The complex process of deriving programs from specifications is often divided into the following three steps: (i) the derivation of formal specifications from the informal ones; (ii) the validation of the formal specifications; and (iii) the derivation of executable programs from the formal specifications.