13,253 research outputs found
Modal logics for reasoning about object-based component composition
Component-oriented development of software supports the adaptability and maintainability of large systems, in particular if requirements change over time and parts of a system have to be modified or replaced. The software architecture in such systems can be described by components
and their composition. In order to describe larger architectures, the composition concept becomes crucial. We will present a formal framework for component composition for object-based software development. The deployment of modal logics for defining components and component composition will allow us to reason about and prove properties of components and compositions
Recommended from our members
Automated verification of refinement laws
Demonic refinement algebras are variants of Kleene algebras. Introduced by von Wright as a light-weight variant of the refinement calculus, their intended semantics are positively disjunctive predicate transformers, and their calculus is entirely within first-order equational logic. So, for the first time, off-the-shelf automated theorem proving (ATP) becomes available for refinement proofs. We used ATP to verify a toolkit of basic refinement laws. Based on this toolkit, we then verified two classical complex refinement laws for action systems by ATP: a data refinement law and Back's atomicity refinement law. We also present a refinement law for infinite loops that has been discovered through automated analysis. Our proof experiments not only demonstrate that refinement can effectively be automated, they also compare eleven different ATP systems and suggest that program verification with variants of Kleene algebras yields interesting theorem proving benchmarks. Finally, we apply hypothesis learning techniques that seem indispensable for automating more complex proofs
Style-Based architectural reconfigurations
We introduce Architectural Design Rewriting (ADR), an approach to the design of reconfigurable software architectures whose key features are: (i) rule-based approach (over graphs); (ii) hierarchical design; (iii) algebraic presentation; and (iv) inductively-defined reconfigurations. Architectures are modelled by graphs whose edges and nodes represent components and connection ports. Architectures are designed hierarchically by a set of edge replacement rules that fix the architectural style. Depending on their reading, productions allow: (i) top-down design by refinement, (ii) bottom-up typing of actual architectures, and (iii) well-formed composition of architectures. The key idea is to encode style proofs as terms and to exploit such information at run-time for guiding reconfigurations. The main advantages of ADR
are that: (i) instead of reasoning on flat architectures, ADR specifications provide a convenient hierarchical structure, by exploiting the architectural classes introduced by the style, (ii) complex reconfiguration schemes can be defined inductively, and (iii) style-preservation is guaranteed
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
- …