It is fairly accepted that the realization of complex systems must be accomplished step by step from the initial specification, through a sequence of intermediate phases, to the final program. These development steps,...
详细信息
It is fairly accepted that the realization of complex systems must be accomplished step by step from the initial specification, through a sequence of intermediate phases, to the final program. These development steps, linking a preliminary version, or description, of the program to a more detailed one, are usually called refinement steps, while the intermediate stages of a refinement process are called levels of abstraction. A refinement calculus is a means to support this modus operandi in program development, allowing linking different levels of abstraction: it introduces a precise relation between intermediate descriptions, and the rules to check whether the relation is satisfied. Tuple space languages are concurrent languages, that foster the definition of autonomous entities of computation (the processes), and offer mechanisms for their synchronization and communication. In particular, they represent one of the most acknowledged models of coordination. Tuple space languages are based on the idea that a dynamic collection of tuples can act as shared state of concurrent processes, and play the role of coordination media among them. To build a refinement calculus for tuple spaces, we address three points, in this paper: (1) We single out a specification language, a variation of first-order temporal logic. Temporal relations between propositional formulae are not expressive enough to describe relations between tuple spaces, which are multisets of atoms. The specification language, called Oikos-tl, includes three new temporal operators that enhance the expressive power of the logic, permitting to directly link state transitions and state configurations. The semantics of the specification language is formally defined, and a set of useful properties for refinement are shown. (2) We introduce a reference language for tuple spaces, dubbed TuSpReL, and define its axiomatic and operational semantics. We need the former to derive properties, the latter to describe the allo
This paper details the stages of building a substantial, carefully specified, fully tested and fully operational university and school timetabling system. This is reported as a case study in applying Constraint Satisf...
详细信息
This paper details the stages of building a substantial, carefully specified, fully tested and fully operational university and school timetabling system. This is reported as a case study in applying Constraint Satisfaction techniques. The emphasis is on the software engineering aspects of the problem. That is, Constraint Satisfaction problems are expressed in a language more familiar to the formal software engineering community. Moreover, this language is used to formulate domain constraints and heuristic information. In addition to that, the user's needs are looked at more closely. For instance, the system supplies indications useful for relaxing or reformulating the constraints of the problem when a solution satisfying these constraints is impossible to produce. This has a value in bringing Constraint Satisfaction one-step closer to formal specification, program verification and transformation. (C) 2003 Published by Elsevier B.V.
Given a formula of the propositional mu-calculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the op...
详细信息
Given a formula of the propositional mu-calculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of the formula while the strategy for the second forms what we call a refutation of the formula. Using Martin's Determinacy Theorem, we prove that any formula has either a model or a refutation. This completeness result is a starting point for the completeness theorem for the mu-calculus to be presented elsewhere. However, we argue that refutations have some advantages of their own. They are generated by a natural system of sound logical rules and can be presented as regular trees of the size exponential in the size of a refuted formula. This last aspect completes the small model theorem for the mu-calculus established by Emerson and Jutla (1988). Thus, on a more practical side, refutations can be used as small objects testifying incorrectness of a program specification expressed by a mu-formula, we illustrate this point by an example.
Variability properties of reusable software assets at various stages of software development are considered, and the concept of predictable variability is introduced. A UML profile and a semi-automatic method of using...
详细信息
Variability properties of reusable software assets at various stages of software development are considered, and the concept of predictable variability is introduced. A UML profile and a semi-automatic method of using it are proposed for annotating and retrieving reusable assets in digital libraries. Using this method, the user should not remember the exact notation of key retrieval descriptors and need not keyboard them with errors since the environment of controlled vocabularies [8] is supported.
Real-time software development is investigated in an extended form of the Z language, and compared with development in the Temporal Agent Model (TAM): a theory specifically designed for real-time systems. Both of thes...
详细信息
Real-time software development is investigated in an extended form of the Z language, and compared with development in the Temporal Agent Model (TAM): a theory specifically designed for real-time systems. Both of these theories use refinement as the main development method, and by defining a translation between the extended Z language, and the TAM language, we are able to compare the two refinement relations in terms of an example real-time system refinement.
Mehlhorn (1988) has presented an improved implementation of the Kou, Markowsky and Berman Steiner tree approximation algorithm (1981). By replacing one step of the original algorithm the complexity reduces from O(\S\....
详细信息
Mehlhorn (1988) has presented an improved implementation of the Kou, Markowsky and Berman Steiner tree approximation algorithm (1981). By replacing one step of the original algorithm the complexity reduces from O(\S\.(\E\ + \V\.log\V\) to O(\E\ + \V\.log\V\), where S is the set of terminals, E the set of all edges and V the set of all vertices in the graph. In this paper we will show that due to the improvement two steps of the algorithm may be omitted. This does not reduce the complexity of the algorithm but it makes it simpler.
We examine the expressive power of Unity properties in relation to execution sequences of Unity programs. One might expect that if two programs have the same unless and leadsto properties, then they have the same exec...
详细信息
We examine the expressive power of Unity properties in relation to execution sequences of Unity programs. One might expect that if two programs have the same unless and leadsto properties, then they have the same execution sequences. We show that this is not true. We examine whether this difference vanishes if we adopt a stronger notion of fairness, or use unsures properties instead of leadsto properties (possibly adopting a stronger fairness notion also). We show by a simple example that both approaches are not successful. Hence, properties are not expressive enough to characterize execution sequences, and it is not clear what execution model corresponds to Unity properties. As a consequence, the notion of property preserving program refinement differs from the notion of decreasing nondeterminism.
Jacob gives a model of reconfigurable systems in Hoare's Communicating Sequential Processes (CSP). The purpose of such a model is to facilitate reasoning about reconfigurable systems. An important characteristic o...
详细信息
Jacob gives a model of reconfigurable systems in Hoare's Communicating Sequential Processes (CSP). The purpose of such a model is to facilitate reasoning about reconfigurable systems. An important characteristic of the model is the separation of the structure of the system, which may be reconfigured, from the configurations into which it may be put. Unfortunately there is a problem with this model. It allows a system to be reconfigured at any moment in its life. This is often tool liberal: usually systems may be reconfigured only between transactions. The contribution of this paper is a solution which takes account of the transactions a system can perform, while maintaining as much as possible of the orthogonality between the system structure and the configurations in which it can occur.
The notion of ''specification'' plays a key role in the developing science of computing. It is typically considered to be the keystone in the software development process. However, there is no single, ...
详细信息
The notion of ''specification'' plays a key role in the developing science of computing. It is typically considered to be the keystone in the software development process. However, there is no single, generally agreed meaning of ''specification'' that bears close scrutiny. Instead there is a variety of different, although partially interlocking and overlapping interpretations of the term. We catalogue this varietal profusion and attempt to lay bare both the sources and consequences of each major alternative. We attempt to present the full range of possibilities, and the biases inherent in each style of interpretation. We believe that there is a pressing need for clarification of the meaning of ''specification'' (and several other important terms), especially in view of the fact that so many practitioners and theoreticians assume, erroneously, that a clear meaning already exists (even though they might disagree as to what it is). In particular, we feel that a more general awareness of the difficulties that currently attach to this key concept may go some way towards bridging (if not actually healing) the rift that currently exists between the engineering and scientific aspects of computing.
暂无评论