Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction, pages 399--422, 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....to formally analyze the JVM in order to increase confidence in its correctness. That involves verifying that the existing mechanisms exhibit desired properties, or identifying flaws and proposing fixes. Another major goal of ours is to derive implementations of some JVM components using Specware [6], a system developed at Kestrel Institute, that supports provably # Correspondence to: Alessandro Coglio, Kestrel Institute, 3260 Hillview Avenue, Palo Alto, CA 94304, U.S.A. E mail: coglio kestrel.edu URL: http: www.kestrel.edu Copyright # 2001 John Wiley Sons, Ltd. correct, ....

Srinivas Y, Jullig R. Specware: Formal support for composing software. Proceedings of the 3rd Conference on Mathematics of Program Construction (Lecture Notes in Computer Science, vol. 947), Moeller B (ed.). Springer: Berlin, 1995; 399--422.

....We are currently developing mathematical specifications for various components of the JVM, including the bytecode verifier [2, 4, 7] the class loading mechanism [8] and the Java 2 security mechanisms. We are also deriving a complete implementation of the bytecode verifier [2] through Specware [10], a system developed at Kestrel Institute that supports provably correct, compositional development of software from formal specifications. In the course of our forrealization efforts, we have uncovered subtle bugs in Sun JDK 1.2.2 that lead to type safety violations. These bugs are in the ....

ellamraju Srinivas and Richard Jiillig. Specware: Formal support for composing software. In B. Moeller, editor, Proceedings of the Conference on Mathematics of Program Construction, pages 399-422. LNCS 947, Springer-Verlag, Berlin, 1995.

....S relative to T , and also the decidability of S modulo the decidability of T . Theories and theory interpretations have also become important in higher order logic and type theory with languages such as EHDM [EHD93] IMPS [Far92] HOL [Win92] Maude [CDE 99] Extended ML [ST97] and SPECWARE [SJ95] In these languages, theories are used as structuring mechanisms for large specifications so that abstract theories can be refined into more concrete ones through interpretation. In this report, we describe a theory interpretation mechanism for the PVS specification language. Specification ....

....in flavor to PVS theory interpretations, the underlying logic of Nqthm is a fragment of first order logic whose expressive power is more limited than the higher order logic of PVS. In addition, Nqthm lacks types and structuring mechanisms such as parametric theories. The SPECWARE language [SJ95] employs theory interpretations as a mechanism for the stepwise refinement of specifications into executable code. SPECWARE has constructs for composing specifications while identifying the common components, and for compositionally refining specifications so that the refinement of a ....

Yellamraju V. Srinivas and Richard Jullig. Specware: Formal support for composing software. In Bernhard Moller, editor, Mathematics of Program Construction, number 947 in Lecture Notes in Computer Science, pages 399-- 422. Springer-Verlag, 1995.

....structure and behavior of systems. The framework supports precise, automatable operations for the composition of especs and their re nement. The espec framework is partially implemented in the Epoxi system. Especs grew out of higher order algebraic speci cations as implemented in Specware [11], the evolving algebras of Gurevich (aka abstract state machines) 4] as well as the classical axiomatic semantics of Floyd Hoare Dijkstra. Especs go beyond all three, not only allowing the capture of logical structure and behavior, but also the composition of systems and their re nement to ....

....The paper is structured straightforwardly. We rst discuss how to extend logical speci cations to model behavior, and then de ne especs and how to re ne and compose them formally. These concepts are illustrated by simple examples. This paper presumes some knowledge of basic category theory (see [2, 11] for relevant background) More details about especs may be found in [8] Related approaches to providing categorical foundations for specifying, composing and re ning behaviors may be found in [3, 5] 2 From Logical Theories to State Machines Behaviors EPOXI is made of two basic building ....

[Article contains additional citation context not shown here]

Srinivas, Y. V., and J ullig, R. Specware: Formal support for composing software. In Proceedings of the Conference on Mathematics of Program Construction, B. Moeller, Ed. LNCS 947, Springer-Verlag, Berlin, 1995, pp. 399-422.

....Kan extensions and colimits in SPEC. In the sequel we will generally use the term refinement to mean a diagram morphism. 2.5 Logic Morphisms and Code Generation Inter logic morphisms [3] are used to translate specifications from the specification logic to the logic of a programming language. See [8] for more details. They are also useful for translating between the specification logic and the logic supported byvarious theorem provers and analysis tools. They are also useful for translating between the theory libraries of various systems. 9 3 Software Developmentby Refinement S 0 S n ....

Srinivas, Y. V., and J ullig, R. Specware: Formal support for composing software. In Proceedings of the Conference on Mathematics of Program Construction, B. Moeller, Ed. LNCS 947, Springer-Verlag, Berlin, 1995, pp. 399-- 422. 16

....objects, operations, and properties in some domain of interest, and the axioms constrain the meaning of the symbols. The theory of the domain is the closure of the axioms under the rules of inference. Example: Here is a speci cation for partial orders, using notation adapted from Specware [18]. It introduces a sort E and an in x binary predicate on E, called le, which is constrained by the usual axioms. Although Specware allows higher order speci cations, rst order formulations are sucient in this paper. spec Partial Order is The generic term expression will be used to refer ....

....with respect to an abstract re nement (here BtoS) is a key tool in our approach to mechanizing the development process. 2.5 Logic Morphisms and Code Generation Inter logic morphisms [9] are used to translate speci cations from the speci cation logic to the logic of a programming language. See [18] for more details. They are also useful for translating between the speci cation logic and the logic supported by various theorem provers and analysis tools. They are also useful for translating between the theory libraries of various systems. 6 3 Software Development by Re nement S 0 S 1 ....

Srinivas, Y. V., and J ullig, R. Specware: Formal support for composing software. In Proceedings of the Conference on Mathematics of Program Construction, B. Moeller, Ed. LNCS 947, Springer-Verlag, Berlin, 1995, pp. 399-422.

.... development ( from specs to code ) Previous work at Kestrel Institute has implemented the Specware Designware framework for the development of functional programs that is based on a category of higherorder logical specifications, composition by colimit, and refinement by diagram morphisms [12, 11]. The current work builds on and extends this framework with behavioral specifications (especs) representing state machines as diagrams of specifications, and again using composition by colimit and refinement by diagram morphism. Related approaches to representing behavior in terms of a category ....

SRINIVAS, Y. V., AND J/JLLIG, R. Specware: Formal support for composing soft- ware. In Proceedings of the Conference on Mathematics of Program Construction, B. Moeller, Ed. LNCS 947, Springer-Verlag, Berlin, 1995, pp. 399-422.

....themselves be formalized to some degree. We need the notion of a lattice of theories, in which T T2 if T2 can express everything T can express but not vice versa. In other words, T= makes distinctions that T doesn t make. We think this idea can be developed using the concept of theory morphism [23]. The other main unknown in this line of research is how tightly the search for a transformation can be controlled. The derivation strategy that has emerged from our examples is to perform second order matching modulo the laws of the domain theory. Matching rules are applied unless doing so would ....

....rules are applied unless doing so would expose the terms of the topic domain theory. At that point we use sourcifying rules to wrap topic terms inside constructs from the source domain. The implementation mentioned in Section 6 used the Specware general purpose theorem prover to find glue code [23]. It is worth seeing if a more specialized algorithm would be more efficient. A key issue is acquisition of the common domain theory and the domainspecific rules. The rules of the domain theory are used to reformulate various terms to facilitate the matching process. This suggests that a ....

Y. Srinivas and R. Jiillig. Specware: Formal support for composing software. In Proc. Conf. on Mathematics of Program Construction, pages 399-422. Springer-Verlag, 1995. B. Moeller, Ed. LNCS 947.

....processes that can connect to the library at any time. The library can communicate with arbitrarily many other processes. This allows the user to connect several refiners and evaluators simultaneously, e.g. the Nuprl and MetaPRL [Met] refiners, major systems like HOL, PVS, #mega, or SPECWARE [SJ95] decision procedures, first order provers, Mathematica [Wol88] and the Maude [C 99b] rewrite engine, and to have them cooperate through the library, which stores the formal knowledge required by these tools. It is also possible to run di#erent refiners in parallel on the same proof goal or ....

Y. V. Srinivas and Richard Jullig. SPECWARE: Formal Support for composing software. In Mathematics of Program Construction, 1995.

....and the way they encode it. In software engineering there has been considerable work on formal methods for software specification, based on the construction and composition of theories, and using category theory (applied to algebraic specifications) as a mathematical basis (e.g. Goguen, 1986, Srinivas and Jullig, 1995] SpecWare is an example of a software development environment which is based on this approach and is capable of synthesizing software semi automatically [Jullig et al. 1995] As described in Section 2, our work can be viewed as motivating, simplifying, and applying similar ideas to the task of ....

Srinivas, Y. V. and Jullig, R. (1995). Specware: Formal support for com- posing software. In Proc. Conf. on the Mathematics of Program Construction, Kloster Irsee, Germany. (Also Kestrel Tech Rept KES.U.94.5, http://www'kestrel'edu/HTML/publicatins'html)'

....has been code generation. Although commercial code generators are mostly limited to generating stub codes from high level models (e.g. in UML) program synthesis systems that can generate fully executable code from high level behavioral specifications are rapidly maturing (see, for example, [16, 15]) in some cases to the point of commercialization (e.g. SciNapse [1] In program synthesis, there is potential for automatically verifying more interesting properties because additional background information from the specification and the synthesis knowledge base is available. The ....

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In B. Moller, editor, Mathematics of Program Construction: third international conference, MPC '95, volume 947 of Lecture notes in computer science, Kloster Irsee, Germany, 1995. Springer.

....not only code but also proofs that properties hold in the code. This technique has the potential to reduce the costs of testing generated code. 1. Introduction Program synthesis systems generating fully executable code from high level specifications are rapidly maturing (see, for example, [9, 8]) in some cases to the point of commercialization (e.g. SciNapse [1] However, the use of such systems is limited by concerns about the correctness of the generated code. If program synthesis systems can be augmented to generate correctness guarantees as well as the code, then some of the ....

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction (MPC'95), volume 947 of LNCS. Springer, 1995.

....be formalized to some degree. We need the notion of a lattice of theories, in which T 1 # T 2 if T 2 can express everything T 1 can express but not vice versa. In other words, T 2 makes distinctions that T 1 doesn t make. We think this idea can be developed using the concept of theory morphism [23]. The other main unknown in this line of research is how tightly the search for a transformation can be controlled. The derivation strategy that has emerged from our examples is to perform second order matching modulo the laws of the domain theory. Matching rules are applied unless doing so would ....

....rules are applied unless doing so would expose the terms of the topic domain theory. At that point we use sourcifying rules to wrap topic terms inside constructs from the source domain. The implementation mentioned in Section 6 used the Specware general purpose theorem prover to find glue code [23]. It is worth seeing if a more specialized algorithm would be more e#cient. A key issue is acquisition of the common domain theory and the domainspecific rules. The rules of the domain theory are used to reformulate various terms to facilitate the matching process. This suggests that a means end ....

Y. Srinivas and R. Jullig. Specware: Formal support for composing software. In Proc. Conf. on Mathematics of Program Construction, pages 399--422. Springer-Verlag, 1995. B. Moeller, Ed. LNCS 947.

....for preserving their structure. Besides the obvious understandability and design documentation reasons, it is often very useful to consider theory building operations whose results are structured theories. For example, re ning a software design can be best understood as re ning structured theories [44]. There are also more intrinsic reasons, namely, when the semantics associated to a structured module essentially depends on its structure. For example, we often want to associate to the inclusion of a parameter theory into the body of a parameterized speci cation a freeness constraint, requiring ....

....can often be normalized to theory hierarchies [22,18] perhaps keeping some additional information such as freeness constraints. This is one of the central ideas in our module algebra. We do not have explicit constructors for diagrams in the language, as it is the case in systems like SPECWARE [44]. Instead, we represent module inclusions in these normalized structures as modules that refer to other modules in a database. The module algebra that we are proposing can be easily extended in di erent ways. We can, for example, de ne new module combining operations, or new module transforming ....

[Article contains additional citation context not shown here]

Y. Srinivas and R. Jullig. SPECWARE: Formal support for composing software. In B. Moeller, editor, Proceedings of Conference on Mathematics of Program Construction, volume 947 of Lecture Notes in Computer Science, pages 399{ 422. Springer-Verlag, 1995. 37

....as suggested in section 4.2. Long term areas of future work include the use of di erent speci cation formalisms and eventually of heterogeneous speci cations that allow us to better describe di erent parts of a system. We also wish to use another existing categorical framework, Specware [13], and compare it to our approach. Finally, we are interested in the integration of test cases in the same framework [1] Acknowledgements We would like to thank Jacques Sauloy, Patrice Cros and Mike Lowry for useful discussions about this work. ....

Y.V. Srinivas and R. Jullig. Specware: formal support for composing software. In Proceedings of the conference on Mathematics for Program Construction, 1995.

....is to formally analyze the JVM in order to increase con dence in its correctness. That involves verifying that the existing mechanisms exhibit desired properties, or identifying aws and proposing xes. Another major goal of ours is to derive implementations of some JVM components using Specware [11], a system developed at Kestrel Institute, that supports provably correct, compositional development of software from formal speci cations through re nement. We have used Specware to develop a complete bytecode veri er. These formally derived components can serve, among other uses, as ....

Yellamraju Srinivas and Richard Jullig. Specware: Formal support for composing software. In B. Moeller, editor, Proc. 3rd Conference on Mathematics of Program Construction, pages 399-422. LNCS 947, Springer-Verlag, Berlin, July 1995.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction, pages 399--422, 1995.

No context found.

Yellamraju V. Srinivas and Richard Jullig. Specware: Formal Support for Composing Software. In Conference on Mathematics of Program Construction, Kloster Irsee, Germany, July 1995.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Bernhard Moller, editor, Mathematics of Program Construction: third international conference, MPC '95, volume 947 of LNCS, Kloster Irsee, Germany, 1995. Springer.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Bernhard Moller, editor, Mathematics of Program Construction: third international conference, MPC '95, volume 947 of Lecture notes in computer science, Kloster Irsee, Germany, 1995. Springer.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction, pages 399-422, 1995.

No context found.

Y.V. Srinivas and R. Jullig. SPECWARE: Formal support for composing software. In B. Moller (ed), Proc. of MPC'95, pp. 399--422. LNCS 947. Springer, 1995.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction, pages 399--422, 1995.

No context found.

Y. V. Srinivas and R. Jullig. Specware: Formal support for composing software. In Mathematics of Program Construction, pages 399-422, 1995.

No context found.

Srinivas, Y. V., and J ullig, R. Specware: Formal support for composing software. In Proceedings of the Conference on Mathematics of Program Construction, B. Moeller, Ed. LNCS 947, Springer-Verlag, Berlin, 1995, pp. 399--422. 12

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC