David Hemer

Specification-based retrieval strategies for module reuse

Formal specifications have been proposed as a basis for accessing reusable components from libraries, and various fine-grained specification-matching approaches have been developed to assist in searching libraries. Typically, however, the granularity of matching has been too fine for reuse to be effective. Compounding the problem is the fact that coarse-grained items usually require adaptation before reuse. The paper explains some of the problems and presents a generic solution to a key problem: adaptation of modules through parameter instantiation and subsetting. It shows how unit-matching strategies can be lifted to module level in a generic fashion.

Specification matching of state-based modular components

Retrieval of software components from a library relies on techniques for matching user requirements against library component interfaces. Here we introduce a number of techniques for matching formally specified, state-based modules. These techniques will form the basis for retrieval tool support. The techniques described are built on existing specification matching methods, based on individual functions, specified using pre- and post-conditions. We begin by defining a basic module matching technique, based on matching the individual units within a module. We consider variations of this technique that take into account two important features of modules: the visibility of module entities; and the use of state invariants. An advanced technique, based on data refinement and the use of coupling invariants, is also described.

Reuse of Verified Design Templates Through Extended Pattern Matching

CARE provides a framework for construction and verification of programs, based around the recording of reusable design knowledge in parameterized templates. This paper shows how pattern-matching can be used to aid in the selection and application of design templates from a reusable library. A general framework is presented which is independent of the particular matching algorithm used at the level of mathematical expressions. A prototype has been built which supports a large subset of the Z mathematical language.

Template-based construction of verified software

The use of formal verification to prove the correctness of software is increasingly being mandated by international standards for the development of safety critical systems. While formal development environments exist to assist in formal software development, formal verification is still an extremely difficult and time-consuming task, requiring expert skills not possessed by the typical software engineer. The authors propose a component-based development approach, where the aim is not so much to make savings in the cost of implementation, but instead to reduce the amount of verification that the software engineer needs to perform, as well as reducing the complexity of any remaining verification. This is achieved by providing reusable design templates that have been verified offline by an expert in mathematical logic and theorem proving. An important feature of the template language is the presence of higher-order parameters, which enable templates to be defined that are more widely applicable, thus giving better value for the one-off verification effort.

Supporting component-based reuse in CARE

The increased reliance on software in critical applications suggests a greater need for formal methods to be used in the development of such software. A number of formal languages and toolsets exist for developing formally specified and verified software; however experience tells us that the development of formally verified software, even with the current tool support, is an expensive process.By adopting a component-based development methodology, whereby software is developed from reusable components, significant savings can be made. In particular the amount of proof --- arguably the most expensive and difficult part of formal development --- can be greatly reduced by proving the correctness of reusable components once, off-line, prior to their use.Tools are required which support the user in adapting and retrieving components from libraries of formally specified components. This paper describes extensions to the CARE toolset that support adaptation and retrieval of reusable components.

Refinement Calculus for Logic Programming in Isabelle/HOL

This paper describes a deep embedding of a refinement calculus for logic programs in Isabelle/HOL. It extends a previous tool with support for procedures and recursion. The tool supports refinement in context, and a number of window-inference tactics that ease the burden on the user. In this paper, we also discuss the insights gained into the suitability of different logics for embedding refinement calculii (applicable to both declarative and imperative paradigms). In particular, we discuss the richness of the language, choice between typed and untyped logics, automated proof support, support for user-defined tactics, and representation of program states.

An industrial-strength method for the construction of formally verified software

The CARE method is a new approach to constructing and formally verifying programs. CARE has been developed in response to identified industrial needs for a formal software development method which does not require the user to be an expert in formal proof. Software engineers use CARE to develop compilable code from formal program specifications using a library of pre-proven, formally specified refinements. Tools help users build products by selecting and instantiating refinements to fit the problem at hand, and generating and discharging correctness-of-fit proof obligations. The paper introduces CAREs integrated notation for algorithm specification and development, and explains how correctness is checked. The method is illustrated on a small development.

Specification-based retrieval strategies for component architectures

In component-based software development (CBSD) programs are developed by combining reusable library components. Two of the main technical issues that need to be addressed are: locating suitable components in the library (retrieval); and adapting them to solve a specific problem. Intelligent retrieval techniques, based on matching formal specifications (so-called specification matching), have been developed to overcome some of the problems associated with traditional keyword-based retrieval techniques. Also approaches to semi-automating component adaptation have been proposed. These approaches are based on using component wrappers and component architectures for defining adaptation strategies. Such strategies can be represented by generic library templates that are parameterised over higher-order variables (therefore ensuring that they are applicable in a variety of situations). We would like to use existing specification matching techniques to locate suitable library adaptation templates. However, at present these two approaches are not compatible. This is because the current specification matching methods are based on matching first-order component specifications, whereas templates are specified using higher-order logic. In this paper we extend existing specification matching methods to handle higher-order library templates, with a focus on achieving the best possible tradeoff between automatability and precision/recall.

Peer Assessment of Group-Based Software Engineering Projects

Group-based software engineering projects are an important part of computer science and information technology curricula. Fair assessment of individual contributions to group-based projects remains a challenging problem. Peer-based assessment, where students assess their fellow team members, is seen as one answer to this. In this paper we discuss the key aspects that need to be addressed in order to develop a successful peer assessment method. We propose a method for carrying out peer assessments for a large software engineering class. We briefly describe a Web-based tool that we have developed to support our method, and comment on our initial experiences in using the tool.

Well-measuring programs

Any program that measures quantities from its physical environment must compute using correct and consistent units of measurement. Such a program is described as well-measuring. In many systems, particularly embedded control software, paying inadequate attention to units of measurement can result in catastrophe. Unfortunately, current programming languages and tools provide little aid to the programmer attempting to establish or verify the well-measuring property. We present a program analysis technique for inferring and checking the units used within a program. The technique combines traditional Hindley-Milner-style type inference with the use of static single assignment (SSA) form to enable analysis of imperative programs.