A new approach to simulations is proposed within the theory of coalgebras by taking a notion of order on a functor as primitive. Such an order forms a basic building block for a "lax relation lifting", or "relator" as used by other authors. Simulations appear as coalgebras of this lifted functor, and similarity as greatest simulation. Two-way similarity is then similarity in both directions. In general, it is different from bisimilarity (in the usual coalgebraic sense), but a su#cient condition is formulated (and illustrated) to ensure that bisimilarity and two-way similarity coincide. Also, suitable conditions are identified which ensures that similarity on a final coalgebra forms an (algebraic) dcpo structure. This involves a close investigation of the iterated applications F (#) and F (1) of a functor F with an order to the initial and final sets.

. Data types like trees which are finitely branching and of (possibly) infinite depth are described by iterating initial algebras and terminal coalgebras. We study proof principles for such data types in the context of categorical logic, following and extending the approach of [14, 15]. The technical contribution of this paper involves a description of initial algebras and terminal coalgebras in total categories of fibrations for lifted "datafunctors". These lifted functors are used to formulate our proof principles. We test these principles by proving some elementary results for four kinds of trees (with finite or infinite breadth or depth) using the proof tool pvs. 1 Introduction Algebras and coalgebras are of well-established importance in computer science, notably in the theory of datatypes, where especially initial algebras and terminal coalgebras play a distinguished role. Over the past decade there is more and more interest in the logic associated with initial algebras and ter...

In this paper, we intend to show how to use the synchronous dataflow language Lustre, combined with the PVS proof system in deriving provably-correct (distributed) control programs. We hopefully illustrate, based on a railway emergency braking system example, the features of our approach --- asynchronous periodic programs with nearly the same period, communicating by sampling --- equational reasoning which leaves to the Lustre compiler the task of scheduling computations --- no distinction between control programs and physical environments which are sampled in the same way. This allows us to provide "elementary " proofs based on difference equations instead of differential ones which require more involved PVS formalization. 1 Introduction Control systems form an important class of critical computer systems: it is in this domain that some of the most critical applications can be found, for instance in civil aircrafts, ground transportation, nuclear power etc. Thus, a lot of activity ha...

We introduce a coinductively-defined refinement relation on sequential non-deterministic reactive systems that guarantees total correctness. It allows the more refined system to both have less non-determinism in its outputs and to accept more inputs than the less refined system. Data reification in VDM is a special case of this refinement. Systems are considered at what we have called fine and medium levels of granularity. At the fine-grain level, a system's internal computational steps are described. The fine-grain level abstracts to a medium-grain level where only input/output and termination behaviour is described. The refinement relation applies to medium grain systems. We consider fine grain systems as contexts for medium grain systems, and prove the refinement relation to be a precongruence with respect to these contexts. The development has been mechanized in PVS to support its use in case studies. 1 Introduction Refinement. Refinement is a fundamental verificati...

. This paper presents a tool for proving safety properties of