Results 1  10
of
18
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
DTRE  A SemiAutomatic Transformation System
 In Constructing Programs from Specifications
, 1991
"... This paper describes the theoretical framework and an implemented system (Dtre) for the specification and verified refinement of specifications using operations on abstract data types. The system is semiautomatic in that users can specify some (possibly none) of the implementations and the system w ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
This paper describes the theoretical framework and an implemented system (Dtre) for the specification and verified refinement of specifications using operations on abstract data types. The system is semiautomatic in that users can specify some (possibly none) of the implementations and the system will determine the rest of the implementations. Data types are specified as parameterized theories within manysorted firstorder logic; usually these theories are centered around inductive sorts. Abstract specifications (theories) are refined in a stepwise fashion into increasingly more concrete theories. Our primary method of refinement is based on theory interpretation [1, 2, 3]. Theories and interpretations provide a clean, logically based separation between types and their implementations; thus permitting specification to proceed independently of implementation while simultaneously providing a basis for rapid and verifiably correct transformation to efficient code. Dtre provides a conven...
A RealTime Refinement Calculus That Changes Only Time
 PROC. 7TH BCS/FACS REFINEMENT WORKSHOP, ELECTRONIC WORKSHOPS IN COMPUTING
, 1996
"... The behaviour of a realtime system that interacts repeatedly with its environment is most succinctly specified by its possible traces, or histories. We present a way of using the refinement calculus for developing realtime programs from requirements expressed in this form. Our tracebased specif ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
The behaviour of a realtime system that interacts repeatedly with its environment is most succinctly specified by its possible traces, or histories. We present a way of using the refinement calculus for developing realtime programs from requirements expressed in this form. Our tracebased specification statements and target language constructs constrain the traces of system variables, rather than updating them destructively like the usual statemachine model. The only variable that is updated is a special currenttime variable. The resulting calculus allows refinement from formal specifications with hard realtime requirements, to highlevel language programs annotated with precise timing constraints.
Combining Angels, Demons and Miracles in Program Specifications
 Theoretical Computer Science
, 1989
"... this paper. Thus we write S(Q) for wp S (Q). In [deBa80, Ne87] the weakest precondition calculus is extended to cover partial state transformers, i.e. nonstrict (miraculous) statements. Miraculous statements are used in program refinements in [Morg88b, Ba88b]. The angelic basic statement of [Ba88c], ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
this paper. Thus we write S(Q) for wp S (Q). In [deBa80, Ne87] the weakest precondition calculus is extended to cover partial state transformers, i.e. nonstrict (miraculous) statements. Miraculous statements are used in program refinements in [Morg88b, Ba88b]. The angelic basic statement of [Ba88c], used in data refinement, is not conjunctive but disjunctive. Thus, in going from a pure programming language to specification languages, most of the original healthiness conditions have been questioned, in order to gain expressive power and to develop calculi for program development. In this sense a specification language is truly more general than a programming language, for which all the original healthiness conditions are well motivated. The conjunctivity condition reflects the view that the nondeterminism associated with the execution of a statement is demonic, i.e. in order for a computation to be successful, all possible execution paths must lead to a successful result. Dropping the conjunctivity condition means accepting other kinds of nondeterminism. If the conjunctivity condition is replaced with a disjunctivity condition, the
Provably Correct Systems
, 1994
"... . The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, realtime, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and con ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
. The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, realtime, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and control design; Transformation to a systems architecture with program designs and their transformation to programs; Compilation of realtime programs to conventional processors, and Compilation of programs to hardware. 1 Introduction An embedded computer system is part of a total system that is a physical process, a plant, characterized by a state that changes over real time. The role of the computer is to monitor this state through sensors and to change the state through actuators. The computer is simply a convenient device that can be instructed to manipulate a mathematical model of the physical system and state. Correctness means that the program and the hardware faithfully implement the co...
Contracts, Games and Refinement
 Information and Computation
, 1997
"... We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a group among these agents can achieve a given goal by following the contract. We show that this can be reduced to studying the existence of winning strategies in ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
We consider the notion of a contract that governs the behavior of a collection of agents. In particular, we study the question of whether a group among these agents can achieve a given goal by following the contract. We show that this can be reduced to studying the existence of winning strategies in a twoperson game. We define a weakest precondition semantics for contract statements that permits us to compute the initial states from which a group of agents has a winning strategy to reach their goal. This semantics generalizes the traditional predicate transformer semantics for program statements to contracts and games. Ordinary programs and interactive programs are special kinds of contracts. A notion of correctness and refinement is introduced for contracts. Contracts are shown to form a complete lattice with respect to the refinement ordering. TUCS Research Group Programming Methodology Research Group 1 Introduction A computation can generally be seen as involving a number of ag...
Statement inversion and strongest postcondition
 Science of Computer Programming
, 1993
"... A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulat ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulation relation between commands is described using inverse commands. A generalized form of inverse is de ned for arbitrary conjunctive commands. The generalized inverses are shown to be closely related to strongest postconditions. 1
Software Reuse by Specialization of Generic Procedures through Views
 IEEE Trans. Software Engineering
, 1997
"... A generic procedure can be specialized, by compilation through views, to operate directly on concrete data. A view is a computational mapping that describes how a concrete type implements an abstract type. Clusters of related views are needed for specialization of generic procedures that involve ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
A generic procedure can be specialized, by compilation through views, to operate directly on concrete data. A view is a computational mapping that describes how a concrete type implements an abstract type. Clusters of related views are needed for specialization of generic procedures that involve several types or several views of a single type. A user interface that reasons about relationships between concrete types and abstract types allows view clusters to be created easily. These techniques allow rapid specialization of generic procedures for applications. Index Terms  software reuse, view, generic algorithm, generic procedure, algorithm specialization, partial evaluation, directmanipulation editor, abstract data type. 1 Introduction Reuse of software has the potential to reduce cost, increase the speed of software production, and increase reliability. Facilitating the reuse of software could therefore be of great benefit. G. S. Novak, Jr. is with the Department of Comput...
The ProCoS Approach to the Design of RealTime Systems: Linking Different Formalisms
, 1996
"... This report reflects work which is partially funded by the Commission of the European Communities (CEC) under the ESPRIT programme in the field of Basic Research Project No. 7071: "ProCoS II: Provably Correct Systems" ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
This report reflects work which is partially funded by the Commission of the European Communities (CEC) under the ESPRIT programme in the field of Basic Research Project No. 7071: "ProCoS II: Provably Correct Systems"
Omega Algebra, Demonic Refinement Algebra and Commands
 IN 9TH INTERNATIONAL CONFERENCE ON RELATIONAL METHODS IN COMPUTER SCIENCE AND 4TH INTERNATIONAL WORKSHOP ON APPLICATIONS OF KLEENE ALGEBRA, LECTURE
, 2006
"... Weak omega algebra and demonic refinement algebra are two ways of describing systems with finite and infinite iteration. We show that these independently introduced kinds of algebras can actually be defined in terms of each other. By defining modal operators on the underlying weak semiring, that res ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Weak omega algebra and demonic refinement algebra are two ways of describing systems with finite and infinite iteration. We show that these independently introduced kinds of algebras can actually be defined in terms of each other. By defining modal operators on the underlying weak semiring, that result directly gives a demonic refinement algebra of commands. This yields models in which extensionality does not hold. Since in predicatetransformer models extensionality always holds, this means that the axioms of demonic refinement algebra do not characterise predicatetransformer models uniquely. The omega and the demonic refinement algebra of commands both utilise the convergence operator that is analogous to the halting predicate of modal µcalculus. We show that the convergence operator can be defined explicitly in terms of infinite iteration and domain if and only if domain coinduction for infinite iteration holds.