A type system for higher-order modules
We present a type theory for higher-order modules that accounts for many central issues in
module system design, including translucency, applicativity, generativity, and modules as …
module system design, including translucency, applicativity, generativity, and modules as …
What is a recursive module?
A hierarchical module system is an effective tool for structuring large programs. Strictly
hierarchical module systems impose an acyclic ordering on import dependencies among …
hierarchical module systems impose an acyclic ordering on import dependencies among …
Formal specification as a design tool
J Guttag, JJ Horning - Proceedings of the 7th ACM SIGPLAN-SIGACT …, 1980 - dl.acm.org
The formulation and analysis of a design specification is almost always of more utility than
the verification of the consistency of a program with its specification. Good specification tools …
the verification of the consistency of a program with its specification. Good specification tools …
Applying formal methods to a certifiably secure software system
C Heitmeyer, M Archer, E Leonard… - IEEE Transactions on …, 2008 - ieeexplore.ieee.org
A major problem in verifying the security of code is that the code's large size makes it much
too costly to verify in its entirety. This article describes a novel and practical approach to …
too costly to verify in its entirety. This article describes a novel and practical approach to …
Automatically checking an implementation against its formal specification
S Antoy, D Hamlet - IEEE Transactions on Software …, 2000 - ieeexplore.ieee.org
We propose checking the execution of an abstract data type's imperative implementation
against its algebraic specification. An explicit mapping from implementation states to …
against its algebraic specification. An explicit mapping from implementation states to …
Modular invariants for layered object structures
Classical specification and verification techniques support invariants for individual objects
whose fields are primitive values, but do not allow sound modular reasoning about …
whose fields are primitive values, but do not allow sound modular reasoning about …
Data groups: Specifying the modification of extended state
KRM Leino - Proceedings of the 13th ACM SIGPLAN conference on …, 1998 - dl.acm.org
This paper explores the interpretation of specifications in the context of an object-oriented
programming language with subclassing and method overrides. In particular, the paper …
programming language with subclassing and method overrides. In particular, the paper …
The Multics kernel design project
MD Schroeder, DD Clark, JH Saltzer - ACM SIGOPS Operating Systems …, 1977 - dl.acm.org
We describe a plan to create an auditable version of Multics. The engineering experiments
of that plan are now complete. Type extension as a design discipline has been …
of that plan are now complete. Type extension as a design discipline has been …
Structured analysis and system specification
T DeMarco - Software pioneers: contributions to software …, 2011 - Springer
Structured Analysis and System Specification Page 1 Original Historic Documents 529
Structured Analysis and System Specification Yourdon, New York, 7978 pp.7-7and37-44 M …
Structured Analysis and System Specification Yourdon, New York, 7978 pp.7-7and37-44 M …
Model checking and modular verification
O Grumberg, DE Long - ACM Transactions on Programming Languages …, 1994 - dl.acm.org
We describe a framework for compositional verification of finite-state processes. The
framework is based on two ideas: a subset of the logic CTL for which satisfaction is …
framework is based on two ideas: a subset of the logic CTL for which satisfaction is …