Results 1  10
of
64
Soundness and completeness of an axiom system for program verification
 SIAM Journal of Computing
, 1978
"... K. R. Apt pointed out to me that Theorem 3 (completeness) is technically false, because of a problem with initializing newly declared variables. For example, the formula true {begin begin new x; x:= 1 end; begin new x; y: = x end end} y 1 is valid according to the semantics given (because the second ..."
Abstract

Cited by 118 (2 self)
 Add to MetaCart
K. R. Apt pointed out to me that Theorem 3 (completeness) is technically false, because of a problem with initializing newly declared variables. For example, the formula true {begin begin new x; x:= 1 end; begin new x; y: = x end end} y 1 is valid according to the semantics given (because the second declaration of x assigns the same register to x as the first), but it is not provable in Perhaps the simplest way to fix this is to require all newly declared variables to be initialized to some distinguished value 0 e D. This would involve changing the first case (that of variable declaration) in the definition of Comp (A, s, 3, 7r) on p. 74, so that the computation proceeds with a new state s’. Here s ’ is the same as s except for s’(X,/x) 0. To make Y ( complete we would slightly modify Rule 1 (Rule of variable declarations) of the system Y to read x 0 & PY {begin D*; A * end}Oy X
The origins of structural operational semantics
 Journal of Logic and Algebraic Programming
, 2004
"... We review the origins of structural operational semantics. The main publication ‘A Structural Approach to Operational Semantics, ’ also known as the ‘Aarhus Notes, ’ appeared in 1981 [G.D. Plotkin, A structural approach to operational semantics, DAIMI FN19, Computer Science Department, Aarhus Unive ..."
Abstract

Cited by 69 (0 self)
 Add to MetaCart
(Show Context)
We review the origins of structural operational semantics. The main publication ‘A Structural Approach to Operational Semantics, ’ also known as the ‘Aarhus Notes, ’ appeared in 1981 [G.D. Plotkin, A structural approach to operational semantics, DAIMI FN19, Computer Science Department, Aarhus University, 1981]. The development of the ideas dates back to the early 1970s, involving many people and building on previous work on programming languages and logic. The former included abstract syntax, the SECD machine, and the abstract interpreting machines of the Vienna school; the latter included the λcalculus and formal systems. The initial development of structural operational semantics was for simple functional languages, more or less variations of the λcalculus; after that the ideas were gradually extended to include languages with parallel features, such as Milner’s CCS. This experience set the ground for a more systematic exposition, the subject of an invited course of lectures at Aarhus University; some of these appeared in print as the 1981 Notes. We discuss the content of these lectures and some related considerations such as ‘small state’ versus ‘grand state, ’ structural versus compositional semantics, the influence of the Scott–Strachey approach to denotational semantics, the treatment of recursion and jumps, and static semantics. We next discuss relations with other work and some immediate further development. We conclude with an account of an old, previously unpublished, idea: an alternative, perhaps more readable, graphical presentation of systems of rules for operational semantics.
Verification of Concurrent Programs: The AutomataTheoretic Framework
 Annals of Pure and Applied Logic
, 1987
"... We present an automatatheoretic framework to the verification of concurrent and nondeterministic programs. The basic idea is that to verify that a program P is correct one writes a program A that receives the computation of P as input and diverges only on incorrect computations of P . Now P is c ..."
Abstract

Cited by 51 (3 self)
 Add to MetaCart
We present an automatatheoretic framework to the verification of concurrent and nondeterministic programs. The basic idea is that to verify that a program P is correct one writes a program A that receives the computation of P as input and diverges only on incorrect computations of P . Now P is correct if and only if a program PA , obtained by combining P and A, terminates. We formalize this idea in a framework of !automata with a recursive set of states. This unifies previous works on verification of fair termination and verification of temporal properties. 1 Introduction In this paper we present an automatatheoretic framework that unifies several trends in the area of concurrent program verification. The trends are temporal logic, model checking, automata theory, and fair termination. Let us start with a survey of these trends. In 1977 Pnueli suggested the use of temporal logic in the verification of concurrent programs [Pn77]. The basic motivation is that in the verificat...
An observationally complete program logic for imperative higherorder functions
 In Proc. LICS’05
, 2005
"... Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of comple ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of complex higherorder imperative behaviour. The proof rules of the logic exactly follow the syntax of the language and can cleanly embed, justify and extend the standard proof rules for total correctness of Hoare logic. The logic offers a foundation for general treatment of aliasing and local state on its basis, with minimal extensions. After establishing soundness, we prove that valid assertions for programs completely characterise their behaviour up to observational congruence, which is proved using a variant of finite canonical forms. The use of the logic is illustrated through reasoning examples which are hard to assert and infer using existing program logics.
Proving properties of realtime systems through logical specifications and Petri Net models
 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 1994
"... The problem of formally analyzing properties of realtime systems is addressed. A method is proposed that allows specifying system properties in the TRIO language (an extension of temporal logic suitable to deal explicitly with the “time ” variable and to measure it) and modeling the system as a tim ..."
Abstract

Cited by 33 (12 self)
 Add to MetaCart
The problem of formally analyzing properties of realtime systems is addressed. A method is proposed that allows specifying system properties in the TRIO language (an extension of temporal logic suitable to deal explicitly with the “time ” variable and to measure it) and modeling the system as a timed Petri net. It is argued that such an approach is more general than analyzing program properties. The proof method is based on an axiomatization of timed Petri nets in terms of TRIO so that their properties can be derived as suitable theorems in much the same spirit as classical Hoare’s method allows proving properties of programs coded in a Pascallike language. The method is then exemplified through two classical “benchmarks ” of the literature on concurrent and realtime systems, namely an elevator system and the dining philosophers problem. A thorough review of the related literature and a comparison thereof with the new method is also provided. Possible alternative methods, theoretical extensions, and practical applications are briefly discussed.
A Logical Analysis of Aliasing in Imperative HigherOrder Functions
 INTERNATIONAL CONFERENCE ON FUNCTIONAL PROGRAMMING, ICFP’05
, 2005
"... We present a compositional program logic for callbyvalue imperative higherorder functions with general forms of aliasing, which can arise from the use of reference names as function parameters, return values, content of references and part of data structures. The program logic ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
We present a compositional program logic for callbyvalue imperative higherorder functions with general forms of aliasing, which can arise from the use of reference names as function parameters, return values, content of references and part of data structures. The program logic
Hoare Logics for Recursive Procedures and Unbounded Nondeterminism
 COMPUTER SCIENCE LOGIC (CSL 2002), VOLUME 2471 OF LNCS
, 2002
"... This paper presents sound and complete Hoare logics for partial and total correctness of recursive parameterless procedures in the context of unbounded nondeterminism. For total correctness, the literature so far has either restricted recursive procedures to be deterministic or has studied unbounde ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
This paper presents sound and complete Hoare logics for partial and total correctness of recursive parameterless procedures in the context of unbounded nondeterminism. For total correctness, the literature so far has either restricted recursive procedures to be deterministic or has studied unbounded nondeterminism only in conjunction with loops rather than procedures. We consider both single procedures and systems of mutually recursive procedures. All proofs have been checked with the theorem prover Isabelle/HOL.
A syntaxdirected Hoare logic for objectoriented programming concepts
 Formal Methods for Open ObjectBased Distributed Systems (FMOODS) VI. Volume 2884 of LNCS. (2003) 64–78
, 2003
"... Abstract. This paper outlines a sound and complete Hoare logic for a sequential objectoriented language with inheritance and subtyping like Java. It describes a weakest precondition calculus for assignments and objectcreation, as well as Hoare rules for reasoning about (mutually recursive) method ..."
Abstract

Cited by 28 (9 self)
 Add to MetaCart
Abstract. This paper outlines a sound and complete Hoare logic for a sequential objectoriented language with inheritance and subtyping like Java. It describes a weakest precondition calculus for assignments and objectcreation, as well as Hoare rules for reasoning about (mutually recursive) method invocations with dynamic binding. Our approach enables reasoning at an abstraction level that coincides with the general abstraction level of objectoriented languages. 1
Algebraic Approaches to Nondeterminism  an Overview
 ACM Computing Surveys
, 1997
"... this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University
A term model for CCS
 9 th Symposium on Mathematical Foundations of Computer Science
, 1980
"... In a series of papers [Hen2, Mill, Mi147] Milner and his colleagues have studied a model of parallelism in which concurrent systems communicate by sending and receiving values along lines. Communication is synchronised in that the exchange of values takes place only when the sender and receiver are ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
In a series of papers [Hen2, Mill, Mi147] Milner and his colleagues have studied a model of parallelism in which concurrent systems communicate by sending and receiving values along lines. Communication is synchronised in that the exchange of values takes place only when the sender and receiver are both ready, and the exchange