Encapsulating deontic and branching time specifications

In this paper, we investigate formal mechanisms to enable designers to decompose specifications (stated in a given logic) into several interacting components in such a way that the composition of these components preserves their encapsulation and internal non-determinism. The preservation of encapsulation (or locality) enables a modular form of reasoning over specifications, while the conservation of the internal non-determinism is important to guarantee that the branching time properties of components are not lost when the entire system is obtained. The basic ideas come from the work of Fiadeiro and Maibaum where notions from category theory are used to structure logical specifications. As the work of Fiadeiro and Maibaum is stated in a linear temporal logic, here we investigate how to extend these notions to a branching time logic, which can be used to reason about systems where non-determinism is present. To illustrate the practical applications of these ideas, we introduce deontic operators in our logic and we show that the modularization of specifications also allows designers to maintain the encapsulation of deontic prescriptions; this is in particular useful to reason about fault-tolerant systems, as we demonstrate with a small example.Fil: Castro, Pablo Francisco. Universidad Nacional de Río Cuarto; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; ArgentinaFil: Maibaum, Thomas S. E.. Mc Master University; Canad

A COMPOSITIONAL FRAMEWORK FOR FAULT-TOLERANCE BY SPECIFICATION TRANSFORMATION

The incorporation of a recovery algorithm into a program can be viewed as a program transformation, converting the basic program into a fault-tolerant version. We present a framework in which such program transformations are accompanied by a corresponding specification transformation which obtains properties of the fault tolerant versions of the programs from properties of the basic programs. Compositionality is achieved when every property of the fault tolerant version can be obtained from a transformed property of the basic program. A verification method for proving the correctness of specification transformations is presented. This makes it possible to prove just once that a specification transformation corresponds to a program transformation, removing the need to prove separately the correctness of each transformed program