Monographs in Computer Science Editors David Gries Fred B Schneider Springer Science+Business Media, LLC Monographs in Computer Science Abadi and Cardelli, A Theory of Objects Benosman and Kang [editors], Panoramic Vision: Sensors, Theory, and Applications Broy and St",len, Specification and Development of Interactive Systems: FOCUS on Streams, Interfaces, and Refinement Brzozowski and Seger, Asynchronous Circuits Cantone, Omodeo, and Policriti, Set Theory for Computing: From Decision Procedures to Declarative Programming with Sets Castillo, Gutiemez, and Hadi, Expert Systems and Probabilistic Network Models Downey and Fellows, Parameterized Complexity Feijen and van Gasteren, On a Method of Multiprogramming Leiss, Language Equations Mclver and Morgan [editors], Programming Methodology Misra, A Discipline of Multiprogramming: Programming Theory for Distributed Applications Nielson [editor], ML with Concurrency Paton [editor], Active Rules in Database Systems Selig, Geometrical Methods in Robotics Annabelle Mclver Carroll Morgan Editors Programming Methodology With 68 Figures Springer Annabelle Mclver Department of Computing Macquarie University Sydney 2109, Australia anabel@ics.mq.edu.au Carroll Morgan Department of Computer Science and Engineering The University of New South Wales Sydney 2052, Australia carrollm@cse.unsw.edu.au Series Editors: David Gries Department of Computer Science The University of Georgia 415 Boyd Graduate Studies Research Center Athens, GA 30602-7404, USA Fred B Schneider Department of Computer Science Cornell University Upson Hall Ithaca, NY 14853-7501, USA Library 01 Congress Cataloging-in-Publication Data Mclver, Annabelle 1964Programming methodology/Annabelie Mclver, Carroll Morgan p cm.-(Monographs in computer science) Includes bibliographical relerences and index Computer programming QA76.6 M32352002 005.1-dc21 I Morgan, Carroll, 1952- 11 Title 111 Series 2002017377 ISBN 978-1-4419-2964-8 ISBN 978-0-387-21798-7 (eBook) DOI 10.1007/978-0-387-21798-7 © 2003 Springer Science+Business Media New York Originally published by Springer-Verlag New York Inc in 2003 Softcover reprint of the hardcover 1st edition 2003 All rights reserved This work may not be translated or copied in whole or in part without the written permission ofthe publisher (Springer Science+Business Media, LLC), except for brief excerpts in connection with reviews or scholarly analysis Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden The use in this publication oftrade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to wh ether or not they are subject to proprietary rights www.springer-ny.com Preface The second half of the twentieth century saw an astonishing increase in computing power; today computers are unbelievably faster than they used to be, they have more memory, they can communicate routinely with remote machines all over the world - and they can fit on a desktop But, despite this remarkable progress, the voracity of modem applications and user expectations still pushes technology right to the limit As hardware engineers build ever-more-powerful machines, so too must software become more sophisticated to keep up Medium- to large-scale programming projects need teams of people to pull everything together in an acceptable timescale The question of how programmers understand their own tasks, and how they fit together with those of their colleagues to achieve the overall goal, is a major concern Without that understanding it would be practically impossible to realise the commercial potential of our present-day computing hardware That programming has been able to keep pace with the formidable advances in hardware is due to the similarly formidable advances in the principles for design, construction and organisation of programs The efficacy of these methods and principles speaks for itself - computer technology is all-pervasive - but even more telling is that they are beginning to feed back and inftuence hardware design as weIl The study of such methods is called programming methodology, whose topics range over system- and domain-modelling, concurrency, object orientation, program specification and validation That is the theme of this collection Programming Methodology Most systems today aim to be secure, robust, easy-to-use and timely To achieve these aims the programmer needs the right tools, which in this context are "intellectually-based", and comprise techniques to help organise complex problems and express them in a way that can be both understood by developers and interpreted by machines The desire to reduce complexity (or at least to hide it where possible) has been the driving force behind the invention of design methods and principles, many of which are now built in to popular programming languages and (automatic) program-development tools Typed languages for instance help with error de- vi Preface tection, and the object-oriented programming method and data abstraction (both present for example in Java) support program modification, programming at the interface-level and readability Meanwhile concurrency has flourished with the introduction of concurrent languages together with formal tools, including the model-checkers and proof assistants which are used in validation Many of these tools have at their heart impressive theoretical credentials - "assertions" and "program invariants" rely on a theory of programming logics; and specification and refinement techniques have pro gram semantics at their basis The essays in this collection concentrate on new and emerging techniques for constructing modem applications; they deal with the problems that software designers face and propose practical solutions together with their theoretical foundations The idea of assembling papers on this theme to form a book arose in the technical meetings of the members of the Working Group 2.3 of the International Federation for Information Processing (IFIP) Working Group 2.3 The working groups of IFIP meet regularly to discuss new ideas - their own, and others' - and to evaluate and promote trends in many aspects of computing systems Their official output varies widely between individual groups, and depends largely on the traditions and style of the current membership, though they frequently promote special courses and host conferences The term "programming methodology" was coined by one of the members of WG2.3, and over the group's nearly thirty years of existence, its members have contributed to many of the topics mentioned above; and indeed many flourishing areas of research in programming methodology today are based on ideas which were once discussed and developed in WG2.3 meetings This Collection The present volume represents the second official publication by the group Our aim was to gather material which would attract both students and professionals working either in an academic or industrial environment Indeed we hope that this collection will form a reference and guide to the front line of research activity in programming methodology The range of subjects reflects the interests of the current membership and addresses in particular the problems associated with contemporary demands for highly complex applications that actually work Many of the essays contain new material, highlighting specific theoretical advances, whilst others aim to review or evaluate a particular area, or to outline suggestive problems for further investigation Preface vii Structure The book comprises three parts, each one devoted to a major theme in programming methodology The parts are further divided into subsections where essays focussing on a particular topic lying within the scope of its overall section are gathered together The short introductions at the beginning of each subsection serve to set the scene for the detailed articles to follow Systems may be complex because they are distributed over a network, or because they are time-critical or concurrent - the first part deals with the business of describing, modelling and analysing such systems The second part concentrates on specific programming techniques, the "programmer's toolkit", whilst the final part elaborates on some topical applications including security and telephony Acknowledgments It goes without saying that this book would have been impossible to put together without the creative work of the authors of the articles We thank especially Natarajan Shankar (chairman ofWG2.3) for the initial motivation for this project and David Gries for help in its realisation Annabelle McI ver Carroll Morgan Sydney, Australia, 2002 IFIP WG2.3 dedicates this book to the fond memory of two of its founding members: Ole-Johan Dahl (1931-2002) and Edsger WYbe Dijkstra (1930-2002) Contents Preface v Contributors Part I Models and correctness xv A Concurrency and interaction Wanted: a compositional approach to concurrency C.B Jones 1.1 Compositionality 1.2 The essence of concurrency is interference 1.3 Reasoning about interference 1.4 Some problems with assumptionlcommitment reasoning 1.5 The role of ghost variables l.6 Granu1arity concems l.7 Atomicity as an abstraction, and its refinement l.8 Conc1usion References Enforcing behavior with contracts Ra1ph-Johan Back and Joakim von Wright 2.1 Introduction 2.2 Contracts 2.3 Achieving goals with contracts 2.4 Enforcing behaviora1 properties 2.5 Ana1yzing behavior of action systems 2.6 Verifying enforcement 2.7 Conc1usions and re1ated work References 10 11 12 12 13 13 17 17 19 27 33 39 43 50 51 "What is a method?" - an essay on some aspects of domain engineering 189 Discussion Thus the intrinsics become part of every one of the next facets From an algebraic semantics point of view these latter are extension of the above Support Technologies TheConcept Characterisation: Support Technology - that in terms of which several other facets (intrinsics, management & organisation, and roles & regulations) are implemented • An Example Example: Railway switches An example of different technology stimuli: A railway switch, "in ye olde days" of the "childhood" of railways, was manually "thrown"; later it could be mechanically controlled from a distance by wires and momentum "amplification"; again later it could be electro-mechanically controlled from a further distance by electric signals that then activated mechanical controls; and today switches are usually controlled in groups that are electronically interlocked An aspect of supporting technology includes the recording of state-behaviour in response to external stimuli Figure 9.1 indicates a way of formalising this aspect of a supporting technology Figure 9.1 Probabilistic State Switching sw/psd Input stimuli: IW: Switch to switched state dil1-pdd-edd di: Revel1 to dlrect state Probabillties: pas: Swttchlng to 8wltchecl state trom swltched state psd: Switchlng tu swHched atate Irom dlrect atate pd.: Revertlng to dlrect tate from 8wHched stale pd.: ReV8rting to dlreet state trom dlrect &tate ud: Swltchlng to rror state trom dlrect state edd: Ravertlng to rror state trom dlrect state ess: Switchlng to erTOr state from wltchael state ada: Reverting to rror state trom swttched state Probabilities: