Results 1  10
of
64
Dynamic Logic
 Handbook of Philosophical Logic
, 1984
"... ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possibl ..."
Abstract

Cited by 825 (8 self)
 Add to MetaCart
ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possible values a 2 N. This operation becomes explicit in DL in the form of the program x := ?, called a nondeterministic or wildcard assignment. This is a rather unconventional program, since it is not effective; however, it is quite useful as a descriptive tool. A more conventional way to obtain a square root of y, if it exists, would be the program x := 0 ; while x < y do x := x + 1: (1) In DL, such programs are firstclass objects on a par with formulas, complete with a collection of operators for forming compound programs inductively from a basis of primitive programs. To discuss the effect of the execution of a program on the truth of a formula ', DL uses a modal construct <>', which
Java Program Verification via a Hoare Logic with Abrupt Termination
 Fundamental Approaches to Software Engineering (FASE 2000), number 1783 in LNCS
, 2000
"... This paper formalises a semantics for statements and expressions (in sequential imperative languages) which includes nontermination, normal termination and abrupt termination (e.g. because of an exception, break, return or continue). This extends the traditional semantics underlying e.g. Hoare logi ..."
Abstract

Cited by 63 (6 self)
 Add to MetaCart
This paper formalises a semantics for statements and expressions (in sequential imperative languages) which includes nontermination, normal termination and abrupt termination (e.g. because of an exception, break, return or continue). This extends the traditional semantics underlying e.g. Hoare logic, which only distinguishes termination and nontermination. An extension of Hoare logic is elaborated that includes means for reasoning about abrupt termination (and sideeffects). It prominently involves rules for reasoning about while loops, which may contain exceptions, breaks, continues and returns. This extension applies in particular to Java. As an example, a standard pattern search algorithm in Java (involving a while loop with returns) is proven correct using the prooftool PVS.
Infinite state model checking by abstract interpretation and program specialisation
 LogicBased Program Synthesis and Transformation. Proceedings of LOPSTR’99, LNCS 1817
, 2000
"... Abstract. We illustrate the use of logic programming techniques for finite model checking of CTL formulae. We present a technique for infinite state model checking of safety properties based upon logic program specialisation and analysis techniques. The power of the approach is illustrated on severa ..."
Abstract

Cited by 55 (24 self)
 Add to MetaCart
Abstract. We illustrate the use of logic programming techniques for finite model checking of CTL formulae. We present a technique for infinite state model checking of safety properties based upon logic program specialisation and analysis techniques. The power of the approach is illustrated on several examples. For that, the efficient tools logen and ecce are used. We discuss how this approach has to be extended to handle more complicated infinite state systems and to handle arbitrary CTL formulae. 1
Credible compilation with pointers
 In Proceedings of the Workshop on RunTime Result Verification
, 1999
"... A novel and important feature of our framework is its simultaneous support for both formal reasoning and sophisticated compiler transformations that deal with the program and the target machine at a very low level. In particular, our logics allow the compiler to prove the correctness of lowlevel opt ..."
Abstract

Cited by 49 (6 self)
 Add to MetaCart
A novel and important feature of our framework is its simultaneous support for both formal reasoning and sophisticated compiler transformations that deal with the program and the target machine at a very low level. In particular, our logics allow the compiler to prove the correctness of lowlevel optimizations such as register allocation and instruction scheduling even in the presence of potentially aliased pointers into the memory of the machine.
Kleene Algebra with Domain
, 2003
"... We propose Kleene algebra with domain (KAD), an extension of Kleene algebra with two equational axioms for a domain and a codomain operation, respectively. KAD considerably augments the expressibility of Kleene algebra, in particular for the specification and analysis of state transition systems. We ..."
Abstract

Cited by 42 (29 self)
 Add to MetaCart
We propose Kleene algebra with domain (KAD), an extension of Kleene algebra with two equational axioms for a domain and a codomain operation, respectively. KAD considerably augments the expressibility of Kleene algebra, in particular for the specification and analysis of state transition systems. We develop the basic calculus, discuss some related theories and present the most important models of KAD. We demonstrate applicability by two examples: First, an algebraic reconstruction of Noethericity and wellfoundedness. Second, an algebraic reconstruction of propositional Hoare logic.
Abstract versus concrete computation on metric partial algebras
 ACM Transactions on Computational Logic
, 2004
"... Data types containing infinite data, such as the real numbers, functions, bit streams and waveforms, are modelled by topological manysorted algebras. In the theory of computation on topological algebras there is a considerable gap between socalled abstract and concrete models of computation. We pr ..."
Abstract

Cited by 30 (19 self)
 Add to MetaCart
Data types containing infinite data, such as the real numbers, functions, bit streams and waveforms, are modelled by topological manysorted algebras. In the theory of computation on topological algebras there is a considerable gap between socalled abstract and concrete models of computation. We prove theorems that bridge the gap in the case of metric algebras with partial operations. With an abstract model of computation on an algebra, the computations are invariant under isomorphisms and do not depend on any representation of the algebra. Examples of such models are the ‘while ’ programming language and the BCSS model. With a concrete model of computation, the computations depend on the choice of a representation of the algebra and are not invariant under isomorphisms. Usually, the representations are made from the set N of natural numbers, and computability is reduced to classical computability on N. Examples of such models are computability via effective metric spaces, effective domain representations, and type two enumerability. The theory of abstract models is stable: there are many models of computation, and
Safe Programming with Pointers through Stateful Views
 In Proceedings of the 7th International Symposium on Practical Aspects of Declarative Languages
, 2005
"... The need for direct memory manipulation through pointers is essential in many applications. However, it is also commonly understood that the use (or probably misuse) of pointers is often a rich source of program errors. Therefore, approaches that can effectively enforce safe use of pointers in pr ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
The need for direct memory manipulation through pointers is essential in many applications. However, it is also commonly understood that the use (or probably misuse) of pointers is often a rich source of program errors. Therefore, approaches that can effectively enforce safe use of pointers in programming are highly sought after. ATS is a programming language with a type system rooted in a recently developed framework Applied Type System, and a novel and desirable feature in ATS lies in its support for safe programming with pointers through a novel notion of stateful views. In particular, even pointer arithmetic is allowed in ATS and guaranteed to be safe by the type system of ATS. In this paper, we give an overview of this feature in ATS, presenting some interesting examples based on a prototype implementation of ATS to demonstrate the practicality of safe programming with pointer through stateful views.
Test Automation of SafetyCritical Reactive Systems
, 1997
"... This article focuses on test automation for safetycritical reactive systems. In the first part of the paper we introduce a methodology for specification, design and verification of faulttolerant systems allowing to combine different methods in a systematic and consistent way, provided that these m ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
This article focuses on test automation for safetycritical reactive systems. In the first part of the paper we introduce a methodology for specification, design and verification of faulttolerant systems allowing to combine different methods in a systematic and consistent way, provided that these methods are compositional. The methodology indicates how to "switch" between formal verification and testing during the construction of (possibly large) reactive systems. We introduce the basic notions of testing as far as relevant in the context of reactive systems and relate them to the verification methodology. Part II formally describes our test automation method which is based on Hoare's CSP and takes Hennessy's testing theory as a starting point. It is indicated how this specific method fits into the general approach described in Part I. We introduce CSP test drivers which are trustworthy in the sense that they "approximate" refinement proofs, converging to a full proof with the increas...
On Optimal Slicing of Parallel Programs
 STOC'01
, 2001
"... Optimal program slicing determines for a statement S in a program pi whether or not S affects a specified set of statements, given that all conditionals in pi are interpreted as nondeterministic choices. Only recently ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Optimal program slicing determines for a statement S in a program pi whether or not S affects a specified set of statements, given that all conditionals in pi are interpreted as nondeterministic choices. Only recently