Jeanette Marie Wing. A two-tiered approach to specifying programs. PhD thesis, MIT, Lab. for Comp.Sci., 1983.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....or algebraic specifications [EM85] As such an algebra includes a carrier set and a set of specification functions; to these are added a set of program operations. The specification functions are used to generate the carrier sets and in the evaluation of the assertions used in specifications [Win83, Chapter 2], while the program operations are used by programs for computation. The specification functions cannot be invoked by programs, and the program operations cannot be used in specifications. The program operations of an algebra are abstractions of the procedures of the classes that implement ....

....property. 18 Polymorphic Type and Function Specifications In this chapter a new method for the modular specification of abstract types and polymorphic functions that use message passing is described. The specification language is adapted from Wing s interface specification language for CLU [Win83] [LG86, Chapter 10] GHW85] Win87] and Chen s Larch Generic interface specification language [Che89] However, unlike Wing, the specifications only deal with immutable types. The specification of a function or a program operation is written as if each argument and result has the specified type. ....

Jeannette Marie Wing. A Two-Tiered Approach to Specifying Programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....the method must not return normally but must instead throw an exception. An example appears in the specification of the pop method. This specification has two specification cases connected with also. The meaning of the also is that the method must satisfy both of these specification cases [84,86]. Thus, when the value of the model instance field absVal is not empty, a call to pop must return normally and must satisfy the given ensures clause. But when the value of the model instance field absVal is empty, a call to pop must throw an IllegalStateException. This kind of case analysis can be ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....optimize away runtime type checks. CLU has side effects and pointers, so the compiler must handle aliasing. I chose Larch because of the tools available for checking and reasoning about Larch specifications [16] and because there were already techniques for specifying CLU programs using Larch [52]. I implemented a prototype Speckle compiler that incorporates parts of a general purpose theorem prover, LP [16] to identify opportunities to perform optimizations. The compiler recognizes three kinds of conventional optimizations: common subexpression elimination, moving code out of loops, ....

....consists of the Larch Shared Language (LSL) LSL is used to define useful functions in a fragment of multisorted first order predicate logic. The glue between a programming language and LSL is the interface tier, which provides an interface language for each programming language, e.g. Larch CLU [52], Larch C [22] Larch C [34] etc. Each interface language formalizes the notion of a program state and provides a syntax and semantics for specifying procedure interfaces and data abstractions. ffl A procedure specification is a predicate on pre and post states. The predicate, which is ....

[Article contains additional citation context not shown here]

Jeannette M. Wing. A two-tiered approach to specifying programs. Technical Report MIT/LCS/TR-299, M.I.T., 1983.

....one must be able to verify a subclass using the specification of the public and protected interfaces of its superclasses, independent of the implementation of the superclasses. 2 1. 3 Related Work The most closely related work are other interface specification languages in the Larch family [Win83] Win87] Che89] Win90] GMP90] Jon91] GH91] Che91] The greatest influence has been from Larch C and Larch Smalltalk. From Larch C we have adopted much syntax and the basic semantics of such common types as pointers. From Larch Smalltalk we have taken much of the approach to inheritance and ....

Jeannette Marie Wing. A Two-Tiered Approach to Specifying Programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....Following the declaration of the model field, above the specification of pop in Figure 1, is an initially clause. Such clauses are adapted from Resolve [34] This clause is declared public, since it only refers to public model fields. An initially clause permits data type induction [12, 46] for abstract classes and interfaces, by supplying a property that must appear to be true of the starting states of objects. In each visible state (outside of the methods of UnboundedStack) all reachable objects of the type UnboundedStack must have a value that makes them appear to have been ....

....Another kind of checkable redundancy is an example clause [19, 22] which can be used to give concrete examples of a method s execution. Such redundancy can be used as a rhetorical device, to bring various properties to the attention of the specification s readers. Following Wing and Wills [46, 43], a specification may be written using several cases separated by the keyword also [20] The semantics is that, when the precondition of a case is satisfied, the rest of that case s specification must be obeyed. Separating the specification into several cases is useful in specifying operations ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983. 12

....and the refinement calculus [Back88] BackvonWright98 ] Morgan Vickers94] Morgan94] An initially clause attached to a field declaration permits the field to have an abstract initialization. Knowing something about the initial value of the field permits data type induction [Hoare72a] [Wing83] for abstract classes and interfaces. The initially clause must appear to be true of the field s starting value. In each visible state (outside of the methods of UnboundedStack) all reachable objects of the type UnboundedStack must appear to have been created as empty stacks and subsequently ....

....such multiple specification cases is that, when the precondition of one of them is satisfied, the rest of that specification case must be obeyed. A specification with several specification cases is shorthand for one in which the separate specifications are combined [Dhara Leavens96] Leavens97c] [Wing83] [Wills94] The 5 Of course, one could specify BoundedStack without separating out the interface for BoundedThing, and in that case, this abstraction would be unnecessary. We have made this separation partly to demonstrate more advanced features of JML, and partly to fit the figures on single ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....Algebras and Stores An algebra that presents the interface Sigma is called a Sigma algebra. Stores are defined simultaneously, but are not contained in Sigma algebras. This definition of algebra and stores below was inspired by work on models of types for interface specification languages [73] [8] To explain a term used in the definition below, a finite function, f : S fin T is a function S T such that f has a proper result (not ) only on a finite number of arguments. By the domain of a finite function, dom(f ) we mean the set of all arguments for which f s result is ....

....semantics of expressions, constant declarations, and commands in . The detailed semantics of type and method declarations are suppressed, because one only deals with their denotations: algebras of a given signature. 4 Related Work Our algebraic models are based, in part, on the work of Wing [73] and Chen [8] These authors did not investigate simulation relations, or the use of mixed algebraic and denotational semantics. Several authors use Kripke (i.e. possible world) models to give semantics to mutation and object identities [18] 1] 72] 25] One could consider our algebras to be ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....the choice of specification language and serial correctness notion are largely independent of concurrency considerations. Our specifications are informal although they have a similar structure to interface specifications written in the Larch family of formal specification languages [GHW85, Win83] Others have used Larch style specifications to specify concurrent operations [HW90, BGHL87] We describe the meaning of our specifications and a serial correctness notion through an example. Figure 2 1 shows an example of an interface specification for a container type. We present our programs ....

....pair of states representing the pre and post states of some procedure invocation. A more precise characterization of states for a real programming language, and interpretations of predicates in those states, would require a formal language and a richer model than we wish to pursue here. Wing [Win83] gives such an interpretation for formal specifications in sequential CLU programs, and Goldman [GL90] gives a detailed model of shared state for concurrent operations. Given a specification for some procedure P , a state pair hpre; posti is said to be a legal execution of P if either: 1. the ....

Jeannette M. Wing. A two-tiered approach to specifying programs. Technical Report MIT/LCS/TR-299, MIT Laboratory for Computer Science, Cambridge, MA, 1983.

....the assertion. Further inspection reveals that both variants run correctly, however, so the right side of the loop assertion comes under suspicion and is corrected to become (High 1) 2. 6 Specification Based Testing with Larch 6. 1 Overview of Larch Larch is a two tiered specification language [Win83, GHW85] the shared language tier and the interface language tier. The shared language specification defines an implementation language independent theory for the abstract data type, while the language specific interface language describes the module interfaces based on that theory. Since the ....

Jeannette Wing. A Two-Tiered Approach to Specifying Programs. PhD thesis, MIT, 1983.

....of assertions in the pre and postconditions. Readers may skip this section at their first reading. Assertions in the pre and post conditions (also the invariants) must be sort correct in the sense that LSL operator applications conform to their signatures specified in the traits [Win83] Figure 4 shows the Larch Smalltalk sort inference rules for sort checking assertions, based on the abstract syntax for assertions (see Appendix A) An inference rule of the form: h 1 ; h 2 c 1 ; c 2 means that the truth of conclusions c 1 and c 2 follow from the truth of hypotheses h 1 and ....

....does with Smalltalk methods. However, this cannot prevent clients from accessing protected or private methods if they want to. In LM3 [Jon91] one can specify a higher order procedure, a procedure that takes other procedures as its arguments. Similar features are also found in Larch CLU [Win83] and LCL (Larch C) Tan93] The interface (arguments and their types) and the behavior (using pre and post conditions) of an argument procedure are specified in the header part of the procedure which takes it as an argument. And a special notation is provided to refer to the pre and ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....operator, an iterator, that is not easy to specify using our generic interface language. A CLU specific version of the interface language would add syntax and semantics to support specification of iterators and related operators, but they are beyond the scope of this thesis. Wing, in her thesis [Wing 83] describes an interface language for CLU that includes support for iterators. 4.2.2. Argus Mailer For our next example, we use an object that is part of an example Argus program, the electronic mailer [Liskov Scheifler 83] The mailer consists of multiple instances of three objects: a ....

Jeannette Marie Wing. A Two-tiered Approach to Specifying Programs. PhD thesis, Massachusetts Institute of Technology Laboratory for Computer Science, 1983. Available as Technical Report MIT/LCS/TR-299.

....the declaration of the model variable, above the specification of pop in Figure 3, is an initially clause. Such clauses are adapted from Resolve [OSWZ94] This clause is declared public, since it refers to a public model variable. An initially clause permits data type induction ( Hoa72, Win83] for abstract classes and interfaces, by supplying a property that must appear to be true of the starting states of objects. In each visible state (outside of the methods of UnboundedStack) all reachable objects of the type UnboundedStack must have a value that makes them appear to have been ....

....the two in each method s specification) from the case where an exception in thrown. In the normal case, returns is true, whereas when an exception is thrown throws(BoundedStackException) is true. A specification with several cases is shorthand for one in which the cases are combined [DL97, Lea97, Win83, Wil94] In Figure 6 we show the expanded specification of pop from Figure 5. As can be seen from this example, the expanded specification has a postcondition that is a conjunction of implications, one for each case. The impliciation for a case in the expanded postcondition says that when the ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....in Z is based on set theory; it has a relatively elaborate notation for various set constructions, as well as powerful techniques for combining specifications (the schema calculus) 1. 2 Larch The work of Wing, Guttag, and Horning on Larch extends the VDM SL and Z tradition in two directions [51, 50, 18]. ffl Although a mathematical toolkit is provided [18, Appendix A] specifiers may design their own mathematical theories using the Larch Shared Language (LSL) 18, Chapter 4] This allows users, if they desire, to create and use an abstract model at exactly the right level of abstraction; that ....

....language, there are several behavioral interface specification languages (BISLs) each tailored to specifying modules to be written in a specific programming language. Examples include LCL [18, Chapter 5] for C) LM3 [18, Chapter 6] for Modula 3) Larch Ada [17] for Ada) Larch CLU [51, 50] (for CLU) Larch Smalltalk [10] for Smalltalk) and Larch C . The advantage of tailoring each BISL to a specific programming language is that one can specify both the behavior and the exact interface to be programmed [24] This is of great practical benefit, because the details of the interface ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....alternatives for the semantics of inheritance of specifications are discussed. The information loss and frame axiom problems for inherited specifications are also considered. 1 Introduction An interface specification language (ISL) defines both how to call a module and its (functional) behavior [Win83] Win87] Lam89] GHG 93] The details of how to call a module and some aspects its behavior are specific to the particular programming language; hence in the Larch approach to interface specification [GHG 93] each ISL is tailored to a particular programming language. What does this ....

Jeannette Marie Wing. A Two-Tiered Approach to Specifying Programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....whether it was really fair to present the two ways as uses of the very same primitives. On the one hand, we have the semaphores used for mutual exclusion, on the other hand, the private semaphores. Dijkstra 68] Specification Approach We use the Larch two tiered approach to specification [Wing 83, Guttag 85a, b] The Larch Shared Language tier [Guttag 86a] is algebraic, and defines mathematical abstractions that can be used in the interface language tier to specify program interfaces. As it happens, all the abstractions needed for the Threads specification are well known (e.g. booleans, ....

Jeannette Marie Wing, "A Two-Tiered Approach to Specifying Programs," Technical Report MIT/LCS/TR-299, Massachusetts Institute of Technology, Cambridge.

....by constructing models in terms of mathematical structures. Generally, property oriented languages concentrate either on data or event ordering properties. Data property oriented languages, such as assertion languages (e.g. Anna [LvH85] axiomatic languages (e.g. Larch interface language [Win83, GHW85]) and algebraic languages (e.g. OBJ [GT79] and Larch shared language) only require data mappings, because the control mappings are trivial or included as part of the specification. For instance, a Larch specification includes a control mapping in the interface language between the shared ....

Jeannette Wing. "A Two-Tiered Approach to Specifying Programs". PhD thesis, Massachussetts Institute of Technology, 1983.

.... interface language (LM3) that is designed for use with the Modula 3 language[4] It is assumed that the reader is already familiar with Modula 3, LSL, and the general ideas of interface specification (as in, say, 13] Previous publications have documented Larch interface languages, for example [12]. LM3 follows the general style of this previous work, but addresses several additional features that are becoming common in new programming languages. ffl Modula 3 allows higher order procedures (i.e. those which take procedure parameters or return procedure results) Since procedures are ....

Jeannette M. Wing, "A Two-Tiered Approach To Specifying Programs ", MIT/LCS/TR-299, 1983.

....control and data dependences, and a symbolic interpreter for Z. We will use the ProDAG dependence analyzer [ROMA92] which was designed to support dependence analysis of multiple languages. We are investigating methods to slice other specification languages, such as Statecharts [Har87] Larch [Win83, GHW85], and Temporal Logic. For these languages, the slicing function might be with respect to an entity other than a variable such as an event or a state. Each of these specification languages will require slightly different slicing functions, but we believe that our general approach is applicable ....

Jeannette Wing. A Two-Tiered Approach to Specifying Programs. PhD thesis, Massachussetts Institute of Technology, 1983.

....that the factorial of 9 is larger than 2 16 . intuition about it and providing more guidance to specifiers. We also discuss how to prove protection from the effects of underspecification. 2. Protective Procedure Specifications The idea of protection in a BISL was first formulated by Wing [Win83, Section 5.1.4] Although we generalize that notion here, our goal is the same as Wing s original: knowing when a behavioral interface specification protects its users from the incompleteness of the mathematical vocabulary used in that specification by ensuring that the meaning of the ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....4: An informal version of the factorial example. from areas of underspecification. Thus when specifying the mathematical operators, one need not be as careful as Gries and Schneider. To make these ideas concrete, we consider the Larch family of behavioral interface specification languages (BISLs) [12, 24, 23]. In the Larch family, one specifies implementations in two tiers by describing: ffl mathematical vocabulary in LSL, and ffl syntactic interfaces (names, types, number of arguments, etc. and behavior (pre and postconditions) in a BISL. Each BISL is tailored to specifying interface details for ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

....mathematical operators used in the postcondition from areas of underspecification. Thus when specifying the mathematical operators, one need not be as careful as Gries and Schneider. To make these ideas concrete, we consider the Larch family of behavioral interface specification languages (BISLs) [12, 24, 23]. In the Larch family, one specifies implementations in two tiers by describing: ffl mathematical vocabulary in LSL, and ffl syntactic interfaces (names, types, number of arguments, etc. and behavior (pre and postconditions) in a BISL. Each BISL is tailored to specifying interface details for ....

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

No context found.

Jeanette Marie Wing. A two-tiered approach to specifying programs. PhD thesis, MIT, Lab. for Comp.Sci., 1983.

No context found.

Jeannette Marie Wing. A two-tiered approach to specifying programs. PhD thesis, MIT Department of Electrical Engineering and Computer Science, May 1983. Available as MIT Laboratory for Computer Science TR-299.

No context found.

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

No context found.

Jeannette Marie Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC