B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit et al., editor, Proceedings TAPSOFT/FASE 1997, number ?? in Lect. Notes Comp. Sci., pages ??--?? Springer, Berlin, 1997, to appear.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....define a refinement relation we call refines to. The use of coinduction to define refinement relations has been made popular by the process algebra community [Mil89] It s use in a categorical framework for verifying abstract data types and objectoriented programs has also been explored [Jac97]. However trace inclusion (traces being sequences of observable states or input output values) has been even more popular and is probably the predominant style that is considered in practice today. Contravariance of Inputs. Trace inclusion requires that if there is some step of behaviour in the ....

....cm null : CMState = cf null The correctness statement for the implementation with respect to the earlier specification is then simply: sets spec refines to imp : THEOREM refines to(a sys, cm sys) a null, cm null) 8 Related Work The closest work to ours that we know of it is that of Jacobs. In [Jac97], he characterises classes in object oriented languages as coalgebraic categories, and uses a coinductive notion of refinement to specify correctness of implementations. His approach is more general in that he allows for changes in the system interface in going from abstract to concrete. However, ....

Bart Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In Proceedings of TAPSOFT/FASE 1997, LNCS. Springer Verlag, 1997.

....from A to B. As the identification step is supposed to hide implementation details, this is quite natural. Since STs cope with visible and hidden sorts, they allow us to design within a common framework both behavioral refinements and structural implementations as proposed in, e.g. 11] [36, 25, 6, 22] pay particular attention to the identification step and consider congruences induced by behavioral equivalences. In other words, visible abstract sorts are mapped to as hidden concrete sorts. Accordingly, rep may map structural by behavioral equalities. Another practically important class of ....

B. Jacobs, Behaviour-Refinement of Coalgebraic Specifications with Coinductive Correctness Proofs, Proc. TAPSOFT '97, Springer LNCS 1214 (1997) 787-802

....translating the symbols of SP 0 to symbols of SP along a signature morphism rep, ffl restricting the set of concrete data of A to the rep images of abstract data of B, ffl identifying concrete data with respect to the kernel of an abstraction function from the concrete to the abstract data. [22, 11, 3, 9] pay particular attention to the identification step and consider congruences induced by behavioral or contextual equivalence relations. Consequently, abstract sorts are often implemented as hidden ones. Since the identification step is supposed to hide implementation details, this is quite ....

....t 0 implies Her(SP 0 ) j= rep(t 6j t 0 ) 1) Then (2) is proved by showing that Her(SP 0 ) rep satisfies the SP axioms for 6j. Example 6.2 (MAP refines STACK) This example is a popular benchmark for refinement approaches (cf. e.g. 7] Sect. 4.4; 22] 14] Ex. 7.20; 11] Sect. 4. 1; [9], Sect. 4.3) Stacks are implemented as pairs consisting of a finite array ( map with finite domain) and a top pointer. Let SP be the logical completion of STACK (cf. Ex. 2.4 and Def. 4.3) The refinement SP 0 reads as follows: SP 0 = ENTRY and NAT then vissorts entry 0 v hidsorts map ....

B. Jacobs, Behaviour-Refinement of Coalgebraic Specifications with Coinductive Correctness Proofs, Proc. TAPSOFT '97, Springer LNCS 1214 (1997) 787-802

.... authentication protocols [132] to distributed algorithms [133 139] real time [140 153] reactive [154] and hybrid systems [155 157] to distributed systems [158 164] and communications protocols [165 167] to program development [168] software development steps [169 172] and refinement [173 175], to compilers [176 179] to hardware design [180 203] and synthesis [204 209] to memory models and cache coherence protocols [210 213] to multimedia collaborations [214] to testing program visualization tools [215] to validating fault tolerant systems [216] and to self stabilization ....

Bart Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In Michel Bidoit and Max Dauchet, editors, TAPSOFT '97: Theory and Practice of Software Development, volume 1214 of Lecture Notes in Computer Science, pages 787--802, Lille, France, April 1997. Springer-Verlag.

No context found.

B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit et al., editor, Proceedings TAPSOFT/FASE 1997, number ?? in Lect. Notes Comp. Sci., pages ??--?? Springer, Berlin, 1997, to appear.

....invariant, bisimulation, refinement. Classification: 68Q60, 68Q65, 03B70 (AMS 91) F.3.1, F.3.2, D.1. 5 (CR 91) 1 Introduction This paper is part of a recent research line of applying coalgebraic and coinductive notions and techniques in the formalisation of object oriented concepts, see [25, 13, 10, 12, 14, 5, 6], building on earlier work [29, 2, 15] Coalgebras consist of a state space together with a transition function and can be used to describe various kinds of dynamical systems, including automata, transition systems and hybrid systems, see e.g. 27, 20, 11] A coalgebraic specification (as ....

....have a partially defined operation. Besides these methods, a coalgebraic specification consists of two parts: assertions (or constraints) describing the meaning of the operations, and creation conditions describing constraints for initial states (typically written as new) We refer the reader to [13, 12, 14] for more background information. Hopefully, the example specifications in this paper are self explanatory. The work that we are about to describe leans heavily on our earlier paper [10] and extends the approach of [14] There we described how to obtain terminal coalgebras satisfying constraints ....

[Article contains additional citation context not shown here]

B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit et al., editor, Proceedings TAPSOFT/FASE 1997, number ?? in Lect. Notes Comp. Sci., pages ??--?? Springer, Berlin, 1997, to appear.

....bisimulations. Also, the proof principles are illustrated in examples (which are fully formalised and verified in pvs) 1 Introduction This paper is part of a recent research line of applying coalgebraic and coinductive notions and techniques in the formalisation of object oriented concepts, see [26, 14, 11, 13, 15, 5, 6], building on earlier work [30, 2, 17] Coalgebras consist of a state space together with a transition function and can be used to describe various kinds of dynamical systems, including automata, transition systems and hybrid systems, see e.g. 28, 22, 12] or [16] for an introduction to the ....

....have a partially defined operation. Besides these methods, a coalgebraic specification consists of two parts: assertions (or constraints) describing the meaning of the operations, and creation conditions describing constraints for initial states (typically written as new) We refer the reader to [14, 13, 15] From: M. Johnson (ed. Algebraic Methodology and Software Technology (Springer LNCS 1349, Berlin 1997) p. 276 291. for more background information. Hopefully, the example specifications in this paper are self explanatory. The work that we are about to describe leans heavily on our earlier ....

[Article contains additional citation context not shown here]

B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit and M. Dauchet, editors, TAPSOFT'97: Theory and Practice of Software Development, number 1214 in Lect. Notes Comp. Sci., pages 787--802. Springer, Berlin, 1997.

....hold for newly created objects. We have developed this format into a formal language ccsl, for Coalgebraic Class Specification Language, which will be sketched below. Ad hoc representations of these class specifications in the higher order logic of the proof tool pvs [18, 17] have been used in [12, 13] to reason about such classes notably for refinement arguments. Further experiments with formal reasoning about classes and objects have led us to a general representation of ccsl class specifications in higher order logic. Below we explain this model (in the logic of pvs) and also a ....

....ENDIF ENDPVS valinit : PVS valinit = n ENDPVS valclear : PVS val(clear(x) 0 ENDPVS Constructor new : Self Creation valnew : PVS val(new) valinit ENDPVS End Counter Fig. 3. A counter (modulo n) class specification in CCSL To demonstrate the use of components we adopt an example from [12]. Suppose that we have a class Counter, which counts modulo a parameter n, as in Figure 3. This class Counter is used (twice) as a component in the class specification of a DoubleCounter in Figure 4. A DoubleCounter has two counters as components, both counting modulo n. It has operations next, ....

B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit and M. Dauchet, editors, TAPSOFT'97: Theory and Practice of Software Development, number 1214 in Lect. Notes Comp. Sci., pages 787--802. Springer, Berlin, 1997.

....hold for newly created objects. We have developed this format into a formal language ccsl, for Coalgebraic Class Specification Language, which will be sketched below. Ad hoc representations of these class specifications in the higher order logic of the proof tool pvs [18, 17] have been used in [12, 13] to reason about such classes notably for refinement arguments. Further experiments with formal reasoning about classes and objects have led us to a general representation of ccsl class specifications in higher order logic. Below we explain this model (in the logic of pvs) and also a ....

....= n 1 THEN 0 ELSE val(x) 1 ENDIF ENDPVS valinit : PVS valinit = n ENDPVS valclear : PVS val(clear(x) 0 ENDPVS Creation valnew : PVS val(new) valinit ENDPVS End Counter Fig. 3. A counter (modulo n) class specification in CCSL To demonstrate the use of components we adopt an example from [12]. Suppose that we have a class Counter, which counts modulo a parameter n, as in Figure 3. This class Counter is used (twice) as a component in the class specification of a DoubleCounter in Figure 4. A DoubleCounter has two counters as components, both counting modulo n. It has operations next, ....

B. Jacobs. Behaviour-refinement of coalgebraic specifications with coinductive correctness proofs. In M. Bidoit and M. Dauchet, editors, TAPSOFT'97: Theory and Practice of Software Development, number 1214 in Lect. Notes Comp. Sci., pages 787--802. Springer, Berlin, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC