Steve Reeves - Profile on Academia.edu (original) (raw)
Papers by Steve Reeves
Modelling safety-critical devices
The paper describes a model that presents a technique in which we combine formal languages---Z, p... more The paper describes a model that presents a technique in which we combine formal languages---Z, presentation models and coloured Petri nets---and methods which use them, to specify the functionality and model the user interface and interaction of a system by clearly describing the state space, operations and behavioural aspects of a system. We show how to combine the Z specification and presentation models with coloured Petri nets for modelling safety critical systems by retaining the strengths of the formalisms and alleviating their drawbacks.
This article presents WekaCoin, a peer-to-peer cryptocurrency based on a new distributed consensu... more This article presents WekaCoin, a peer-to-peer cryptocurrency based on a new distributed consensus protocol called Proof-of-Learning. Proof-of-learning achieves distributed consensus by ranking machine learning systems for a given task. The aim of this protocol is to alleviate the computational waste involved in hashing-based puzzles and to create a public distributed and verifiable database of state-of-the-art machine learning models and experiments.
Proceedings of the ACM on human-computer interaction, Jun 30, 2017
Model-based development of interactive systems provides a number of benefits which can support th... more Model-based development of interactive systems provides a number of benefits which can support the creation of robust and correct systems, particularly important when the interactive systems are safety-critical. Many different approaches have been proposed which target the models at different aspects of the development process (for example task analysis, interface layouts, functional behaviours etc.) and which can be used in different ways (verification of correctness, plasticity, usability). One of the aims for any modelling method should be simplicity-we are after all trying to hide complexity via abstraction in order to make reasoning about systems more tractable than working at the programming level. One of the challenges that exists however we do our modelling is ensuring the consistency between the model of the interface and interactivity and model of the functional behaviour of the system. This is primarily due to the different types of models that most naturally describe these different elements. In this paper we propose a method of tightening the integration of models of these different components of the system by generating obligations which explicitly describe the coupling of functional behaviour with interactive elements. We then show how these obligations can be used to support the development process during the programming and testing of the system. CCS Concepts: • Software and its engineering → Software system models; Software verification and validation; Software defect analysis;
Simulating Interaction Sequences
Modelling interactive systems is an important part of a sound software engineering process. In or... more Modelling interactive systems is an important part of a sound software engineering process. In order to support this and reduce the amount of time it takes to create and update the models we typically need tools to support this process. Interaction sequences are a particular type of model used for interactive systems which allow us to reason about their behaviour when a user interacts with the system. In this paper we describe the 'Sequence Simulator' tool which allows us to build, modify, and manipulate interaction sequence models. The tool also supports model abstraction using the 'self-containment' property and we show how this automatically abstracts and expands the state space of the models as required.
Preface to 1990 edition iii Preface to 2003 edition v CONTENTS datatype SENT = Prop of string | N... more Preface to 1990 edition iii Preface to 2003 edition v CONTENTS datatype SENT = Prop of string | Not of SENT | And of (SENT * SENT) | Or of (SENT * SENT) | Imp of (SENT * SENT) | Eq of (SENT * SENT) | Forall of (TERM * SENT) fun Neg (Not(sent)) = sent | Neg sent = Not(sent); fun alpha(And(s,t)) = true | alpha(Not(Imp(s,t))) =true | alpha(Not(Or(s,t)
Lecture Notes in Computer Science, 2018
Interaction sequences can be used as an abstraction of an interactive system. We can use such mod... more Interaction sequences can be used as an abstraction of an interactive system. We can use such models to consider or verify properties of a system for testing purposes. However, interaction sequences have the potential to become unfeasibly long, leading to models which are intractable. We propose a method of reducing the state space of such sequences using the self-containment property. This allows us to hide (and subsequently expand) some of the model describing parts of the system not currently under consideration. Interaction sequences and their models can therefore be used to control the state space size of the models we create as an abstraction of an interactive system.
We propose here to look at how abstract a model of a usable system can be, but still say somethin... more We propose here to look at how abstract a model of a usable system can be, but still say something useful and interesting. We take the view that when we claim to be designing a usable system we have, at the very least, to give assurances about its usability properties. This is a very abstract notion, but provides the basis for future work, and shows, even at this level that there are things to say about the (very concrete) business of designing and building usable, interactive systems. In this note, we introduce the idea of usable-by-construction, which adopts and applies the ideas of correct-by-construction to (very abstractly) thinking about usable systems. We outline a set of construction rules or tactics to develop designs of usable systems by picking a few, and we also formalize them into a state suitable for, for example, a proof assistant to check claims made for the system as designed. In the future, these tactics would allow us to create systems that have the required usability properties and thus provide a basis to a usable-by-construction system. Also, we should then go on to show that the tactics preserve properties by using an example system with industrial strength requirements. And we might also consider future research directions.
Industry is looking to create a market in reliable "plug-and-play" components. To model component... more Industry is looking to create a market in reliable "plug-and-play" components. To model components in a modular style it would be useful to combine event-based and state-based reasoning. One of the first steps in building an event-based model is to decide upon a set of atomic actions. This choice will depend on the formalism used, and may restrict in quite unexpected ways what we are able to formalise. In this paper we illustrate some limits to developing real world processes using existing formalisms, and we define a new notion of refinement, vertical refinement, which addresses some of these limitations. We show that using vertical refinement we can rewrite a specification into a different formalism, allowing us to move between handshake processes, broadcast processes and abstract data types.
![So as to keep the lower level diagrams small we have only expanded the high-level actions b1! and b2!. The expansion of the other actions is obvious from Fig. 3. Fig. 4. 4|[Roby] 5 can be refined into Robot, but there is no Roboty 5.2 Continuing the Robot example from Section 1.1](https://figures.academia-assets.com/119443475/figure_001.jpg)
](
Provably Correct Smart Contracts: An Approach using DeepSEA
Model-based Testing of Interactive Systems using Interaction Sequences
Proceedings of the ACM on human-computer interaction, Jun 18, 2020
Testing is an important part of the software engineering process to help ensure that systems will... more Testing is an important part of the software engineering process to help ensure that systems will behave as expected. In this paper we investigate interactive system testing, taking into consideration the different components of the system. Interactive systems have three different components, the interactive, functional and overlap. The interactive component is the interface of the interactive system, the functional the underlying instructions of the interactive system, and the overlap component the point at which the interactive and functional components intersect. The interactive and functional components are often tested separately, however, problems can occur where these components overlap. Therefore, in this paper we present a model-based testing approach specifically designed to inspect the overlap component behaviour and to ensure that it behaves as expected.
SeqCheck
In this paper we describe SeqCheck, a model checking tool which allows us to investigate if certa... more In this paper we describe SeqCheck, a model checking tool which allows us to investigate if certain properties hold for an interactive system. These properties allow us to determine if the interaction sequence model of an interactive system's overlap component behaves as expected. We describe the properties we have defined for this overlap component and then demonstrate the use of SeqCheck to identify when these do not hold.
Innovations in Systems and Software Engineering, May 11, 2013
Testing interactive systems is notoriously difficult. Not only do we need to ensure that the func... more Testing interactive systems is notoriously difficult. Not only do we need to ensure that the functionality of the developed system is correct with respect to the requirements and specifications, we also need to ensure that the user interface to the system is correct (enables a user to access the functionality correctly) and is usable. These different requirements of interactive system testing are not easily combined within a single testing strategy. We investigate the use of models of interactive systems, which have been derived from design artefacts, as the basis for generating tests for an implemented system. We give a model-based method for testing interactive systems which has low overhead in terms of the models required and which enables testing of UI and system functionality from the perspective of user interaction.
Proceedings of the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems - EICS '15
It is our great pleasure to welcome you to the 7th ACM SIGCHI Symposium on Engineering Interactiv... more It is our great pleasure to welcome you to the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems --- EICS'15 held in Duisburg, Germany (23--26 June 2015). EICS is an annual international conference series devoted to all aspects of engineering usable and effective interactive computing systems. Topics of interest include the design and development of systems with new interaction techniques and modalities, multi-device interaction, service front-ends, mobile and pervasive systems, large-scale and big data applications, as well as novel development methods and processes. EICS focuses on methods, techniques and tools that support designing and developing interactive systems. The Conference brings together people who study or practice the engineering of interactive systems, drawing from a broad range of disciplines such as Human-Computer Interaction (HCI), Software Engineering, Requirements Engineering, CSCW, Ubiquitous / Pervasive Systems, or Game Development. It addresses technical and methodological research questions that are typically less well represented in other HCI conferences. With its focus on engineering interactive systems, the conference has become the premier venue for all researchers and practitioners interested in the effective and systematic design and development of innovative, high-quality interactive systems.
Supporting Multi-path UI Development with Vertical Refinement
2009 Australian Software Engineering Conference, 2009
Abstract As computers and software applications become ubiquitous the systems we build are increa... more Abstract As computers and software applications become ubiquitous the systems we build are increasingly required to run on not just a single piece of hardware, but rather be available for different platforms, different types of hardware and offer different modes of interaction depending on the context of use. Within a formal development process when we consider refinement for interactive systems we therefore need to consider not only the transformation of abstract specifications and models into single implementations but also ...
Electronic Proceedings in Theoretical Computer Science, 2016
Hierarchical transition systems provide a popular mathematical structure to represent state-based... more Hierarchical transition systems provide a popular mathematical structure to represent state-based software applications in which different layers of abstraction are represented by interrelated state machines. The decomposition of high level states into inner sub-states, and and of their transitions into inner sub-transitions is common refinement procedure adopted in a number of specification formalisms. This paper introduces an hybrid modal logic for k-layered transition systems, its first-order standard translation, a notion of bisimulation, and a modal invariance result. Layered and hierarchical notions of refinement are also discussed in this setting.
The thesis may be consulted by you, provided you comply with the provisions of the Act and the fo... more The thesis may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use: Any use you make of these documents or images must be for research or private study purposes only, and you may not make them available to any other person. Authors control the copyright of their thesis. You will recognise the author's right to be identified as the author of the thesis, and due acknowledgement will be made to the author where appropriate. You will obtain the author's permission before publishing any material from the thesis.
Proceedings 17th International BCS-FACS Refinement Workshop
Quantum chromodynamics (QCD) is the theory of subnuclear physics, aiming at mod- eling the strong... more Quantum chromodynamics (QCD) is the theory of subnuclear physics, aiming at mod- eling the strong nuclear force, which is responsible for the interactions of nuclear particles. Lattice QCD (LQCD) is the corresponding discrete formulation, widely used for simula- tions. The computational demand for the LQCD is tremendous. It has played a role in the history of supercomputers, and has also helped defining their future. Designing efficient LQCD codes that scale well on large (probably hybrid) supercomputers requires to express many levels of parallelism, and then to explore different algorithmic solutions. While al- gorithmic exploration is the key for efficient parallel codes, the process is hampered by the necessary coding effort. We present in this paper a domain-specific language, QIRAL, for a high level expression of parallel algorithms in LQCD. Parallelism is expressed through the mathematical struc- ture of the sparse matrices defining the problem. We show that from these expressions and from algorithmic and preconditioning formulations, a parallel code can be automatically generated. This separates algorithms and mathematical formulations for LQCD (that be- long to the field of physics) from the effective orchestration of parallelism, mainly related to compilation and optimization for parallel architectures.
Engineering Interactive Systems with Model-Driven Code Contracts
The use of sound and robust software engineering techniques are essential during the design and d... more The use of sound and robust software engineering techniques are essential during the design and development of safety-critical interactive systems. Failure of such systems (such as those found in medical settings or transportation) can lead to serious harm or even fatalities. Model-based development of interactive systems provides a number of benefits which can support correctness of the interface, the interaction and the functional logic of the system. Many different approaches have been proposed which target the models at different aspects of the development process (for example task analysis, interface layouts, functional behaviours etc.) and which can be used in different ways (verification of correctness, usability, testing). Typically these rely on multiple models at differing levels of abstraction. There are challenges in ensuring consistency between the models, and more importantly in ensuring that the final implementation correctly satisfies all of the models. In this paper we propose a method of deriving pre-and post-conditions for both interactive and functional elements of the system from formal models. These are used to generate code contracts within a code framework to support programmers who are implementing the system described in such models. We describe both the process for this and present an initial examination of the applicability of the approach based on a proof-of-concept user study. This small study was intended to examine whether we could correctly derive the code contracts in an automated fashion and whether or not they were usable (and beneficial) for programmers working on a pre-defined task. This initial investigation suggested that such an approach can aid programmers in correctly implementing a specification and that the general approach outlined in the paper is worth developing further.
μ-Chart-Based Specification and Refinement
Springer eBooks, 2002
We introduce two new notions of refinement for μ-charts and compare them with the existing notion... more We introduce two new notions of refinement for μ-charts and compare them with the existing notion due to Scholz. The two notions are interesting and important because one gives rise (via a logic) to a calculus for constructing refinements and the other gives rise (via model checking) to a way of checking that refinements hold. Thus we bring together the two competing worlds of model checking and proof.
Modelling safety-critical devices
The paper describes a model that presents a technique in which we combine formal languages---Z, p... more The paper describes a model that presents a technique in which we combine formal languages---Z, presentation models and coloured Petri nets---and methods which use them, to specify the functionality and model the user interface and interaction of a system by clearly describing the state space, operations and behavioural aspects of a system. We show how to combine the Z specification and presentation models with coloured Petri nets for modelling safety critical systems by retaining the strengths of the formalisms and alleviating their drawbacks.
This article presents WekaCoin, a peer-to-peer cryptocurrency based on a new distributed consensu... more This article presents WekaCoin, a peer-to-peer cryptocurrency based on a new distributed consensus protocol called Proof-of-Learning. Proof-of-learning achieves distributed consensus by ranking machine learning systems for a given task. The aim of this protocol is to alleviate the computational waste involved in hashing-based puzzles and to create a public distributed and verifiable database of state-of-the-art machine learning models and experiments.
Proceedings of the ACM on human-computer interaction, Jun 30, 2017
Model-based development of interactive systems provides a number of benefits which can support th... more Model-based development of interactive systems provides a number of benefits which can support the creation of robust and correct systems, particularly important when the interactive systems are safety-critical. Many different approaches have been proposed which target the models at different aspects of the development process (for example task analysis, interface layouts, functional behaviours etc.) and which can be used in different ways (verification of correctness, plasticity, usability). One of the aims for any modelling method should be simplicity-we are after all trying to hide complexity via abstraction in order to make reasoning about systems more tractable than working at the programming level. One of the challenges that exists however we do our modelling is ensuring the consistency between the model of the interface and interactivity and model of the functional behaviour of the system. This is primarily due to the different types of models that most naturally describe these different elements. In this paper we propose a method of tightening the integration of models of these different components of the system by generating obligations which explicitly describe the coupling of functional behaviour with interactive elements. We then show how these obligations can be used to support the development process during the programming and testing of the system. CCS Concepts: • Software and its engineering → Software system models; Software verification and validation; Software defect analysis;
Simulating Interaction Sequences
Modelling interactive systems is an important part of a sound software engineering process. In or... more Modelling interactive systems is an important part of a sound software engineering process. In order to support this and reduce the amount of time it takes to create and update the models we typically need tools to support this process. Interaction sequences are a particular type of model used for interactive systems which allow us to reason about their behaviour when a user interacts with the system. In this paper we describe the 'Sequence Simulator' tool which allows us to build, modify, and manipulate interaction sequence models. The tool also supports model abstraction using the 'self-containment' property and we show how this automatically abstracts and expands the state space of the models as required.
Preface to 1990 edition iii Preface to 2003 edition v CONTENTS datatype SENT = Prop of string | N... more Preface to 1990 edition iii Preface to 2003 edition v CONTENTS datatype SENT = Prop of string | Not of SENT | And of (SENT * SENT) | Or of (SENT * SENT) | Imp of (SENT * SENT) | Eq of (SENT * SENT) | Forall of (TERM * SENT) fun Neg (Not(sent)) = sent | Neg sent = Not(sent); fun alpha(And(s,t)) = true | alpha(Not(Imp(s,t))) =true | alpha(Not(Or(s,t)
Lecture Notes in Computer Science, 2018
Interaction sequences can be used as an abstraction of an interactive system. We can use such mod... more Interaction sequences can be used as an abstraction of an interactive system. We can use such models to consider or verify properties of a system for testing purposes. However, interaction sequences have the potential to become unfeasibly long, leading to models which are intractable. We propose a method of reducing the state space of such sequences using the self-containment property. This allows us to hide (and subsequently expand) some of the model describing parts of the system not currently under consideration. Interaction sequences and their models can therefore be used to control the state space size of the models we create as an abstraction of an interactive system.
We propose here to look at how abstract a model of a usable system can be, but still say somethin... more We propose here to look at how abstract a model of a usable system can be, but still say something useful and interesting. We take the view that when we claim to be designing a usable system we have, at the very least, to give assurances about its usability properties. This is a very abstract notion, but provides the basis for future work, and shows, even at this level that there are things to say about the (very concrete) business of designing and building usable, interactive systems. In this note, we introduce the idea of usable-by-construction, which adopts and applies the ideas of correct-by-construction to (very abstractly) thinking about usable systems. We outline a set of construction rules or tactics to develop designs of usable systems by picking a few, and we also formalize them into a state suitable for, for example, a proof assistant to check claims made for the system as designed. In the future, these tactics would allow us to create systems that have the required usability properties and thus provide a basis to a usable-by-construction system. Also, we should then go on to show that the tactics preserve properties by using an example system with industrial strength requirements. And we might also consider future research directions.
Industry is looking to create a market in reliable "plug-and-play" components. To model component... more Industry is looking to create a market in reliable "plug-and-play" components. To model components in a modular style it would be useful to combine event-based and state-based reasoning. One of the first steps in building an event-based model is to decide upon a set of atomic actions. This choice will depend on the formalism used, and may restrict in quite unexpected ways what we are able to formalise. In this paper we illustrate some limits to developing real world processes using existing formalisms, and we define a new notion of refinement, vertical refinement, which addresses some of these limitations. We show that using vertical refinement we can rewrite a specification into a different formalism, allowing us to move between handshake processes, broadcast processes and abstract data types.
Provably Correct Smart Contracts: An Approach using DeepSEA
Model-based Testing of Interactive Systems using Interaction Sequences
Proceedings of the ACM on human-computer interaction, Jun 18, 2020
Testing is an important part of the software engineering process to help ensure that systems will... more Testing is an important part of the software engineering process to help ensure that systems will behave as expected. In this paper we investigate interactive system testing, taking into consideration the different components of the system. Interactive systems have three different components, the interactive, functional and overlap. The interactive component is the interface of the interactive system, the functional the underlying instructions of the interactive system, and the overlap component the point at which the interactive and functional components intersect. The interactive and functional components are often tested separately, however, problems can occur where these components overlap. Therefore, in this paper we present a model-based testing approach specifically designed to inspect the overlap component behaviour and to ensure that it behaves as expected.
SeqCheck
In this paper we describe SeqCheck, a model checking tool which allows us to investigate if certa... more In this paper we describe SeqCheck, a model checking tool which allows us to investigate if certain properties hold for an interactive system. These properties allow us to determine if the interaction sequence model of an interactive system's overlap component behaves as expected. We describe the properties we have defined for this overlap component and then demonstrate the use of SeqCheck to identify when these do not hold.
Innovations in Systems and Software Engineering, May 11, 2013
Testing interactive systems is notoriously difficult. Not only do we need to ensure that the func... more Testing interactive systems is notoriously difficult. Not only do we need to ensure that the functionality of the developed system is correct with respect to the requirements and specifications, we also need to ensure that the user interface to the system is correct (enables a user to access the functionality correctly) and is usable. These different requirements of interactive system testing are not easily combined within a single testing strategy. We investigate the use of models of interactive systems, which have been derived from design artefacts, as the basis for generating tests for an implemented system. We give a model-based method for testing interactive systems which has low overhead in terms of the models required and which enables testing of UI and system functionality from the perspective of user interaction.
Proceedings of the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems - EICS '15
It is our great pleasure to welcome you to the 7th ACM SIGCHI Symposium on Engineering Interactiv... more It is our great pleasure to welcome you to the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems --- EICS'15 held in Duisburg, Germany (23--26 June 2015). EICS is an annual international conference series devoted to all aspects of engineering usable and effective interactive computing systems. Topics of interest include the design and development of systems with new interaction techniques and modalities, multi-device interaction, service front-ends, mobile and pervasive systems, large-scale and big data applications, as well as novel development methods and processes. EICS focuses on methods, techniques and tools that support designing and developing interactive systems. The Conference brings together people who study or practice the engineering of interactive systems, drawing from a broad range of disciplines such as Human-Computer Interaction (HCI), Software Engineering, Requirements Engineering, CSCW, Ubiquitous / Pervasive Systems, or Game Development. It addresses technical and methodological research questions that are typically less well represented in other HCI conferences. With its focus on engineering interactive systems, the conference has become the premier venue for all researchers and practitioners interested in the effective and systematic design and development of innovative, high-quality interactive systems.
Supporting Multi-path UI Development with Vertical Refinement
2009 Australian Software Engineering Conference, 2009
Abstract As computers and software applications become ubiquitous the systems we build are increa... more Abstract As computers and software applications become ubiquitous the systems we build are increasingly required to run on not just a single piece of hardware, but rather be available for different platforms, different types of hardware and offer different modes of interaction depending on the context of use. Within a formal development process when we consider refinement for interactive systems we therefore need to consider not only the transformation of abstract specifications and models into single implementations but also ...
Electronic Proceedings in Theoretical Computer Science, 2016
Hierarchical transition systems provide a popular mathematical structure to represent state-based... more Hierarchical transition systems provide a popular mathematical structure to represent state-based software applications in which different layers of abstraction are represented by interrelated state machines. The decomposition of high level states into inner sub-states, and and of their transitions into inner sub-transitions is common refinement procedure adopted in a number of specification formalisms. This paper introduces an hybrid modal logic for k-layered transition systems, its first-order standard translation, a notion of bisimulation, and a modal invariance result. Layered and hierarchical notions of refinement are also discussed in this setting.
The thesis may be consulted by you, provided you comply with the provisions of the Act and the fo... more The thesis may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use: Any use you make of these documents or images must be for research or private study purposes only, and you may not make them available to any other person. Authors control the copyright of their thesis. You will recognise the author's right to be identified as the author of the thesis, and due acknowledgement will be made to the author where appropriate. You will obtain the author's permission before publishing any material from the thesis.
Proceedings 17th International BCS-FACS Refinement Workshop
Quantum chromodynamics (QCD) is the theory of subnuclear physics, aiming at mod- eling the strong... more Quantum chromodynamics (QCD) is the theory of subnuclear physics, aiming at mod- eling the strong nuclear force, which is responsible for the interactions of nuclear particles. Lattice QCD (LQCD) is the corresponding discrete formulation, widely used for simula- tions. The computational demand for the LQCD is tremendous. It has played a role in the history of supercomputers, and has also helped defining their future. Designing efficient LQCD codes that scale well on large (probably hybrid) supercomputers requires to express many levels of parallelism, and then to explore different algorithmic solutions. While al- gorithmic exploration is the key for efficient parallel codes, the process is hampered by the necessary coding effort. We present in this paper a domain-specific language, QIRAL, for a high level expression of parallel algorithms in LQCD. Parallelism is expressed through the mathematical struc- ture of the sparse matrices defining the problem. We show that from these expressions and from algorithmic and preconditioning formulations, a parallel code can be automatically generated. This separates algorithms and mathematical formulations for LQCD (that be- long to the field of physics) from the effective orchestration of parallelism, mainly related to compilation and optimization for parallel architectures.
Engineering Interactive Systems with Model-Driven Code Contracts
The use of sound and robust software engineering techniques are essential during the design and d... more The use of sound and robust software engineering techniques are essential during the design and development of safety-critical interactive systems. Failure of such systems (such as those found in medical settings or transportation) can lead to serious harm or even fatalities. Model-based development of interactive systems provides a number of benefits which can support correctness of the interface, the interaction and the functional logic of the system. Many different approaches have been proposed which target the models at different aspects of the development process (for example task analysis, interface layouts, functional behaviours etc.) and which can be used in different ways (verification of correctness, usability, testing). Typically these rely on multiple models at differing levels of abstraction. There are challenges in ensuring consistency between the models, and more importantly in ensuring that the final implementation correctly satisfies all of the models. In this paper we propose a method of deriving pre-and post-conditions for both interactive and functional elements of the system from formal models. These are used to generate code contracts within a code framework to support programmers who are implementing the system described in such models. We describe both the process for this and present an initial examination of the applicability of the approach based on a proof-of-concept user study. This small study was intended to examine whether we could correctly derive the code contracts in an automated fashion and whether or not they were usable (and beneficial) for programmers working on a pre-defined task. This initial investigation suggested that such an approach can aid programmers in correctly implementing a specification and that the general approach outlined in the paper is worth developing further.
μ-Chart-Based Specification and Refinement
Springer eBooks, 2002
We introduce two new notions of refinement for μ-charts and compare them with the existing notion... more We introduce two new notions of refinement for μ-charts and compare them with the existing notion due to Scholz. The two notions are interesting and important because one gives rise (via a logic) to a calculus for constructing refinements and the other gives rise (via model checking) to a way of checking that refinements hold. Thus we bring together the two competing worlds of model checking and proof.