Specification and Verification of a Network Nail System


Techniques for describing and verifying modular systems are illustrated using a simple network mail problem. The design is presented in a top-down style. At each level of refinement, the specifications of the higher level are verified from the specifications of lower level components. 
DOI: 10.1007/BFb0014669


