Traditional information system specifications are fixed: the rules of the system are frozen at specification time. In practice, most systems have to change their rules in unexpected ways during their lifetime. We pres...
详细信息
Traditional information system specifications are fixed: the rules of the system are frozen at specification time. In practice, most systems have to change their rules in unexpected ways during their lifetime. We present here a simple variant of a temporal logic that deals with specification evolution. It is a linear time temporal logic with two levels of time: intervals, interrupted by mutations (changes of rules), which compose lives of the system. We present a complete axiom system and complexity results, which show a large compatibility with classical linear temporal logic. (C) 2002 Elsevier Science B.V. All rights reserved.
In object-oriented programs built in layers, an object at a higher level of abstraction is implemented by objects at lower levels of abstraction. It is usually crucial to correctness that a lower-level object not be s...
详细信息
In object-oriented programs built in layers, an object at a higher level of abstraction is implemented by objects at lower levels of abstraction. It is usually crucial to correctness that a lower-level object not be shared among several higher-level objects. This paper unveils some difficulties in writing procedure specifications strong enough to guarantee that a lower-level object can be used in the implementation of another object at a higher level of abstraction. To overcome these difficulties, the paper presents virginity, a convenient way of specifying that an object is not globally reachable and thus can safely be used in the implementation of a higher-level abstraction. (C) 1999 Elsevier Science B.V. All rights reserved.
Security (in the sense of confidentiality) properties are properties of shared systems. We present a suitable model of shared systems in which to formally define the term "security property" and then proceed...
详细信息
Security (in the sense of confidentiality) properties are properties of shared systems. We present a suitable model of shared systems in which to formally define the term "security property" and then proceed to catalog several security properties. We also address composability and probabilistic security properties.
Various tools for program analysis, including run-time assertion checkers and static analyzers such as verification and test generation tools, require formal specifications of the programs being analyzed. Moreover, ma...
详细信息
Various tools for program analysis, including run-time assertion checkers and static analyzers such as verification and test generation tools, require formal specifications of the programs being analyzed. Moreover, many of these tools and techniques require such specifications to be written in a particular style, or follow certain patterns, in order to obtain an acceptable performance from the corresponding analyses. Thus, having a formal specification sometimes is not enough for using a particular technique, since such specification may not be provided in the right formalism. In this paper, we deal with this problem in the increasingly common case of having an operational specification, while for analysis reasons requiring a declarative specification. We propose an evolutionary approach to translate an operational specification written in a sequential programming language, into a declarative specification, in relational logic. We perform experiments on a benchmark of data structure implementations, for which operational invariants are available, and show that our evolutionary computation based approach to translating specifications achieves very good precision in this context, and produces declarative specifications that are more amenable to analyses that demand specifications in this style. This is assessed in two contexts: bounded verification of data structure invariant preservation, and instance enumeration using symbolic execution aided by tight bounds. (C) 2019 Elsevier B.V. All rights reserved.
Example higher-order programs are presented in the style of Hoare logic and refinement calculus, as motivation for a study of weak (lax) coexponents in categories of predicate transformers. The preordered category of ...
详细信息
Example higher-order programs are presented in the style of Hoare logic and refinement calculus, as motivation for a study of weak (lax) coexponents in categories of predicate transformers. The preordered category of monotonic predicate transformers between powersets is shown to have weak components that give an operationally sound predicate transformer semantics to higher-order programs and designs. The semantics is for stored programs, orthogonal to (but compatible with) procedures and parameter passing. The weak coexponent is not unique, and may be chosen to represent all designs in refinement calculus, or to represent only feasible programs, or only total deterministic programs. For the latter alternative there is a complete axiomatization in terms of program level laws of refinement, for positively conjunctive predicate transformers. A different alternative makes all program specifications representable. The results exemplify both the benefits and the limitations of categorial axiomatizations of program constructs.
Bundle event structures equipped with a partial order less than or equal to have been used to give a true concurrency denotational semantics for LOTOS. This model has also been extended by time and stochastic informat...
详细信息
Bundle event structures equipped with a partial order less than or equal to have been used to give a true concurrency denotational semantics for LOTOS. This model has also been extended by time and stochastic information. Unfortunately it fails to yield a complete partial order (cpo) as we illustrate by an example. We propose a subset of all bundle event structures such that it forms a cpo. This subset is closed under the usual operators on bundle event structures. And as a consequence these operators are continuous. Therefore, this subset can be used to give a denotational semantics of LOTOS. (C) 2001 Elsevier Science B.V. All rights reserved.
We formalize the notion of underspecification as a means of avoiding problems with partial functions in modal logic S5 and some semantically related logics. For these logics, underspecification preserves validity, so ...
详细信息
We formalize the notion of underspecification as a means of avoiding problems with partial functions in modal logic S5 and some semantically related logics. For these logics, underspecification preserves validity, so incorporating it into their semantics leaves their classes of valid formulae unchanged. (C) 1997 Elsevier Science B.V.
The introduction of an early return from a (remote) procedure call can increase the degree of parallelism in a parallel or distributed algorithm modeled by an action system. We define a return statement for procedures...
详细信息
The introduction of an early return from a (remote) procedure call can increase the degree of parallelism in a parallel or distributed algorithm modeled by an action system. We define a return statement for procedures in an action systems framework and show that it corresponds to carrying out an atomicity refinement.
Discovering program specifications automatically for heap-manipulating programs is a challenging task due to the complexity of aliasing and mutability of data structures. This task is further complicated by an express...
详细信息
Discovering program specifications automatically for heap-manipulating programs is a challenging task due to the complexity of aliasing and mutability of data structures. This task is further complicated by an expressive domain that combines shape, numerical and bag information. In this paper, we propose a compositional analysis framework that would derive the summary for each method in the expressive abstract domain, independently from its callers. We propose a novel abstraction method with a bi-abduction technique in the combined domain to discover pre-/post-conditions that could not be automatically inferred before. The analysis does not only infer memory safety properties, but also finds relationships between pure and shape domains towards full functional correctness of programs. A prototype of the framework has been implemented and initial experiments have shown that our approach can discover interesting properties for non-trivial programs. (C) 2017 Elsevier B.V. All rights reserved.
Although various proof rules for procedure calls in weakest precondition semantics have been proposed over the years, none of these is particularly suitable for calculational program construction. The problem is that ...
详细信息
Although various proof rules for procedure calls in weakest precondition semantics have been proposed over the years, none of these is particularly suitable for calculational program construction. The problem is that they tend to yield a precondition that is tortuously expressed.
暂无评论