Leslie Lamport. Composition: A way to make proofs harder. Lecture Notes in Computer Science, 1536:402--423, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....parts of a correctness proof inside a component (see discussion in [11] This is an important feature because it makes it possible to reuse proof e#orts when components are reused. Such a potential reuse of proofs is what makes composition worthwhile in spite of the natural overhead it generates [22]. The absence of a transformer WU and the fact that some properties do not have a weakest universal strengthening give raise to an interesting question: How can the non universal property p weak next q be strengthened into a universal property We would like to find a universal property X that is ....

Leslie Lamport. Composition: A way to make proofs harder. In W.-P. de Roever, H. Langmaack, and A. Pnueli, editors, Compositionality: The Significant Di#erence (COMPOS'97), volume 1536 of Lecture Notes in Computer Science, pages 402--423. Springer-Verlag, September 1997.

....parts of a correctness proof inside a component (see discussion in [11] This is an important feature because it makes it possible to reuse proof e orts when components are reused. Such a potential reuse of proofs is what makes composition worthwhile in spite of the natural overhead it generates [22]. The absence of a transformer WU and the fact that some properties do not have a weakest universal strengthening give raise to an interesting question: How can the non universal property p weak next q be strengthened into a universal property We would like to nd a universal property X that is ....

Leslie Lamport. Composition: A way to make proofs harder. In W.-P. de Roever, H. Langmaack, and A. Pnueli, editors, Compositionality: The Signi cant Dierence (COMPOS'97), volume 1536 of Lecture Notes in Computer Science, pages 402-423. Springer-Verlag, September 1997.

....as a program slice [10] with the exception that here the slices are used to construct new systems, not to decompose existing ones. With superposition, an early partitioning to implementation components and the definition of their implementable interfaces, which have been found to harden reasoning [7], are not the primary design goal. Instead, the focus can be placed on different concerns one at a time to support validation and verification. For instance, separation of correctness of computation and termination of the computation is a traditional application area of superposition. We will ....

Lamport, L. Composition: A way to make proofs harder. Digital Systems Research Center, Technical Note 1997-030a, December 1997.

....implementation mapping [19] This is in line with [4] where the need for something that extends beyond individual objects and ties them together is acknowledged. Moreover, rigorous reasoning with respect to behaviors can usually be simplified when specifications need not solely rely on components [14]. Interaction between components of reactive system should be captured before defining the components themselves [11] This enables the top down design process illustrated in Figure 1, justified as follows. Abstract collaborative operations are used to capture initial requirements. Capturing ....

L. Lamport. Composition: A way to make proofs harder. Digital Systems Research Center, Tech. Note 1997-030a, Dec. 1997.

....with implementation level concepts #Kurki Suonio et al. 1998a#, properties extending across objects should be taken into account rigorously at an abstract level. 2. 2 Towards an architecture based on collaboration Decomposition into implementable modules is not essential for rigorous reasoning #Lamport 1997#. By shifting the focus from components to their collaboration, a system can be viewed to consist of logical layers that introduce temporal properties of a system in a modular fashion. Such properties can be safety or liveness properties, formalizing statements of the form #Something bad will ....

Lamport, L. #1997#. Composition: a waytomake proofs harder. Digital Research Corporation, Technical Note 1997-030a.

....components. However, a number of design choices must be made when creating a proof system. For example, the underlying object model must be both simple enough to support compositional reasoning, and rich enough to model actual systems. Also, since composition tends to make proofs more complex [26], the proof system should support both proof and code reuse in subclasses to conserve effort. Creating a proof system is difficult and error prone work, so we want to avoid creating a new proof system for every variation in our object model. Instead, we translate from our model into an established ....

Leslie Lamport. Composition: A way to make proofs harder. SRC Technical Note 1997--030a, Digital Equipment Corporation, 9 December 1997.

....design methods are useful for algorithmic software, they are a necessity for the more complex domain of interactive computing. It might be thought that decomposing an interactive system into components would provide the necessary structuring. This is not, however, true. As shown by Lamport [14], decomposition into open components does not make proofs any easier. On the contrary, it often makes them harder. Claim 12 Components are not the proper units for structuring the specification of an interactive system. Since no nontrivial specification can be understood in one piece, logical ....

....different motivations for object oriented programming [15] From the viewpoint of modeling, the conventional programming level abstractions are not, however, helpful for mastering the complexity of interactive systems. Objects could therefore be taken just as another popular fad, as suggested in [14]. Still, the notions of objects, classes and inheritance seem to reflect the way we organize our understanding of the world. Instead of taking objects as units of modularity, they could therefore be used in a specification layer to preindicate eventual component structure. The genericity that is ....

L. Lamport. Composition: A way to make proofs harder. Digital Systems Research Center, Technical Note 1997-030a, December 1997.

....each other. There has been a lot of research in developing formal approaches to feature composition, but more work is done as the problem is very relevant [12] and important more generally for distributed systems as component based design complicates the reasoning about the behavior of the system [11]. In this paper we study one FDT, action systems, and show how they are used to compose services in general and features in particular in a distributed environment. The action system formalism [1] is a state based approach to distributed computing. A set of guarded actions share some state ....

....from the computational aspects by moving the coordination information to the guards of the guarded composition. This separation of aspects is beneficial in the refinement process where one usually wants to refine components and scheduling aspects separately. Here, as well as with other formalisms [11] the main problem in reasoning about components is the interaction between components that takes place via shared variables. We plan to study the monotonicity properties in more detail in future and lift the ideas to cover object oriented design where the communication is arranged via method ....

L. Lamport. Composition: A way to make proofs harder. In Proc. of the COMPOS'97 Symposium, Lecture Notes in Computer Science 1536, Springer--Verlag 1998.

....h exp2) When the veri cation is done by TLC, there is no reason for such a decomposition; TLC can verify directly that Sys implements ISpec under the re nement mapping. When the veri cation is done by mathematical proof, this decomposition seems reasonable. However, as LL has argued elsewhere [16], it is just one way to decompose the proof; it is not necessarily the best way. Unfortunately, the whole problem of verifying that a high level design meets its speci cation is not yet one that is being addressed in the hardware community. Thus far, engineers are checking only that their TLA ....

Leslie Lamport. Composition: A way to make proofs harder. In WillemPaul de Roever, Hans Langmaack, and Amir Pnueli, editors, Compositionality: The Signi cant Dierence (Proceedings of the COMPOS'97 Symposium), volume 1536 of Lecture Notes in Computer Science, pages 402-423. Springer-Verlag, 1998. 24

No context found.

Leslie Lamport. Composition: A way to make proofs harder. Lecture Notes in Computer Science, 1536:402--423, 1998.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. Lecture Notes in Computer Science, 1536:402--423, 1998.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. In Willem-Paul de Roever, Hans Langmaack, and Amir Pnueli, editors, Compositionality: The Significant Di#erence (Proceedings of the COMPOS'97 Symposium), pages 402--423. Springer, 1998. LNCS 1536.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. In Willem-Paul de Roever, Hans Langmaack, and Amir Pnueli, editors, Compositionality: The Significant Difference (Proceedings of the COMPOS'97 Symposium), pages 402--423. Springer, 1998. LNCS 1536.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. In de Roever et al. [15], pages 402--423.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. In de Roever et al. [15], pages 402-423.

No context found.

Leslie Lamport. Composition: A way to make proofs harder. In W.-P. de Roever, H. Langmaack, and A. Pnueli, editors, Compositionality: The Signi cant Dierence (COMPOS'97), volume 1536 of Lecture Notes in Computer Science, pages 402-423. Springer-Verlag, September 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC