Generic refinements for behavioral specifications

This thesis investigates the properties of generic refinements of behavioral specifications. At the base of this investigation stands the view from algebraic specification that abstract data types can be modeled as algebras. A specification of a data type is formed from a syntactic part, i.e. a signature detailing the interface of the data type, and a semantic part, i.e. a class of algebras (called its models) that contains the valid implementations of that data type. Typically, the class of algebras that constitutes the semantics of a specification is defined as the class of algebras that satisfy some given set of axioms. The behavioral aspect of a specification comes from relaxing the requirements imposed by axioms, i.e. by allowing in the semantics of a specification not only the algebras that literally satisfy the given axioms, but also those algebras that appear to behave according to those axioms. Several frameworks have been developed to express the adequate notions of what it means to be a behavioral model of a set of axioms, and our choice as the setting for this thesis will be Bidoit and Hennicker’s Constructor-based Observational Logic, abbreviated COL. Using specifications that rely on the behavioral aspects defined by COL we study the properties of generic refinements between specifications. Refinement is a relation between specifications. The refinement of a target specification by a source specification is given by a function that constructs models of the target specification from the models of the source specification. These functions are called constructions and the source and target specifications that they relate are called the context of the refinement. The theory of refinements between algebraic specifications, with or without the behavioral aspect, has been well studied in the literature. Our analysis starts from those studies and adapts them to COL, which is a relatively new framework, and for which refinement has been studied only briefly. The main part of this thesis is formed by the analysis of generic refinements. Generic refinements are represented by constructions that can be used in various contexts, not just in the context of their definition. These constructions provide the basis for modular refinements, i.e. one can use a locally defined construction in a global context in order to refine just a part of a source specification. The ability to use a refinement outside its original context imposes additional requirements on the construction that represents it. An implementer writing such a construction must not use details of the source models that can be contradicted by potential global context requirements. This means, roughly speaking, that he must use only the information available in the source signature and also any a priori assumption that was made about the contexts of use. We look at the basic case of generic refinements that are reusable in every global context, and then we treat a couple of variations, i.e. generic refinements for which an a priori assumption it is made about the nature of their usage contexts. In each of these cases we follow the same pattern of investigation. First we characterize the constructions that ensure reusability by means of preservation of relations, and then, in most cases, we show that such constructions must be definable in terms of their source signature. Throughout the thesis we use an informal analogy between generic (i.e. polymorphic) functions that appear in second order lambda calculus and the generic refinements that we are studying. This connection will enable us to describe some properties of generic refinements that correspond to the properties of polymorphic functions inferred from their types and named “theorems for free” by Wadler. The definability results, the connection between the assumptions made about the usage contexts and the characterizing relations, and the “theorems for free” for behavioral specifications constitute the main contributions of this thesis

Foundational Extensible Corecursion

This paper presents a formalized framework for defining corecursive functions safely in a total setting, based on corecursion up-to and relational parametricity. The end product is a general corecursor that allows corecursive (and even recursive) calls under well-behaved operations, including constructors. Corecursive functions that are well behaved can be registered as such, thereby increasing the corecursor's expressiveness. The metatheory is formalized in the Isabelle proof assistant and forms the core of a prototype tool. The corecursor is derived from first principles, without requiring new axioms or extensions of the logic

How we might be able to Understand the Brain

Current methodologies in the neurosciences have difficulty in accounting for complex phenomena such as language, which can however be quite well characterised in phenomenological terms. This paper addresses the issue of unifying the two approaches. We typically understand complicated systems in terms of a collection of models, each characterisable in principle within a formal system, it being possible to explain higher-level properties in terms of lower level ones by means of a series of inferences based on these models. We consider the nervous system to be a mechanism for implementing the demands of an appropriate collection of models, each concerned with some aspect of brain and behaviour, the observer mechanism of Baas playing an important role in matching model and behaviour in this context. The discussion expounds these ideas in detail, showing their potential utility in connection with real problems of brain and behaviour, important areas where the ideas can be applied including the development of higher levels of abstraction, and linguistic behaviour, as described in the works of Karmiloff-Smith and Jackendoff respectively

An overview of Mirjam and WeaveC

In this chapter, we elaborate on the design of an industrial-strength aspectoriented programming language and weaver for large-scale software development. First, we present an analysis on the requirements of a general purpose aspect-oriented language that can handle crosscutting concerns in ASML software. We also outline a strategy on working with aspects in large-scale software development processes. In our design, we both re-use existing aspect-oriented language abstractions and propose new ones to address the issues that we identified in our analysis. The quality of the code ensured by the realized language and weaver has a positive impact both on maintenance effort and lead-time in the first line software development process. As evidence, we present a short evaluation of the language and weaver as applied today in the software development process of ASML

Specification Patterns for Robotic Missions

Mobile and general-purpose robots increasingly support our everyday life, requiring dependable robotics control software. Creating such software mainly amounts to implementing their complex behaviors known as missions. Recognizing the need, a large number of domain-specific specification languages has been proposed. These, in addition to traditional logical languages, allow the use of formally specified missions for synthesis, verification, simulation, or guiding the implementation. For instance, the logical language LTL is commonly used by experts to specify missions, as an input for planners, which synthesize the behavior a robot should have. Unfortunately, domain-specific languages are usually tied to specific robot models, while logical languages such as LTL are difficult to use by non-experts. We present a catalog of 22 mission specification patterns for mobile robots, together with tooling for instantiating, composing, and compiling the patterns to create mission specifications. The patterns provide solutions for recurrent specification problems, each of which detailing the usage intent, known uses, relationships to other patterns, and---most importantly---a template mission specification in temporal logic. Our tooling produces specifications expressed in the LTL and CTL temporal logics to be used by planners, simulators, or model checkers. The patterns originate from 245 realistic textual mission requirements extracted from the robotics literature, and they are evaluated upon a total of 441 real-world mission requirements and 1251 mission specifications. Five of these reflect scenarios we defined with two well-known industrial partners developing human-size robots. We validated our patterns' correctness with simulators and two real robots