Many people have argued the importance of mechanical theorem-proving for reasoning about programs. Proving the correctness of programs by hand is usually hard and errorprone. People often miss boundary cases or forget to state hidden assumptions. On the other hand, can current mechanical theorem provers deal with a wide scope of non-trivial problems? Here, the question of scale is in diversity of problems as well as in complexity of each problem. Some provers are more suitable for one class of problems than others and all provers have space and time bounds that set practical limits on the size of an individual problem that can be handled.
{"title":"Experience with the Larch Prover","authors":"Jeannette M. Wing, C. Gong","doi":"10.1145/99569.99835","DOIUrl":"https://doi.org/10.1145/99569.99835","url":null,"abstract":"Many people have argued the importance of mechanical theorem-proving for reasoning about programs. Proving the correctness of programs by hand is usually hard and errorprone. People often miss boundary cases or forget to state hidden assumptions. On the other hand, can current mechanical theorem provers deal with a wide scope of non-trivial problems? Here, the question of scale is in diversity of problems as well as in complexity of each problem. Some provers are more suitable for one class of problems than others and all provers have space and time bounds that set practical limits on the size of an individual problem that can be handled.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125287086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Program verification has seen little practical, automated use. How can its good ideas be revived in a practical setting? One way is to lower its sights: instead of checking that a program matches its specification, one can perform less ambitious but more feasible checking. Much recent work has lowered sights by checking only specifications and not programs. By characterizing software failures by their detection method, we have decided instead to try checking only programs and not specifications. Our goal is to integrate run-time checking into a compiler, so that programs never commit common run-time faults like following bad pointers or violating array boundaries. 1 Verification ignored Most work in applying formal methods to software development concentrates on formalizing software designs, because it is a challenging intellectual problem that brings forth fundamental issues in programming methods and notations. Thus program verification, which arose from axiomatic semantics [Ho691, was originally developed in an ambitious attempt to produce programs that “do what we want them to do.” [Lo751 After an burst of enthusiasm, however, researchers found that program verification consumed too many human resources to apply it to practical systems. Although serious work has continued in program verification to this day, many outsiders are skeptical of its utility. For example, of 25 papers in a recent conference on practical software development environments [He881, only two relatively speculative papers [Le88, Re88) even mentioned verification. Another measure of the distance between formal verification and practice is the Gypsy Programming Support Environment [Co88], named by practical workers who were evidently unaware of the Gypsy Verification Environment [Go861! Many workers who remain in the field concentrate on verifying only the most crucial properties of software, notably security in the U.S.A. [Ch81, Go86, vH88, Sc891, where sights axe often lowered by checking only specifications, not programs. This work is not likely to catch on in the broader software community. Worse, software engineering education, at least in the U.S.A., discourages students from formal methods [Gr90]. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for Proceedings of the ACM SIGSOFT International Workshop on Formal Methods in Software Developdirect commercial advantage, the ACM copyright notice and the ment. Napa, California, May 9-11, 1990. title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0025...$1.50
{"title":"Toward special-purpose program verification","authors":"P. Eggert","doi":"10.1145/99569.99807","DOIUrl":"https://doi.org/10.1145/99569.99807","url":null,"abstract":"Program verification has seen little practical, automated use. How can its good ideas be revived in a practical setting? One way is to lower its sights: instead of checking that a program matches its specification, one can perform less ambitious but more feasible checking. Much recent work has lowered sights by checking only specifications and not programs. By characterizing software failures by their detection method, we have decided instead to try checking only programs and not specifications. Our goal is to integrate run-time checking into a compiler, so that programs never commit common run-time faults like following bad pointers or violating array boundaries. 1 Verification ignored Most work in applying formal methods to software development concentrates on formalizing software designs, because it is a challenging intellectual problem that brings forth fundamental issues in programming methods and notations. Thus program verification, which arose from axiomatic semantics [Ho691, was originally developed in an ambitious attempt to produce programs that “do what we want them to do.” [Lo751 After an burst of enthusiasm, however, researchers found that program verification consumed too many human resources to apply it to practical systems. Although serious work has continued in program verification to this day, many outsiders are skeptical of its utility. For example, of 25 papers in a recent conference on practical software development environments [He881, only two relatively speculative papers [Le88, Re88) even mentioned verification. Another measure of the distance between formal verification and practice is the Gypsy Programming Support Environment [Co88], named by practical workers who were evidently unaware of the Gypsy Verification Environment [Go861! Many workers who remain in the field concentrate on verifying only the most crucial properties of software, notably security in the U.S.A. [Ch81, Go86, vH88, Sc891, where sights axe often lowered by checking only specifications, not programs. This work is not likely to catch on in the broader software community. Worse, software engineering education, at least in the U.S.A., discourages students from formal methods [Gr90]. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for Proceedings of the ACM SIGSOFT International Workshop on Formal Methods in Software Developdirect commercial advantage, the ACM copyright notice and the ment. Napa, California, May 9-11, 1990. title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0025...$1.50","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117337697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Transformational derivation is the formal derivation of programs using the paradigm of program transformation. We discuss how formal methods of reasoning are used in this methodology. It is argued that formal methods, including induction, are essential for achieving common transformational objectives. Our discussion is in the context of the Focus system, an automated assistant to support program derivation using this paradigm. We illustrate how Focus provides support for rule management, rewriting, inductive reasoning and other formal activities, leaving the programmer free to explore high level design aspects.
{"title":"Formal methods in transformational derivation of programs","authors":"U. Reddy","doi":"10.1145/99569.99828","DOIUrl":"https://doi.org/10.1145/99569.99828","url":null,"abstract":"Transformational derivation is the formal derivation of programs using the paradigm of program transformation. We discuss how formal methods of reasoning are used in this methodology. It is argued that formal methods, including induction, are essential for achieving common transformational objectives. Our discussion is in the context of the Focus system, an automated assistant to support program derivation using this paradigm. We illustrate how Focus provides support for rule management, rewriting, inductive reasoning and other formal activities, leaving the programmer free to explore high level design aspects.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126261285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This position paper describes our efforts to apply formal, methods to the specification of complex systems and the overlap of these efforts with the topics of the workshop. The introduction describes why we are interested in using formal methods, and it is followed by short descriptions of the individual tasks with which we are currently involved. The conclusion relates these tasks to the workshop topics.
{"title":"Application of formal methods to system and software specification","authors":"W. Wood","doi":"10.1145/99569.99837","DOIUrl":"https://doi.org/10.1145/99569.99837","url":null,"abstract":"This position paper describes our efforts to apply formal, methods to the specification of complex systems and the overlap of these efforts with the topics of the workshop. The introduction describes why we are interested in using formal methods, and it is followed by short descriptions of the individual tasks with which we are currently involved. The conclusion relates these tasks to the workshop topics.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126145598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Formal methods in computer science seems to have begun with the observation of people like John McCarthy that programming languages usually lack a precise mathematical semantics and that the latter was necessary in order to even pose important questions like compiler correctness. The fact that people appear to perform meaningfully computations using these languages does not guarantee their well definedness. An episode from the history of mathematics provides a useful comparison. The first modern advance in European mathematics over the ancients and the work of Islamic scholars was the discovery of a formula for the solution of the general cubic (degree 3) and quartic (degree 4) algebraic equations in the sixteenth century. This appears to be the first new discovery in mathematics to be found in Europe in over a millenia! The general solution of the quadratic equation (degree 2) which we all learn in high school goes back to the Babylonians several thousands of
{"title":"Formal methods in mathematics","authors":"R. Platek","doi":"10.1145/99569.99827","DOIUrl":"https://doi.org/10.1145/99569.99827","url":null,"abstract":"Formal methods in computer science seems to have begun with the observation of people like John McCarthy that programming languages usually lack a precise mathematical semantics and that the latter was necessary in order to even pose important questions like compiler correctness. The fact that people appear to perform meaningfully computations using these languages does not guarantee their well definedness. An episode from the history of mathematics provides a useful comparison. The first modern advance in European mathematics over the ancients and the work of Islamic scholars was the discovery of a formula for the solution of the general cubic (degree 3) and quartic (degree 4) algebraic equations in the sixteenth century. This appears to be the first new discovery in mathematics to be found in Europe in over a millenia! The general solution of the quadratic equation (degree 2) which we all learn in high school goes back to the Babylonians several thousands of","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128814080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a formally based method for systematically integrating software components. This is accomplished through the adjustment and mediation of abstract systems interfaces and their underlying data representations. The method provides the software designer with the ability to delay or revise design decisions in cases when it is difficult to reach an a priori agreement on interfaces and/or data representations. A moderate-scale example, drawn from the development of a simple interactive text editor, is provided to demonstrate the application of these techniques. The text buffer in an editor must support a va.riety of operations. These fall into groups determined by the most natural and efficient data representations that support the individual operations. Ve demonstrate how such data representations can be combined using formal program manipulation methods to obtain an efhcient composite representation that supports all of the operations. This approach can provide meaningful support for later adaptation. Should a new editor operation be added at a later time, the initial representations can be reused to support another combination step that obta.ins a new composite represent&ion t1ia.t works for all of the operations including the new one. This research was supported in part by the OIlice of Naval Research under contract N00014-84-K-0415 and in part by the Defense Advanced Research Projects Agency (DOD), ARPA Order No. 5404, monitored by the Ofice of Naval Research under the same contract. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the oflicial policies, eitlvx expressed or implied, of DARPA or the U.S. Government. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-415.5/90/0010-0090.,.$1.50
{"title":"Formal manipulation of modular software systems","authors":"R. Nord, Peter Lee, W. Scherlis","doi":"10.1145/99569.99825","DOIUrl":"https://doi.org/10.1145/99569.99825","url":null,"abstract":"We present a formally based method for systematically integrating software components. This is accomplished through the adjustment and mediation of abstract systems interfaces and their underlying data representations. The method provides the software designer with the ability to delay or revise design decisions in cases when it is difficult to reach an a priori agreement on interfaces and/or data representations. A moderate-scale example, drawn from the development of a simple interactive text editor, is provided to demonstrate the application of these techniques. The text buffer in an editor must support a va.riety of operations. These fall into groups determined by the most natural and efficient data representations that support the individual operations. Ve demonstrate how such data representations can be combined using formal program manipulation methods to obtain an efhcient composite representation that supports all of the operations. This approach can provide meaningful support for later adaptation. Should a new editor operation be added at a later time, the initial representations can be reused to support another combination step that obta.ins a new composite represent&ion t1ia.t works for all of the operations including the new one. This research was supported in part by the OIlice of Naval Research under contract N00014-84-K-0415 and in part by the Defense Advanced Research Projects Agency (DOD), ARPA Order No. 5404, monitored by the Ofice of Naval Research under the same contract. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the oflicial policies, eitlvx expressed or implied, of DARPA or the U.S. Government. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-415.5/90/0010-0090.,.$1.50","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121619189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The IS0 specification language LOTOS is presented, together with the results of a project involving the evaluation of its usefulness in an industrial environment. LOTOS is a mixture of concepts taken from CC’S and CSP, along with an algebraic abstract data type formalism. The language was used by Gandalf to develop a formal specification of an existing protocol, part of a distributed data PBX. The effort concentrated on the specification of two aspects of the protocol: the top level system architecture, and the call management phase. It is shown how the unique features of LOTOS were found to be useful for expressing these aspects. The results of the project were positive, and further use of LOTOS is planned within Gandalf.
{"title":"The algebraic specification language LOTOS: an industrial experience","authors":"L. Logrippo, T. Melanchuk, Robert J. Du Wors","doi":"10.1145/99569.99817","DOIUrl":"https://doi.org/10.1145/99569.99817","url":null,"abstract":"The IS0 specification language LOTOS is presented, together with the results of a project involving the evaluation of its usefulness in an industrial environment. LOTOS is a mixture of concepts taken from CC’S and CSP, along with an algebraic abstract data type formalism. The language was used by Gandalf to develop a formal specification of an existing protocol, part of a distributed data PBX. The effort concentrated on the specification of two aspects of the protocol: the top level system architecture, and the call management phase. It is shown how the unique features of LOTOS were found to be useful for expressing these aspects. The results of the project were positive, and further use of LOTOS is planned within Gandalf.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134485969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We use our experience in applying formal methods to large-scale industrial problems to argue (a) the practical importance of developing formal reusable frameworks, and (b) th e need for further research into techniques for defining and instantiating these frameworks. 1 The Value of Formal Frameworks Success in introducing formal methods into industry depends on making those methods cost-effective in the overall context of industrial software engineering practice. In the past, efforts to do this have largely focused on the problem of refi,nemeni: given a formal specification of a system, how does one construct an implementation that is correct with respect to that specification [4, 3, 71. While the use of formal refinement leads to software with many desirable properties, this application of formal techniques has not found widespread industrial use in the United States except perhaps in the areas of securityand safety-critical systems, which naturally place a high premium on correctness. In this paper we argue the need for attention to the inverse problem of abstrachon: within a given domain how does one construct formal models that can serve as reusable frameworks for a wide variety of products. While abstraction and refinement are clearly two sides of the same coin, we have found that a focus on the former can lead to highly effective use of formal methods in practical industrial software development. First, when a single specification can serve a number of distinct products, the cost of developing the framework can be amortized over those products. Second, the development of different products from the Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0042...$1.50 same framework can lead to a desirable uniformity across those products. Third? in many cases the reusable framework can be implemented by corresponding reusable software components. Fourth, the requirement of producing a specification that acts as a framework for several products forces the developers of that specification to strive for particularly elegant abstractions. This in turn can lead to much cleaner definitions of the fundamental concepts behind an application. Fifth, since reusing an existing framework is considerably easier than specifying it in the first place, in many cases the job of constructing the framework can be allotted to a small team of highly skilled engineers. This addresses the very real problem in industry that currently all too few software engineers are capable of producing good specifictions. Finally, at a much grander level, we can hope that by concentrating on higher-lev
我们利用我们将形式化方法应用于大规模工业问题的经验来论证(a)开发形式化可重用框架的实际重要性,以及(b)需要进一步研究定义和实例化这些框架的技术。将形式化方法引入工业的成功取决于使这些方法在工业软件工程实践的整体环境中具有成本效益。在过去,这样做的努力主要集中在refi,nemeni问题上:给定系统的正式规范,如何构建一个相对于该规范是正确的实现[4,3,71]。虽然使用形式化细化导致软件具有许多理想的属性,但这种形式化技术的应用在美国并没有广泛的工业用途,除了安全和安全关键系统领域,这些领域自然对正确性给予了高度的重视。在本文中,我们认为有必要关注抽象的逆向问题:在给定的领域内,如何构建可以作为各种产品可重用框架的正式模型。虽然抽象和细化显然是同一枚硬币的两面,但我们已经发现,关注前者可以在实际的工业软件开发中高效地使用形式化方法。首先,当单个规范可以服务于许多不同的产品时,开发框架的成本可以分摊到这些产品上。第二,允许免费复制本材料的全部或部分,前提是这些复制不是为了直接的商业利益而制作或分发的,必须有ACM版权声明、出版物的标题和出版日期,并注明复制是由计算机协会许可的。以其他方式复制或重新发布需要付费和/或特定许可。相同的框架可以在这些产品之间实现理想的均匀性。第三个吗?在许多情况下,可重用框架可以通过相应的可重用软件组件来实现。第四,生成作为多个产品框架的规范的需求迫使该规范的开发人员努力实现特别优雅的抽象。这反过来又可以使应用程序背后的基本概念的定义更加清晰。第五,由于重用现有框架比首先指定它要容易得多,因此在许多情况下,构建框架的工作可以分配给一个由高技能工程师组成的小团队。这解决了行业中一个非常现实的问题,即目前很少有软件工程师能够生成好的规格说明。最后,在更大的层面上,我们希望通过关注更高级的框架,我们可能有一天拥有正式指定的软件架构库,这些架构库构成了每个软件工程师的基本设计曲目。为了说明其中一个框架,考虑定义一个简单的电子计数器/计时器(测量电子信号的频率或周期)的问题。在其最抽象的形式中,这样的仪器可以被视为一个数学函数,可以应用于一个信号来产生一个测量。为这类工具定义框架的问题是使这些功能在智力上(和实际上)可管理。我们的方法是开发一个框架,在这个框架中,仪器被定义为简单功能的组合,每个组件功能描述仪器整体功能的某些部分。考虑到用户配置仪器的能力,我们将这些组件视为高阶函数。高阶函数的使用捕获了ACM SIGSOFT软件开发形式化方法国际研讨会的两个会议记录。1990年5月9日至11日,加州纳帕。用户对配置仪器的直觉,以及当前实现的实际操作行为。用户通常设置输入参数,然后实时重复应用结果函数来产生一系列测量结果。图1说明了计数器/计时器的这种分解。更正式地说,我们可以使用Z规范语言[1]通过为每个组件定义一个高阶函数来对这个体系结构建模。例如,Couple函数定义如下:Coupling::= Direct 1 Filter Couple: Coupling + Signal -+ Signal Couple Direct s = s Couple Filter s = X t l s(t) h(s)用户提供的Coupling参数决定了信号是不加改变地通过还是将其直流偏置从信号中滤除。 给定该形参的值,Couple生成一个新函数,将一个Signal映射到另一个Signal。以类似的方式,我们可以定义仪器的其他功能部件。(该规范的完整描述见[5]。)例如,组件DeiectCrossings定义如下:Slope::= POS 1 NEG Level == Volts DetectCrossings: Level x Slope 4 Signal
{"title":"The role of formal reusable frameworks","authors":"D. Garlan","doi":"10.1145/99569.99812","DOIUrl":"https://doi.org/10.1145/99569.99812","url":null,"abstract":"We use our experience in applying formal methods to large-scale industrial problems to argue (a) the practical importance of developing formal reusable frameworks, and (b) th e need for further research into techniques for defining and instantiating these frameworks. 1 The Value of Formal Frameworks Success in introducing formal methods into industry depends on making those methods cost-effective in the overall context of industrial software engineering practice. In the past, efforts to do this have largely focused on the problem of refi,nemeni: given a formal specification of a system, how does one construct an implementation that is correct with respect to that specification [4, 3, 71. While the use of formal refinement leads to software with many desirable properties, this application of formal techniques has not found widespread industrial use in the United States except perhaps in the areas of securityand safety-critical systems, which naturally place a high premium on correctness. In this paper we argue the need for attention to the inverse problem of abstrachon: within a given domain how does one construct formal models that can serve as reusable frameworks for a wide variety of products. While abstraction and refinement are clearly two sides of the same coin, we have found that a focus on the former can lead to highly effective use of formal methods in practical industrial software development. First, when a single specification can serve a number of distinct products, the cost of developing the framework can be amortized over those products. Second, the development of different products from the Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. @ 1990 ACM 089791-4155/90/0010-0042...$1.50 same framework can lead to a desirable uniformity across those products. Third? in many cases the reusable framework can be implemented by corresponding reusable software components. Fourth, the requirement of producing a specification that acts as a framework for several products forces the developers of that specification to strive for particularly elegant abstractions. This in turn can lead to much cleaner definitions of the fundamental concepts behind an application. Fifth, since reusing an existing framework is considerably easier than specifying it in the first place, in many cases the job of constructing the framework can be allotted to a small team of highly skilled engineers. This addresses the very real problem in industry that currently all too few software engineers are capable of producing good specifictions. Finally, at a much grander level, we can hope that by concentrating on higher-lev","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"T163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125669268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Keyphruses: (i) the role of rigorous software specification and design with the Vienna Development Method within the SA / SD traject of software development, (ii) extension of VDM-SL, (the VDM Specification Language) by means of a object otiozted structuring mechanism, together with stream oriented properties, to enable stream and object oriented specification. Relation to Workshop Topics of Interest: the research addresses a specific role for formal methods in large-scale software development and the (mechanized) support for this role for formal methods in particular.
{"title":"Structured analysis—formal design, using stream and object oriented formal specifications","authors":"H. Toetenel, J. Katwijk, N. Plat","doi":"10.1145/99569.99830","DOIUrl":"https://doi.org/10.1145/99569.99830","url":null,"abstract":"Keyphruses: (i) the role of rigorous software specification and design with the Vienna Development Method within the SA / SD traject of software development, (ii) extension of VDM-SL, (the VDM Specification Language) by means of a object otiozted structuring mechanism, together with stream oriented properties, to enable stream and object oriented specification. Relation to Workshop Topics of Interest: the research addresses a specific role for formal methods in large-scale software development and the (mechanized) support for this role for formal methods in particular.","PeriodicalId":429108,"journal":{"name":"Formal Methods in Software Development","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126424737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: