Results 1  10
of
16
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
Algebraic Approaches to Nondeterminism  an Overview
 ACM Computing Surveys
, 1997
"... this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University
An ObjectOriented Refinement Calculus with Modular Reasoning
, 1992
"... In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedur ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedures that are invoked by late binding. The first model allows multiple dispatch late binding, in the style of CLOS. This model is then specialised to the single dispatch case, giving a model that associates types with objects, which is similar to existing class based objectoriented languages. Both models are then restricted so that they support modular reasoning. The concept of modular reasoning has been defined informally in the literature, both for nonobjectoriented systems and for objectoriented systems. This thesis gives the first formal definition of modular reasoning for objectoriented languages. Intuitively, the definition seems to capture the minimum possible requirements necessa...
Combining Angels, Demons and Miracles in Program Specifications
 Theoretical Computer Science
, 1989
"... this paper. Thus we write S(Q) for wp S (Q). In [deBa80, Ne87] the weakest precondition calculus is extended to cover partial state transformers, i.e. nonstrict (miraculous) statements. Miraculous statements are used in program refinements in [Morg88b, Ba88b]. The angelic basic statement of [Ba88c], ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
this paper. Thus we write S(Q) for wp S (Q). In [deBa80, Ne87] the weakest precondition calculus is extended to cover partial state transformers, i.e. nonstrict (miraculous) statements. Miraculous statements are used in program refinements in [Morg88b, Ba88b]. The angelic basic statement of [Ba88c], used in data refinement, is not conjunctive but disjunctive. Thus, in going from a pure programming language to specification languages, most of the original healthiness conditions have been questioned, in order to gain expressive power and to develop calculi for program development. In this sense a specification language is truly more general than a programming language, for which all the original healthiness conditions are well motivated. The conjunctivity condition reflects the view that the nondeterminism associated with the execution of a statement is demonic, i.e. in order for a computation to be successful, all possible execution paths must lead to a successful result. Dropping the conjunctivity condition means accepting other kinds of nondeterminism. If the conjunctivity condition is replaced with a disjunctivity condition, the
Mechanising some Advanced Refinement Concepts
 Program transformations and refinements in HOL. In Windley et al. [WALJ91
, 1993
"... We describe how proof rules for three advanced refinement features are mechanically verified using the HOL theorem prover. These features are data refinement, backwards data refinement and superposition refinement of initialised loops. We also show how applications of these proof rules to actual pro ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
We describe how proof rules for three advanced refinement features are mechanically verified using the HOL theorem prover. These features are data refinement, backwards data refinement and superposition refinement of initialised loops. We also show how applications of these proof rules to actual program refinement can be checked using the HOL system, with the HOL system generating the verification conditions. 1 Introduction Stepwise refinement is a methodology for developing programs from highlevel program specifications into efficent implementations. The refinement calculus of Back [1, 2] is a formalisation of this approach, based on the weakest precondition calculus of Dijkstra [9]. Practical program derivation within the refinement calculus [5] has shown that refinement steps often tend to be very similar to each other. Rather than always inventing a refining statement and proving the correctness of the refinement, it is convenient to have access to a collection of program transfo...
Contracts, Games and Refinement
 Information and Computation
, 1997
"... We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a group among these agents can achieve a given goal by following the contract. We show that this can be reduced to studying the existence of winning strategies in ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a group among these agents can achieve a given goal by following the contract. We show that this can be reduced to studying the existence of winning strategies in a twoperson game. We define a weakest precondition semantics for contract statements that permits us to compute the initial states from which a group of agents has a winning strategy to reach their goal. This semantics generalizes the traditional predicate transformer semantics for program statements to contracts and games. Ordinary programs and interactive programs are special kinds of contracts. A notion of correctness and refinement is introduced for contracts. Contracts are shown to form a complete lattice with respect to the refinement ordering. TUCS Research Group Programming Methodology Research Group 1 Introduction A computation can generally be seen as involving a number of ag...
Statement inversion and strongest postcondition
 Science of Computer Programming
, 1993
"... A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulat ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulation relation between commands is described using inverse commands. A generalized form of inverse is de ned for arbitrary conjunctive commands. The generalized inverses are shown to be closely related to strongest postconditions. 1
ImpUNITY: UNITY with procedures and local variables
 Mathematics of Program Construction, volume 947 of Lecture
, 1995
"... In this paper we present the ImpUNITY framework, a framework that supports the development of parallel and distributed programs from specification to implementation in a stepwise manner. The ImpUNITY framework is an extension of UNITY, as introduced by Chandy and Misra, with features of the Action S ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
In this paper we present the ImpUNITY framework, a framework that supports the development of parallel and distributed programs from specification to implementation in a stepwise manner. The ImpUNITY framework is an extension of UNITY, as introduced by Chandy and Misra, with features of the Action System formalism of Back and KurkiSuonio. Due to this extension, the ImpUNITY framework is more suitable for the implementation phase of the develop process. Therefore, it supports local variables and (remote) procedure calls. It also supports a UNITY like temporal logic and the extension can be done without punishment. 1 Introduction The UNITY framework, as introduced by Chandy and Misra [CM88], supports the idea of stepwise refinement of specifications. The framework consists of a programming language and a programming logic. The logic is based on a small set of temporal properties for describing specifications. A specification is refined by a set of stronger properties and the UNITY app...
Procedures, Parameters, And Substitution In The Refinement Calculus
 Science of Computer Programming
, 1997
"... Morgan and Back have proposed different formalisations of procedures and parameters in the context of techniques of program development based on refinement. We investigate a surprising and intricate relationship between these works and the substitution operator that renames the free variables of a p ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Morgan and Back have proposed different formalisations of procedures and parameters in the context of techniques of program development based on refinement. We investigate a surprising and intricate relationship between these works and the substitution operator that renames the free variables of a program, and reveal an inconsistency in Morgan's refinement calculus. Back's formalisation of procedures does not suffer from this inconsistency, but his work is not as appealing to practising programmers as Morgan's calculus, whose distinctive feature is a large number of refinement laws. Here we benefit from both works and use Back's formalism as a model to derive the laws presented in Morgan's calculus. Keywords: program development, formal methods, refinement calculus, procedures, parameters. 1 Introduction Inspired by Dijkstra's work on weakest preconditions (wp) [5], Back [1, 3], Morgan [12, 11], and Morris [13, 15] have proposed three different formalisations of the stepwise refineme...
Contracts as Mathematical Entities in Programming Logic
 In Proc. Workshop on Abstraction and Refinement, Osaka
, 1999
"... We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a coalition among these agents can achieve a given goal by following the contract. We define a generalised weakest precondition semantics for contracts that permi ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a coalition among these agents can achieve a given goal by following the contract. We define a generalised weakest precondition semantics for contracts that permits us to compute the initial states from which a coalition has a winning strategy to reach their goal. Notions of correctness and refinement with respect to coalitions are introduced, together with proof rules for correctness and principles for refinement and equivalence transformations. We illustrate the framework with a three agent contract, showing how one can reason about the possibilities that different coalitions of agents have for reaching specific goals.