A/G Specifications

In practice, system components are not designed for arbitrary environments, but only environments that satisfy certain assumptions. This motivates the introduction of so-called assumption/guarantee specifications. In fact, ever since the use of formal methods in program development became a major research area some 30 years ago, it has been common to write specifications in an assumption/guarantee style. Such specifications consist of two parts: an assumption and a guarantee. The assumption describes properties of the environment in which the specified component is supposed to run. The guarantee characterizes the constraints that the specified component is required to fulfill whenever the specified component is executed in an environment which satisfies the assumption.