形式化方法B的精化

形式化方法B支持从抽象规约到实现的完整的开发过程，用于开发安全关键的软件系统。给出了B方法精化的定义后，介绍了抽象机的精化过程与方法，结合实例分析了仅使用前向精化的普通精化规则的不完整性，通过引入反向精化提供了完备的精化理论，二者联合起来能够证明任何正确的精化。     

基于B语言的构件精化开发方法

本文采用B语言抽象机操作和扩充的事件机制，通过对构件行为规约形式化定义，然后用精化规则对构件行为规约逐步精化，直到可执行程序，最后给出了一个简单例子。     

B方法规格说明的构造及应用

B方法是一种软件形式化方法,支持从规格说明到代码生成的整个软件开发周期.本文比较系统地分析了B方法规格说明的构造结构,并结合所设计的实例演示了用B方法编写规格说明的过程,简略地给出了其规格说明的证明义务,并对其规格说明进行了一次精化.     

基于B语言的构件精化开发方法

本文采用B语言抽象机操作和扩充的事件机制,通过对构件行为规约形式化定义,然后用精化规则对构件行为规约逐步精化-直到可执行程序-最后给出了一个简单例子.     

UML与B结合的软件开发研究与应用

B方法主要是用抽象机来描述软件系统的规范说明,且有大量工具支持。UML已广泛用于面向对象技术的建模,许多工程项目和研究成果用UML图例给出。文中将B方法与UML结合用于软件的开发过程,结合工程实际和文献资料分析了从UML的类图、时序图和状态图转换到B的抽象机的技术要点,通过实例展示了具体的转换形式。     

基于B语言的UML形式化方法

分析了目前主要的UML形式化方法及特点,提出了基于B语言的转换方法B2F(B-Based Formalization),通过将UML模型转化为B抽象机描述实现UML的形式化描述和验证,并详细分析了基于B2F方法的UML类图的形式化,证明了该方法的可行性。     

基于B方法的弹道计算机程序设计技术

针对任务关键性的武器装备控制领域,选用B方法来设计通用弹道计算机程序,显著地提高了软件的质量和可靠性。在开发过程中,利用抽象机机制对基本弹道计算机进行建模,并通过逐步精化的方法扩展弹道计算机功能,从而有效地控制了弹道计算参数之间的复杂关系,依赖不变式技术形式化地保证了软件运行时的安全性,并使得生成的程序具有良好的重用性和可扩展性。     

形式化方法B及其程序规约机理

用形式化方法开发软件是提高软件可靠性和生产效率的革命性途径,是实现软件自动化的关键。文章针对B方法,介绍了其产生的历史背景,分析了其程序规约机理,并结合实例给出了B方法中抽象机的具体运用,对该方法的特点进行了评述。     

基于B方法抽象机和UML的货单系统

在分析货单系统的基础上,比较了B方法和UML的优缺点,从形式化B方法的抽象机和半形式化方法UML两方面描述了一个货单系统,且给出形式化B方法在软件、硬件、安全领域、计算机规约各方面的应用以及在未来发展的重要地位。     

UML与B结合的软件开发研究与应用

B方法主要是用抽象机来描述软件系统的规范说明,且有大量工具支持。UML已广泛用于面向对象技术的建模,许多工程项目和研究成果用UML图例给出。文中将B方法与UML结合用于软件的开发过程,结合工程实际和文献资料分析了从UML的类图、时序图和状态图转换到B的抽象机的技术要点,通过实例展示了具体的转换形式。     

Strongly reducing variants of the Krivine abstract machine

We present two variants of the Krivine abstract machine that reduce lambda-terms to full normal form. We give a proof of their correctness by interpreting their behaviour in the λ σ-calculus. This article is an extended version of a paper presented at the ‘Lisp and Functional Programming’ Conference in 1990 and the work was done at Ecole Normale Supérieure between 1989 and 1991.     

Strongly typed user interfaces in an abstract data store

The UMIST Abstract Data Store is a software tool which supports abstract data types together with flexible mechanisms for specifying, for each abstract data type, alternative user interface and memory representations appropriate to different physical media. These mechanisms facilitate the definition of types, the specification of their alternative representations and the creation and manipulation of their values in a persistent fashion. The media supported may include such things as disks and visual displays and collections of these connected together via a network. This paper focuses on the mechanisms which have evolved in this environment for specifying safe user interfaces to complex data structures.     

Linguistic extension of abstract machine modelling to aid software development

The traditional use of abstract machine models is to provide a conceptual framework for software design and to aid portability and machine independence. Access to the abstract machine model from the higher-level system on which it is based provides a powerful tool for software development. This paper describes a technique in which the higher-level system is interfaced to the underlying abstract machine, thus allowing use of the higher-level system to analyse and debug its own implementation. The application of this technique in the implementation of SL5 is given as an example. Experience with the use of the facility and a discussion of basic design considerations are included.     

The abstract domain of Trapezoid Step Functions

The Trapezoid Step Functions (TSF) domain is introduced in order to approximate continuous functions by a finite sequence of trapezoids, adopting linear functions to abstract the upper and the lower bounds of a continuous variable in each time slot. The lattice structure of TSF is studied, showing how to build and compute a sound abstraction of a given continuous function. Experimental results underline the effectiveness of the approach in terms of both precision and efficiency with respect to the domain of Interval Valued Step Functions (IVSF).     

A Mechanically Proved and Incremental Development of IEEE 1394 Tree Identify Protocol

The IEEE 1394 tree identify protocol illustrates the adequacy of the event-driven approach used together with the B Method. This approach provides a complete framework for developing mathematical models of distributed algorithms. A specific development is made of a series of more and more refined models. Each model is made of a number of static properties (the invariant) and dynamic parts (the guarded events). The internal consistency of each model as well as its correctness with regard to its previous abstraction are proved with the proof engine of Atelier B, which is the tool associated with B. In the case of IEEE 1394 tree identify protocol, the initial model is very primitive: it provides the basic properties of the graph (symmetry, acyclicity, connectivity), and its dynamic parts essentially contain a single event which elects the leader in one shot. Further refinements introduce more events, showing how each node of the graph non-deterministically participates in the leader election. At some stage in the development, message passing is introduced. This raises a specific potential contention problem, whose solution is given. The last stage of the refinement completely localises the events by making them take decisions based on local data only. Received July 2001/Accepted in revised form October 2003 Correspondence and offprint requests to: Dominique Méry, Université Henri Poincaré Nancy 1, LORIA, BP239, 54506 Vandœuvre-lès-Nancy Cedex, France. Email: mery@loria.fr     

Synthesizing implementations of abstract data types from axiomatic specifications

This paper describes a system for automatically generating an implementation of an abstract data type from its axiomatic specifications. Such a system can be useful for rapid prototyping and for detecting inconsistencies in the specifications by testing the generated implementation. In the generated Implementation, an instance of the data type is represented by its state. An operation on the data type is implemented by a collection of functions — a function for each of the axioms specified for the operation, and a function for the operation that determines, depending on the state of the instance(s) on which the operation is being performed, which of the axioms of the operation is applicable. The system is developed on a Sun-3 workstation running Unix. It is written in C and generates the implementation of the abstract data type in C.     

Methodical specification of abstract data types via rewriting systems

A data type is often given by an informal model. Its formal specification is an important task, but also difficult and error-prone. Here a methodology for this task is presented. Its steps are, first, the election of a canonical form defining a canonical term algebra; second, a system of sound rewriting rules powerful enough to achieve the syntactical transformations of the canonical term algebra. The final translation of rewriting rules into equations is immediate. The methodology is illustrated by the detailed presentation of a simple example.Research partly sponsored by FINEP, CNPq and the French Ministry for Foreign Affairs.     

Investigation of tritrophic interactions in an ecosystem using abstract chemistry

We investigated the population dynamics of a tritrophic interaction mediated by herbivore-induced plant volatiles that attracted carnivorous natural enemies of herbivores. We modeled the system by abstract chemistry, and an abstract rewriting system of multisets (ARMS), and compared the case where plants produced herbivore-induced volatiles with the case where they did not. We found that there was a case where herbivore-induced volatiles that attract carcivores resulted in a population increase of herbivores. This work was presented, in the Sixth International Symposium on Artificial Life and Robotics, Tokyo, Japan, January 15–17, 2001