Bernard Sufrin

Specification of the UNIX Filing System

A specification of the UNIX filing system is given using a notation based on elementary mathematical set theory. The notation used involves very few special constructs of its own. The specification is detailed enough to capture the filing systems behavior at the system call level, yet abstracts from issues of data representation, whether in programs or on the storage medium, and from the description of any algorithms which might be used to implement the system. The presentation of the specification is in several stages, each new stage building on its predecessors; major concepts are introduced separately so that they may be easily understood. The notation used allows these separate stages to be joined together to give a complete description of each filing system operation-including its error conditions. Features of the specification notation are explained as they are used, and the Appendix gives the definitions of the symbols drawn from set theory.

Formal specification of a display-oriented text editor

Abstract We present a formalization of the design of a display-oriented text editor. The formalization is rigorous enough to serve as a touchstone for the correctness of implementations of the editor and to permit various desirable properties of the design to be proven. The formalization is expressed in (slightly embellished) conventional mathematical notation whose unusual aspects are explained in the text.

Animating Formal Proof at the Surface: The Jape Proof Calculator

Jape is a program which supports the step-by-step interactive development of proofs in formal logics, in the style of proofs-on-paper. It is uncommitted to any particular logic and is customized by a description of a collection of inference rules and the syntax of judgements. It works purely at the surface syntactic level, as a person working on paper might. In that spirit it makes use of explicit visible provisos rather than a conventional encoding of logical properties. Its principal mechanism is unification, employed as a search tool to defer decisions about how to proceed at difficult points in a proof. The design aim is to produce a tool which makes step-by-step proof calculations so straightforward that novices can learn by exploring the use of a pre-encoded logic. Examples of proof development are given in several small logics.

Jape: A Calculator for Animating Proof-on-Paper

If you suppose that it would be pointless to simulate proof-on-paper; if you imagine that all the problems of interactive theorem-proving are solved; if you are sure that making a user interface is a matter of bolting a bit of Tcl/Tk onto a theorem-proving engine; if you believe the more buttons the better in a graphical user interfaces — read no further, lest your prejudices be disturbed!

Type Inference in Z

Generic definitions provide an important part of the power of the Z notation, allowing the standard toolkit of mathematical notation to be built up from a very small set of primitives, and permitting application-oriented theories to be constructed with an appropriate degree of abstraction and generality. Although there is a notation for supplying explicitly the actual generic parameters when a generic constant is used, it greatly improves the readability of a Z document if the actual parameters are left to be inferred from the context, especially since every symbol from the basic mathematical toolkit would otherwise need explicit generic type parameters. In this paper we present and justify a method by which a type-checking program can carry out this inference of implicit generic parameters and check that the context determines them unambiguously. In the appendix we show the text of a type-checker for Z written in standard ML.

Software that assists learning within a complex abstract domain: the use of constraint and consequentiality as learning mechanisms

This paper describes a research project into undergraduates’ use of a software tool to learn symbolic logic—a complex abstract domain that has been shown to be intimidating for students. The software allows the students to manipulate proofs in certain ways and then calculates the consequences of their actions. A research method has been developed that allowed students’ use of this tool to be modelled, and this model was then used to identify, refine and create visual cues that provide support for students’ reasoning. The focus of this paper is the role of the software as an artefact to aid students’ visualisation of reasoning processes rather than the logic itself. The main mechanisms by which this visualisation is supported are the imposition of constraints on the actions available and the demonstration to students of the consequences of their actions. The study shows that the software encouraged experimentation with different routes to a proof, and constituted a challenge to fixated reasoning.

Eclectic CSP: a language of concurrent processes

We present the main features of Eclec t ic CSP an experimental language designed to support the specification and implementation of intelligent telecommunication network services, but applicable to any field requiring interprocess communication, a safe type system, and modular implementation.

Towards the formal specification of a simple programming support environment

In order to make precise some of the desirable features of a programming support environment, and in order to encourage others to do likewise, this paper presents the formal specification of a small module or package manager suitable foruse in a Modula or Ada environment.

Functional Pearl Deduction for functional programmers

We investigate how formal logic can be introduced to students who are familiar with functional programming in a way that takes advantage of their familiarity with higher order functions, free data-types, homomorphisms, and induction principles. In our experience, students often struggle with formal logic because they are unclear about the distinction between theorems and metatheorems, the distinction between syntactic constructors and semantic operators (and hence the meaning of models and valuations), and the induction and recursion principles over proofs. Using a functional programming notation as a metalanguage clears up these ambiguities because of the imposed type discipline: theorems and metatheorems have distinctive types, so are easily distinguished; when operators are overloaded (for example, when they are used both in syntax and semantics) their different types can be written out; and the recursion and induction principles over proofs become straightforward because the data-type for proofs is explicitly described. As an added benefit, proofs — naturally tree-structured — need not be arbitrarily linearized just so that natural number recursion and induction can be performed on them. We present a Gofer (Jones, 1991) functional program script that defines datatypes for representing well-formed formulas, proofs, and sequents in the propositional logic. We then discuss the implementation of theorem and inference schemas and illustrate the latter by defining a function that provides a constructive proof of the Deduction Theorem. Finally, we compare our approach to prior work and conclude by remarking on other research we have done in this area.

Formal methods in system design and implementation

Abstract Late discovery of design errors is responsible for the very high cost of many computer-based information systems. Poor documentation of interfaces and poor quality of implementation is responsible for very high failure rates of even well-designed systems. Formal methods promise to relieve some of these problems. In this paper we show how formal methods may be employed during the design phase of a project to help clarify and validate ideas, and during the implementation phases to increase confidence in the code.