The development and deployment of formal methods in the UK

UK researchers have made major contributions to the technical ideas underpinning formal approaches to the specification and development of computer systems. Perhaps as a consequence of this, some of the significant attempts to deploy theoretical ideas into practical environments have taken place in the UK. The authors of this paper have been involved in formal methods for many years and both have tracked a significant proportion of the whole story. This paper both lists key ideas and indicates where attempts were made to use the ideas in practice. Not all of these deployment stories have been a complete success and an attempt is made to tease out lessons that influence the probability of long-term impact.Comment: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

Fundamental Constructs in Programming Languages

Specifying the semantics of a programming language formally can have many benefits. However, it can also require a huge effort. The effort can be significantly reduced by translating language syntax to so-called fundamental constructs (funcons). A translation to funcons is easy to update when the language evolves, and it exposes relationships between individual language constructs. The PLanCompS project has developed an initial collection of funcons (primarily for translation of functional and imperative languages). The behaviour of each funcon is defined, once and for all, using a modular variant of structural operational semantics. The definitions are available online. This paper introduces and motivates funcons. It illustrates translation of language constructs to funcons, and how funcons are defined. It also relates funcons to notation used in previous frameworks, including monadic semantics and action semantics.Comment: 20 pages plus appendix, submitted to ISoLA 202

Building Specifications in the Event-B Institution

This paper describes a formal semantics for the Event-B specification language using the theory of institutions. We define an institution for Event-B, EVT, and prove that it meets the validity requirements for satisfaction preservation and model amalgamation. We also present a series of functions that show how the constructs of the Event-B specification language can be mapped into our institution. Our semantics sheds new light on the structure of the Event-B language, allowing us to clearly delineate three constituent sub-languages: the superstructure, infrastructure and mathematical languages. One of the principal goals of our semantics is to provide access to the generic modularisation constructs available in institutions, including specification-building operators for parameterisation and refinement. We demonstrate how these features subsume and enhance the corresponding features already present in Event-B through a detailed study of their use in a worked example. We have implemented our approach via a parser and translator for Event-B specifications, EBtoEVT, which also provides a gateway to the Hets toolkit for heterogeneous specification.Comment: 54 pages, 25 figure

Formal semantics for LIPS (Language for Implementing Parallel/distributed Systems)

This thesis presents operational semantics and an abstract machine for a point-to-point asynchronous message passing language called LIPS (Language for Implementing Parallel/ distributed Systems). One of the distinctive features of LIPS is its capability to handle computation and communication independently. Taking advantage of this capability, a two steps strategy has been adopted to define the operational semantics. The two steps are as follows: • A big-step semantics with single-step re-writes is used to relate the expressions and their evaluated results (computational part of LIPS). • The developed big-step semantics has been extended with Structural Operational Semantics (SOS) to describe the asynchronous message passing of LIPS (communication part of LIPS). The communication in LIPS has been implemented using Asynchronous Message Passing System (AMPS). It makes use of very simple data structures and avoids the use of buffers. While operational semantics is used to specify the meaning of programs, abstract machines are used to provide intermediate representation of the language's implementation. LIPS Abstract Machine (LAM) is defined to execute LIPS programs. The correctness of the execution of the LIPS program/expression written using the operational semantics is verified by comparing it with its equivalent code generated using the abstract machine. Specification of Asynchronous Communicating Systems (SACS) is a process algebra developed to specify the communication in LIPS programs. It is an asynchronous variant of Synchronous Calculus of Communicating Systems (SCCS). This research presents the SOS for SACS and looks at the bisimulation equivalence properties for SACS which can be used to verify the behaviour of a specified process. An implementation is said to be complete when it is equivalent to its specifications. SACS has been used for the high level specification of the communication part of LIPS programs and is implemented using AMPS. This research proves that SACS and AMPS are equivalent by defining a weak bisimulation equivalence relation between the SOS of both SACS and AMPS

Building Specifications in the Event-B Institution

This paper describes a formal semantics for the Event-B specification language using the theory of institutions. We define an institution for Event-B, EVT, and prove that it meets the validity requirements for satisfaction preservation and model amalgamation. We also present a series of functions that show how the constructs of the Event-B specification language can be mapped into our institution. Our semantics sheds new light on the structure of the Event-B language, allowing us to clearly delineate three constituent sub-languages: the superstructure, infrastructure and mathematical languages. One of the principal goals of our semantics is to provide access to the generic modularisation constructs available in institutions, including specification-building operators for parameterisation and refinement. We demonstrate how these features subsume and enhance the corresponding features already present in Event-B through a detailed study of their use in a worked example. We have implemented our approach via a parser and translator for Event-B specifications, EBtoEVT, which also provides a gateway to the Hets toolkit for heterogeneous specification

Constructing a tractable reasoning framework upon a fine-grained structural operational semantics

The primary focus of this thesis is the semantic gap between a fine-grained structural operational semantics and a set of rely/guarantee-style development rules. The semantic gap is bridged by considering the development rules to be a part of the same logical framework as the operational semantics, and a set of soundness proofs show that the development rules, though making development easier for a developer, do not add any extra power to the logical framework as a whole. The soundness proofs given are constructed to take advantage of the structural nature of the language and its semantics; this allows for the addition of new development rules in a modular fashion. The particular language semantics allows for very fine-grained concurrency. The language itself includes a construct for nested parallel execution of statements, and the semantics is written so that statements can interfere with each other between individual variable reads. The language also includes an atomic block construct for which the semantics is an embodiment of a form of software transactional memory. The inclusion of the atomic construct helps illustrate the inherent expressive weakness present in the rely/guarantee rules with respect to termination properties. As such, two development rules are proposed for the atomic construct, one of which has serious restrictions in its application, and another for which the termination property does not hold.EThOS - Electronic Theses Online ServiceRODIN project UK EPSRCGBUnited Kingdo

The Transition from VDL to VDM

This paper describes (one person's view of) how the Vienna Development Method grew out of the earlier work on the Vienna Definition Language. Both of these activities were undertaken at the IBM Laboratory Vienna during the 1960s and 70s