Protective interface specifications

  • Gary T. Leavens
  • Jeannette M. Wing
III FASE FASE-1: Specifications
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1214)


The interface specification of a procedure describes the procedure's behavior using pre- and postconditions. These pre- and postconditions are written using various functions. If some of these functions are partial, or underspecified, then the procedure specification may not be well-defined.

We show how to write pre- and postcondition specifications that avoid such problems, by having the precondition “protect” the postcondition from the effects of partiality and underspecification. We formalize the notion of protection from partiality in the context of specification languages like VDM-SL and COLD-K. We also formalize the notion of protection from underspecification for the Larch family of specification languages, and for Larch show how one can prove that a procedure specification is protected from the effects of underspecification.


  1. [1]
    D. Andrews et al. Information technology programming languages — VDM-SL: First committee draft standard CD1387-1. Document ISO/IEC JTC1/SC22/WG19 N-20, International Standards Organization, Nov. 1993. Scholar
  2. [2]
    H. Barringer, J. H. Cheng, and C. B. Jones. A logic covering undefinedness in program proofs. Acta Informatica, 21(3):251–269, Oct. 1984.CrossRefGoogle Scholar
  3. [3]
    J. Bicarregui, J. S. Fitgerald, P. A. Lindsay, R. Moore, and B. Ritchie. Proof in VDM: A Practitioner's Guide. Springer-Verlag, New York, N.Y., 1994.Google Scholar
  4. [4]
    A. Bijlsma. Semantics of quasi-boolean expressions. In W. H. J. Feijen et al., editors, Beauty is Our Business, pages 27–35. Springer-Verlag, 1990.Google Scholar
  5. [5]
    A. Blikle. The clean termination of iterative programs. Acta Informatica, 16:199–217, 1981.CrossRefGoogle Scholar
  6. [6]
    A. Blikle. Three-valued predicates for software specification and validation. Fundamenta Informaticae, XIV:387–410, 1991.Google Scholar
  7. [7]
    M. Broy and M. Wirsing. Partial abstract types. Acta Informatica, 18(1):47–64, Nov. 1982.CrossRefGoogle Scholar
  8. [8]
    J. H. Cheng and C. B. Jones. On the usability of logics which handle partial functions. In C. Morgan and J. C. P. Woodcock, editors, Proceedings of the Third Refinement Workshop, Workshops in Computing Series, pages 51–69, Berlin, 1990. Springer-Verlag.Google Scholar
  9. [9]
    D. Coleman and J. W. Hughes. The clean termination of Pascal programs. Acta Informatica, 11:195–210, 1979.CrossRefGoogle Scholar
  10. [10]
    L. M. G. Feijs and H. B. M. Jonkers. Formal Specification and Design, volume 35 of Cambridge Tracts in Theoretical Computer Science. Cambridge University Press, Cambridge, UK, 1992.Google Scholar
  11. [11]
    S. J. Garland, J. V. Guttag, and J. J. Horning. Debugging Larch Shared Language specifications. IEEE Transactions on Software Engineering, 16(6):1044–1057, Sept. 1990.CrossRefGoogle Scholar
  12. [12]
    S. M. German. Automating proofs of the absence of common runtime errors. In Conference record of the Fifth Annual ACM Symposium on Principles of Programming Languages, pages 105–118. ACM, Jan. 1978.Google Scholar
  13. [13]
    D. Gries and F. B. Schneider. Avoiding the undefined by underspecification. In J. van Leeuwen, editor, Computer Science Today: Recent Trends and Developments, number 1000 in Lecture Notes in Computer Science, pages 366–373. Springer-Verlag, New York, N.Y., 1995.Google Scholar
  14. [14]
    J. V. Guttag, J. J. Horning, S. Garland, K. Jones, A. Modet, and J. Wing. Larch: Languages and Tools for Formal Specification. Springer-Verlag, New York, N.Y., 1993.Google Scholar
  15. [15]
    J. V. Guttag, J. J. Horning, and A. Modet. Report on the Larch Shared Language: Version 2.3. Technical Report 58, Digital Equipment Corporation, Systems Research Center, 130 Lytton Avenue, Palo Alto, CA 94301, Apr. 1990. Order from Scholar
  16. [16]
    I. Hayes, editor. Specification Case Studies. International Series in Computer Science. Prentice-Hall, Inc., second edition, 1993.Google Scholar
  17. [17]
    C. Jones. Partial functions and logics: A warning. Inf. Process. Lett., 54(2):65–67, 1995.CrossRefGoogle Scholar
  18. [18]
    C. B. Jones. Systematic Software Development Using VDM. International Series in Computer Science. Prentice Hall, Englewood Cliffs, N.J., second edition, 1990.Google Scholar
  19. [19]
    C. B. Jones and K. Middelburg. A typed logic of partial functions reconstructed classically. Acta Informatica, 31(5):399–430, 1994.CrossRefGoogle Scholar
  20. [20]
    B. Konikowska, A. Tarlecki, and A. Blikle. A three-valued logic for software specification and validation. Fundamenta Informaticae, XIV:411–453, 1991.Google Scholar
  21. [21]
    G. T. Leavens. Larch/C++ Reference Manual. Version 4.20. Available in or on the world wide web at the URL, Dec. 1996.Google Scholar
  22. [22]
    B. Meyer. Object-oriented Software Construction. Prentice Hall, New York, N.Y., 1988.Google Scholar
  23. [23]
    W. F. Ogden, M. Sitaraman, B. W. Weide, and S. H. Zweben. Part I: The RESOLVE framework and discipline — a research synopsis. ACM SIGSOFT Software Engineering Notes, 19(4):23–28, Oct 1994.CrossRefGoogle Scholar
  24. [24]
    S. Owre, J. Rushby, N. Shankar, and F. von Henke. Formal verification for faulttolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107–125, Feb. 1995.CrossRefGoogle Scholar
  25. [25]
    J. M. Spivey. The Z Notation: A Reference Manual. International Series in Computer Science. Prentice-Hall, New York, N.Y., second edition, 1992.Google Scholar
  26. [26]
    D. S. Stefan Kahrs and A. Tarlecki. The definition of Extended ML: a gentle introduction. Technical Report ECS-LFCS-95-322, Laboratory for Foundations of Computer Science, University of Edinburgh, Oct. 1995. To appear in Theoretical Computer Science.Google Scholar
  27. [27]
    J. M. Wing. A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983.Google Scholar
  28. [28]
    U. Wolter, K. Didrich, F. Cornelius,; M. Klar, R. Wessäly, and H. Ehrig. How to cope with the Spectrum of spectrum. In M. Broy and S. Jähnichen, editors, KORSO: Methods, Languages and Tools for the Construction of Correct Software, volume 1009 of Lecture Notes in Computer Science, pages 173–189. Springer-Verlag, New York, N.Y., 1995.Google Scholar
  29. [29]
    J. Woodcock and D. Jackson. About the semantics of partial functions in Z. Personal communication, Apr. 1996.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Gary T. Leavens
    • 1
  • Jeannette M. Wing
    • 2
  1. 1.Department of Computer ScienceIowa State UniversityAmesUSA
  2. 2.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations