Formal verification of data type refinement — Theory and practice

  • Tobias Nipkow
Technical Contributions
Part of the Lecture Notes in Computer Science book series (LNCS, volume 430)


This paper develops two theories of data abstraction and refinement: one for applicative types, as they are found in functional programming languages, and one for state-based types found in imperative languages. The former are modelled by algebraic structures, the latter by automata. The automaton-theoretic model covers not just data types but distributed systems in general. Within each theory two examples of data refinement are presented and formally verified with the theorem prover Isabelle. The examples are an abstract specification and two implementations of a memory system, and a mutual exclusion algorithm.

Key words

Abstract Data Types Data Types Distributed Processes Refinement Implementation Verification Theorem Proving 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    M. Abadi, L. Lamport: The Existence of Refinement Mappings, Proc. 3rd Symposium Logic in Computer Science (1988), 165–175.Google Scholar
  2. [2]
    R.S. Boyer, J S. Moore: A Computational Logic Handbook, Academic Press (1988).Google Scholar
  3. [3]
    M. Broy: A Theory for Nondeterminism, Parallelism, Communication, and Concurrency, Theoretical Computer Science 45 (1986), 1–61.Google Scholar
  4. [4]
    M. Broy: Extensional Behaviour of Concurrent, Nondeterministic, Communicating Systems, in Control Flow and Data Flow: Concepts of Distributed Programming (M. Broy, ed.), Springer Verlag (1985).Google Scholar
  5. [5]
    M. Broy, B. Möller, P. Pepper, M. Wirsing: Algebraic Implementations Preserve Program Correctness, Science of Computer Programming 7 (1986), 35–53.CrossRefGoogle Scholar
  6. [6]
    R. de Nicola, M.C.B. Hennessy: Testing Equivalences for Processes, Proc. 10th ICALP, LNCS 154 (1983), 548–560. Full version in Theoretical Computer Science 34 (1984), 83–133.Google Scholar
  7. [7]
    E.W. Dijkstra: A Disciplin of Programming, Prentice-Hall (1976).Google Scholar
  8. [8]
    H. Ehrig, B. Mahr: Fundamentals of Algebraic Specification 1, EATCS Monograph on Theoretical Computer Science, Springer Verlag (1985).Google Scholar
  9. [9]
    K. Futatsugi, J.A. Goguen, J.-P. Jouannaud, J. Meseguer: Principles of OBJ2, Proc. 12th ACM Symposium on Principles of Programming Languages (1985), 52–66.Google Scholar
  10. [10]
    S.J. Garland, J.V. Guttag: An Overview of LP, The Larch Prover, Proc. 3rd Intl. Conf. Rewriting Techniques and Applications, LNCS 355 (1989), 137–151.Google Scholar
  11. [11]
    Michael J.C. Gordon: HOL: A Proof Generating System for Higher-Order Logic, in: Graham Birtwistle and P.A. Subrahmanyam, editors, VLSI Specification, Verification and Synthesis, Kluwer Academic Publishers (1988), 73–128.Google Scholar
  12. [12]
    G. Hansoul: Systemes Relationelles Et Algebres Multiformes, Ph.D. Thesis, Université de Liege, 1979/80.Google Scholar
  13. [13]
    R. Harper: Introduction to Standard ML, Report ECS-LFCS-86-14, Dept. of Comp. Sci., Univ. of Edinburgh, 1986.Google Scholar
  14. [14]
    C.A.R. Hoare: Proof of Correctness of Data Representation, Acta Informatica 1 (1972), 271–281.CrossRefGoogle Scholar
  15. [15]
    J. He, C.A.R. Hoare, J.W. Sanders: Data Refinement Refined, Proc. 1st European Symposium on Programming, LNCS 213 (1986).Google Scholar
  16. [16]
    M.C.B. Hennessy: Powerdomains and Nondeterministic Recursive Definitions, Proc. Intl. Symposium on Programming, LNCS 137 (1982), 178–193.Google Scholar
  17. [17]
    M. Hennessy, R. Milner: Algebraic Laws for Nondeterminism and Concurrency, J. ACM Vol. 32, No. 1, January 1985, 137–161.Google Scholar
  18. [18]
    C.B. Jones: Systematic Software Development Using VDM, Prentice-Hall International (1986).Google Scholar
  19. [19]
    R. Kuiper: Enforcing Nondeterminism via Linear Temporal Logic Specifications using Hiding, Proc. Coll. on Temporal Logic and Specification, Altrincham, 1987, to appear in LNCS.Google Scholar
  20. [20]
    B. Lampson: Specifying Distributed Systems, Proc. 1988 Marktoberdorf Summer School, Springer Verlag.Google Scholar
  21. [21]
    B. Liskov, R. Atkinson, T. Blum, E. Moss, C. Schaffert, R. Scheifler, A. Snyder: CLU Reference Manual, LNCS 114 (1981).Google Scholar
  22. [22]
    N.A. Lynch, M.R. Tuttle: Hierarchical Correctness Proofs for Distributed Algorithms, Proc. 6th ACM Symposium on Principles of Distributed Computing, Vancouver, August 1987, 137–151.Google Scholar
  23. [23]
    N.A. Lynch, M.R. Tuttle: An Introduction to Input/Output Automata, Report MIT/LCS/TM-373, Lab. for Computer Science, MIT (1989), to appear in the CWI Quaterly, September 1989.Google Scholar
  24. [24]
    T.S.E. Maibaum, Pauolo A.S. Veloso, M.R. Sadler: A Theory of Abstract Data Types for Program Development: Bridging the Gap?, Proc. TAPSOFT 1985, LNCS 186, 214–230.Google Scholar
  25. [25]
    M. Merritt: Completeness Theorems for Automata, this volume.Google Scholar
  26. [26]
    G. Nelson: A Generalization of Dijkstra's Calculus, Research Report 16, Digital Equipment Corporation, Systems Research Center, April 1987.Google Scholar
  27. [27]
    T. Nipkow: Nondeterministic Data Types: Models and Implementations, Acta Informatica 22 (1986), 629–661.CrossRefGoogle Scholar
  28. [28]
    T. Nipkow: Are Homomorphisms Sufficient for Behavioural Implementations of Deterministic and Nondeterministic Data Types?, Proc. 4th Symposium on Theoretical Aspects of Computer Science, LNCS 247 (1987), 260–271.Google Scholar
  29. [29]
    T. Nipkow: Behavioural Implementations Concepts for Nondeterministic Data Types, Ph.D. Thesis, Tech. Rep. UMCS-87-5-3, Dept. of Comp. Sci., The Univ. of Manchester, 1987.Google Scholar
  30. [30]
    T. Nipkow: Observing Nondeterministic Data Types, Proc. 5th Workshop on Specification of Abstract Data Types (1987), LNCS 332, 170–183.Google Scholar
  31. [31]
    T. Nipkow: Equational Reasoning in Isabelle, Science of Computer Programming 12 (1989), 123–149.MathSciNetGoogle Scholar
  32. [32]
    T. Nipkow: Term Rewriting and Beyond — Theorem Proving in Isabelle, submitted for publication.Google Scholar
  33. [33]
    D.M.R. Park: Concurrency and Automata on Infinite Sequences, LNCS 104 (1981).Google Scholar
  34. [34]
    L.C. Paulson: Logic and Computation, Cambridge University Press (1987).Google Scholar
  35. [35]
    L.C. Paulson: Isabelle: The next 700 Theorem Provers, in: P. Odifreddi (editor), Logic and Computer Science, Academic Press (1989), in press.Google Scholar
  36. [36]
    L.C. Paulson: The Foundation of a Generic Theorem Prover, Journal of Automated Reasoning (1989), in press.Google Scholar
  37. [37]
    O. Schoett: Ein Modulkonzept in der Theorie Abstrakter Datentypen, Report IfI-HH-B-81/81, Universität Hamburg, Fachbereich Informatik, 1981.Google Scholar
  38. [38]
    O. Schoett: Data Abstraction and the Correctness of Modular Programming, Ph.D. Thesis, Tech. Rep. CST-42-87, Dept. of Comp. Sci., Univ. of Edinburgh, 1987.Google Scholar
  39. [39]
    D.S. Scott, C.A. Gunter: Semantic Domains, to appear in Handbook of Theoretical Computer Science, North-Holland.Google Scholar
  40. [40]
    R.J. Shoenfield: Mathematical Logic, Addison-Wesley (1967).Google Scholar
  41. [41]
    M.B. Smyth: Powerdomains, Journal of Computer and System Science 2 (1978), 23–36.Google Scholar
  42. [42]
    J.M. Spivey: The Z Notation: A Reference Manual, Prentice-Hall International (1989).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Tobias Nipkow
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeEngland

Personalised recommendations