We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
To save content items to your account,
please confirm that you agree to abide by our usage policies.
If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account.
Find out more about saving content to .
To save content items to your Kindle, first ensure no-reply@cambridge.org
is added to your Approved Personal Document E-mail List under your Personal Document Settings
on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part
of your Kindle email address below.
Find out more about saving to your Kindle.
Note you can select to save to either the @free.kindle.com or @kindle.com variations.
‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi.
‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.
It is to be expected that logical frameworks will become more and more important in the near future, since they can set the stage for an integrated treatment of verification systems for large areas of the mathematical sciences (which may contain logic, mathematics, and mathematical constructions in general, such as computer software and even computer hardware). It seems that the moment has come to try to get to some kind of a unification of the various systems that have been proposed.
Over the years there has been the tendency to strengthen the frameworks by rules that enrich the notion of definitional equality, thus causing impurities in the backbones of those frameworks: the typed lambda calculi. In this paper a plea is made for the opposite direction: to expel those impurities from the framework, and to replace them by material in the books, where the role of definitional equality is taken over by (possibly strong) book equality.
Introduction
Verification systems
A verification system consists of
(i) a framework, to be called the frame, which defines how mathematical material (in the wide sense) can be written in the form of books, such that the correctness of those books is decidable by means of an algorithm (the checker),
(ii) a set of basic rules (axioms) that the user of the frame can proclaim in his books as a general basis for further work.
By
David Basin, Department of Artificial Intelligence, University of Edinburgh, Edinburgh Scotland,
Matt Kaufmann, Computational Logic, Inc. Austin, Texas 78703 USA
Edited by
Gerard Huet, Institut National de Recherche en Informatique et en Automatique (INRIA), Rocquencourt,G. Plotkin, University of Edinburgh
We use an example to compare the Boyer-Moore Theorem Prover and the Nuprl Proof Development System. The respective machine verifications of a version of Ramsey's theorem illustrate similarities and differences between the two systems. The proofs are compared using both quantitative and non-quantitative measures, and we examine difficulties in making such comparisons.
Introduction
Over the last 25 years, a large number of logics and systems have been devised for machine verified mathematical development. These systems vary significantly in many important ways, including: underlying philosophy, object-level logic, support for meta-level reasoning, support for automated proof construction, and user interface. A summary of some of these systems, along with a number of interesting comments about issues (such as differences in logics, proof power, theory construction, and styles of user interaction), may be found in Lindsay's article. The Kemmerer study compares the use of four software verification systems (all based on classical logic) on particular programs.
In this report we compare two interactive systems for proof development and checking: The Boyer-Moore Theorem Prover and the Nuprl Proof Development System. We have based our comparison on similar proofs of a specific theorem: the finite exponent two version of Ramsey's theorem (explained in Section 2). The Boyer-Moore Theorem Prover is a powerful (by current standards) heuristic theorem prover for a quantifier-free variant of first order Peano arithmetic with additional data types.
Chapters 4 and 5 describe a unifying framework for the structured systems development models. Such a framework is useful for several reasons:
(a) Many projects to provide theoretical support for systems development do not use the popular structured analysis and design models. As pointed out in Davis (1982) and Martin (1983, 1984), practitioners are rather hesitant to use new tools that involve an unfamiliar formal language. On the other hand, a unifying theoretical framework that adds formal components to the notations of structured specifications permits users to continue using existing popular practices.
(b) Different structured models are suitable for different situations, depending on the characteristics of user requirements, the emphasis and the stage of development (Colter 1982, Lauber 1982, Sanden 1989, Shigo et al. 1980). In other words, we may need more than one of these tools during the development process of a single system. If we provide systems developers with a means of mapping from one model to another, the efficiency of systems development may be greatly improved.
(c) A number of development aids have been designed for individual structured models (Delisle et al. 1982, DeMarco and Soceneantu 1984, Kampen 1982, Tse 1985, Tse and Pong 1989). However, these aids are useful only for individual models, and are not applicable to others. If a mapping can be found to transform one model to another, a development aid for one structured methodology may be applied to another.
The specifier constructs a theory and attempts to refute it (hypothetico-deductive) while the knowledge engineer assembles a mass of empirical rules whose verisimilitude is unquestioned (empirico-deductive). The systems engineer, meanwhile, takes the utilitarian approach: if it works, use it.
—Bernard Cohen et al. (1986)
There are existing formalisms for description … which are clear and well-understood, but lack the richness typical in descriptions which people find useful. They can serve as a universal basis for description but only in the same sense that a Turing machine can express any computation.
—Terry Winograd (1979)
Structured analysis and design methodologies have been recognized as the most popular tools in information systems development (Colter 1982). They are widely accepted by practising systems developers because of the top down nature of the methodologies and the graphical nature of the tools. A complex systems specification can be decomposed into a modular and hierarchical structure which is easily comprehensible. They enable practitioners to visualize the target systems and to communicate with users much more easily than conventional methods.
As a matter of fact, the structured methodologies have been designed by quite a number of distinct authors, each employing a number of models which vary in their in graphical outlook. These include data flow diagrams (DeMarco 1978, Gane and Sarson 1979, McMenamin and Palmer 1984, Weinberg 1980), Jackson structure diagrams, Jackson structure texts (Jackson 1975), system specification diagrams, system implementation diagrams (Cameron 1986, Jackson 1983), Warnier/Orr diagrams (Orr 1977) and structure charts (Page-Jones 1988, Yourdon and Constantine 1979).
An initial algebra framework has been proposed in the last chapter to integrate the structured systems development models. Given a specification in one structured model, the framework provides a formal means of mapping it to an equivalent specification in terms of another model. It does not, however, provide a means of developing the specification in the first place. Not does it consider refinement.
We find that the proposed term algebra as well as the DeMarco, Yourdon and Jackson notations fit nicely into a functorial framework. We can integrate the models by providing functorial bridges from one type of specification to another. An overview of the functorial relationships is shown in Figure 5.1. The framework also provides a theoretical basis for manipulating incomplete or unstructured specifications through refinement morphisms.
The main advantages of the functorial framework can be summarized as follows:
(a) A systems developer may conceive the target system in terms of structured tasks, which are the equivalents of standard structuring mechanisms such as sequence, selection and iteration used in the structured methodologies. The DeMarco, Yourdon or Jackson notations are simply seen as variations on the same theme.
(b) Although the initial algebra framework provides a formal means of mapping a structured specification from one form to another, it does not offer much help at the initial stage when we are trying to develop the specification. Using the functorial framework, we can refine a draft specification of structured tasks using morphisms, which preserves structuredness. Properties of continuous functions and structured functions can be used to verify the correctness of such manipulation. These concepts help a systems developer to visualize the internal structure of a system, assemble or refine subsystems, and verify the consistency and completeness of a design.
In this chapter, we shall give a further illustration of the theoretical usefulness of our framework by applying it in the identification of unstructuredness. Since DeMarco data flow diagrams are mainly used as communication tools with users during the analysis stage of systems development, they are problem-oriented and probably unstructured. Some mechanism must be available enabling us to detect the unstructured elements so that we can construct structured tasks and define refinement morphisms accordingly. We shall extend our concepts in tasks and show that only one single criterion is necessary and sufficient for identifying unstructuredness. Looking at it in another way, a single criterion is necessary and sufficient for proving a task to be structured.
Quite a number of papers have already addressed a similar problem of detecting unstructuredness in program schemes and transforming the schemes into structured equivalents. These papers can roughly be classified as follows:
(a) Many of the papers are based on heuristic arguments (Colter 1985, McCabe 1976, Mills 1972, Oulsman 1982, Williams 1977, Williams and Ossher 1978, Williams and Chen 1985). Each paper gives a new proposal supposedly better than earlier ones (Prather and Giulieri 1981). According to the arguments in McCabe (1976), Oulsman (1982), Williams (1977) and Williams and Ossher (1978), unstructuredness may be due to any of four elements — branching out of a loop, branching into a loop, branching out of a selection and branching into a selection. The identification of these elements, however, has remained a difficult task. Since unstructured elements cannot exist in isolation, the authors recommend that we should identify unstructured compounds, or combinations of unstructured elements. Unfortunately, the number of combinations is endless, so that we can never exhaust all the possible cases (Williams 1983).
Structured analysis and design methodologies have been recognized as a popular and powerful tool in information systems development. A complex system can be specified in a top-down and graphical fashion, enabling practitioners to visualize the target systems and communicate with users much more easily than by means of conventional methods. As a matter of fact, the structured methodologies have been designed by quite a number of distinct authors, each employing a number of models which vary in their graphical outlook. Different models are found to be suitable for different stages of a typical systems life cycle. A specification must be converted from one form to another during the development process. Unfortunately, however, the models are only derived from the experience of the authors. Little attempt has been made in proposing a formal framework behind them or establishing a theoretical link between one model and another.
A unifying framework is proposed in this book. We define an initial algebra of structured systems, which can be mapped by unique homomorphisms to a DeMarco algebra of data flow diagrams, a Yourdon algebra of structure charts and a Jackson algebra of structure texts. We also find that the proposed initial algebra as well as the structured models fit nicely into a functorial framework. DeMarco data flow diagrams can be mapped by a free functor to terms in the initial algebra, which can then be mapped to other notations such as Yourdon structure charts by means of forgetful functors.
All this will not be finished in the first one hundred days. Nor will it be finished in the first one thousand days, … But let us begin.
—John F. Kennedy (1961)
INTRODUCTION
In this chapter, we shall give an illustration of the practical usefulness of our framework. We shall discuss a prototype system which has been developed to implement the structured tasks. It has been implemented on a Macintosh using Turbo Pascal. It enables the user to draw a hierarchy of DeMarco-like task diagrams and stores them as structured tasks, which are stored physically in the form of pointers and linked lists. It helps the user to review the task diagrams to an appropriate level of detail, and zoom in/zoom out to lower/higher levels through refinements and abstractions as required. Given an incomplete task specification, the system prompts the user to define further details of his design considerations. For example, if the user wants to build a hierarchical structure into a flat task diagram, he will be prompted to supply the necessary details such as the names of intermediate levels. Given a hierarchy of task diagrams, the system then transforms them automatically into a term algebra, a Yourdon structure chart and also Jackson structure text. An example of an application of the system will be given in Section 7.2. An overview of the system with examples of its algorithms will be given in Section 7.3.
In this chapter we shall compare our approach with five related systems development environments. These environments include PSL/PSA, ADS/SODA, SADT/EDDA, SAMM/SIGS and RSL/SREM. They have been chosen for comparison because of the following reasons:
(a) They were pioneer systems development environments meant to cover the entire systems life cycle, and have stood the test of time.
(b) They are better known and documented, so that interested readers can obtain further information easily.
(c) They are still under active development and recent enhancements have been reported.
(d) The languages examined cover a wide spectrum of characteristics. Some were originally developed as manual tools, but others were meant for mechanical support from the very beginning. For some languages, a system can be specified in a multi-level fashion, but not for others. Some languages use graphics as the specification medium while others are purely textual. Some of the development environments generate graphical feedback to users whereas others generate textual documentation.
(e) The final reason is a pragmatic one. We have included projects which are familiar to the present author. Part of this chapter is derived from the research results of a joint project with Mr Daniel Pong (Tse and Pong 1982, Tse and Pong (to appear)).
PSL/PSA AND META/GA
PSL was the first major language for defining a system formally and analysing it automatically (Teichroew 1971, Teichroew et al. 1980, 1982, PSL/PSA Introduction 1987).
Structured systems development methodologies have been recognized as the most popular tools in information systems development. They are widely accepted by practising systems developers because of the top down nature of the methodologies and the graphical nature of the tools. Unfortunately, however, the models are only derived from the experience of the authors. In spite of the popularity of these models, relative little work has been done in providing a theoretical framework to them. In this project, we have tried to solve the problem by defining a unifying theoretical framework behind the popular structured models.
We have defined an initial algebra of structured systems, which can be mapped by unique homomorphisms to a DeMarco algebra of data flow diagrams, a Yourdon algebra of structure charts and a Jackson algebra of structure texts (with equations). As a result, specifications can be transformed from one form to another. Algebraic interpreters may be adapted to validate the specifications.
We have also found that the proposed term algebra as well as the DeMarco, Yourdon and Jackson notations fit nicely into a functorial framework. The framework provides a theoretical basis for manipulating incomplete or unstructured specifications through the concepts of structured tasks and refinement morphisms. Moreover, DeMarco data flow diagrams can be mapped to term algebras through free functors. Conversely, specifications in term algebras can be mapped to other notations such as Yourdon structure charts by means of functors.