Much of the work on developing program transformation systems has concentrated on systems to assist in program development. However, the four separate surveys carried out between 1977 and 1990 [18,20,22,24], summarised in [17], show that between 40% and 60% of all commercial software effort is devoted to software maintenance rather than the development of new systems. In this paper we describe a joint project between the University of Durham and CSM Ltd to develop a method and tool for reverse engineering and software maintenance based on program transformation theory. We present an example which illustrates how such a tool can extract a high-level abstract specification from the low-level source code of a program by a process of formal program transformation based on a theory of program equivalence [27]. All the code-level reverse engineering of the example progr...

In this paper we consider a particular class of algorithms which present certain difficulties to formal verification. These are algorithms which use a single data structure for two or more purposes, which combine program control information with other data structures or which are developed as a combination of a basic idea with an implementation technique. Our approach is based on applying proven semantics-preserving transformation rules in a wide spectrum language. Starting with a set theoretical specification of "reachability" we are able to derive iterative and recursive graph marking algorithms using the "pointer switching" idea of Schorr and Waite. There have been several proofs of correctness of the Schorr-Waite algorithm, and a small number of transformational developments of the algorithm. The great advantage of our approach is that we can derive the algorithm from its specification using only general-purpose transformational rules: without the need for complicated induction arg...

A wide spectrum language is presented, which is designed to facilitate the proof of the correctness of refinements and transformations. Two different proof methods are introduced and used to prove some fundamental transformations, including a general induction rule (Lemma 3.9) which enables transformations of recursive and iterative programs to be proved by induction on their finite truncations. A theorem for proving the correctness of recursive implementations is presented (Theorem 3.21), which provides a method for introducing a loop, without requiring the user to provide a loop invariant. A powerful, general purpose, transformation for removing or introducing recursion is described and used in a case study (Section 5) in which we take a small, but highly complex, program and apply formal transformations in order to uncover an abstract specification of the behaviour of the program. The transformation theory supports a transformation system, called FermaT, in which the applicability conditions of each transformation (and hence the correctness of the result) are mechanically verified. These results together considerably simplify the construction of viable program transformation tools; practical consequences are briefly discussed.

In this paper we brie y introduce a Wide Spectrum Language and its transformation theory and describe a recent success of the theory: a general recursion removal theorem. Recursion removal often forms an important step in the systematic development of an algorithm from a formal specication. We use semantic-preserving transformations to carry out such develop-ments and the theorem proves the correctness of many dierent classes of recursion removal. This theorem includes as special cases the two techniques discussed by Knuth [13] and Bird [7]. We describe some applications of the theorem to cascade recursion, binary cascade recursion, Gray codes, and an inverse engineering problem. 1

We describe a method for extracting high-level specifications from unstructured source code. The method is based on a theory of program re nement and transformation, which is used as the bases for the development of a catalogue of powerful semantics-preserving transformations. Each transformation is an operation on a program which has a mechanically-checkable correctness condition, and which has been rigorously proved to produce a semantically equivalent result. The transformations are carried out in a wide spectrum programming language (called WSL). This language includes high-level specifications as well as low-level programming constructs. As a result, the formal reverse engineering process (from source code to equivalent specifications) and the redevelopment process (refinement of specifications into source code) can both be carried out within a single language and transformation theory. We also discuss a tool (FermaT) which has been developed to support this approach to reengineerin...