Composing specifications
M Abadi, L Lamport - ACM Transactions on Programming Languages …, 1993 - dl.acm.org
A rigorous modular specification method requires a proof rule asserting that if each
component behaves correctly in isolation, then it behaves correctly in concert with other …
component behaves correctly in isolation, then it behaves correctly in concert with other …
Composing specifications
M Abadi, L Lamport - Workshop/School/Symposium of the REX Project …, 1989 - Springer
A rigorous modular specification method requires a proof rule asserting that if each
component behaves correctly in isolation, then it behaves correctly in concert with other …
component behaves correctly in isolation, then it behaves correctly in concert with other …
Beyond assertions: Advanced specification and verification with JML and ESC/Java2
Many state-based specification languages, including the Java Modeling Language (JML),
contain at their core specification constructs familiar to most undergraduates: eg, assertions …
contain at their core specification constructs familiar to most undergraduates: eg, assertions …
Program fragments, linking, and modularization
L Cardelli - Proceedings of the 24th ACM SIGPLAN-SIGACT …, 1997 - dl.acm.org
Module mechanisms have received considerable theoretical attention, but the associated
concepts of separate compilation and linking have not been emphasized. Anomalous …
concepts of separate compilation and linking have not been emphasized. Anomalous …
How the design of JML accommodates both runtime assertion checking and formal verification
GT Leavens, Y Cheon, C Clifton, C Ruby… - Formal Methods for …, 2003 - Springer
Specifications that are used in detailed design and in the documentation of existing code are
primarily written and read by programmers. However, most formal specification languages …
primarily written and read by programmers. However, most formal specification languages …
[图书][B] Foundations of component-based systems
GT Leavens, M Sitaraman - 2000 - books.google.com
This collection of articles by well-known experts was originally published in 2000 and is
intended for researchers in computer science, practitioners of formal methods, and computer …
intended for researchers in computer science, practitioners of formal methods, and computer …
Manifest types, modules, and separate compilation
X Leroy - Proceedings of the 21st ACM SIGPLAN-SIGACT …, 1994 - dl.acm.org
This paper presents a variant of the SML module system that introduces a strict distinction
between abstract types and manifest types (types whose definitions are part of the module …
between abstract types and manifest types (types whose definitions are part of the module …
Modular verification of collaboration-based software designs
K Fisler, S Krishnamurthi - Proceedings of the 8th European software …, 2001 - dl.acm.org
Most existing modular model checking techniques betray their hardware roots: they assume
that modules compose in parallel. In contrast, collaboration-based software designs, which …
that modules compose in parallel. In contrast, collaboration-based software designs, which …
Conjoining specifications
M Abadi, L Lamport - ACM Transactions on Programming Languages …, 1995 - dl.acm.org
We show how to specify components of concurrent systems. The specification of a system is
the conjunction of its components' specifications. Properties of the system are proved by …
the conjunction of its components' specifications. Properties of the system are proved by …
Module checking
O Kupferman, MY Vardi - … : 8th International Conference, CAV'96 New …, 1996 - Springer
In computer system design, we distinguish between closed and open systems. A closed
system is a system whose behavior is completely determined by the state of the system. An …
system is a system whose behavior is completely determined by the state of the system. An …