Similar documents

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years

DECLARATION OF PERFORMANCE NO. HU-DOP_TN _001

Specifications Card Type. Working Voltage Reading range Waterproof degree Operating Humidity 10%~90% Alarm output load 20A.

DECLARATION OF PERFORMANCE NO. HU-DOP_TD-25_001


Masters Mens Physique 45+

Sticky News. sticky rice cooking school newsletter


Registration Form for the

NVLAP Assessor Training. Assessor Qualification & Training Requirements

CHENBRO. RM Port 6Gb/s Mini-SAS Backplane 80H A0. User s Manual. Sep / 30 / 2010

TABLET REFORMULATION CASE STUDY. Executive Summary

Basic banking services

S. Mai 1 and C. Zimmermann 2

Telit AppZone Programming Tips

Public Notification Letter

TIRANTS ARTITEC INOX TARIF BRUT (HTVA)

Philippine Long Distance Telephone Company (TEL) - Financial and Strategic SWOT Analysis Review provides

Chapter 26 EasyPrinter

Deutsche Telekom AG (DTE) - Financial and Strategic SWOT Analysis Review

Section Four. Graduate School of Management GSM

ITINERARY 1 GOURMET OUTING 20 MINUTES AWAY FROM MONTRÉAL TOTAL DISTANCE: 57 KM

Conductive Level Switch FK 2 Technical Data:


IR Edixeon Emitter. 1W Edixeon

University of Cambridge: Programme Specifications MASTER OF PHILOSOPHY IN MANAGEMENT SCIENCE AND OPERATIONS

Information. large Straub pipe couplings

Subscription of Filter Mats and Rolled Goods for Replacement

USI Master Policy Information

Office Space FOR LEASE. Derry & Tomken Business Centre. 979 & 989 Derry Road East, Mississauga. For more information, please contact:

Part H DIFFUSERS section 2 SEPT Publication. Air Diffusers. supply and exhaust ventilation systems. plenum boxes

Russell W. Graves, Ph.D.

N-Channel 30-V (D-S) MOSFET


Mutual of Omaha Insurance Company - Strategic SWOT Analysis Review

Security and privacy standardization for the SME community

The Boston Consulting Group - Strategic SWOT Analysis Review

Customer Matrix Viewer Epicor 9

FAST School of Fashion and Accessory Studies and Technology

Jackson National Life Insurance Company - Strategic SWOT Analysis Review

Fellowship of the Royal College of Physicians of Ireland. Guidelines for Nominees and Nominators

Tushar Joshi Turtle Networks Ltd

Company Profile Osaki, Shinagawa-ku, Tokyo, Japan Tel

System Requirements for LUMEDX Hosted Solutions

Effect of Ambient Conditions on Thermal Properties of Photovoltaic Cells: Crystalline and Amorphous Silicon

New Product Hotline

AFGHANISTAN REHABILITATION ORGANIZATION (ARO)

1 pc Charge Injection, 100 pa Leakage CMOS 5 V/5 V/3 V 4-Channel Multiplexer ADG604

Children's Medical Center Dallas - Strategic SWOT Analysis Review

-SFYLYHTC06 FOR MESSRS. :

LCM NHD-12032BZ-FSW-GBW. User s Guide. (Liquid Crystal Display Graphic Module) RoHS Compliant. For product support, contact

FOR MESSRS. : WC1602A PAGE: 1/12 CONTENTS

Epicor Software Corporation - Strategic SWOT Analysis Review

Managing Decontamination in Dental Practice Dental Clinical Guidance

E. OZCEYLAN /International Journal of Lean Thinking Volume 1, Issue 1 (June 2010)

50 C (122 F) Settlement, 5 days, % Storage Stability Test, 24 hours, % (2) 1 max. 1 max. 1 max. 1 max.

Medical Information Technology, Inc. - Strategic SWOT Analysis Review

GL-Month End Closing Procedures. User Guide

OBSTRUCTION LIGHT OL 150-LED 230V

Flamco Stainless steel mountings

Digital display DA 48

APPROVAL SHEET. Chip Coolers. Spire Corp.

FACULTY OF COMMERCE DEPARTMENT OF MARKETING

Preparation of core-shell magnetic nanoparticles for biosensor construction. Supplementary materials

Focus Product Selector Guide

DEADLINE FOR APPLICATIONS IS Friday, APRIL 1, 2016

GRADUATE PROGRAM LEARNING OUTCOMES

Film Scanner The term Film Scanner can refer to a dedicated slide and negative film scanner or to a capture type scanner.

Formal Concept Analysis used for object-oriented software modelling Wolfgang Hesse FB Mathematik und Informatik, Univ. Marburg

Ms. Ifeyinwa Ikeonu Council Member ECOWAS Regional Electricity Regulatory Authority (ERERA) Accra, Ghana

KIRÁLY TRADING KFT H-1151 Budapest Mogyoród útja 12 14tel: Hinges

Configurable High Performance SMD TCXO/VCTCXO

CONVERTING TO AND FROM PRIMAVERA SURETRAK AND P3 TO MICROSOFT PROJECT MPX & MPP FORMAT PAUL E HARRIS EASTWOOD HARRIS. REVISED 4 August 2003

Epic Systems Corporation - Strategic SWOT Analysis Review

Oregon Real Estate Agency Approved Pre-License Real Estate Schools

Transcription:

ReusebyContract Abt.Softwaretechnologie,TechnischeUniversitatBraunschweig GregorSnelting BerndFischer Bultenweg88,D-38106Braunschweig,Germany Email:ffisch,sneltingg@ips.cs.tu-bs.de Fax:+49-531-391-8140 Tel:+49-531-391-7579 nentsareassociatedwithcontracts formalmodelsoftheirfunctionalbehaviour andadmin- istered,retrieved,andreusedbythese.wearguethatreusebycontractisnecessaryforsafe solutionsinordertomakereusebycontractpractical. Keywords:formalmethods,reuse,softwarecomponentretrieval,specicationmatching,au- Reusebycontractistheapplicationofformalmethodstosoftwarereuse:softwarecompo- Abstract reuseinaformalprocessmodel,butishelpfulevenformoretraditionalsoftwaredevelopment. Wediscusssomeobstaclesagainsttheuseofformalcomponentspecications,andproposesome acceptanceproblems;discusstoolarchitectures;studyrelationwithoodesignmethods;study tomateddeduction. WorkshopGoals:Discussthedesignofreusablecomponentlibraries;discusswaystomitigate combinationwithstructuralcodereusemechanism(e.g.,patternsorfunctors.) 1

areassociatedwithcontracts formalmodelsoftheirfunctionalbehaviour andadministered, Reusebycontractistheapplicationofformalmethodstosoftwarereuse:softwarecomponents 1 Background retrieved,andreusedbythese. Similarapproacheshavebeenproposedbefore(e.g.,[KRT87,RW91,MM91])butwithoutconvincingsuccess.ThegoalofourprojectNORA/HAMMR1[FKS95c,FKS95b,FKS95a]isthustomake reusebycontractpractical.weinvestigate reuse-friendlyspecicationtechniques, libraryorganizationtechniquesbasedoncontracts, scalableandecientarchitecturesforreusebycontract, theintegrationofreusebycontractandconventionalreusemechanisms. itsinteractionwithformalsoftwaredevelopmentprocesses,and deductivecomponentretrieval, Ourlong-termgoalistobuildasystemwhichsmoothlyintegratescomponentdesign,implementation,andvericationwiththesystematicreuseofafullyspeciedandveriedcomponentlibrary. ofautomateddeductiontechniquestosolvetheprooftasksemergingfromdeductivecomponent OurworkonNORA/HAMMRstartedin1994.Ourmaintopicsofarhasbeentheapplication jointresearchprojectondeductionshowthatcurrenttheoremproversarecapabletosolveenough retrieval.alargenumberofexperimentsdoneincollaborationwithcolleaguesfromthegerman onanimprovedlibraryorganziationandtheintegrationofaprogramvericationsystem. contractlanguagebutcangenerateprooftasksfordierenttheoremprovers.wecurrentlywork oftheemergingtasks.ourimplementationistailoredtowardstheseexperiments.itusesvdmas 22.1WhatisReusebyContractreally? Position intotheactualmediumbywhichclientandprovidercannegotiatereuse: whichemphasisestheimportanceofformalspecicationsandinterleavesthemwithactualcode. Reusebycontractisanattempttoliftthisstyletocodereuse.Itsbasicideaistoturnthecontracts B.Meyerhascoinedthephrasedesignbycontract[Mey92]todenoteasoftwaredevelopmentstyle sponsoredbythedfgundergrantsn11/2-3. 1NORAisnorealacronym;HAMMRisthehighly-adaptivemulti-methodretrievaltool.Thisworkhasbeen Theclientstateshissideofthecontractasapairofgrantedpre-andrequiredpostcondition. 2

Negotiationisdenedintermsofthecontract:anoeredcomponentissuitedforreuseif Theproviderformalizeshisbid(i.e.,eachlibrarycomponent)theotherwayround,asapair theinvolvedpre-andpostconditionssatisfyawell-denedlogicalrelation. ofrequiredpre-andgrantedpostcondition. problemtobesolvedandassuchsometimesidentiedwithreusebycontract.inouropinion, reuseeectsandthusjustifythename\reusebycontract."inaformalsetting,thecontracts Thenegotiationprocess,alsocalleddeductivecomponentretrieval,isthemostimportanttechnical however,onlyitsintegrationintoaformalsoftwaredevelopmentprocesswillleadtosignicant arisenaturally(e.g.,fromrenements)anddonotimposeanyextraworkonthedevelopers. Ontheotherside,designbycontractisnotpersereusebycontractastheexistenceofalibrary doesnotautomaticallyimplyitsre-use.thedierenceisintherolesthecontractsplay.inthe Consequently,reusecanbebuiltintoprogramdesignfromtheverybeginning. designapproach,contractsarepassiveandconnedtothelibrary.theydonotonlydescribethe componentspropertiesbutarealsotheirpossessions.thereuseapproachremovesthisasymmetry contracts. and\activates"thecontractsforprospectiveclients.itisawaytoexploitthefullpowerof Prooftasksformalizethisrelation;theirexactnaturedeterminesformandeectsofreuse. Componentscanbereusediftheybridgethegapbetweentheclientsstatedpre-andpostcondition. 2.2ProofTasksandCodeReuse andhiswishes(thepostcondition)isbridgedcompletely.acomponentccanbepluggedinand hisqueryq.thisidealsituationisusuallyformalizedinthefollowingcondition,orprooftask:2 thusclosethegapifithasaweakerpre-andastrongerpostconditionthantheclientrequiresin Themostecientformofreusetakesplaceifthegapbetweentheclient'soer(theprecondition) qevenifitsresultsontheextendeddomaindonotttheoriginalquery,wemustrestrictthe Thisprooftaskishowevernotadequateifqisapartialfunctionbutnotc.Ifwewantctomatch (preq)prec)^(postc)postq) (1) tasksoftheform Thisso-calledplug-incompatibilitysupportssafereuse.Theretrievedcomponentsmaybeconsideredasblackboxesandmaybereused\asis",withoutfurtherprovisoormodication. (preq)prec)^(preq^postc)postq) (2) implicationbetweenthepostconditionsonthedomaingivenbypreq.wethusworkwithproof Another,weakerformoftheprooftasksemphasizestheclientspostconditionandretrievesall componentswhichsatisfyitatleastontheirowndomain: logicalfunctionsoftherespectiveparameters.however,toimprovethelegibility,weusethistraditionallyabbreviated andthequeryandalsocontainequationsrelatingtheparameters.likewise,thepre-andpostconditionsareofcourse 2Actually,theprooftasksareuniversallyclosedwrt.theformalinputandoutputparametersofthecomponent prec^postc)postq (3) formulations. 3

hastosatisfytheopenobligationprec.inaformalframework,however,(3)isjustiedbecauseit describesanormalrenementstep:theclienttradeshisownopencontractpostqagainsttheusually Generally,codereusebasedonthisconditionalcompatibilityispotentiallyunsafebecausetheclient tobeproven. Toincreasetherecall,conditionalcompatibilitycanberelaxedfurtherbyagaintakingtheclient's simplerprecbyre-usingc.notethat(3)isalsomoreecienttocheck,asonlyoneimplicationhas preconditionintoaccount.butincontrastto(2)itisnowaddedtothepremise: restrictedbyprec^preq.byvaryingpreq,clientscancontrolrecallandgranularityofreuse.the Hence,partialcompatibilityretrievesallcomponentswhichdo\therightthing"atleastonadomain prec^preq^postc)postq (4) strongeritis,themorecomponentsareretrievedbutthesmallleristheirrespectivebenet,simply 2.3Signicance becausepreqactsasanadditionalopenobligation. Theinvestigation[Lio96]oftherecentAriane5disasterrevealedthatitwascausedbythereuse ofanunmodiedariane4softwarecomponentwhichledtoanuncaughtexceptioncrashingthe reasonforthecrashwasthecomponentsfailuretostateitsassumptions,i.e.,theabsenceofa softwareandhencethespacecraft.in[jm97],however,jezequelandmeyerarguethattheultimate contract.theyconclude \Thereisamoresimplelessontobelearnedfromthisunfortunateevent:Reusewithout acontractisasheerfolly.fromcorbatoc++tovisualbasictoactivextojava, ofpotentiallydisastrousconsequences." process.toattempttoreusesoftwarewithouteiel-likeassertionsistoinvitefailures hopesaredoomedtoproduceresultsfarworsethanatraditional,reuse-lesssoftware thehypeisonsoftwarecomponents.theariane5blundershowsclearlythatnave Wesharethisconclusionasmotivationforourwork. 2.4Benets Fortheusers,thebiggestvisiblebenetisofcoursetheabilitytoretrievecomponentswhich provablymatchtheirneeds.provablymatchingcomponentsincreasetheoverallqualityofthe benetscanbeidentied. software.theyalsoimprovethesoftwareprocess,theproductivityandotheraspectsofsoftware Plug-incompatibility{and,toasmallerextent,conditionalcompatibility{aremostusefulin development.dependingonthekindofcompatibilityused(plug-in,conditionalorpartial),several aformaldevelopmentprocess.here,itcanbeusedforthesafecompositionofcomponents.a componentwhichsatisesaprooftaskisguaranteednottocompromisetheoverallcorrectness. Thisistrueevenforconditionalcompatibility,if{asisoftenthecase{therenementprocesscan generatethecomponent'sprecondition.safecompositionpreventsreusedisastersliketheariane 4

Insomecasessoftwarecompositionfromformallyspeciedcomponentscanbedoneautomatically. componentreuse,andreusebycontractistheonlyavailabletechnology. case.safecompositionisamustforanysafety-criticalsoftwareprojectwhichwantstoutilize Bymeansofconstructivetypetheory,aformalspecicationcanbetransformedintoexecutable codewhichmayalsocontaincallsto(formallyspecied)librarycomponents.needlesstosay,the resultingcodeisprovablycorrect. Onceanewpieceofsoftwarehasbeenconstructedbysafecomposition,automaticallyornot, Developmentstepsarelarger,andanactualimplementationforsubsystemscanbeobtainedearly, anyway.furthermore,reusebycontractoersadditionalsupportforaformaldevelopmentprocess. overhead:inaformalprocess,thespecicationofanewcomponentorsubsystemmustbesupplied itcanbeaddedtothelibrary.hencethebasisforreuseisincreased,withoutanyadditional feedbackisobtainedwhichencouragestheuseofformalspecicationsanddedicatedtechnology therebysupportingverticalprototyping.ifnewcomponentsareaddedtothelibrary,apositive andtools(e.g.veriers)foraformaldevelopmentprocess. requiremanualchecksorevencomponentmodicationsinordertomatchthecomponentsprecondition.forasoftwaredeveloperwhoseprimaryinterestistondreusablecomponents,thisisnot ordertoutilizepartialcompatibility.still,useofaformalpostconditionconsiderablyincreasesthe precisionofcomponentsearch,thatis,reducestheprobabilityofndingirrelevantcomponents. anobstacle.iftheprimarygoalistoreusecode,thedeveloperwillbereadytoprovidethestronger context,partialcompatibilitywillbemostuseful.partialcompatibilityhashighestrecall,butmay Inalessformalsoftwareprocess,reusebycontractstillimprovessoftwaredevelopment.Insucha preconditionneededforconditionalcompatibility,orevenextendthecomponent'sfunctionalityin notformallyspecied.ifdierentvendorsoerthesamelibrary,therewillbesubtledierences Reusebycontractisattractiveevenforthosewhoprefercommercialsuccessoversafetyorimproved componentretrieval.today'slibraries(forexample,thestandardtemplatelibraryforc++)are betweenimplementations.asaconsequence,auserwillnotbeabletoswitchfromonelibrary animplementation-independentspecication{astandard{foracomponentlibrary.today,such standardshavebeenestablishedinothersoftwareandhardwareareas;usageofformalspecications implementationtoanother{enablinglibrarymonopoliesandpreventinginnovativevendorswith smallmarketsharefromcommercialsuccess.hencemarkettransparencyrequiresthatthereis 2.5Obstacles asstandardsforlibrarieswillresultinbetterreturnoninvestmentforindependentlibraryvendors. colleagueputit:\ifineedasortroutine,isaygrepsort!" hardtask.themajorimpedimentisthegeneralacceptanceproblemofformalmethods.asone Thereareacoupleofproblemswhichmakeasuccessfulimplementationofreusebycontracta Withoutaformalsoftwaredevelopmentprocess,theup-frontcostsbecomefairlyhigh.Programmersarenotusedtocontractingandmayconsideritmerelyasanadditionalburdenwhichremains thefeed-backdescribedabove.worstofall,duetothegeneralindierenceinformalmethods,the construction,however,istime-consumingandexpensive,especiallywhenitisnotsupportedby withoutanybenetaslongastherearenoornotenoughspeciedlibrariestobereused.library marketoersonlyveryfewspeciedlibrariestobeginthisprocesswith. 5

complicatedparametersettingsfortheprover,specifydetailsheconsidersirrelevant,orprovide postconditionsinsomecrypticproverlanguage,reusebycontractwillnotbesuccessful. The\lookandfeel"ofareusesystemalsocanimpairitsusefulness.Iftheenduserhastodealwith Anothersourceofproblemsisthecomputationalcomplexityofdeductivecomponentretrieval.Long moretechnicalaspectmayleadtoevenmorecomplicatedprooftasks.ifproviderandclientuse componentswhichinturnpromiselargerpay-osmaybecometoolargeortoocomplicated.a responsetimesduetoinsucientdeductivepowercaneasilyrendertheentireconceptimpractical; dierentmathematicalconcepts(e.g.,setsandlists)theresulting\viewmismatch"canonlybe thisinparticularaectsscale-upforbiglibrariesorcomplicatedcomponents.contractsforlarger Inanon-formalsoftwareprocess,theuseofformalspecicationscanevenhampertheretrieval solvediftheproverdeducesthenecessarymappings. abilities.thereasonisthatrecallmaysuerfromtheoverwhelmingprecisionofformalspecications.ifthereisacomponentwhichdiersonlyslightlyfromwhattheuserwants,itwillnot falsestatementswhichmaybackreinareusecontext.notethatinaformalprocess,thisproblem doesnotoccuraspartialor\fuzzy"contractfulllmentisnotacceptable. befound,becausetheproofobligationcannotbefullled(\nearmiss").theoremproversdonot haveanotionofan\almostprovable"statement,anditisthissharpdistinctionbetweentrueand Thereisnomedicineforpeoplewhorejectformalmethods.Theonlyargumentwhichmightappeal 2.6PossibleSolutions Firstofall,aretrievalsystembasedonformalspecicationsmusthidethedeductivemachinery buttoaugmentthem.foralltheotherproblems,solutionscanbeoutlinedasfollows. tothemisthatreusebycontractisnotgoingtoreplaceexisting,establishedretrievalmethods, eratingproverinputetc.mustbeinvisibletotheuser.instead,theretrievaltoolshouldoer completely.anydetailsforsettingproverparameters,synchronizingparallel-runningprovers,gen- expert.theendusermustnotbebotheredbythis. accesstomoretraditionalretrievalalgorithms.assomebodyhastotakecareofpreprocessingand aninterfacewhichutilizestheenduser'slanguageandconcepts;inparticular,itshouldalsooer Inordertotackletheperformanceandscale-upproblems,weutilizetwomechanisms:abstraction tuningtheformalspecicationsandtunethedeductiveengine,weproposethatthisisdonebyan needed,somtimesamorecompactcomponentdescriptionissucient.multiplelayersofspecicationscanbeusedtoseparatethecorefunctionalityfromnon-functionalimplementationaspects ase.g.structuresharing[ph95].thiscanbeachievedbyadomain-speciclogicwhichwouldnot Incrementalitymeansthatseveralprocessesmustcooperateinordertoachieveanincreasingreductionoftheproblemspace.NORA/HAMMRusesalterchaininordertoreducetheburden onlyimprovethedeductiveabilitesofthesystembutwouldalsobebenecialfortheenduser.3 andincrementality.abstractionmeansthatnotalwaysatraditionalformalspecicationwillbe ofthetheoremprover.thechainconsistsofaseriesofltersofincreasingpower,theproveris setofpredenedfunctionandpredicatenamesisdened,whosemeaningisgivenbysomeadditionalaxioms. signaturematchingandmodelchecking.signaturematchingselectscomponentsaccordingtoa onlythelastelementinthechain.chaincongurationmayvary;atypicallterchainincludes 3Itistechnicallyeasytocreateadomain-specicextensionofaspecicationlanguage:thisonlyrequiresthata 6

specicationoftheirinterfacealone.modelcheckingisusedinordertodiscovernon-theorems:ifa counterexampleinsomesmallmodelcanbefound,theproofobligationisconsideredanon-theorem andthecomponentrejected.bothtechniquesmaynegativelyaectrecallaswellasprecision,as numberofproofobligationssurvivesthepreliminarylters. interfacesistoorestrictive.4buttheygreatlyreducetheburdenoftheprover,asonlyasmall acounterexampleinanitemodelof,say,theintegersmaybeinvalid,anddemandingidentical similaritiesbetweenthetypesinquestionwhichinturncanbeusedtoconstructsomeofthe abstractionfunctionsautomatically. Signaturematchingcanalsohelpwiththeviewmismatchproblem.Itidentiesthestructural oftheprover,weagainproposeabstractionandincrementality.theuserinterfacemustallowto ingthesetofsurvivingcomponents.furthermore,useofadomain-specicspecicationlanguage incrementallysharpenthepostcondition(orweakentheprecondition),therebyincrementallylter- Inordertoreducetheriscofnotndingcomponentsduetooverspecicationor\nearmisses" oerstheappropriateabstractionstotheuser;nearmissesduetoerroneouslow-levelspecication detailsareavoided. descriptionsandreferenceimplementations.theindustrial-strengthexampleofacontract-based 3Mostworkonlibrarydesign(e.g.,[MS96,Knu93])followsthetraditionalstyleofinformalorstylized Comparison asubsumptionrelationbetweencomponentsandstructuretheirlibrariesaccordingly.similarly, librarydesignweknowofismeyer'swork[mey94].thereis,however,somemoreresearchwork,e.g. [LW94]denethenotionofbehavioralsubtypeasanextendedmeanstoorganizeclasslibrariesand theresolveproject[sw94].both[jc93]and[mmm94]useformalspecicationstodetermine [Lea91]hasdevelopedtechniquestosupportthespecicationandvericationofobject-oriented thecomponentsanditsbuilt-inhigher-orderunicationasretrievalmechanism.moormanzaremski programs. andwing[mw95]werethersttoexploredierentmatchrelations;ourownwork(cf.section2.2) expandsontheirresults.theyalsointroducedtheuseofa\real"specicationlanguage(larch/ml) Deductivecomponentretrievalhasalsobeeninvestigatedby[RW91]whichusedPrologtospecify forcomponentdescription.withtheexceptionof[ste91]whichworkswithalgebraicspecications, mostotherapproachesnowalsouselanguageswhicharesomesugaredvariantofrstorderlogic. However,while[MW95]appliestheassociatedinteractiveLarchProvertosolvetheprooftasks, Amorepragmaticapproachtodeductiveretrievalistousethecomponentstypesastheirspecications(e.g.,[Rit91].)Thissignaturematchingallowstheapplicationofmoreecientreasoning isthusasuccessfultoolforfunctionallanguageswhichoerrichtypestructures.thebehavioral bycontractbutitcanstillbeusedasafastpre-lter. mechanisms(e.g.,order-sortedtheoryunication)butalsoaveryconcisequeryformulation.it [FS97]tomakeitpractical. theirsheernumberrequiresanautomatedtheoremproverase.g.,otter[mmm94]orsetheo abstractionwhichisinherenttotypesmakesanunmodiedtype-basedretrievalunsuitedforreuse andfortheformerweproposetheuseofabstractmodelchecking. 4Infact,thelatterproblemcanbetackledbyuseofadditionalaxiomswhichallowe.g.interchangesofparameters, 7

environments.theparissystem[krt87]supportedthesemi-automaticconstructionofprograms overalibraryofso-calledschemes,i.e.,programfragmentswhichareenrichedbyassertionsabout theircombinationandinstantiationpossibilites.theconstructionprocessthengeneratedproof Therehasalsobeensomeearlierworktointegratedeductiveretrievalintosoftwaredevelopment taskswhichweresolvedbytheboyer-mooretheoremprover.theinscapesystem[per87]aimed andneverlefttheprototypestage. support.however,bothsystemsworkedwithseverelyrestrictedlogicsandinferencemechanisms atthedevelopmentoflargesoftwaresystemsbasedonspecications;italsooeredsomeretrieval Lowryetal.[LP+94]utilizedaformallyspeciedlibrarywhichcontainsfunctionsforcelestial mechanicsandspaceshipcoursecomputations.afterprovidingaformalspecicationofe.g.aspace vehicle'sdestinationpointandtime,thesystemautomaticallycomposesaprogramconsistingof callstoappropriatelibraryroutines,whichcomputetheightdata.lowry'ssystemusesadomainspeciclogic,whichinturnishiddenfromtheuserbyasophisticatedgraphicaluserinterface. Althoughspeciedcomponentlibrariesareanecessaryrequirementforanycodereusemechanism 4workingwithformalmethodsandnotonlyforreusebycontract,theyareanearlyextinctspecies. ResearchTopics speciedlibrarieswhichmustalsocovernon-functionalaspectsofcomponentswhichtraditionally WethinkthatthecommunityshouldtakeuptheleadofMeyerandworktowardsrealistic,formally matterfortheusers,e.g.structuresharing.thisworkshouldalsoincludethedevelopmentof appropriatedomain-speciclogics. nentsrequiresalotoffurtherresearch.firstofall,exiblecomponentsareparameterized(generic Largerbenetsareexpectedfromreusingcomponentsofamuchcoarsergranularitythansimple Anextstepcouldbeaninvestigationaboutspecicationsofdesignpatternsorparameterized packages,c++templatesetc).thusevensignaturematchingrequireshigher-orderunication. functions(\megaprogramming",[wwc92].)scaling-upspecicationmethodstosuchmegacompo- situationwheretherearethousandsofsimpleproofobligations,andalmostallofthemarenontheorems.furthermore,methodshavetobedevelopedforfastrejectionofnon-theoremswhichdo Scale-upalsoconcernsdeductiveretrieval.Firstofall,theproversmustbeadaptedtoreecta modules/functors.havingafullyspeciedpatternlibrarywouldbeaniceargument. notcompromiserecall.onepromisingcandidateisabstractmodelchecking[jac94].probablythe couldbyrelaxedbyintroducingsomeapproximatereasoning.however,thisrequiresappropriate Finally,toincreasethenumberofreuseopportunites,thestrictcompatibilitiesdenedin2.2 combinationofbehaviouralsubtypingandsignaturematchingalsoworkstothisend. automaticcomponentadaptionmechanismstomaintaintheintegrityofreusebycontract. References [FKS95a]B.Fischer,M.Kievernagel,andG.Snelting."Deduction-BasedSoftwareComponent Retrieval".InJ.Kohler,F.Giunchiglia,C.Green,andC.Walther,(eds.),Working 8

[FKS95b]B.Fischer,M.Kievernagel,andW.Struckmann."High-precisionretrievalforhighqualitysoftware".InI.M.Marshall,W.B.Samson,andD.G.Edgar-Nevill,(eds.), andprograms,pp.1{5,montreal,august1995. NotesoftheIJCAI-95Workshop:FormalApproachestotheReuseofPlans,Proofs, [FKS95c]B.Fischer,M.Kievernagel,andW.Struckmann."VCR:AVDM-basedSoftwareComponentRetrievalTool".InM.Wirsing,(ed.),WorkingNotesoftheICSE-17Workshop Dundee. Proc.4thSoftwareQualityConf.,pp.80{88,Dundee,July1995.UniversityofAbertay [FS97] onformalmethodsapplicationinsoftwareengineeringpractice,pp.30{38,seattle, B.FischerandJ.M.P.Schumann."SETHEOGoesSoftwareEngineering:Application Wash.,April1995. [Jac94] D.Jackson."AbstractModelCheckingofInniteSpecications".InM.Naftalin, ofatptosoftwarereuse".inw.mccune,(ed.),proc.14thcade,lnai1249, T.Denvir,andM.Bertran,(eds.),Proc.2ndFME,LNCS873,pp.519{531,Barcelona, Townsville,July1997.Springer. [JC93] J.JengandB.H.C.Cheng."Usingformalmethodstoconstructasoftwarecomponent October1994.Springer. [JM97] J.-M.JezequelandB.Meyer."DesignbyContract:TheLessonsofAriane".IEEE library".ini.sommervilleandm.paul,(eds.),proc.4thesec,lncs717,pp.397{ Computer,30(1):129{130,January1997. 417,Garmisch-Partenkirchen,September1993.Springer. [Knu93] [KRT87]S.Katz,C.A.Richter,andK.S.The."PARIS:ASystemforReusingPartiallyInterpretedSchemas".InProc.9thICSE,pp.377{385,Montery,CA,March1987.IEEE D.E.Knuth.TheStanfordGraphBase:APlatformforCombinatorialComputing.ACM Press,NewYork,1993. [Lea91] G.T.Leavens."ModularSpecicationandVericationofObject-OrientedPrograms". IEEESoftware,8(4):72{80,July1991. ComputerSocietyPress. [Lio96] [LP+94]M.Lowry,A.Philpot,T.Pressburger,andI.Underwood."AMPHION:automatic J.L.Lionset.al.Ariane5Flight501FailureReport,1996. (eds.),proc.8thintl.symp.onmethodologiesforintelligentsystems,lnai869,pp. programmingforscienticsubroutinelibraries".inz.w.rasandm.zemankova, [LW94] B.LiskovandJ.M.Wing."ABehavioralNotionofSubtyping".ACMTOPLAS, 326{335.Springer,October1994. [Mey92] B.Meyer."Applying\DesignbyContract"".IEEEComputer,25(10):40{51,October 1992. 16(6):1811{1841,November1994. [Mey94] B.Meyer.ReusableSoftware:TheBaseObject-OrientedComponentLibraries.Prentice- Hall,EnglewoodClis,1994. 9

[MMM94]A.Mili,R.Mili,andR.Mittermeir."StoringandRetrievingSoftwareComponents:A [MM91] P.ManhartandS.Meggendorfer."Aknowledgeanddeductionbasedsoftwareretrieval tool".inproc.4thintl.symp.onarticialintelligence,pp.29{36,1991. [MS96] D.R.MusserandA.Saini.STLTutorialandReferenceGuide.Addison-Wesley,1996. Italy,May1994.IEEEComputerSocietyPress. Renement-BasedSystem".InB.Fadini,(ed.),Proc.16thICSE,pp.91{102,Sorrento, [MW95]A.MoormanZaremskiandJ.M.Wing."SpecicationMatchingofSoftwareComponents".InG.E.Kaiser,(ed.),Proc.3rdFSE,pp.6{17,Washington,DC,October1995. [Per87] ACMPress. D.E.Perry."TheInscapeEnvironment".InProc.11thICSE,pp.2{12.IEEEComputer [PH95] A.Poetzsch-Heter."InterfaceSpecicationforProgramModulesSupportingSelective UpdatesandSharingandtheirUseinCorrectnessProofs".Softwaretechnik-Trends, SocietyPress,May1987. [Rit91] M.Rittri."Usingtypesassearchkeysinfunctionlibraries".JFP,1(1):71{89,January 15(3):116{125,October1995.Proc.Softwaretechnik95,G.Snelting(ed.). [RW91] E.J.RollinsandJ.M.Wing."SpecicationsasSearchKeysforSoftwareLibraries".In 1991. [Ste91] R.A.Steigerwald.ReusableSoftwareComponentRetrievalviaNormalizedAlgebraic K.Furukawa,(ed.),Proc.8thIntl.Conf.Symp.LogicProgramming,pp.173{187,Paris, June24-281991.MITPress. [SW94] M.SitaramanandB.W.Weide."SpecialFeature:Component-BasedSoftwareUsing RESOLVE".ACMSIGSOFTSoftwareEngineeringNotes,19(4):21{22,October1994. Specications.PhDthesis,NavalPostgraduateSchool,December1991. [WWC92]G.Wiederhold,P.Wegner,andS.Ceri."Towardmegaprogramming".Communications Biographies oftheacm,35(11):89{99,november1992. ofbraunschweig.hisinterestsincludeformalspecication,automateddeductionandfunctional programming.hereceivedhisdiplomaincomputersciencefromthetubraunschweigin1990. BerndFischerisresearcherattheDepartmentofSoftwareTechnologyattheTechnicalUniversity schweig.hismaininterestistoutilizedeductiveandalgebraictechniquesinordertoimprove softwaredesign,congurationmanagement,componentreuse,softwarereengineering,andsoftware GregorSneltingisaprofessorforsoftwaretechnologyattheTechnicalUniversityofBraun- validation.hereceivedadiplomaincomputerscienceandmathematics(1982)andaphdin technologygroupin1991. computerscience(1986)fromthetudarmstadt,andbecameprofessorandleaderofthesoftware 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information