28 | Theorem Proving by Test Set Induction
- Bouhoula
- 1997
(Show Context)
Citation Context ...ess of our method. However, they cannot help us to disprove the non observationally valid clauses. For this purpose, we introduce a new notion of critical context sets and we use test sets defined in =-=[7]-=-. Definition 4 (test set, test substitution). A test set is a cover set which has the following additional properties: (i) the instance of a ground reducible term by a test substitution matches a left... |

28 | Proving Correctness of Refinement and Implementation
- Malcolm, Goguen
- 1994
(Show Context)
Citation Context ...e as viewed by an external user, is due to [9]. Though a lot of work has been devoted to the semantical aspects of observability (see [2] for a classification), few proof techniques have been studied =-=[17,5,14,13]-=-, and even less have been implemented. In this paper we propose an automatic method for proving observational properties of conditional specifications. The method relies on computing families of well ... |

28 |
Computing in Horn Clause Theories
- Padawitz
- 1988
(Show Context)
Citation Context ...ts of the sequences push(top(s); pop(s)) and s. This can be formally shown by considering all observable contexts. The next theorem gives a useful characterization of observational theorems (see e.g. =-=[15]-=-): Theorem 1. Suppose that all the preconditions of E are observable. Then E j= Obs V n i=1 a i = b i ) W m j=1 a 0 j = b 0 j iff for all ground substitutions oe, if (for all i; E j= Obs a i oe = b i ... |

14 | Using induction and rewriting to verify and complete parameterized specifications
- Bouhoula
- 1996
(Show Context)
Citation Context ...d strongly complete. Let E 0 be a set of boolean clauses. Then R 6j= Obs E 0 iff all fair derivations issued from (E 0 ; ;) fail. Proof. The proof follows the line of the corresponding Theorem 6.5 in =-=[6]-=- that was given for the initial semantics. Generation: (E [ flsrg; H) (E [ ( S c;oe E c;oe ); H [ fCg) if 8 ? ! ? : for all test substitution oe and for all critical context c: either c[l]oesroe is a ... |

9 |
Proving the correctness of algebraic implementations by the ISAR system
- Bauer, Hennicker
- 1993
(Show Context)
Citation Context ...ts of observable sort, which is called context induction. This approach provides with a uniform proof method for the verification of behavioural properties. It has been implemented in the system ISAR =-=[1]-=-. However, in concrete examples, this verification is a non trivial task, and requires human guidance: the system often needs a generalization of the current induction assertion before each nested con... |

8 |
Testing for the ground (co-)reducibility property in term-rewriting systems
- Kounalis
- 1992
(Show Context)
Citation Context ...ion of test sets and test substitutions for conditional specifications is decidable if the axioms are sufficiently complete and the constructors are specified by a set of unconditional equations (see =-=[12]-=-). Unfortunately, no algorithm exists for the general case of conditional specifications. However, in [7], a procedure is described for computing test sets when the axioms are sufficiently complete ov... |

6 |
How to prove observational theorems with lp
- Bidoit, Hennicker
- 1992
(Show Context)
Citation Context ...defined functions, provided that the generators verify a congruence relation w.r.t. behavioural equivalence. This proof technique is an efficient optimization of Hennicker proofs. Bidoit and Henniker =-=[4]-=- have investigated how a first order logic theorem prover can be used to prove properties in an observational framework. The method consists in computing automatically some special contexts called cru... |

5 |
Behavioural approaches to algebraic specifications: a comparative study
- Bernot, Bidoit, et al.
- 1994
(Show Context)
Citation Context ... specification must describe the behaviour of an abstract data type as viewed by an external user, is due to [9]. Though a lot of work has been devoted to the semantical aspects of observability (see =-=[2]-=- for a classification), few proof techniques have been studied [17,5,14,13], and even less have been implemented. In this paper we propose an automatic method for proving observational properties of c... |

4 | Extending Bachmair's method for proof by consistency to the final algebra
- Lysne
- 1994
(Show Context)
Citation Context |

3 |
On the decidability of quasi-reducibility
- Kaplan, Choquer
- 1986
(Show Context)
Citation Context ...nd observable context. It can be proved, by reduction to ground reducibility, that quasi ground reducibility is decidable too for equational systems and semi-decidable for conditional rewrite systems =-=[11]-=-. The following remark is also useful: given a context c[z s ] of the form f(t 1 ; : : : ; t n ) where f is a completely defined function and for all i 2 [1::n], t i is a constructor term. If z s does... |

1 | Observational proofs by implicit context induction - Berregeb, Bouhoula, et al. - 1997 |

1 |
Proofs in the final algebra
- Puel
- 1984
(Show Context)
Citation Context ... the observational equality can be transformed into a finitary one. However, in general there is no automatic procedure for generating such a finite axiomatization of the observational equality. Puel =-=[16]-=- has adapted Huet-Hullot procedure for proof by consistency w.r.t. the final model. Lysne [13] extends Bachmair's method for proof by consistency to the final algebra framework. The proof technique is... |