CoMet
Comparative Methodology
A Programming Methodology Project Proposal

Dines Bjørner: bjorner@gmail.com, www.imm.dtu.dk/~db

June 26, 2010

Contents

• Stop Press !
• History
• Mailing List
• Background
• The Examples Offered for Reformulation
• Idea
• Expected Fallouts
• Modalities
  • Collaborators
  • Forms of Collaboration
    • Year 1
      • Individual Efforts
      • Student Projects
      • CoMet Workshops
    • Year 2
  • Project Repository
  
  
• Further Issues
• E-Mail Exchanges
  • Initial E-Mail Exchanges
    • Dines Bjorner: 15:19
    • Jim Woodcock: 15:29
    • Leo Freitas: 16:00
    • Daniel Jackson: 16:31 (EST)
    • Dines Bjorner: 16:51
    • John Fitzgerald: 17:39
  • Subsequent E-Mail Exchanges: After February 1, 2010
    • DB to Enlarged Mailing List, Feb.4, 10:49
    • DJ: 4 February 2010 13:46 (EST)
    • DB reply to DJ: 4 February 2010 14:24

Stop Press !

• 26-Jun-2010: Three entries:
  • Reformulation of Base Example.
    • I am writing a "clean" and much simplified version of From Domains to Requirements.
    • It is called: CoMet : Comparative Methodology, A Technical Note.
    • You can always find a .pdf version of it here !.
    • The June 26, 2010 version is incomplete.
    • But I suggest that you/we use this version as a basis.
    • It attempts, what From Domains to Requirements, fails to do, to express a number of properties to be proved to hold of the formalisation.
  • Inclusion of CafeOBJ as a possible collaboration "target".
  • Jonathan Bowen has posted this Web page on Wiki.
• 4-Feb-2010 am:
  • This version "released" to entire mailing list (cf. new section: Mailing List).
  • Important remarks in section: "The Examples Offered for Reformulation"
  • Remarks on "Modalities": "Forms of Collaboration"
• 2-Feb-2010:
  • pm: Addition of document with examples only; cf. Sect. 5.
  • am: Zeroth edition released to a few new invitees!

History

For "history" please see last section: E-Mail Exchanges

Mailing List

Alloy:   "Daniel Jackson" <dnj@mit.edu>, 

CafeOBJ: "FUTATSUGI, Kokichi" <kokichi@jaist.ac.jp>, 

Event B: "Michael J Butler" <mjb@ecs.soton.ac.uk>,  
         "Dominique Mery" <Dominique.Mery@loria.fr>,

RAISE:   "Chris George" <cwg@iist.unu.edu>, 
         "Anne Haxthausen" <ah@imm.dtu.dk>,
         "Jan Storbank Pedersen" <jnp@terma.com>,
         "Dines Bjorner" <bjorner@gmail.com>, 

VDM:     "John Fitzgerald" <John.Fitzgerald@newcastle.ac.uk>, 
         "Peter Gorm Larsen" <pgl@iha.dk>, 

Z:       "Jim Woodcock" <Jim.Woodcock@cs.york.ac.uk>, 
         "Leo Freitag" leo@cs.york.ac.uk, 
         "Henson, Martin C" <hensm@essex.ac.uk>, 
         "Steve Reeves" <stever@cs.waikato.ac.nz>,
         "Jonathan Bowen" <jpbowen@gmail.com>,

Background

• There (was and still) is a document:
  • From Domains to Requirements
• Based on this document I have worked out a complete set of lecture notes
  • to be first delivered at Techn.Univ. of Vienna in April 2010;
  • from the Vienna course page you can find the
    • Lecture Notes
    • Lecture Slides
• The Lecture Notes has 53 examples, all in the RAISE (RSL) specification language.

• I am now in the process, Summer 2010, of revising Lecture Notes rather completely: simplifying, bringing better examples, etc.

  The current result is CoMet : Comparative Methodology, A Technical Note.

The Examples Offered for Reformulation

• I now, 26 June 2010, suggest that the following document serve as an example for "comparison":

• CoMet : Comparative Methodology, A Technical Note.
  • You can always find a .pdf version of it here !.
  • The June 26, 2010 version is incomplete.
  • It attempts, what the below, earlier "offering", From Domains to Requirements,
    fails to do, namely to express a number of properties to be proved to hold of the formalisation.

• Earlier "Offering":
  • The 53 examples of the Lecture Notes can be found in Lecture Note Examples.
  • Only 12 examples relate to domain engineering,
  • 14 more examples relate to requirements engineering.
  • The rest support the "syntactic" explanation of RSL.
    (In that sense they could be considered irrelevant to the CoMet effort.)

Idea

• The basic and initial idea of the CoMet project is to
  • work out all the formalisations of the examples of the Vienna Lecture Notes
    in the following formal specification languages:
    • Alloy : D. Jackson.
      Software Abstractions: Logic, Language, and Analysis.
      The MIT Press, Cambridge, Mass., USA, April 2006.

    • CafeOBJ : K. Futatsugi:
      

      A Brief Overview of CafeOBJ/ProofScore and Formal

      Lecture/Lab 1: Basics of CafeOBJ and Peano Style Natural Numbers

      • Lecture Slides (pdf file)
      • CafeOBJ Codes (text file with .cafe extension)
      • An Example Answer for the Exercise (text file with .cafe extension)

      Lecture/Lab 2: Parametrized Modules and Generic List Structure

      • Lecture Slides (pdf file)
      • CafeOBJ Codes (text file with .cafe extension)
      • An Example Answer for the Exercise

      Lecture/Lab 3: Modeling and Specification of Mutual Exclusion Protocol (QLOCK) in OTS/CafeOBJ

      • Lecture Slides (pdf file)
      • CafeOBJ Codes (text file with .cafe extension)

      Lecture/Lab 4: Proof Score Writing for QLOCK in OTS/CafeOBJ

      • Preliminary Lecture Slides (pdf file)
      • Lecture Slides (pdf file)
      • CafeOBJ Codes

      Related Web Pages

      • CafeOBJ official homepage
      • Lecture Materials of JAIST-FSSV2010

    • Event B : J.-R. Abrial.
      The B Book: Assigning Programs to Meanings
      and Modeling in Event-B: System and Software Engineering.
      Cambridge University Press, Cambridge, England, 1996 and 2009.

    • RAISE (RSL) : C. W. George, P. Haff, K. Havelund, A. E. Haxthausen, R. Milne,
      C. B. Nielsen, S. Prehn, and K. R. Wagner.
      The RAISE Specification Language.
      The BCS Practitioner Series. Prentice-Hall, England, 1992.

    • VDM (SL) : J. Fitzgerald and P. G. Larsen.
      Modelling Systems - Practical Tools and Techniques in Software Development.
      Cambridge University Press, Cambridge, UK, Second edition, 2009.

    • Z : J. C. P. Woodcock and J. Davies.
      Using Z: Specification, Proof and Refinement.
      Prentice Hall International Series in Computer Science, 1996.

  • Further formal specification language groups may join:
    ASM , etcetera.
  • Taking part in the CoMet project shall in no way be construed as
    a "subscription" to the triptych domain to requirements approach
    advocated by the referenced papers and lecture notes.
  • Taking part in the CoMet project shall, however be construed as an expression of
    • deep interest in comparing different formal specification languages' and
    • deep interest in understanding their attendant methods'
    • ability to handle one or another problem in domain or in requirements modelling.

Expected Fallouts

• The initial e-mails from Woodcock, Jackson, Freitas and Fitzgerald clearly indicates
  some of the kinds of benefits from a project like CoMet .
• To summarise we see the following benefits:
  1. Exchange of verification conditions between different tools (Woodcock).
     Studying the same set of examples in these different
     settings in a necessary prerequisite for that work.
  2. Compare different proof technologies / strategies (Freitas).
  3. "Discovering" properties that could be model checked (Jackson).
  4. To simply have a repository of examples (Fitzgerald).
  (This list is to be extended and then edited.)

Modalities

Collaborators

• Alloy : DJ: Daniel Jackson (MIT, Mass, US)
• CafeOBJ : KF: Kokichi Futatsugi (JAIST, Japan)
• Event B :
  • MB: Michael Butler (Southampton, UK)
  • DM: Dominique Mery (Nancy, France)
• RAISE (RSL) :
  • DB: Dines Bjørner (Denmark)
  • CWG: Chris George (Hamilton, Canada)
  • AEH: Anne E. Haxthausen (Kgs. Lyngby, Denmark)
  • JSP: Jan Storbank Pedersen (Terma, Denmark)
• VDM (SL) :
  • JF&PGL: John Fitzgerald (Newcastle, UK) and Peter Gorm Larsen (Århus, Denmark)
• Z :
  • JB: Jonathan Bowen (UK)
  • LF&JW: Leo Freitas and Jim Woodcock (York, UK)
  • MH&SR: Martin Henson (Essex, UK) and Steeve Reeves (Waikato, NZ)

Forms of Collaboration

• DB suggests an initial phase, 2010, to reflect a "con amore" approach.
• Some personal DB remarks - to be removed at a future stage.
  • Narratives and Formalisations:
    • It is important that we are not constrained by DB's formulation of the examples
      of the Lecture Notes (collected in Lecture Note Examples).
    • Other approaches (using RAISE (RSL) ) as well as any of the other SLs
      ( Alloy , Event B , VDM (SL) , Z ) may very well favour other formulations of narratives as well as formulas.
    • (DB will, in the period up to and including his Vienna lectures ending April 30th, undoubtedly wish to improve on both narratives and formalisatioms.)
  • The Triptych Dogma:
    • The examples are offered as a starting point for comparative experiment ts.
    • The "facts" that Examples 1-4 are claimed to illustrate a specification ontology,
      that Examples 5-12 are claimed to illustrate so-called domain facets, and
      that Examples 13-26 are claimed to illustrate so-called requirements engineering facets,
      these "facts" are, to a first approximation, irrelevant for the CoMet effort:
      Contributors to the comparative methodology effort of CoMet
      are not thereby "subscribing" to the triptych dogmas put forward by the Lecture Notes.
  • "Con Amore Approach":
    • Collaborators are expected to choose the examples of Lecture Note Examples
      (cum the Vienna Lecture Notes).
    • Initially, it is suggested, no co-ordination, wrt. who chooses which examples,
      will be attempted.
    • Collaborators just inform DB (or the CoMet Web Page editor) of their intentions and results.

Year 1

• Initially two kinds of collaborative efforts are foreseen:
  • one (or two) person experiments and
  • collaborator supervised student experiments, term or thesis projects.

Individual Efforts

• Initially small experiments are foreseen
  in which a few (one, two or three) examples of the Vienna Lecture Notes
  are reworked by one (or two) of the (&-connected) project collaborators listed above.
• These experiments, say of one to three months duration,
  are recorded within the CoMet Web and thus communicated to project members (say in addition to e-mails).

Student Projects

• From rather early on those project collaborators who have access
  to MSc and/or PhD students may, as above, involve these in "middle-sized" experiments.
• These student/collaborator projects are usually "formally" reported.
• Etcetera.

CoMet Workshops

• One can foresee CoMet workshops colocated with
  • FME Symposia,
  • ABZ Workshops,
  • etcetera.

Year 2

• (We shall see when and if that year Commeth .)

Project Repository

We refer to a separate Web CoMet Repository document.

Further Issues

• The CoMet proposal raises a number of issues:
  • Integration of formal specification languages, to wit, the use of most
    of the above-mentioned formal specification languages together with:
    • Petri Nets,
    • Message Sequence Charts, MSC,
    • Statecharts,
    • DC: Duration Calculus,
    • TLA+: Temporal Logic of Actions etc.,
    • etcetera.
  • Establishment of a proper report exchange format and repository.
  • Tool integration.
  • Et cetera.

E-Mail Exchanges

Initial E-Mail Exchanges

Dines Bjorner: 15:19

from    Dines Bjorner <bjorner@gmail.com>
to      Daniel Jackson <dnj@mit.edu>,
        "FUTATSUGI, Kokichi" <kokichi@jaist.ac.jp>
        Dominique Mery <Dominique.Mery@loria.fr>,
        John Fitzgerald <John.Fitzgerald@newcastle.ac.uk>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>,,
        Jonathan Bowen <jpbowen@gmail.com>
        leo@cs.york.ac.uk
date    1 February 2010 15:19
subject "Formalisation-Parametrised" Lecture Notes (and Slides)

Dear Alloy        Daniel,
     CafeOBJ      Kokichi,
     Event B      Dominique,
     VDM          John & Peter Gorm and
     Z            Jim & Leo, Martin & Steve,

Pls. find attached my latest set of lecture notes (+ slides):

• Text
• Slides

35 pages covering principles of domain and requirements engineering,
53 pages covering their expression in  the RAISE SL (RSL), and
35 pages covering a/the special topic of mereology.

Pls. note my lecture note paragraph on the middle of Page 3:
"Formalisation-Parametrised" Examples and Primer.

There I 'air' a proposal for a possibly joint project between yours
groups and me - aimed at providing the same small set of lecture
notes but, instead of suing RSL, using either of the Alloy. Event B,
VDM or Z SLs.

I am sure, should such an "exercise" emerge - that my narratives
of the examples (and even my formalisations) change (respectively
improve).

It would truly be an example of comparative schematology cum
specification ontology.

To a first approximation the "transliteration project"  would
provide versions of all examples - notably their formalisations.
Then, undoubtedly some of the main text (of Chaps.1-5) would
have to be rephrased so as to fit "hand-in-glove" with all
the different SL instantiations.

All this, provided, you could/can more-or-less accept, as a basis,
the Domain to Requirements "transformation" proposition.

Sorry for intruding in, as I am sure, your busy and "other-priorities"
scheduled life.

Fondly yours

Dines

PS: My LaTeX lecture notes are set up as follows:
      There are separate files for each sect. (sort of 'chapter').
      And then there is a separate file for eeach of the very many examples.
      In a first instantiation of a "transliteration" effort
            * the example files need be 'transliterated' and
            * a separate primer provided for Spec.Lang. SL (i.e., Appendix A)

PS: Should I also try ASM - and if so, whom ?

PS: Maybe I forgot to tell:

   All the 53 examples of my notes are about the same
   domain: transport net. Some could undoubtedly be
   better examples.

   Without the examples the
           35 pages of sects.1-6 dwindle from  to 20 pages
   and the
           87 pages of appendices A-B dwindle to 38 pages

   dines

+++++++++++++++++++++++++++++

Prof., Dr Dines Bjørner,  Dr.h.c., Emeritus
MAE, MRANS, ACM Fellow, IEEE Fellow
bjorner@gmail.com
http://www.imm.dtu.dk/~db

Fredsvej 11
DK-2840 Holte
Denmark
Phone: +45 4542 2141

+++++++++++++++++++++++++++++

Jim Woodcock: 15:29

from    Jim Woodcock <jim@cs.york.ac.uk>
to      Dines Bjorner <bjorner@gmail.com>
cc      Daniel Jackson <dnj@mit.edu>,
        Dominique Mery <Dominique.Mery@loria.fr>,
        John Fitzgerald <John.Fitzgerald@newcastle.ac.uk>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>,,
        Jonathan Bowen <jpbowen@gmail.com>
        leo@cs.york.ac.uk
date    1 February 2010 15:29
subject Re: "Formalisation-Parametrised" Lecture Notes (and Slides)
        
Dines,

I'm very interested to contribute.  Just recently, I've been
discussing the possibility of some common language to use with Alloy,
B, RAISE, VDM, Z, ... in order to exchange verification conditions
between different tools.  Studying the same set of examples in these
different settings in a necessary prerequisite for that work.  So
count me in. 

Very best,

Jim

Leo Freitas: 16:00

from    Leo Freitas <leo@cs.york.ac.uk>
to      Dines Bjorner <bjorner@gmail.com>
cc      Daniel Jackson <dnj@mit.edu>,
        Dominique Mery <Dominique.Mery@loria.fr>,
        John Fitzgerald <John.Fitzgerald@newcastle.ac.uk>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>
date    1 February 2010 16:00
subject Re: "Formalisation-Parametrised" Lecture Notes (and Slides)
        
Dear Dines,

To have a common corpus like this is indeed very interesting.
And having similar / same examples worked out in various notations
will be great to compare different proof technologies / strategies.
As it happened with Mondex, I think we will have inter-notation
contributions and a very fertile exchange.

Let me know how I could help.

Best,
Leo

Daniel Jackson: 16:31 (EST)

from    Daniel Jackson <dnj@mit.edu>
to      Dines Bjorner <bjorner@gmail.com>
cc      Dominique Mery <Dominique.Mery@loria.fr>,
        John Fitzgerald <John.Fitzgerald@newcastle.ac.uk>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>,,
        Jonathan Bowen <jpbowen@gmail.com>
        leo@cs.york.ac.uk
date    1 February 2010 16:31
        
Hi Dines,

I think this is a very good idea. I'm happy to participate. Two things
would make it easier to start with: 

a. Is there a particular example we could focus on? The early
   network/hubs/links example would be fine, but it would be good to
   delineate it. 

b. Are there some properties that are intended to follow from the
   example that could be checked? 

Daniel

Dines Bjorner: 16:51

from    Dines Bjorner <bjorner@gmail.com>
to      Daniel Jackson <dnj@mit.edu>
cc      Dominique Mery <Dominique.Mery@loria.fr>,
        John Fitzgerald <John.Fitzgerald@newcastle.ac.uk>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>,,
        Jonathan Bowen <jpbowen@gmail.com>
        leo@cs.york.ac.uk
date    1 February 2010 16:51
subject Re: "Formalisation-Parametrised" Lecture Notes (and Slides)

Dear Daniel,

Thanks most kindly for your forthcoming response.

Yes:

a: The one example is that which weaves its way from example 1 to and including
    example 53 - being continuously expanded upon.

b: Indeed, you hit the, or rather, my "sore" nail: Yes, there are many
    such properties to be ckecked "continuously" along the way - but
    I have not mentioned any. And I do apologise. The reason is simple.
    I wanted a tiny/small set of lecture notes for max. 3 weeks to cover
    as many stages and steps (not of refinement, but) of specification:
    domain and requirements. So I refrained from verification and model-
    checking concerns. Also: I do believe that working out hopefully the
    same example (in 53 "stages" !?) in at least 3, but hopefully al 5
    SLs would teach us all  something about what the various approaches
    focus on wrt. verifiability/checkability and in this way we could set
    up more general methodological guidelines etc. etc.

Fondly yours

Dines

John Fitzgerald: 17:39

from    John Fitzgerald <john.fitzgerald@newcastle.ac.uk>
to      Dines Bjorner <bjorner@gmail.com>,
        Daniel Jackson <dnj@mit.edu>,
        Dominique Mery <Dominique.Mery@loria.fr>,
        Peter Gorm Larsen <pgl@iha.dk>,
        Jim Woodcock <Jim.Woodcock@cs.york.ac.uk>,
        "Henson, Martin C" <hensm@essex.ac.uk>,
        Steve Reeves <stever@cs.waikato.ac.nz>,
        "leo@cs.york.ac.uk" <leo@cs.york.ac.uk>,
        Jonathan Bowen <jpbowen@gmail.com>
date    1 February 2010 17:39
subject RE: "Formalisation-Parametrised" Lecture Notes (and Slides)
        
Dear Dines
 
VDM is in :-)  This will be a good way to increase the repertoire of
examples for all of the formalisms that we work with as well as
providing a good basis for comparison. We will also look to involve
other members of the VDM community so it's not just "the usual
suspects". 
 
Warmest Regards

John & Peter

Subsequent E-Mail Exchanges: After February 1, 2010

DB to Enlarged Mailing List, Feb.4, 10:49

Dear Colleagues,

        Pls.Note: I have added Michael Butler, Chris George, Anne
                       Haxthausen, Jan Storbank Pedersen and Jonathan Bowen
                       to the "original" mailing list. So far MB and
                       JB have OK'ed. 

                       Pls. feel free to add further persons.

                       With John Fitzgerald, Chair of FME, we hope to open up
                       for -- invite -- a wider participation.

I have established a very tentative Web page:  http://www.imm.dtu.dk/~db/comet
Pls. - until we have found a process whereby someone amongst us, perhaps
Jonathan Bowen ?, is trusted to take over and edit a "CoMet" web page, remark
directly to me - and, perhaps avoid CC to each and all ! I shall
faithfully and loyally incorporate your remarks.

Sincerely yours

Dines

DJ: 4 February 2010 13:46 (EST)

Dear Dines,

On Feb 1, 2010, at 10:51 AM, Dines Bjorner wrote:

>
> Dear Daniel,
>
> Thanks most kindly for your forthcoming response.
>
> Yes:
>
> a: The one example is that which weaves its way from example 1 to
>    and including example 53 - being continuously expanded upon.

That's great, but I still think it may make sense to narrow it down. 

>
> b: Indeed, you hit the, or rather, my "sore" nail: Yes, there are many
>     such properties to be ckecked "continuously" along the way - but
>     I have not mentioned any. And I do apologise. The reason is simple.
>     I wanted a tiny/small set of lecture notes for max. 3 weeks to cover
>     as many stages and steps (not of refinement, but) of specification:
>     domain and requirements. So I refrained from verification and model-
>     checking concerns. Also: I do believe that working out hopefully the
>     same example (in 53 "stages" !?) in at least 3, but hopefully al 5
>     SLs would teach us all  something about what the various approaches
>     focus on wrt. verifiability/checkability and in this way we could set
>     up more general methodological guidelines etc. etc.

I understand that not mentioning tools or analyses makes sense. But in
my view it's still worth recording intended properties as you go, as
they're much harder to figure out later. They also provide a useful
form of redundancy. I'm sure we'll be able to create some though,
especially with your help. 

Daniel

DB reply to DJ: 4 February 2010 14:24

Dear Daniel,

Thanks for e-mail.
I just broadcast one to you etc.: http://www2.imm.dtu.dk/~db/comet/.
Sure, we need to focus on a few of the examples:
http://www2.imm.dtu.dk/~db/comet/comet0.html#SECTION00060000000000000000
I suggest: some of the 4 + 8 initial ones.
Yes, I will insert ' intended properties' as I go along editing these examples.

Sincerely

...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...

/home/db/comet/comt0.tex

About this document ...

CoMet
Comparative Methodology
A Programming Methodology Project Proposal

This document was generated using the LaTeX2HTML translator Version 2002-2-1 (1.71)

Copyright © 1993, 1994, 1995, 1996, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999, Ross Moore, Mathematics Department, Macquarie University, Sydney.

The command line arguments were:
latex2html -split 0 -toc_depth 6 comet0

The translation was initiated by Dines Bjorner on 2010-06-26