Results 11  20
of
92
Program Refinement by Theorem Prover
 In BCS FACS Sixth Refinement Workshop  Theory and Practise of Formal Software Development. 5th  7th January
, 1994
"... We describe a prototype tool for developing programs by stepwise refinement in a weakest precondition framework, based on the HOL theorem proving system. Our work is based on a mechanisation of the refinement calculus, which is a theory of correctness preserving program transformations. We also use ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
We describe a prototype tool for developing programs by stepwise refinement in a weakest precondition framework, based on the HOL theorem proving system. Our work is based on a mechanisation of the refinement calculus, which is a theory of correctness preserving program transformations. We also use a tool for window inference that is part of the HOL system. Our tool permits subcomponents of a program to be refined separately, and the tool keeps track of the overall effects of each individual refinement. In particular, we show how specifications can be refined into code and how data refinements (i.e., replacing an abstract data structure with one that is more concrete) can be handled. All refinements are proved as theorems in the HOL logic, so our system is in fact a secure environment for program development. 1 Introduction Stepwise refinement is a methodology for developing programs from highlevel program specifications into efficient implementations. In this approach to program dev...
Procedures and Invariants in the Refinement Calculus
 Science of Computer Programming
, 1994
"... Invariants allow a rigorous treatment of types as sets in the refinement calculus, a method for developing imperative programs. The interaction of procedures and invariants is explored, resulting in a practical formalisation of existing programming practice. 1 Introduction The notion of local invar ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
Invariants allow a rigorous treatment of types as sets in the refinement calculus, a method for developing imperative programs. The interaction of procedures and invariants is explored, resulting in a practical formalisation of existing programming practice. 1 Introduction The notion of local invariants [9] was introduced to give rigorous treatment to types in the refinement calculus [7, 6, 8, 10]. Typing is a special kind of invariant. For example, in the scope of the declaration n : N, which introduces a new local variable n of type N (the natural numbers), the invariant is n 2 N, and all commands preserve it. The exploration [9] of the interaction between invariants and statements of a simple languageDijkstra's language [2] with extensionsconsidered only language constructs including assignment, iteration, selection and recursion. We extend that work by examining a more complex language structure: the procedure. Although this paper deals only with parameterless procedures, th...
Exploring Summation and Product Operators in the Refinement Calculus
 Mathematics of Program Construction
, 1994
"... Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic prope ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an objectoriented programming language. 1 Introduction Dijkstra introduced weakestprecondition predicate transformers as a means of verifying total correctness properties of ...
A Specification Oriented Semantics for the Refinement of RealTime Systems
, 1993
"... 1 Introduction calculation ifications and executable programs can be formulated. A realtime functional specification in TAM is transformed stepbystep into a mixed program containing both specification fragments and executable code. Such transformations continue until a completely executable prog ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
1 Introduction calculation ifications and executable programs can be formulated. A realtime functional specification in TAM is transformed stepbystep into a mixed program containing both specification fragments and executable code. Such transformations continue until a completely executable program is produced which is guaranteed correct with respect to the original specification. The program may then be analysed by runtime schedulability and allocation tools in the usual manner, and executed. The paper introduces a computational model for realtime systems, conservative extensions to firstorder predicate logic to cover time, a wide spectrum language with a specificational semantics, a refinement calculus, and an example of program development. A computational model should reflect the intended target application area, and also define what we mean by terms such as `termination', `communication', `concurrency ', `functionality', and in our case `refinement' as well. In doing so, i...
A Sequential Realtime Refinement Calculus
 Acta Informatica
, 1997
"... s and compressed postscript files are available from http://svrc.it.uq.edu.au A Sequential Realtime Refinement Calculus Ian J. Hayes Mark Utting y Abstract We present a comprehensive refinement calculus for the development of sequential, realtime programs from realtime specifications. A s ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
s and compressed postscript files are available from http://svrc.it.uq.edu.au A Sequential Realtime Refinement Calculus Ian J. Hayes Mark Utting y Abstract We present a comprehensive refinement calculus for the development of sequential, realtime programs from realtime specifications. A specification may include not only execution time limits, but also requirements on the behaviour of outputs over the duration of the execution of the program. The approach allows refinement steps that separate timing constraints and functional requirements. New rules are provided for handling timing constraints, but the refinement of components implementing functional requirements is essentially the same as in the standard refinement calculus. The product of the refinement process is a program in the target programming language extended with timing deadline directives. The extended language is a machineindependent, realtime programming language. To provide valid machine code for a...
Distributed System Development in B
, 1996
"... The BMethod is a method for the stepwise derivation of sequential programs. In this paper we show how the BMethod can be used for designing distributed systems by embedding action systems within this method. The action system formalism is designed for the construction of parallel and distributed s ..."
Abstract

Cited by 18 (12 self)
 Add to MetaCart
The BMethod is a method for the stepwise derivation of sequential programs. In this paper we show how the BMethod can be used for designing distributed systems by embedding action systems within this method. The action system formalism is designed for the construction of parallel and distributed systems in a stepwise manner within the refinement calculus. We describe how action systems are written in B AMN. We also show the correspondence between refinement rules for action systems and the proof obligations generated in the BMethod. Furthermore, we propose an extension of the BMethod to cover parallel and distributed systems. Familiarity with B AMN is assumed.
Stepwise Refinement of Communicating Systems
, 1994
"... The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining and decomposing such action systems into distributed implementations in which internal communication is also based on synchronised valuepassing. An important feature of the composition rule is that parallel components of a distributed system may be refined independently of the rest of the system. Specification and refinement is similar to the refinement calculus approach [2, 22, 24]. The theoretical basis for communication and distribution is Hoare's CSP [11]. Use of the refinement and decomposition rules is illustrated by the design of an unordered buffer, and then of a distributed messagepassing system. 1 Introduction The action system formalism, introduced by Back & KurkiSuonio [4], i...
Towards a Compositional Method for Coordinating Gamma Programs
 in Proc. Coordination'96 Conference
, 1996
"... With the growing complexity of software, incurred by the widespread acceptance of parallel and distributed computer systems and networks, program design would benefit from clearly separating the correctness issues (the computation) from efficiency issues (the coordination). Gamma has shown to be a p ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
With the growing complexity of software, incurred by the widespread acceptance of parallel and distributed computer systems and networks, program design would benefit from clearly separating the correctness issues (the computation) from efficiency issues (the coordination). Gamma has shown to be a powerful and expressive programming model that allows the basic computations of a program to be expressed with a minimum of control. This enables the programmer to defer efficiency related decisions until a second stage in the design process. In support of this second activity we introduce in this paper a coordination language that exploits the highly nondeterministic behaviour of Gamma to impose additional control. Furthermore, we propose a compositional notion of refinement that can be used to reason about coordination of Gamma programs. This notion induces a number of refinement laws that can be used in an algebraic style of reasoning. Some examples are presented to illustrate application ...
Between Functions and Relations in Calculating Programs
, 1992
"... This thesis is about the calculational approach to programming, in which one derives programs from specifications. One such calculational paradigm is Ruby, the relational calculus developed by Jones and Sheeran for describing and designing circuits. We identify two shortcomings with derivations made ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
This thesis is about the calculational approach to programming, in which one derives programs from specifications. One such calculational paradigm is Ruby, the relational calculus developed by Jones and Sheeran for describing and designing circuits. We identify two shortcomings with derivations made using Ruby. The first is that the notion of a program being an implementation of a specification has never been made precise. The second is to do with types. Fundamental to the use of type information in deriving programs is the idea of having types as special kinds of programs. In Ruby, types are partial equivalence relations (pers). Unfortunately, manipulating some formulae involving types has proved difficult within Ruby. In particular, the preconditions of the `induction' laws that are much used within program derivation often work out to be assertions about types; such assertions have typically been verified either by informal arguments or by using predicate calculus, rather than by ap...