Observational Specifications and the Indistinguishability Assumption

To establish the correctness of some software w.r.t. its formal speciication is widely recognized as a diicult task. A rst simpliication is obtained when the semantics of an algebraic speciication is deened as the class of all algebras which correspond to the correct realizations of the speciication. A software is then declared correct if it corresponds to some algebra of this class. We approach this goal by deening an observational satisfaction relation which is less restrictive than the usual satisfaction relation. Based on this notion we provide an institution for observational speciications. The idea is that the validity of an equational axiom should depend on an observational equality, instead of the usual equality. We show that it is not reasonable to expect an observational equality to be a congruence. We deene an observational algebra as an algebra equipped with an observational equality which is an equivalence relation but not necessarily a congruence. We assume that two values can be declared indistinguishable when it is impossible to establish they are diierent using some available observations. This is what we call the Indistinguishability Assumption. Since term observation seems suucient for data type speciications, we deene an indistinguishability relation on the carriers of an algebra w.r.t. the observation of an arbitrary set of terms. From a careful case study it follows that this requires to take into account the continuations of suspended evaluations of observable terms. Since our indistinguishability relation is not transitive, it is only an intermediate step to deene an observational equality. Our approach is motivated by numerous examples.