Stephan GARLAND et John GUTTAG. An overview of LP, the Larch Prover. In Proc. of the 3rd International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. Springer-Verlag, 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....languages) from which (iii) a generation in a given language (e.g. Java) may be done. Executable Specification. The constructive style adopted for the specifications associated with the automatons is likely to yield executable specifications (e.g. through rewriting, where tools, e.g. [14], may be used to check the convergence) However, other specification modules may be introduced (e.g. for the data managed by the processes) with other specification styles (e.g. observational style) A refinement process (abstract implementation [12] is then needed to add elements for ....

....The automaton is then translated into a specification language (LOTOS or SDL) The data type is extracted by a semi automatic method from this automaton. The components and the whole system may then be verified using common set of tools for transition systems [13] or algebraic specifications [14]. Our specification method is equipped with a prototype generation. Objectoriented languages are another major phenomenon in software engineering. One cannot ignore the qualities of such code, however writing such code may be a hard task. We choose to generate Java code but our method may be ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science, pages 137--151. Springer-Verlag, 1989.

.... vertical emergency [5] fullNoEmer(h) cOnlyOneEmergency(emergency(h, p) cure(emergency(h, p) h; Once the algebraic specification is written, it may be used to prove properties that are useful to validate and verify the specification (e.g. we processed our example using LP [12] which could compute a canonical rewriting system from our axioms) 5 Conclusion While there are good motivations for the use of formal specifications in software development, the lack of methods may restrict it to few experts . In this paper, we address a specification method for systems where ....

....in an easy way and to have data types that are consistent with the sequential processes at once. Note this allows the specifier to use both tools to check properties on the automaton (model checking or bisimulations e.g. 2] and theorem provers available for algebraic specifications (e.g. LP [12]) As in the agendas described by [13] our method clearly establishes for each step what is to be achieved, and what are the pieces of information to be provided and then how they can be automatically used to save part of the work the specifier has to do. While we present our method in detail ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science, pages 137--151. Springer-Verlag, 1989.

....are currently integrating Daikon with IOA [GLV97] a formal language for describing computational processes that are modeled using I O automata [LT89] The IOA toolset (http: theory.lcs. mit.edu tds ioa.html) permits IOA programs to be run and also provides an interface to the Larch Prover [GG90] an interactive theorem proving system for multisorted first order logic. Daikon proposes goals, lemmas, and intermediate assertions for the theorem prover. Representation invariants can assist in proofs of properties that hold in all reachable states or representations, but not in all possible ....

Stephen Garland and John Guttag. LP, the Larch Prover. In M. Stickel, editor, Proceedings of the Tenth International Conference on Automated Deduction, volume 449 of LNCS, Kaiserslautern, West Germany, 1990. Springer-Verlag.

.... integrating Daikon with IOA [GLV97, GL00] a formal language for describing computational processes that are modeled using I O automata [Lyn96, LT87, LT89] The IOA toolset (http: theory.lcs.mit.edu tds ioa.html) permits IOA programs to be run and also provides an interface to the Larch Prover [GG90, GG91, SAGG 93] an interactive theorem proving system for multisorted first order logic. Daikon will propose goals, lemmas, or intermediate assertions for the theorem prover. Side conditions such as representation invariants can enable proofs that hold in all reachable states or ....

Stephen Garland and John Guttag. LP, the Larch Prover. In M. Stickel, editor, Proceedings of the Tenth International Conference on Automated Deduction, volume 449 of LNCS, Kaiserslautern, West Germany, 1990. Springer-Verlag.

....in the case of partial observational equalities this framework leads to a method that allows us to prove observational theorems using any arbitrary theorem prover for standard rst order logic. For concrete examples we have successfully proved observational theorems with the Larch Prover LP (cf. [11]) Recently, it has been shown in [15] that our results can be extended to a higherorder logical framework. Note that in a higher order logical framework it is always easy to nd a nitary (higher order) axiomatization of an observational equality, but then the problem is how to handle the ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, pages 137-151. Springer-Verlag L.N.C.S. 355, 1989.

....paper we will present a more elaborate solution that leads to much better results from a user point of view, but that requires in fact some work from both environments developers. We will show that this is mandatory for the kind of interaction needed for controlling e.g. a proof assistant like LP [17, 18]. This paper is organized as follows. In the next section we discuss the various issues raised by inter operability of tools and exchange of algebraic speci cations from a general viewpoint. In Section 3 we describe the speci cation interchange format we have designed and experimented in the ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, pages 137-151. Springer-Verlag L.N.C.S. 355, 1989.

.... under development (introduced by the key word draft ) For more details see e.g. 3, 4] Moreover, to discharge the proof obligations induced by the validation task (cf. the above work plan) we will use the Larch Prover, an interactive theorem proving system for many sorted rst order logic [5, 6]. Before starting to explain how to write an algebraic requirement speci cation of the Steam Boiler Control System, let us make a few comments on this case study. First, note that, although in principle a hybrid system, the Steam Boiler Control System turns out to be merely a reactive (not even a ....

....but in no way to check the adequacy of the formal speci cation (or of the informal requirements) per se. In our case, we will base our validation process on theorem proving, i.e. we will check that some formulas are logical consequences of our axioms. For this purpose we use the Larch Prover [5]. During this validation process we can 8 To make this point clear, assume that the informal requirements describe the factorial function, and assume moreover that we know nothing about factorial. Then, if the informal requirements state that the factorial function, when applied to zero, returns ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, pages 137-151. Springer-Verlag L.N.C.S. 355, 1989. See also on WWW: http://larch.lcs.mit.edu:8001/larch/LP/overview.html.

....of communicating subcomponents and to give the sequential components using a semi automatic concurrent automata generation with associated algebraic data types. These components and the whole system may be verified using common set of tools for transition systems [8] or algebraic specifications [9]. We chose to describe our method in terms of the agenda concept [11, 10] because it describes a list of activities for solving a task in software engineering, and is developed to provide guidance and support for the application of formal specification techniques. Our method mixes ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science, pages 137--151. Springer-Verlag, 1989.

....of a partial initial algebra. Of course we get syntactic compatibility but also state predicate compatibility (see Section 3.3) Semantic compatibility is true in case of a specification with only constructors, but generally it must be checked by hand. We actually focus on the use of Larch Prover [14] and it seems possible to help the specifier in this task. 5 Concurrent and Communicating Component To specify more complex systems we need concurrency and communications. We use a notion of synchronized product. The CeilingLightGroup (CLG) Figure 6, is a component built from two concurrent ....

....a CASE Tool, called ASFO, for GAT sequential components. It includes editing facilities for the STS and an assistant for extracting the algebraic specification from the STS. The target language is a general algebraic language and the tool provides a translation into the Larch Prover language (LP) [14]. This case tool is implemented in the VisualWorks for Smalltalk 80 environment of ParcPlace systems. Another tool, CLAP, permits to define statetransition diagrams and their synchronized products. New developments will integrate CLAP into ASFO and will extend AG derivation to the product of STSs. ....

Stephan GARLAND et John GUTTAG. An overview of LP, the Larch Prover. In Proc. of the third International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. Springer-Verlag, 1989.

....Critical Pair, Larch Prover, UML. 1 Introduction One goal of this paper is to describe how to use abstract data types in order to give a formal semantics to part of UML specifications. Another goal is to show how to check the consistency of the specifications with the help of Larch Prover [GG89] Our work focus on features such as association, multiplicity, constraint, association inheritance, and consistency of these features. We present a general framework for a semantics of UML using abstract data types. It is based on choices we consider good and natural from an object oriented ....

....syntax close to the Larch Prover one. The neq operator defines an intensional equality between associations. Of course this type can be completed with many other operators, for instance anequal operator. The equal operator is an extensional or semantic equality. 2. 1 Larch Prover Larch Prover [GG89,GH93] LP for short) is a theorem prover based on the Larch Shared Language. It allows one to define algebraic specifications, to use rewrite rules and to prove properties. However it does not support neither partial algebras nor genericity. Some modifications of our specifications are done to ....

Stephan Garland and John Guttag. An overview of LP, the Larch Prover. In Proc. of the third International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. SpringerVerlag, 1989.

.... can extend the traits and interfaces to describe the more intricate behavioral aspects of the editor (e.g. other menu operations) However, the more interesting and challenging work we would rather pursue is to do mechanized proofs given that we have a formal specification and the Larch Prover [GG89] There are two kinds of proofs we could perform: showing additional properties hold (e.g. the consequences discussed in Section 4.1 or the well formedness invariant) and showing that the implementation of the editor satisfies our specification. There is evidence [GGH90] that the Larch Prover ....

S.J. Garland and J.V. Guttag. An overview of LP, the Larch Prover. In Proceedings of the Third International Conference on Rewriting Techniques and Applications, pages 137--151, Chapel Hill, NC, April 1989. Lecture Notes in Computer Science 355.

....formal proofs to be done entirely in terms of specifications. In fact, once the theorems corresponding to our subtyping rules are formally stated in Larch, their proofs are almost completely mechanical a matter of symbol manipulation and could be done with the assistance of the Larch Prover[14]. Although we gave two formal definitions of the subtype relation, we did not formally characterize the criterion against which we can measure the soundness of our definitions. We only argued informally that our definitions guarantee that a subtype s objects behave the same, e.g. preserve ....

S.J. Garland and J.V. Guttag. An overview of LP, the Larch Prover. In Proceedings of the Third International Conference on Rewriting Techniques and Applications, pages 137--151, Chapel Hill, NC, April 1989. Lecture Notes in Computer Science 355.

....have made no assumption neither on the axioms of SP nor on the number of non observable sorts. The result is powerful since for both (A) and (B) we can use any available theorem prover for first order logic. Our method has been successfully applied to various examples using the Larch Prover V3.0 [7]. 10 A last improvement can be obtained using the following remark. In most cases it is possible to split FO into two sets FO1 and FO2 , with the following property (for all s # SObs ) R) SP = #xL , xR : s . h V #i fO#FO1 #var(C fO i ) C fO i [x L ] C fO i [x R ] # V #i ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, pages 137--151. Springer-Verlag L.N.C.S. 355, 1989.

....formal proofs to be done entirely in terms of specifications. In fact, once the theorems corresponding to our subtyping rules are formally stated in Larch, their proofs are almost completely mechanical a matter of symbol manipulation and could be done with the assistance of the Larch Prover[GG89, ZW97] In developing our definition, we were motivated primarily by pragmatics. Our intention is to capture the intuition programmers apply when designing type hierarchies in object oriented languages. However, intuition in the absence of precision can often go astray or lead to confusion. This ....

Garland, S. and Guttag, J. An overview of LP, the Larch Prover. In Proceedings of the Third International Conference on Rewriting Techniques and Applications, pages 137--151, Chapel Hill, NC, April 1989. Lecture Notes in Computer Science 355.

....of a type specification for GIF images. We give formal specifications, written in the style of Larch [5] but we could just as easily have written informal specifications. Since these specifications are formal we can do formal proofs, possibly with machine assistance like with the Larch Prover [3], to show that a subtype relation holds [12] The GIFImage Larch Shared Language trait and the invariant clause in the Larch interface type specification for GIF images together describe the set of values over which GIF image objects can range. GIF images are sequences of frames where each frame ....

S.J. Garland and J.V. Guttag. An Overview of LP, the Larch Prover. In Proceedings of the Third International Conference on Rewriting Techniques and Applications, pages 137--151, Chapel Hill, NC, April 1989. Lecture Notes in Computer Science 355.

....of a type specification for GIF images. We give formal specifications, written in the style of Larch [7] but we could just as easily have written informal specifications. Since these specifications are formal we can do formal proofs, possibly with machine assistance like with the Larch Prover [4], to show that a subtype relation holds [11] The GIFImage Larch Shared Language trait and the invariant clause in the Larch interface type specification for GIF images together describe the set of values over which GIF image objects can range. GIF images are sequences of frames where each frame ....

S.J. Garland and J.V. Guttag. An overview of LP, the Larch Prover. In Proceedings of the Third International Conference on Rewriting Techniques and Applications, pages 137--151, Chapel Hill, NC, April 1989. Lecture Notes in Computer Science 355.

....in the case of partial observational equalities this framework leads to a method that allows us to prove observational theorems using any arbitrary theorem prover for standard first order logic. For concrete examples we have successfully proved observational theorems with the Larch Prover LP (cf. [8]) The most important application of our proof technique is the verification of the correctness of behavioural implementations. Thereby a specification SP I is called a be Behavioural Theories and The Proof of Behavioural Properties 41 havioural implementation of a given basic specification SP ....

S. Garland and J. Guttag. An overview of LP, the Larch Prover. In Proc. of the Third International Conference on Rewriting Techniques and Applications, pages 137--151. Springer-Verlag L.N.C.S. 355, 1989.

No context found.

Stephan GARLAND et John GUTTAG. An overview of LP, the Larch Prover. In Proc. of the 3rd International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. Springer-Verlag, 1989.

No context found.

Stephan Garland and John Guttag. An overview of LP, the Larch Prover. In Proc. of the 3rd International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. Springer-Verlag, 1989.

No context found.

Stephen Garland and John Guttag. LP, the Larch Prover. In M. Stickel, editor, Proceedings of the Tenth International Conference on Automated Deduction, volume 449 of LNCS, Kaiserslautern, West Germany, 1990. Springer-Verlag.

No context found.

Stephen Garland and John Guttag. LP, the Larch Prover. In M. Stickel, editor, Proceedings of the Tenth International Conference on Automated Deduction (Kaiserslautern, West Germany), volume 449 of LNCS. Springer-Verlag, 1990.

No context found.

Stephen Garland and John Guttag. LP, the Larch Prover. In M. Stickel, editor, Proceedings of the Tenth International Conference on Automated Deduction, volume 449 of LNCS, Kaiserslautern, West Germany, 1990. Springer-Verlag.

No context found.

Stephan Garland and John Guttag. An overview of LP, the Larch Prover. In Proc. of the 3rd International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. SpringerVerlag, 1989.

No context found.

Stephan GARLAND et John GUTTAG. An overview of LP, the Larch Prover. In Proc. of the 3rd International Conference on Rewriting Techniques and Applications, volume 355 of Lecture Notes in Computer Science. Springer-Verlag, 1989.

No context found.

S. J. Garland, John V. Guttag. An overview of LP, the Larch Prover. In N. Dershowitz, editor, Rewriting Techniques and Applications, LNCS 355, pages 137--151, 1989.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC