The purpose of this paper is to present the subset of temporal logic, that has been found useful and accessible to programmers of communications software, and to present the additional assumptions and structuring operators which had to be ad’ded to make this subset into a viable programming language. The resulting language is called L.0’. The fact that enhancements to temporal logic are necessary to make it a viable programming language should not be surprising, since a standard criticism of temporal logic is that it is: “global, non-modular, and noncompositional’~‘l.
{"title":"L.0: a parallel executable temporal logic language","authors":"L. Ness","doi":"10.1145/99569.99820","DOIUrl":"https://doi.org/10.1145/99569.99820","url":null,"abstract":"The purpose of this paper is to present the subset of temporal logic, that has been found useful and accessible to programmers of communications software, and to present the additional assumptions and structuring operators which had to be ad’ded to make this subset into a viable programming language. The resulting language is called L.0’. The fact that enhancements to temporal logic are necessary to make it a viable programming language should not be surprising, since a standard criticism of temporal logic is that it is: “global, non-modular, and noncompositional’~‘l.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126915140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Development of a prototype into a final program proceeds by steps of transformational refinement, through successive versions. Every version satisfies the initial specification by construction, because every transformation step fully preserves behavioural meaning of programs. Transformations are selected to make later versions more efficient than earlier ones – meaning that computations use less time or less space or both. This increase in efficiency is typically achieved only by means of an increase in complexity. In particular, later versions are generally more complex to transform than earlier versions. So there is a trade-off, and in principle development can stop at any point.
{"title":"Formalised development of software by machine assisted transformation","authors":"C. Runciman, M. Firth","doi":"10.1145/99569.99829","DOIUrl":"https://doi.org/10.1145/99569.99829","url":null,"abstract":"Development of a prototype into a final program proceeds by steps of transformational refinement, through successive versions. Every version satisfies the initial specification by construction, because every transformation step fully preserves behavioural meaning of programs. Transformations are selected to make later versions more efficient than earlier ones – meaning that computations use less time or less space or both. This increase in efficiency is typically achieved only by means of an increase in complexity. In particular, later versions are generally more complex to transform than earlier versions. So there is a trade-off, and in principle development can stop at any point.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"265 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116400448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There is a growing interest in the notion that programs can be constructed and manipulated in much the same way as are expressions in say the calculus of arithmetic. Ideally, complex executable specifications would be constructed from simpler specijications, using a small set of operators with ‘nice’ algebraic properties, and subsequently transformed to more efficient provably equivalent forms using algebraic identities. These activities are facilitated if the executable specifications are variable-free, have little explicit recursion and are expressed in terms of higher order functions that capture common patterns of computation. In this paper we show how this approach might be used in the calculation of programs constructed as executable specifications of attribute grammars. We have implemented a ‘calculus of interpreters’ in a higher order, pure, lazy functional programming language Miranda’. The resulting programming environment may be thought of as a step towards the realisation of a suggestion made in 1971 by Knuth [9] that executable attribute grammars might provide a viable declarative programming language.
{"title":"Constructing programs in a calculus of lazy interpreters","authors":"R. Frost","doi":"10.1145/99569.99810","DOIUrl":"https://doi.org/10.1145/99569.99810","url":null,"abstract":"There is a growing interest in the notion that programs can be constructed and manipulated in much the same way as are expressions in say the calculus of arithmetic. Ideally, complex executable specifications would be constructed from simpler specijications, using a small set of operators with ‘nice’ algebraic properties, and subsequently transformed to more efficient provably equivalent forms using algebraic identities. These activities are facilitated if the executable specifications are variable-free, have little explicit recursion and are expressed in terms of higher order functions that capture common patterns of computation. In this paper we show how this approach might be used in the calculation of programs constructed as executable specifications of attribute grammars. We have implemented a ‘calculus of interpreters’ in a higher order, pure, lazy functional programming language Miranda’. The resulting programming environment may be thought of as a step towards the realisation of a suggestion made in 1971 by Knuth [9] that executable attribute grammars might provide a viable declarative programming language.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116417958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This report describes preliminary experience writing formal specifications for the control system for a cyclotron and neutron radiation therapy apparatus. This effort is motivated by high reliability and safety requirements, and a need for concise, authoritative documentation to support coding, user instruction, and testing. Software development practices for therapy machines and physics reserach acclerators are reviewed. The operation of our machine from the point of view of the cyclotron operator is described. Many of the cyclotron operator’s controls are well-matched to model-based notations such as Z and VDM. Sample specifications in Z are presented for representative operations of the cyclotron control programs. These notations provide no built-in way to represent the passage of time, and they cannot express some features of concurrent systems and event-driven systems. Alternative notations are discussed, including Petri Nets and Software C’ost Reduction project (SCR) notation. We conclude that it is practical to attempt a comprehensive formal specification of our application, and anticipate that this will be a valuable supplement to traditional development practices.
{"title":"Formal specification for a clinical cyclotron control system","authors":"J. Jacky","doi":"10.1145/99569.99814","DOIUrl":"https://doi.org/10.1145/99569.99814","url":null,"abstract":"This report describes preliminary experience writing formal specifications for the control system for a cyclotron and neutron radiation therapy apparatus. This effort is motivated by high reliability and safety requirements, and a need for concise, authoritative documentation to support coding, user instruction, and testing. Software development practices for therapy machines and physics reserach acclerators are reviewed. The operation of our machine from the point of view of the cyclotron operator is described. Many of the cyclotron operator’s controls are well-matched to model-based notations such as Z and VDM. Sample specifications in Z are presented for representative operations of the cyclotron control programs. These notations provide no built-in way to represent the passage of time, and they cannot express some features of concurrent systems and event-driven systems. Alternative notations are discussed, including Petri Nets and Software C’ost Reduction project (SCR) notation. We conclude that it is practical to attempt a comprehensive formal specification of our application, and anticipate that this will be a valuable supplement to traditional development practices.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"51 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129895320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper focuses on the use of VDM. Meta-IV, the specification language of VDM, was proved successful to specify large systems. Although many specifications have been written in Meta-IV, only a few complete VDM developments have been achieved. Experiments with VDM and the /b B/ theorem prover have provided some insight on this problem. The author gives an overview of VDM; he points out several weaknesses of the approach in the perspective of large scale developments; and discusses the benefits of the use of the /b B/ tool.
{"title":"Applying VDM to large developments","authors":"Y. Ledru, Pierre-Yves Schobbens","doi":"10.1145/99569.99815","DOIUrl":"https://doi.org/10.1145/99569.99815","url":null,"abstract":"The paper focuses on the use of VDM. Meta-IV, the specification language of VDM, was proved successful to specify large systems. Although many specifications have been written in Meta-IV, only a few complete VDM developments have been achieved. Experiments with VDM and the /b B/ theorem prover have provided some insight on this problem. The author gives an overview of VDM; he points out several weaknesses of the approach in the perspective of large scale developments; and discusses the benefits of the use of the /b B/ tool.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130951635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Estelle is a formal description technique, based on an extended state transition model, by the International Orangization for Standardization (ISO) for specifying protocols and services. The Estelle Development System (EDS) is a comprehensive protocol development environment for protocol designers and implementors for protocols specified in Estelle. Three key components of EDS are an Estelle compiler, a finite state machine analyzer, and a test driver. The Estelle compiler generates C language source code from the Estelle specification file for a protocol for the machine-independent part of the protocol specification which constitutes 50-70’36 of a complete protocol implementation. The finite state machine (FSM) analyzer of EDS is an automated tool to analyze protocol state machines to verify protocol properties such as deadlock-freeness, boundedness, termination and completeness, and to generate user paths or event sequences involving interface events which can be used as test traces. The test driver simulates the network and monitors the behavior of an implementation during tests. EDS is complemented with another set of tools for generating protocol test sequences for the conformance testing of protocols to standards. This Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0008...$1.50 8 paper discusses application of EDS to the verification, semi-automatic implementation, and conformance test generation for protocols. The experience with EDS has shown that it is powerful, flexible and well-suited to application on real protocols.
{"title":"Experience with an Estelle development system","authors":"Anthony Chung, D. Sidhu","doi":"10.1145/99569.99801","DOIUrl":"https://doi.org/10.1145/99569.99801","url":null,"abstract":"Estelle is a formal description technique, based on an extended state transition model, by the International Orangization for Standardization (ISO) for specifying protocols and services. The Estelle Development System (EDS) is a comprehensive protocol development environment for protocol designers and implementors for protocols specified in Estelle. Three key components of EDS are an Estelle compiler, a finite state machine analyzer, and a test driver. The Estelle compiler generates C language source code from the Estelle specification file for a protocol for the machine-independent part of the protocol specification which constitutes 50-70’36 of a complete protocol implementation. The finite state machine (FSM) analyzer of EDS is an automated tool to analyze protocol state machines to verify protocol properties such as deadlock-freeness, boundedness, termination and completeness, and to generate user paths or event sequences involving interface events which can be used as test traces. The test driver simulates the network and monitors the behavior of an implementation during tests. EDS is complemented with another set of tools for generating protocol test sequences for the conformance testing of protocols to standards. This Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0008...$1.50 8 paper discusses application of EDS to the verification, semi-automatic implementation, and conformance test generation for protocols. The experience with EDS has shown that it is powerful, flexible and well-suited to application on real protocols.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"221 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132065605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The stated purpose of the International Workshop on Formal Methods in Software Development is to “explore key issues and promising research directions in the development and maintenance of dependable, adaptable, and efficient software.” In this position paper we contend that a promising approach toward the development of highly reliable software systems is the construction of programming environments which are both highly supportive of the software development process and formally verified.
{"title":"Verified program support environments","authors":"W. D. Young","doi":"10.1145/99569.99839","DOIUrl":"https://doi.org/10.1145/99569.99839","url":null,"abstract":"The stated purpose of the International Workshop on Formal Methods in Software Development is to “explore key issues and promising research directions in the development and maintenance of dependable, adaptable, and efficient software.” In this position paper we contend that a promising approach toward the development of highly reliable software systems is the construction of programming environments which are both highly supportive of the software development process and formally verified.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130669211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dialog systems are servers for an interface; graphical interfaces are one such. They are like operating systems in the concepts they provide. From a functional point of view, they maintain the interface for the application, permit concurrent execution of programs attached to graphical objects on the interface, and provide services with which a user (or programs) can edit objects of the interface. This paper formulates the invariant properties which need to be satisfied by the various components of a dialog system. These properties involve treatment of object relationships in regard to their layout, the activation and execution of programs attached to objects, and the concurrency model supported by the dialog system. In order to keep detail to the essential, we consider a simple model of dialogs and use the Z notation for the formal design of the system.
{"title":"Invariant properties in a dialog system","authors":"K. Narayana, S. Dharap","doi":"10.1145/99569.99818","DOIUrl":"https://doi.org/10.1145/99569.99818","url":null,"abstract":"Dialog systems are servers for an interface; graphical interfaces are one such. They are like operating systems in the concepts they provide. From a functional point of view, they maintain the interface for the application, permit concurrent execution of programs attached to graphical objects on the interface, and provide services with which a user (or programs) can edit objects of the interface. This paper formulates the invariant properties which need to be satisfied by the various components of a dialog system. These properties involve treatment of object relationships in regard to their layout, the activation and execution of programs attached to objects, and the concurrency model supported by the dialog system. In order to keep detail to the essential, we consider a simple model of dialogs and use the Z notation for the formal design of the system.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114830774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The graphical representation of the parallel composition of several LOTOS processes as a network of interconnected boxes is ambiguous, due to the nature of the LOTOS binary parallel operator. However, under suitable and sufficiently general conditions, such graphical representation is sound; a method for deriving from these graphs a family of strongly equivalent LOTOS expressions that describe the intcndcd process composition is introduced and proved correct. The method can be used for transforming the structure of parallel LOTOS expressions, and is a gcncralization of previously known algebraic transformation laws.
{"title":"On the soundness of graphical representations of interconnected processes in LOTOS","authors":"T. Bolognesi","doi":"10.1145/99569.99574","DOIUrl":"https://doi.org/10.1145/99569.99574","url":null,"abstract":"The graphical representation of the parallel composition of several LOTOS processes as a network of interconnected boxes is ambiguous, due to the nature of the LOTOS binary parallel operator. However, under suitable and sufficiently general conditions, such graphical representation is sound; a method for deriving from these graphs a family of strongly equivalent LOTOS expressions that describe the intcndcd process composition is introduced and proved correct. The method can be used for transforming the structure of parallel LOTOS expressions, and is a gcncralization of previously known algebraic transformation laws.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130593348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
‘The most successful formal method is abstraction. Functional abstraction, abstract data types, objectoriented type-inheritance, and built-in high-level modeling primitives, like sets, sequences, and maps (with their attendant operators), all raise the level of language with which programmers communicate and hence, promote the production of dependable, adaptable software. Relational abstraction is an abstraction mechanism that has had too little emphasis in the development of programming languages. We have found it to be a useful adjunct to the other abstraction mechanisms mentioned above; in effect,ion mechanisms mentioned above; in effect, relational access to data can be used to regularize idiosyncratic usage of abstract data types. I have designed and implemented a set of macros in Common Lisp that extends it to allow definition, update and queries of abstract relations. It is unusual in that the relations are lightweight: relations are not necessarily the repositories of ‘bulk data’, but are lised as a common abstraction of a wide variety of conventional program data structures. In this paper principles for integrating relational access into programming languages in general are put forth and demonstrated through this design. Of special interest is the ability to compile these abstractions into arbitrary data structures without fear of penalties from poor implementations or run-time overhead. *Sponsored by Defense Advanced Research Projects .gency, Information Science and Technology Office, ARPA Order No. 6096, issued by Defense Supply Service (Washington) under contract no. MDA903-87-C-0641 Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791.4155/90/0010-0128...$1.50 1 Abstraction Methods lLIost researchers identify formal methods with methodological support for the production of software, often independent of the programming languages used. However, linguistic support for formal methods embodied in programming language design can sometimes aid the methodologies considerably. In some sense, when a methodology is understood well enough, support for it migrates into programming languages themselves. For example, ‘top down programming’ as a methodology preceded the ‘gotoless’ languages with their enhanced support for looping and, especially, exiting control. Similarly, ‘abstracting data access’ as a methodology preceded language support for ‘abstract data types.’ The use of abstraction, “reduction to a short statement of the most important ideas,‘” is a formal method for separating concerns: people are encouraged to reason about properties made evident by abstraction before de
{"title":"Adding relational abstraction to programming languages","authors":"D. Wile","doi":"10.1145/99569.99833","DOIUrl":"https://doi.org/10.1145/99569.99833","url":null,"abstract":"‘The most successful formal method is abstraction. Functional abstraction, abstract data types, objectoriented type-inheritance, and built-in high-level modeling primitives, like sets, sequences, and maps (with their attendant operators), all raise the level of language with which programmers communicate and hence, promote the production of dependable, adaptable software. Relational abstraction is an abstraction mechanism that has had too little emphasis in the development of programming languages. We have found it to be a useful adjunct to the other abstraction mechanisms mentioned above; in effect,ion mechanisms mentioned above; in effect, relational access to data can be used to regularize idiosyncratic usage of abstract data types. I have designed and implemented a set of macros in Common Lisp that extends it to allow definition, update and queries of abstract relations. It is unusual in that the relations are lightweight: relations are not necessarily the repositories of ‘bulk data’, but are lised as a common abstraction of a wide variety of conventional program data structures. In this paper principles for integrating relational access into programming languages in general are put forth and demonstrated through this design. Of special interest is the ability to compile these abstractions into arbitrary data structures without fear of penalties from poor implementations or run-time overhead. *Sponsored by Defense Advanced Research Projects .gency, Information Science and Technology Office, ARPA Order No. 6096, issued by Defense Supply Service (Washington) under contract no. MDA903-87-C-0641 Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791.4155/90/0010-0128...$1.50 1 Abstraction Methods lLIost researchers identify formal methods with methodological support for the production of software, often independent of the programming languages used. However, linguistic support for formal methods embodied in programming language design can sometimes aid the methodologies considerably. In some sense, when a methodology is understood well enough, support for it migrates into programming languages themselves. For example, ‘top down programming’ as a methodology preceded the ‘gotoless’ languages with their enhanced support for looping and, especially, exiting control. Similarly, ‘abstracting data access’ as a methodology preceded language support for ‘abstract data types.’ The use of abstraction, “reduction to a short statement of the most important ideas,‘” is a formal method for separating concerns: people are encouraged to reason about properties made evident by abstraction before de","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124107719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: