Goguen, J.A., Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured speci cations. Technical Report CSL-118, SRI International, Computer Science Lab, 1980.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....although quite standard in modular programming languages, is rarely explicitly provided in specification formalisms. In many approaches, the structure of the specification is regarded as determining the structure of the final program, examples like those in Section 3. 1 notwithstanding, see e.g. GB80] MA91] Or else ad hoc informal mechanisms are used to indicate that a certain part of the structure of a specification (given by a constructive specification building operation) is to remain fixed throughout the rest of the development. We consider this unsatisfactory and likely to be ....

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

....General Systems Theory [23, 36] Clear provided operations for summing, renaming, extending, hiding, importing and (in the case of generics) applying theories. Theories in turn denote classes of models. The earliest work that we know giving a calculus of modules is also due to Goguen and Burstall [31]. Building on Clear, they studied laws for horizontal structuring relationships, and vertical implementing (also called refinement ) relationships, concluding that the axioms of a 2 category should be 59 Other early work on modules for specification languages was by Liskov on the language CLU ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....program [10] Given a program P that is a realisation of SP 0 , the instantiation F (P ) is then a realisation of SP . Constructors correspond to refinement maps in [22] It is evident that the refinement relation of Def. 3 is in a sense transitive, i.e. we have vertical composability [11]: SP ; F SP 0 and SP 0 ; F 0 SP 00 ) SP ; F ffiF 0 SP 00 where F ffi F 0 def = u:Sig SP 00 :F (F 0 u) In terms of algebraic specification, any constructor F : Sig SP 0 Sig SP is by Theorem 3 inherently stable under parametricity: Congruence gives 8u; v : Sig SP 0 : u = Sig ....

J.A. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Tech. Rep. CSL-118, SRI International, 1980.

....formal program development by stepwise refinement of specifications requires a precise definition of the notion of refinement and when a refinement step is considered to be correct. In the following paragraph we summarize the work on this topic presented in [ST 88b] other relevant papers include [GB 80] Ehr 82] EKMP 82] GM 82] Wand 82] Gan 83] Lip 83] Ore 83] and many others. Intuitively, refining a specification corresponds to making design decisions, thus restricting the class of acceptable models. The simplest notion of refinement of one specification SP1 to another 1 SP2 ....

Goguen, J.A. and Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, Computer Science Laboratory, SRI International (1980).

....[ETLZ 82] Larch [GH 83] etc. and to the possibility of using different logical systems (or institutions [GB 84a,86] to write specifications (as in CLEAR, ASL [ST 86a] or Extended ML [ST 86b] There has been a lot of interesting work done on notions of refinement as well (see e.g. GTW 76] GB 80] Ehr 81] Ehr 82] EKMP 82] EK 82] SW 82] GM 82] Sch 86] BMPW 82] Gan 83] Lip 83] BBC 86] Wand 82] In [SW 83] and then in [ST 85b,87a] we suggested and used a very simple notion of specification refinement which seems appropriate for loose specifications. Namely, we 1 An ....

.... order to be useful for stepwise and modular program development, implementations should compose vertically (i.e. SP SP 0 SP 00 should imply SP SP 00 ) and horizontally (i.e. P P 0 and SP SP 0 should imply P (SP ) P 0 (SP 0 ) for parameterised specifications P ,P 0 ) GB 80] Our simple notion of refinement composes both vertically and horizontally. This looks suspiciously oversimplified, especially in comparison with most previous work in this area. This is very much in line with our approach to specification languages, however. In [SW 83] and [ST 86a] we ....

[Article contains additional citation context not shown here]

Goguen, J.A. and Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

.... also [949] moreover, the notions of hierarchical consistency and sufficient completeness , as the conditions to be achieved by extensions in order for them to be considered correct, were defined (see also [72] A more sophisticated approach is the notion of two dimensional specification design [405]. The horizontal structure of such a hierarchical organization corresponds to enrichments or extensions and the vertical structure to specification refinement. Parameterization is another important mechanism for structuring specifications or algebras. It allows to exhibit genericity in ....

....448, 321, 322, 288, 320, 412, 850, 319, 362, 76, 158, 859] among others. Probably the most influential of these is [320] An approach which unified and generalized all previous approaches is [838] This definition clarifies the role of certain properties (both vertical and horizontal composability [405]) which many notions lack [732, 733, 735] Vertical composability is essential for stepwise program development since it allows successive correct refinements to be composed into a single correct refinement step. Horizontal composability is necessary for modular program development since it ....

J. A. Goguen and R. M. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, Computer Science Laboratory, SRI International, 1980.

....parameter, in this case the subtheory referring to scalars, yields a consistent refinement of the larger theory, usually called the body. Formally, we are given a theory VecSp and a distinguished subtheory Field , VecSp. The refinement is realized by the pushout in the category of specifications [4, 11]. Field Fnan Fnan Fnan Fnan Fnan Fnan fflffl Fnan Fnan fflffl VecSp[Field] Fnan Fnan fflffl Fnan Fnan fflffl Real Fnan Fnan Fnan Fnan VecSp[Real] The functoriality of the pushout operation ensures the compositionality of the refinements. Of course, not every ....

J. Goguen and R.M. Burstall, CAT, a system for the structured elaboration of correct programs from structured specifications. Tech. report CSL-118 (SRI 1980)

....allows the user not only to indicate the desired functional properties of a program system, but also to design the structure of its implementation. 3. Extended ML is a wide spectrum language (see [Bau 81] where programs are just specifications which happen to include only executable axioms. In [GB 80], Goguen and Burstall outline a scheme for developing programs from Clear specifications, but in this framework the specification language and programming language are kept separate although it is suggested that program modules could be put together using Clear s specification building operations. ....

Goguen, J.A. and Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International.

.... P is implemented by P 0 , written P P 0 , if for all specifications SP in the domain of P , SP is also in the domain of P 0 and P (SP ) P 0 (SP ) An important issue for any notion of implementation is whether implementations can be composed vertically and horizontally [GB 80]. Implementations can be vertically composed if the implementation relation is transitive (SP SP 0 and SP 0 SP 00 implies SP SP 00 ) and they can be horizontally composed if the specification building operations preserve implementations (i.e. P P 0 and SP SP 0 ....

Goguen, J.A. and Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, Computer Science Laboratory, SRI International.

....in two ways. First of all, two refinement steps SP SP 0 and SP 0 SP 00 should compose to give a correct refinement SP SP 00 , for arbitrary specifications or programs SP , SP 0 and SP 00 . This is the property of refinement steps (known as vertical composability [GB 80a] which guarantees the correctness of programs developed from specifications in a stepwise fashion. Secondly, if the program development approach under consideration allows specifications to be decomposed into smaller units during the development process, then the notion of refinement adopted ....

....operations: given two refinement steps SP 1 SP 0 1 and SP 2 SP 0 2 , it should be the case that SP 1 Phi SP 2 SP 0 1 Phi SP 0 2 is a correct refinement for any specification building operation Phi. This is the property (known as horizontal composability [GB 80a] which guarantees that separate development strands may proceed independently and then later be combined to yield a correct result. Finally, a formal program development method must provide some way of proving that refinement steps are correct with respect to the notion of refinement adopted. ....

Goguen, J.A. and Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report, SRI International (1980).

....although quite standard in modular programming languages, is rarely explicitly provided in specification formalisms. In many approaches, the structure of the specification is regarded as determining the structure of the final program, examples like those in Sect. 3. 1 notwithstanding, see e.g. [GB80,MA91]. Or else ad hoc informal mechanisms are used to indicate that a certain part of the structure of a specification (given by a constructive specification building operation) is to remain fixed throughout the rest of the development. We consider this unsatisfactory and likely to be confusing. ....

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

....frequent case is, however, that the components need further refinement using modules. In the sequel we concentrate on the latter case. It is widely accepted that any reasonable development method should support the composability of the structure of specifications and the refinement structure, GB80] ST88] PW 95] This means that sp 1 sp 2 , for example, is refined by refining sp 1 and sp 2 separately. Furthermore, if sp 1 and sp 2 are correctly refined by sp 0 1 and sp 0 2 respectively, one would expect that sp 0 1 sp 0 2 correctly refines sp 1 sp 2 . This kind of ....

J. Goguen, R.M. Burstall, CAT, a system for the structured elaboration of correct programs from structured specifications, Technical report, SRI, 1980.

....although quite standard in modular programming languages, is rarely explicitly provided in specification formalisms. In many approaches, the structure of the specification is regarded as determining the structure of the final program, examples like those in Sect. 3. 1 notwithstanding, see e.g. [GB80], MA91] Or else ad hoc informal mechanisms are used to indicate that a certain part of the structure of a specification (given by a constructive specification building operation) is to remain fixed throughout the rest of the development. We consider this unsatisfactory and likely to be ....

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

....although quite standard in modular programming languages, is rarely explicitly provided in specification formalisms. In many approaches, the structure of the specification is regarded as determining the structure of the final program, examples like those in Sect. 3. 1 notwithstanding, see e.g. [GB80,MA91]. Or else ad hoc informal mechanisms are used to indicate that a certain part of the structure of a specification (given by a constructive specification building operation) is to remain fixed throughout the rest of the development. We consider this unsatisfactory and likely to be confusing. ....

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

....should describe only the whats of the specified software without constraining any of its how s. Requiring the structure of the initial specification to be preserved in its implementation would be unrealistic and unreasonable, even though this has been explicitly suggested by some (e.g. GB 80, MA 91] and is implicit in the approaches taken by others. The aims of structuring requirements specifications are often contradictory with the aims of structuring software. See for instance [FJ 90] for a nice discussion of a practical example where such a discrepancy occurs. Section 6 gives a ....

.... 0 ] for all A 2 [ SP n ] is just our original statement of the program development task: P ] 2 [ SP 0 ] An indirect way to prove the correctness of the final outcome is to notice a stronger fact, namely that consecutive refinements can be composed (referred to as vertical composability [GB 80] SP SP 0 SP 0 SP 00 SP SP 00 The above gives a formal view of the stepwise development methodology. As mentioned before, there can be no universal recipe for coming up with useful refinements of a given specification necessarily, this is the place where the ....

[Article contains additional citation context not shown here]

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

....describe only the what s of the specified software without constraining any of its how s. In fact, requiring the structure of the initial specification to be preserved in its implementation would be highly unrealistic and unreasonable, even though this has been explicitly suggested by some (e.g. GB 80, Mor 90] and is implicit in the approach taken by others. The aims of structuring requirements specifications are often contradictory with the aims of structuring software. See for instance [FJ 90] for a nice discussion of a practical example where such a discrepancy occurs. 3 Specification ....

.... A 2 [ SP n ] is equivalent to our original statement of the program development task: P ] 2 [ SP 0 ] An indirect way to prove the correctness of the final outcome is to notice a stronger fact, namely that consecutive refinements can be composed (referred to as vertical composability [GB 80] SP SP 0 SP 0 SP 00 SP SP 00 The above gives a formal view of the stepwise development methodology. As mentioned before, there can be no universal recipe for coming up with useful refinements of a given specification necessarily, this is the place where the ....

[Article contains additional citation context not shown here]

J. Goguen and R. Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical report CSL-118, SRI International (1980).

No context found.

Goguen, J.A., Burstall, R.M. CAT, a system for the structured elaboration of correct programs from structured speci cations. Technical Report CSL-118, SRI International, Computer Science Lab, 1980.

No context found.

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specications. Technical Report CSL{118, SRI Computer Science Lab, October 1980.

No context found.

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....HOSA forms an institution. 2.5 Horizontal and vertical signature morphisms Signature morphisms perform two distinct roles. One role is to express the importation of one specification into another or the passing of specifications as parameters; this is often referred to as horizontal composition [13, 31], and pertains to the modular structure of a system specification at a given level of abstraction. For instance, in the example of Subsection 4.1 below, a specification of the natural numbers is imported into a specification of stacks. It is desirable that such importation take place within an ....

....in much the same way that Kamin and Archer [27] use preconditions to specify when a bound will not be exceeded. A final area worth further investigation is the relationship between vertical and horizontal structuring operations. This issue was raised in an abstract way by Goguen and Burstall in [13], who pointed out the desirability of a 2 dimensional category structure, and it has been further investigated by Sannella and Tarlecki [31] Ehrig [6] and others, for a variety of different notions of refinement. Our definition of refinement is transitive in the sense that if OE 1 : S 1 S 2 is ....

[Article contains additional citation context not shown here]

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....and target, but also serve as objects for some other, higherlevel, morphisms. This leads to 2 categories, of which the category Cat of categories is the canonical example, with natural transformations as morphisms of its morphisms. This concept was mentioned in Example 2. 7, and is also used in [24], 26] 40] 56] among other places, and is mentioned in [61] 8.2 Monoidal Categories. There are many cases where a category has a natural notion of multiplication that is not the usual Cartesian product but nevertheless enjoys many of the same properties. The category of Petri nets studied in ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....to horizontal structure, which is large grain program structure. In LIL, horizontal inheritance is indicated by a needs clause; such clauses can appear in both imported and parameterized modules, thus providing an interesting interaction between vertical and horizontal structure, as discussed in [20, 14, 15]. 4 From Modules to Module Clusters Hyperprogramming generalizes from modules to module clusters, which associate a number of programming texts around a central formal specification, say in FOOPS. These other texts may be source code (if it has been written) compiled code (if it has been ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....General Systems Theory [19, 27] Clear provided operations for summing, renaming, extending, hiding, importing and (in the case of generics) applying theories. Theories in turn denote classes of models. The earliest work that we know giving a calculus of modules is also due to Goguen and Burstall [24]. Building on Clear, they studied laws for horizontal structuring relationships, and vertical implementing (also called refinement ) relationships, concluding that the axioms of a 2 category should be satisfied. Some general laws for the module operations of Clear appear in [19] and others occur ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

No context found.

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report CSL--118, SRI Computer Science Lab, October 1980.

No context found.

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report CSL--118, SRI Computer Science Lab, October 1980.

....using such formalisms, including the Clear specification language [3, 4] and the OBJ [21, 25] system. The approach in this paper differs from that of those languages in providing a constructive module composition facility for an imperative programming language. This was contemplated for the CAT [17] and LIL [9] systems, which are the closest ancestors of the approach in this paper; however, details of the semantics of these systems were not fully developed and they were not implemented. This paper also presents some extensions to the original conception of parameterized programming. The set ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....needed to instantiate such modules. 3. 2 Vertical Composition Vertical structure describes the use of lower layers (virtual machines) whereas horizontal structure describes a given layer; the distinction between vertical and horizontal structure was named and formalized by Goguen and Burstall [11]; this provides direct support for layered architectural styles. Parameterized programming provides parameterization and instantiation for both vertical and horizontal structure. The following generic package specification has one horizontal and one vertical parameter: generic package SORT[Item ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

....C , it can still be distressing to see the compromises involved. LIL [50] extends parameterized programming to handle programs and specs together, by giving each module a specification header as well as implementations. LIL provides two dimensional module composition following the CAT ideas [72], where vertical structure refers to the layering of software to use capabilities from lower layers, while horizontal structure refers to a single layer. LIL has been implemented as lileanna [168, 169] which uses Ada for code and anna [135] for specs; it has been used to build helicopter ....

Joseph Goguen and Rod Burstall. CAT, a system for the structured elaboration of correct programs from structured specifications. Technical Report Report CSL-118, SRI Computer Science Lab, October 1980.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC