Actors, actions, and initiative in normative system specification

The logic of norms, called deontic logic, has been used to specify normative constraints for information systems. For example, one can specify in deontic logic the constraints that a book borrowed from a library should be returned within three weeks, and that if it is not returned, the library should send a reminder. Thus, the notion of obligation to perform an action arises naturally in system specification. Intuitively, deontic logic presupposes the concept of anactor who undertakes actions and is responsible for fulfilling obligations. However, the concept of an actor has not been formalized until now in deontic logic. We present a formalization in dynamic logic, which allows us to express the actor who initiates actions or choices. This is then combined with a formalization, presented earlier, of deontic logic in dynamic logic, which allows us to specify obligations, permissions, and prohibitions to perform an action. The addition of actors allows us to expresswho has the responsibility to perform an action. In addition to the application of the concept of an actor in deontic logic, we discuss two other applications of actors. First, we show how to generalize an approach taken up by De Nicola and Hennessy, who eliminate from CCS in favor of internal and external choice. We show that our generalization allows a more accurate specification of system behavior than is possible without it. Second, we show that actors can be used to resolve a long-standing paradox of deontic logic, called the paradox of free-choice permission. Towards the end of the paper, we discuss whether the concept of an actor can be combined with that of an object to formalize the concept of active objects

On the implementation of abstract data types by programming language constructs

AbstractImplementations of abstract data types are defined via enrichments of a target type. We propose to use an extended typed λ-calculus for enrichments in order to meet the conceptual requirement that an implementation has to bring us closer to a (functional) program. Composability of implementations is investigated, the main result being that composition of correct implementations is correct if terminating programs are implemented by terminating programs. Moreover, we provide syntactical criteria to guarantee correctness of composition. The proof is based on strong normalization and Church-Rosser results of the extended λ-calculus which seem to be of interest in their own right

Semantics, Implementation and Pragmatics of Clear, a Program Specification Language

Specifications are necessary for communicating decisions and intentions and for documenting results at many stages of the program development process. Informal specifications are typically used today, but they are imprecise and often ambiguous. Formal specifications are precise and exact but are more difficult to write and understand. We present work aimed toward enabling the practical use of formal specifications in program development, concentrating on the Clear language for structured algebraic specification. Two different but equivalent denotational semantics for Clear are given. One is a version of a semantics due to Burstall and Goguen with a few corrections, in which the category-theoretic notion of a colimit is used to define Clear's structuring operations independently of the underlying 'institution' (logical formalism). The other semantics defines the same operations by means of straightforward set-theoretic constructions; it is not institutionindependent but it can be modified to handle all institutions of apparent interest. Both versions of the semantics have been implemented. The settheoretic implementation is by far the more useful of the two, and includes a parser and typechecker. An implementation is useful for detecting syntax and type errors in specifications, and can be used as a front end for systems which manipulate specifications. Several large specifications which have been processed by the set-theoretic implementation are presented. A semi-automatic theorem prover for Clear built on top of the Edinburgh LCF system is described. It takes advantage of the structure of Clear specifications to restrict the available information to that which seems relevant to proving the theorem at hand. If the system is unable to prove a theorem automatically the user can attempt the proof interactively using the high-level primitives and inference rules provided. We lay a theoretical foundation for the use of Clear in systematic program development by investigating a new notion of the implementation of a specification by a lower-level specification. This notion extends to handle parameterised specifications. We show that this implementation relation is transitive and commutes with Clear's structuring operations under certain conditions. This means that a large specification can be refined to a program in a gradual and modular fashion, where the correctness of the individual refinements guarantees the correctness of the resulting program

LEX : a case study in development and validation of formal specifications

The paper describes an experiment in the combined use of various tools for the development and validation of formal specifications. The first tool consists of a very abstract, (non-executable) axiomatic specification language. The second tool consists of an (executable) constructive specification language. Finally, the third tool is a verification system. The first two tools were used to develop two specifications for the same case study, viz. a generic scanner similar to the tool LEX present in UNIX. Reflecting the nature of the tools the first specification is abstract and non-executable, whereas the second specification is less abstract but executable. Thereupon the verification system was used to formally prove that the second specification is consistent with the first in that it describes the same problem. During this proof it appeared that both specifications contained conceptual errors (adequacy errors). It is argued that the combined use of tools similar to those employed in the experiment may substantially increase the quality of the software developed

Algebraic specification : syntax, semantics, structure

Algebraic specification is the technique of using algebras to model properties of a system and using axioms to characterize such algebras. Algebraic specification comprises two aspects: the underlying logic used in the axioms and algebras, and the use of a small, general set of operators to build specifications in a structured manner. We describe these two aspects using the unifying notion of institutions. An institution is an abstraction of a logical system, describing the vocabulary, the kinds of axioms, the kinds of algebras, and the relation between them. Using institutions, one can define general structuring operators which are independent of the underlying logic. In this paper, we survey the different kind of logics, syntax, semantics, and structuring operators that have been used in algebraic specification