Crypt-equivalent algebraic specifications

Summary Equivalence is a fundamental notion for the semantic analysis of algebraic specifications. In this paper the notion of “crypt-equivalence” is introduced and studied w.r.t. two “loose” approaches to the semantics of an algebraic specificationT: the class of all first-order models ofT and the class of all term-generated models ofT. Two specifications are called crypt-equivalent if for one specification there exists a predicate logic formula which implicitly defines an expansion (by new functions) of every model of that specification in such a way that the expansion (after forgetting unnecessary functions) is homologous to a model of the other specification, and if vice versa there exists another predicate logic formula with the same properties for the other specification. We speak of “first-order crypt-equivalence” if this holds for all first-order models, and of “inductive crypt-equivalence” if this holds for all term-generated models. Characterizations and structural properties of these notions are studied. In particular, it is shown that firstorder crypt-equivalence is equivalent to the existence of explicit definitions and that in case of “positive definability” two first-order crypt-equivalent specifications admit the same categories of models and homomorphisms. Similarly, two specifications which are inductively crypt-equivalent via sufficiently complete implicit definitions determine the same associated categories. Moreover, crypt-equivalence is compared with other notions of equivalence for algebraic specifications: in particular, it is shown that first-order cryptequivalence is strictly coarser than “abstract semantic equivalence” and that inductive crypt-equivalence is strictly finer than “inductive simulation equivalence” and “implementation equivalence”.     

Observational implementation of algebraic specifications

Summary An observational approach to the construction of implementations of algebraic specifications is presented. Based on the theory of observational specifications an implementation relation is defined which formalizes the intuitive idea that an implementation is correct if it produces correct observable output. To be useful in practice proof theoretic criteria for observational implementations are provided and a proof technique (called context induction) for the verification of implementation relations is presented. As an example an abstract specification of (the algebraic semantics of) a small imperative programming language is implemented by a state oriented specification of the language.In order to support the modular construction of implementations the approach is extended to parameterized observational specifications. Based on the notion of observable parameter context a proof theoretic criterion for parametrized observational implementations is presented and it is shown that under appropriate conditions observational implementations compose horizontally. The given implementation criteria are applied to examples.     

Behavioural approaches to algebraic specifications

This paper focuses on observability issues in the framework of loose algebraic specifications. The main purpose of observability is to extend the model class of some given algebraic specification in order to consider not only the algebras that satisfy the axioms of the specification in order to consider not only the algebras that satisfy the axioms of the specification, but as well other ones, provided that the differences between the properties satisfied by these algebras and the properties required by the specification (i.e., the axioms) are not “observable”. We compare various behavioural approaches developed so far. We point out their respective advantages and limitations. Expressive power is our main criterion for the discussion.     

Exhaustive test sets for algebraic specifications

In the context of testing from algebraic specifications, test cases are ground formulas chosen amongst the ground semantic consequences of the specification, according to some possible additional observability conditions. A test set is said to be exhaustive if every programme P passing all the tests is correct and if for every incorrect programme P, there exists a test case on which P fails. Because correctness can be proved by testing on such a test set, it is an appropriate basis for the selection of a test set of practical size. The largest candidate test set is the set of observable consequences of the specification. However, depending on the nature of specifications and programmes, this set is not necessarily exhaustive. In this paper, we study conditions to ensure the exhaustiveness property of this set for several algebraic formalisms (equational, conditional positive, quantifier free and with quantifiers) and several test hypotheses. Copyright © 2016 John Wiley & Sons, Ltd.     

Nondeterministic algebraic specifications and nonconfluent term rewriting

Algebraic specifications are generalized to the case of nondeterministic operations by admitting models with set-valued functions (multialgebras). General (in particular, nonconfluent) term-rewriting systems are studied as a specification language for this semantic framework. A calculus for nondeterministic specifications is given which is similar to term rewriting but which employs an additional determinacy predicate. Soundness, ground completeness, and initiality results are given. Small examples illustrate the range of possible applications.     

Designing dependable logic controllers using algebraic specifications

Formal methods can strongly contribute to improve dependability of logic controllers during design, by providing means to avoid flaws due to designers’ omissions or specifications misinterpretations. This article presents a formal synthesis method that is aimed at obtaining the control laws of a logic system from specifications given in natural language. The formal framework that underlies the method is a Boolean algebra for logic discrete event systems. The operations and relations of this algebra enable to represent controller specifications formally, to detect inconsistencies within specifications and to generate control laws from a consistent specifications set. The scalability of this method is clearly demonstrated with the help of the case study of an experimental manufacturing line.     

Soundness in verification of algebraic specifications with OBJ

The algebraic specification tools of the OBJ family have no notion of open terms or quantifiers. Nonetheless there are methods of proving universally quantified statements about specifications. These methods are examined and found to be unsound.     

Manipulating algebraic specifications with term-based and graph-based representations

In an environment of continuous and rapid evolution, software design methodologies must incorporate techniques and tools that support changes in software artifacts. In the project, we are developing a tool targeted at software designers that integrates a collection of operations on algebraic specifications written in the language. The scope of includes not only modification of existing specifications, but also creation or derivation of new specifications, as well as their proof and execution, which are realized through inter-operability with existing tools. As involves the manipulation of software specification and inter-operability with other tools, the question of choosing appropriate representation formats is important. In this paper, we discuss the advantages and limitations of as a manipulation and exchange format in the setting of . We also present a new, graph-like format, which offers complementary features to a term-based format. Moreover, we present visualization utilities for these formats.     

Development of communication protocols using algebraic and temporal specifications

The paper pursues two main goals. First, an attempt is made to specify and verify protocols in a completely rigorous manner using the formalisms of temporal logic and algebraic specification. Second––and even more important––the protocol specifications are not presented as monolithic pieces of text, but rather are developed in a stepwise process, evolving from simple genotypes into the final complex products. This is illustrated with selected fragments of the TCP/IP protocol.     

Abstract Implementation of Algebraic Specifications in a Temporal Logic Language

A formal technique for incorporating two specification paradigms is presented,in which an algebraic specification is implemented by a set of abstract procedures specified in pre and post-condition style.The link between the two level specifications is provided via a translation from terms of algebraic specifications into temporal logic formulae representing abstract programs.In terms of translation,a criterion for an abstract implementation satisfying its specification is given,which allows one to check the consistency between the two levels of specifications.The abstract implementations can be refined into executable code by refining each abstract procedure in it.It is proved that the satisfication relation between a specification and its implementations is preserved by such refinement steps.     

Toward formal development of programs from algebraic specifications: Implementations revisited

Summary The program development process is viewed as a sequence of implementation steps leading from a specification to a program. Based on an elementary notion of refinement, two notions of implementation are studied: constructor implementations which involve a construction “on top of” the implementing specification, and abstractor implementations which additionally provide for abstraction from some details of the implemented specification. These subsume most formal notions of implementation in the literature. Both kinds of implementations satisfy a vertical composition and a (modified) horizontal composition property. All the definitions and results are shown to generalise to the framework of an arbitrary institution, and a way of changing institutions during the implementation process is introduced. All this is illustrated by means of simple concrete examples. An extended abstract of this paper appeared in [65].     

Toward formal development of programs from algebraic specifications: Implementations revisited

Summary The program development process is viewed as a sequence of implementation steps leading from a specification to a program. Based on an elementary notion of refinement, two notions of implementation are studied: constructor implementations which involve a construction on top of the implementing specification, and abstractor implementations which additionally provide for abstraction from some details of the implemented specification. These subsume most formal notions of implementation in the literature. Both kinds of implementations satisfy a vertical composition and a (modified) horizontal composition property. All the definitions and results are shown to generalise to the framework of an arbitrary institution, and a way of changing institutions during the implementation process is introduced. All this is illustrated by means of simple concrete examples.An extended abstract of this paper appeared in [65]     

Toward formal development of programs from algebraic specifications: Parameterisation revisited

Parameterisation is an important mechanism for structuring programs and specifications into modular units. The interplay between parameterisation (of programs and of specifications) and specification (of parameterised and of non-parameterised programs) is analysed, exposing important semantic and methodological differences between specifications of parameterised programs and parameterised specifications. The extension of parameterisation mechanisms to the higher-order case is considered, both for parameterised programs and parameterised specifications, and the methodological consequences of such an extension are explored.A specification formalism with parameterisation of an arbitrary order is presented. Its denotational-style semantics is accompanied by an inference system for proving that an object satisfies a specification. The formalism includes the basic specification-building operations of the ASL specification language and is institution independent.     

Deriving protocol specifications from service specifications written in LOTOS

Summary.  A complete communication system is broken down into a number of protocol layers each of which provides services to the layer above it and uses services provided by its underlying layer. A service specification defines a particular ordering of the operations that a given layer provides to the layer above it. The active elements in each layer are called entities and they use a protocol in order to implement their service definition. On the basis of this relation between the service and protocol concepts we have developed algorithms for deriving protocol entity specifications from a formal service specification. The derived protocol entities ensure the correct ordering of the service primitives by exchanging synchronization messages through an underlying communication medium. This paper presents an extended version of our earlier derivation algorithms. This version of the algorithm can handle all operators and unrestricted process invocation and recursion as defined by basis LOTOS. The correctness of this derivation algorithm is formally proved. Received: January 1992 / Accepted: February 1996