Advances in Software Engineering

Research Article

Towards Support for Software Model Checking: Improving the Efficiency of Formal Specifications

Table 2

Summary of characteristics for scopes in Prospec.
Scope Characteristics
Global (1) The scope denotes the entire computation
(2) The scope includes all the states in the computation
(3) The interval defined by the scope occurs once in a computation
Before 𝑅 (1) The scope denotes a subsequence of states or events (an interval) that begins with the start of computation and ends with the state or event immediately preceding the event or state at which 𝑅 holds for first time in the computation
(2) The interval does not include the state or event associated with 𝑅
(3) The interval defined by the scope occurs once in a computation
(4) One or more events (conditions) may be associated with 𝑅 ; a condition is a proposition and an event is a change in value of the proposition from one state to the next
After 𝐿 (1) The scope denotes a subsequence of states or events (an interval) that begins with the first event or state at which 𝐿 holds and ends with termination of computation
(2) The interval includes the state or event associated with 𝐿
(3) The interval defined by the scope occurs once in a computation
(4) One or more events (conditions) may be associated with 𝐿 ; a condition is a proposition and an event is a change in value of the proposition from one state to the next
Between 𝐿 and 𝑅 (1) The scope denotes a subsequence of states or events (an interval) that begins when 𝐿 holds and ends with the state or event immediately preceding the event or state at which 𝑅 holds
(2) Event or condition 𝐿 must hold and, at a different event or state in the future, 𝑅 must hold
(3) The interval includes the state or event associated with 𝐿
(4) The interval does not include the state or event associated with 𝑅
(5) The interval defined by the scope may occur more than once in a computation
(6) Multiple intervals may be defined within an interval when 𝐿 holds more than once before 𝑅 holds
(7) One or more events (conditions) may be associated with 𝐿 and 𝑅
After 𝐿 Until 𝑅 (1) The scope denotes a subsequence of states or events (an interval) that begins when 𝐿 holds and ends either with the state or event immediately preceding the event or state at which 𝑅 holds, or begins when 𝐿 holds and ends with the termination of computation
(2) The interval includes the state or event associated with 𝐿
(3) The interval does not include the state or event associated with 𝑅
(4) The interval may repeat during a computation
(5) If 𝐿 holds and 𝑅 does not hold, the interval ends with termination of a computation
(6) The interval defined by the scope may occur more than once in a computation
(7) Multiple intervals may be defined within an interval when 𝐿 holds more than once before 𝑅 holds
(8) One or more events (conditions) may be associated with 𝐿 and R