M. BUTLER. STEPWISE REFINEMENT OF COMMUNICATING SYSTEMS. Science of Computer Programming, 27:139--173, 1996.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....state. A is the set of actions. Their execution is also under the control of the environment, i.e. their execution may require synchronisation with actions of other components. In a sense, actions provide interaction points as in IP (and are also similar to the actions of Action Systems [3]) S(a) is the safety guard of a, i.e. when S(a) is false, a cannot be executed. P (a) is the progress guard of a, i.e. when P (a) holds, the system is willing to execute a. This means that the program cannot refuse to execute a if the environment requests it. In other words, P (a) defines ....

M. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, 1996.

....state. # # is the set of actions. Their execution is also under the control of the environment, i.e. their execution may require synchronisation with actions of other components. In a sense, actions provide interaction points as in IP (and are also similar to the actions of Action Systems [3]) # #(#)isthesafety guard of #, i.e. when #(#)isfalse,# cannot be executed. # # (#)istheprogress guard of #, i.e. when # (#) holds, the system is willing to execute #. This means that the program cannot refuse to execute # if the environment requests it. In other words, # (#) defines in which ....

M. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, 1996.

....however, as in the case of process algebras: generally the state based paradigm causes difficulties while getting from abstract specifications to more concrete ones. There are also approaches relating model oriented state based techniques (such as refinement calculus [15] with CSP formalism [3]. In particular, 14] relates the concept of action system [2] based on a version of Dijkstra s guarded command language [6] and CSP. Though semantic aspects of CORBA are intensively discussed in OMG, to our knowledge there are no works on formal specification of CORBA. 2 Correct specifications ....

M. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27, 1996.

....state. A is the set of actions. Their execution is also under the control of the environment, i.e. their execution may require synchronisation with actions of other components. In a sense, actions provide interaction points as in IP (and are also similar to the actions of Action Systems [3]) S(a) is the safety guard of a, i.e. when S(a) is false, a cannot be executed. P (a) is the progress guard of a, i.e. when P (a) holds, the system is willing to execute a. This means that the program cannot refuse to execute a if the environment requests it. In other words, P (a) defines ....

M. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, 1996.

....Compositionality Our existing work on modelling distributed systems in B [8] feature interaction [39] and the theory of refinement [4] is important for modelling and reasoning about component composition and decomposition. Refinement and Abstraction Our existing work on stepwise refinement [9] is the foundation for our proposed research on multi level simulation while our existing work on behavioural abstraction [38, 40] is important for our proposed research on both multi level simulation and infinite state model checking. Abstract Interpretation Our existing work on partial ....

M. J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, Sep 1996.

....state. # # is the set of actions. Their execution is also under the control of the environment, i.e. their execution may require synchronisation with actions of other components. In a sense, actions provide interaction points as in IP (and are also similar to the actions of Action Systems [3]) # #(#)isthesafety guard of #,i.e. when#(#)isfalse,# cannot be executed. # # (#)istheprogress guard of #,i.e. when# (#) holds, the system is willing to execute #. This means that the program cannot refuse to execute # if the environment requests it. In other words, # (#) defines in which ....

M. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, 1996.

....for VDM ) This is not totally satisfactory however, as it allows a class to be implemented by a class with false permission guards for each of its methods, ie, whose objects refuse to execute any methods. The alternative, to leave these guards essentially unchanged through refinement [3], is not adequately flexible if we wish to combine subtyping and synchronisation [12] We propose therefore a means of specifying an upper bound on the strength of permission guards, at specification time, via the use of willingness guards which provide a guarantee that implementations of a ....

....the union of the write frame of its parts 4. The effect of a composite action is the jj combination (in the sense of B) of the individual effects 5. The permission guard of a composite action is the conjunction of the individual permission guards (compare with the definition of jj for actions in [3]) 6. The willingness guard of a composite action is the conjunction of the individual willingness guards. make deposit(d) deposit(d) withdraw(p) d(x) w(x) Person BankAccount make withdrawal(p) Fig. 2. Concurrent Composition via Synchronisation This composition is similar to the ....

[Article contains additional citation context not shown here]

M Butler. Stepwise Refinement of Communicating Systems, Southampton University, 1997.

....the process may be broken down into further sub processes (using parallel composition, for example) so that each sub process can then be specified using either CSP or Action Systems. 6. 3 The formal link between CSP and Action Systems In this section, the work of Butler, Morgan and Woodcock [16, 17, 18, 60, 94] that defines traces, failures and divergences semantics for Action Systems is reviewed. This work is based on the initial work of Back [8] He [48] and Josephs [50] Examples based on the specification and development of user interface performance are used to highlight key aspects of the ....

M. Butler. Stepwise refinement of communicating systems. Technical Report A94-17, Abo Akademi, Finland, 1994.

No context found.

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, September 1996.

No context found.

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2), September 1996.

No context found.

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, September 1996.

....to start with a specification that is independent of the distributed architecture, in which all information is globally available, and then use data refinement to partition the information, introducing internal actions to transfer information between partitions. An example of this may be found in [8], where a mail service is specified using a single mail bag to which users add addressed messages when sending mail and from which they may read mail; this simple global view is then refined into a system with a more complicated data structure representing a network of nodes while internal ....

....systems into parallel subsystems is also important for the design of distributed systems. This can be done in two ways: partition the actions amongst the subsystems and allow the subsystems to interact using shared state [6] or partition the state and allow interaction through shared actions [8]. In this paper, we follow the latter approach of allowing for interaction based on To appear in proceedings of IRW FMP 98 International Refinement Workshop and Formal Methods Pacific 1998. shared actions. We refer to it as the CSP approach as its notion of action system behaviour is based on ....

[Article contains additional citation context not shown here]

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, September 1996.

....of event traces. Event trace properties model safety properties of a system and are MACHINE M SETS SS CONSTANTS C VARIABLES v INITIALISATION init OPERATIONS : Figure 1: Abstract machine outline. preserved by refinement. This extra ingredient is based on previous work by the author [3, 4] which helps to bridge the gap between state based formal methods, such as B, with event based methods such as CSP. In this paper we apply the approach to the Needham Schroeder Authentication Protocol [13] The aim of this protocol is to provide authenticated exchange of secrets (nonces) The ....

.... by applying the standard technique of data refinement to its state: an abstraction invariant is used to relate the state variables of the abstract system to those of the refined system and data refinement should hold between correspondingly named operations in the abstract and refined systems [3]. If S is a statement that acts on variables a, T is a statement that acts on variables c, and AI is an abstraction invariant then we write S v AI T for S is data refined by T under abstraction invariant AI . Data refinement is defined as follows [1] Rule 2 (Data Refinement) S v AI T if for ....

[Article contains additional citation context not shown here]

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, September 1996.

....C VARIABLES v INITIALISATION init OPERATIONS : Figure 1: Abstract machine outline. security properties in terms of event traces. Event trace properties model safety properties of a system and are preserved by refinement. This extra ingredient is based on previous work by the author [3, 4] which helps to bridge the gap between state based formal methods, such as B, with event based methods such as CSP. In this paper, we apply the approach to the Needham Schroeder Public Key Authentication Protocol [13] The aim of this protocol is to provide authenticated exchange of secrets ....

.... by applying the standard technique of data refinement to its state: an abstraction invariant is used to relate the state variables of the abstract system to those of the refined system and data refinement should hold between correspondingly named operations in the abstract and refined systems [3]. 5 If S is a statement that acts on variables a, T is a statement that acts on variables c, and AI is an abstraction invariant then we write S v AI T for S is data refined by T under abstraction invariant AI . Data refinement is defined as follows [1] Rule 2 (Data Refinement) S v AI T if ....

[Article contains additional citation context not shown here]

M.J. Butler. Stepwise refinement of communicating systems. Science of Computer Programming, 27(2):139--173, September 1996.

....Embedding is used to embed the actions in the composite state space. Conventionally, the initialisations are demonic updates [I 1 ] I 2 ] and their composition is simply [I 1 I 2 ] The product operator provides a way of composing more general initialisations achieving the same effect. In [7], a correspondence between action systems and Hoare s CSP [12] is described. Based on CSP parallel composition, a version of parallel composition of action systems is introduced in which commonly labelled actions from the respective action systems are composed such that they are executed ....

M.J. Butler. Stepwise refinement of communicating systems. To appear in Sci. Comp. Prog., 1996.

No context found.

M. BUTLER. STEPWISE REFINEMENT OF COMMUNICATING SYSTEMS. Science of Computer Programming, 27:139--173, 1996.

No context found.

Butler 96 MJ Butler, Stepwise refinement of communicating systems, pages 139-173 in Science of Computer Programming, volume 27, 1996.

No context found.

M J BUTLER, Stepwise Refinement of Communicating Systems, Science of Computer 21 Programming, 27(2): 139-173, September 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC