Linearizability is the standard correctness criterion for fine-grained non-atomic concurrent algorithms, and a variety of methods for verifying linearizability have been developed. Our proposal is implemented in a proof-of-concept tool and illustrated by a didactic case-study. The purpose of this paper is to explore the relationship between testing and refinement. As a consequence, verification can be done for an arbitrary number of accessing threads; something that is not possible with existing approaches based on model checking. In this paper we relax that assumption to discuss refinements where an abstract operation is refined by, not one: but a sequence of concrete operations. Several more-detailed papers are in preparation. Hence algorithm designers have started to build concurrent data structures that are not linearizable but only satisfy relaxed consistency requirements.
This book brings together this important research in one volume, with the addition of examples drawn from different application areas. The models we have looked at so far concentrate on behaviour, and states are fully characterised by the behaviour that will be possible from that point on. To verify a refinement a retrieve relation is used which relates the concrete to abstract states and allow the comparison between the data types to be made on a step by step basis by comparing an abstract operation with its concrete counterpart. The language of the models, and the language of the transformations, are amenable to formal analysis. The formalism was tailored for those pragmatic concerns which arise from modeling class libraries and design patterns, and for visualizing programs of any size at any level of abstraction. In particular, it looks at how tests for a refinement can be derived from tests for the abstract system.
However, in addition to deriving tests from a formal specification, we might wish to refine the specification further before its implementation. This book provides a comprehensive introduction to refinement for the researcher or graduate student. The purpose of promotion is to provide an elegant way of composing specifications in order to build multiple indexed instances of a single component. Finally, we compared our approach with several other related theories that apply formal methods to cognitive modelling. In this chapter, we formulate the theory of data refinement for Z.
We therefore introduce an additional refinement proof obligation to enable the use of simulation rules when checking refinement. This integration is possible due to the existence of a common semantic model. Refinement is one of the cornerstones of the formal approach to software engineering, and its use in various domains has led to research on new applications and generalisation. The transformation strategy, and the associated development methodology, are designed to preserve systems integrity and availability. A specification acts as both the benchmark against which any implementation is tested, and also as the means by which tests are generated. Software design, development and evolution commonly require programmers to model design decisions, visualize implemented programs, and detect conflicts between design and implementation.
The framework is motivated by its instantiations with a number of specification languages e. It consists of developing the system through different levels of abstraction. Key research issues are found in identifying metric spaces and properties that make them usable for refinement using approximations. There are a number of ways in which this might be possible and here we show how to use the technique of promotion in Object-Z to combine components which are specified using process algebras. In our step-wise refinement process, we capture successively more concrete specifications by transforming a high-level specification into an equivalent executable program. We will return in detail to these issues in Chap. In a partial specification approach, one can imagine specifications in the same language being interpreted differently according to the particular role of the viewpoint at hand — it may be describing permissible behaviour, required behaviour, etc.
We therefore introduce additional refinement proof obligations to enable the use of simulation rules when checking refinement. All in all, it is clear that it will actually not be enough to consider just the viewpoint specifications and their correspondences. Object-Z is an extension to the Z language to facilitate specification in an object-oriented style. However, common design notations rarely reconcile theoretical concerns for rigor and minimality with the practical concerns for abstraction, scalability and automated verifiability. We ended with sketching how labels on transitions could be added to that and how we could apply abstraction to state spaces, in preparation for the model in the current chapter.
It can also reduce the cost of verification: if the transformations are shown or assumed to be correct, each new system or version can be verified in terms of its model, rather than its implementation. We will then explore, without fixing the exact observations to be made, how simulations can be used to verify the refinement in a way similar to that found in Chap. The proposed approach allows an incrementally developing more and more detailed models, preserving correctness in each step. It provides an on-the-fly evaluation of a specified behavior as compared to that of previous increments. We exemplify this technique by a linearisability proof of the queue algorithm presented in Herlihy and Wing's landmark paper. It contains a mixture of original text and revised material from research papers published by the authors in various venues. Refinement is one of the cornerstones of the formal approach to software engineering, and its use in various domains has led to research on new applications and generalisation.
Designing such systems is difficult and often based on a trial-and-error approach. It provides that essential bridge between higher level requirements and an implementation of those requirements. It introduces refinement in different semantic models, and shows how refinement is defined and used within some of the major formal methods and languages in use today. We use traditional mathematical concepts, such as sets, functions and predicate logic to capture this description. In-deed, it is promoted from the rational unified process to ag-ile development methods. This stage involves both data and operation refinement and is carried out in several basic sub-steps.
Finally, this chapter presents a collection of examples of data refinement in Z. Data refinement is a well established technique for transforming specifications of abstract data types into ones which are closer to an eventual implementation. Finally, we discuss several issues we encountered in this exercise, which may serve as feedback to the development of Object-Z. Model-driven engineering involves the automatic generation of software artifacts from models of structure and functionality. In this context programs will be finite relational compositions of operations together with a finalisation which makes explicit the observations made of that program. Concurrent data structures like stacks, sets or queues need to be highly optimized to provide large degrees of parallelism with reduced contention. We investigate navigation algorithms, and specifically path planning, a fundamental function of autonomous robots.
To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. All mathematical means and forms, in general, are an abstract description of these three categories of system behaviors and their common rules. We provide a small example to illustrate our approach and to show how it can be implemented by using standard formal approaches alongside less formal design notations and human-computer interaction processes. Our approach builds on the formalism of Object-Z and the refinement approach of action systems. This chapter explores the relationship between testing and refinement.