On the execution of high level formal specifications

Executable specifications can serve as prototypes of the specified system and as oracles for automated testing of implementations, and so are more useful than non-executable specifications. Executable specifications can also be debugged in much the same way as programs, allowing errors to be detected and corrected at the specification level rather than in later stages of software development. However, existing executable specification languages often force the specifier to work at a low level of abstraction, which negates many of the advantages of non-executable specifications. This dissertation shows how to execute specifications written at a level of abstraction comparable to that found in specifications written in non-executable specification languages. The key innovation is an algorithm for evaluating and satisfying first order predicate logic assertions written over abstract model types. This is important because many specification languages use such assertions. Some of the features of this algorithm were inspired by techniques from constraint logic programming

Symbolic execution: a semantic approach

AbstractThis paper discusses symbolic execution from a semantic point of view, covering both programs and specifications. It defines the denotational semantics of symbolic execution of specifications and programs, and thus introduces a notion of correctness of symbolic execution which applies not just to an individual language but to a wide class of languages, namely those whose semantics can be described in terms of states and state transformations. Also described are the operational semantics of a language as used for symbolic execution.This work also provided the basis of the prototype symbolic execution system SYMBEX which was developed at the University of Manchester as part of the mural project. However, this paper only covers the theoretical foundations used by SYMBEX, but not the system itself

A Formal Methodology for Deriving Purely Functional Programs From Z Specifications via the Intermediate Specification Language FunZ.

In recent years, both formal methods and software reuse have been increasingly advocated as a means of alleviating the ills of the software crisis. During this same time period, purely functional programming languages, which have a long history in the realm of rapid prototyping, have emerged as a viable medium for real-world applications. Since these trends are likely to continue, this work describes a methodology that facilitates the derivation of purely functional programs from existing Z specifications. A unique aspect of the methodology is its incorporation of an intermediate specification language (FunZ) during the design phase of software development. Most of the previous techniques for translating Z specifications to functional programs were designed primarily to expedite rapid prototyping. In contrast, the FunZ methodology, which is an adapted form of the IBM Hursley method, is a comprehensive approach, spanning the software life cycle from specification through design to final implementation. Due to its greater scope, the FunZ methodology offers several advantages over existing approaches. First, the specification language integrates features from Z with those of the functional programming paradigm to provide a bridge between Z specifications and functional implementations. Since FunZ is expressly designed to target functional languages, the implementor\u27s job is simplified. In fact, a FunZ document looks like extended Haskell code, so an obvious effect in applying FunZ is that the distance from design to code is reduced. Second, the methodology provides a framework for recording design decisions, which is useful for future maintenance. Within this framework, users may select a development path ranging from an intuitive style to a fully formal approach that includes the proofs of functional refinement. Furthermore, FunZ allows software developers to prove properties about a system design within the realm of Z or Haskell. This means that proofs can be performed throughout software development and the designer is free to select the most appropriate notation. In summary, the intermediate specification language FunZ and its related methodology provide software developers with a complete, formal approach for translating Z specifications to Haskell implementations. Previously, such extensive methods were only available for traditional, imperative languages

Proving Correctness of Modular Functional Programs

One reason for studying and programming in functional programming languages is that they are easy to reason about, yet there is surprisingly little work on proving the correctness of large functional programs. In this dissertation I show how to provide a system for proving the correctness of large programs written in a major functional programming language, ML. ML is split into two parts: the Core (in which the actual programs are written), and Modules (which are used to structure Core programs). The dissertation has three main themes: Due to the detail and complexity of proofs of programs, a realistic system should use a computer proof assistant, and so I first discuss how such a system can be coded in a generic proof assistant (I use Paulson's Isabelle). I give a formal proof system for proving properties of programs written in the functional part of Core ML. The Modules language is one of ML's strengths: it allows the programmer to write large programs by controlling the interactions between its parts. In the final part of the dissertation I give a method of proving correctness of ML Modules programs using the well-known data reification method. Proofs of reification using this method boil down to proofs in the system for the Core

The Logic of the RAISE Specification Language

This paper describes the logic of the RAISE Specification Language, RSL. It explains the particular logic chosen for RAISE, and motivates this choice as suitable for a wide spectrum language to be used for designs as well as initial specifications, and supporting imperative and concurrent specifications as well as applicative sequential ones. It also describes the logical definition of RSL, its axiomatic semantics, as well as the proof system for carrying out proofs

On the Formal Specification and Derivation of Relational Database Applications

The development of database applications is usually carried out informally. The derivation of database programs directly from formal specifications is a well known and unsolved problem. Most of the previous work in the area either tried to solve the problem too generally or was restricted to some trivial aspects, for example deriving the database structure and/or simple operations. This thesis describes an extension to the traditional database design process aimed at formalizing the development of (relational) database applications. Specifically, it gives a complete description of a general method for the specification of relational database applications using Z, as well as a comprehensive description of a set of rules on how to derive database programs from specifications which result from using the method. The method prescribes how to specify all the important aspects of relational database applications, which includes the definition of relations, the specification of constraints, and querying and updating of relations, including error handling. It also addresses more advanced features such as transactions, sorting of results, aggregate functions, etc. However difficult in general, deriving relational database applications directly from Z specifications written according to the method is not arduous. With appropriate tool support, writing formal specifications according to the method and deriving the corresponding relational database programs can be straightforward. Moreover, it should produce code which is standardized and thus easier to understand and maintain. An intrinsic part of the thesis is a prototype which was built to support the method. It provides a syntactic editor for the method and partially implements the mapping for a specific Relational Database Management System (RDBMS), namely the DBPL system

A Survey of Languages for Specifying Dynamics: A Knowledge Engineering Perspective

A number of formal specification languages for knowledge-based systems has been developed. Characteristics for knowledge-based systems are a complex knowledge base and an inference engine which uses this knowledge to solve a given problem. Specification languages for knowledge-based systems have to cover both aspects. They have to provide the means to specify a complex and large amount of knowledge and they have to provide the means to specify the dynamic reasoning behavior of a knowledge-based system. We focus on the second aspect. For this purpose, we survey existing approaches for specifying dynamic behavior in related areas of research. In fact, we have taken approaches for the specification of information systems (Language for Conceptual Modeling and TROLL), approaches for the specification of database updates and logic programming (Transaction Logic and Dynamic Database Logic) and the generic specification framework of abstract state machine

Fourth NASA Langley Formal Methods Workshop

This publication consists of papers presented at NASA Langley Research Center's fourth workshop on the application of formal methods to the design and verification of life-critical systems. Topic considered include: Proving properties of accident; modeling and validating SAFER in VDM-SL; requirement analysis of real-time control systems using PVS; a tabular language for system design; automated deductive verification of parallel systems. Also included is a fundamental hardware design in PVS