The mathematical framework of Stone duality is used to synthesize a number of hitherto separate developments in Theoretical Computer Science: • Domain Theory, the mathematical theory of computation introduced by Scott as a foundation for denotational semantics. • The theory of concurrency and systems behaviour developed by Milner, Hennessy et al. based on operational semantics. • Logics of programs. Stone duality provides a junction between semantics (spaces of points = denotations of computational processes) and logics (lattices of properties of processes). Moreover, the underlying logic is geometric, which can be computationally interpreted as the logic of observable properties—i.e. properties which can be determined to hold of a process on the basis of a finite amount of information about its execution. These ideas lead to the following programme:

We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mu-calculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at model-checking, and finally at the relationship of modal logics to other formalisms.

Many different notions of "property of interest" and methods of verifying such properties arise naturally in programming. A general framework of "Specification Structures" is presented for combining different notions and methods in a coherent fashion. This is then applied to concurrency in the setting of Interaction Categories.

We present a type-based technique for the verification of deadlock-freedom in asynchronous concurrent systems. Our approach is to start with an interaction category such as ASProc, where objects are types containing safety specifications and morphisms are processes. We then use a specification structure to add information to the types so that they specify stronger properties. The extra information in this case concerns deadlock-freedom, and in the resulting category ASProc D , combining well-typed processes preserves deadlock-freedom. It is also possible to accommodate non-compositional methods within the same framework. The systems we consider are asynchronous, hence issues of divergence become significant; our approach incorporates an elegant treatment of both divergence and successful termination. As an example, we use our methods to verify the deadlock-freedom of an implementation of the alternating-bit protocol. Address for Correspondence Dr S. J. Gay Department of ...

The classical concepts of partial and total correctness identify all types of runtime errors and divergence. We argue that the associated notions of translation correctness cannot cope adequately with practical questions like optimizations and finiteness of machines. As a step towards a solution we propose more fine-grained correctness notions, which are parameterized in sets of acceptable failure outcomes, and study a corresponding family of predicate transformers that generalize the well-known wp and wlp transformers. We also discuss the utility of the resulting setup for answering compiler correctness questions.

Many different notions of "program property", and many different methods of verifying such properties, arise naturally in programming. We present a general framework of Specification Structures for combining different notions and methods in a coherent fashion. We then apply the idea of specification structures to concurrency in the setting of Interaction Categories. As a specific example, a certain specification

This paper describes the systematic use of fixpoints for the relational semantics of unboundedly nondeterministic sequential programs. The focus is on analysing the expressiveness of various semantic definitions and of powerdomains including or excluding an ‘error ’ element ⊥.