Results 1  10
of
101
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
Deriving Operational Software Specifications from System Goals
, 2002
"... Goal orientation is an increasingly recognized paradigm for eliciting, modeling, specifying and analyzing software requirements. Goals are statements of intent organized in AND/OR refinement structures; they range from highlevel, strategic concerns to lowlevel, technical requirements on the softwar ..."
Abstract

Cited by 55 (4 self)
 Add to MetaCart
Goal orientation is an increasingly recognized paradigm for eliciting, modeling, specifying and analyzing software requirements. Goals are statements of intent organized in AND/OR refinement structures; they range from highlevel, strategic concerns to lowlevel, technical requirements on the softwaretobe and assumptions on its environment. The operationalization of system goals into specifications of software services is a core aspect of the requirements elaboration process for which little systematic and constructive support is available. In particular, most formal methods assume such operational specifications to be given and focus on their a posteriori analysis.
The paper considers a formal, constructive approach in which operational software specifications are built incrementally from higherlevel goal formulations in a way that guarantees their correctness by construction. The operationalization process is based on formal derivation rules that map goal specifications to specifications of software operations; more specifically, these rules map
realtime temporal logic specifications to sets of pre, post and trigger conditions. The rules define operationalization patterns that may be used for guiding and documenting the operationalization process while hiding all formal reasoning details; the patterns are formally proved correct once and for all. The catalog of operationalization patterns is structured according to a rich taxonomy of goal specification patterns.
Our constructive approach to requirements elaboration requires a multiparadigm specification language that supports incremental reasoning about partial models. The paper also provides a formal semantics for goal operationalization and discusses several semantic features of our language that allow for such incremental reasoning.
Retrenchment: An Engineering Variation on Refinement
"... It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and postconditions strengthened, is too restrictive to describe all but a fraction of many realistic developments. An alternative notion is proposed called retrenchment, which allows information to migra ..."
Abstract

Cited by 55 (34 self)
 Add to MetaCart
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and postconditions strengthened, is too restrictive to describe all but a fraction of many realistic developments. An alternative notion is proposed called retrenchment, which allows information to migrate between I/O and state aspects of operations at different levels of abstraction, and which allows only a fraction of the high level behaviour to be captured at the low level. This permits more of the informal aspects of design to be formally captured and checked. The details are worked out for the BMethod.
From action systems to modular systems
 Software  Concepts and Tools
, 1994
"... Abstract. Action systems are used to extend program refinement methods for sequential programs, as described in the refinement calculus, to parallel and reactive system refinement. They provide a general description of reactive systems, capable of modeling terminating, possibly aborting and infinite ..."
Abstract

Cited by 38 (14 self)
 Add to MetaCart
Abstract. Action systems are used to extend program refinement methods for sequential programs, as described in the refinement calculus, to parallel and reactive system refinement. They provide a general description of reactive systems, capable of modeling terminating, possibly aborting and infinitely repeating systems. We show how to extend the action system model to refinement of modular systems. A module may export and import variables, it may provide access procedures for other modules, and it may itself access procedures of other modules. Modules may have autonomous internal activity and may execute in parallel or in sequence. Modules may be nested within each other. They may communicate by shared variables, shared actions, a generalized form of remote procedure calls and by persistent data structures. Both synchronous and asynchronous communication between modules is supported. The paper shows how a single framework can be used for both the specification of large systems, the modular decomposition of the system into smaller units and the refinement of the modules into program modules that can be described in a standard programming language and executed on standard hardware. 1
Superposition Refinement of Reactive Systems
 FORMAL ASPECTS OF COMPUTING
, 1993
"... Superposition refinement enhances an algorithm by superposing one computation mechanism onto another mechanism, in a way that preserves the behavior of the original mechanism. Superposition seems to be particularly well suited to the development of parallel and distributed programs: an originally si ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
Superposition refinement enhances an algorithm by superposing one computation mechanism onto another mechanism, in a way that preserves the behavior of the original mechanism. Superposition seems to be particularly well suited to the development of parallel and distributed programs: an originally simple sequential algorithm can be extended with mechanisms that distribute control and state information to many processes, thus permitting efficient parallel execution of the algorithm. We will in this paper show how superposition of reactive systems is expressed in the refinement calculus. We illustrate the power of this method by a case study, showing how a distributed broadcasting system is derived through a sequence of superposition refinements.
Products in the Refinement Calculus
, 1999
"... We study program states that are described as tuples, i.e., product state spaces. Modeling programs as predicate transformers, we define a product operator on program statements that describes the independent execution of statements on disjoint state spaces. The algebraic properties of this product ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
We study program states that are described as tuples, i.e., product state spaces. Modeling programs as predicate transformers, we define a product operator on program statements that describes the independent execution of statements on disjoint state spaces. The algebraic properties of this product operator are studied, in particular the basic monotonicity and distributivity properties that the operator has, and their applications. We also consider how to extend the state space by adding new state components, and show how this is modeled using the product operator. Finally, we show how products are useful to formulate data refinement, both as a general concept and as a technique for replacing local state components of program blocks.
DTRE  A SemiAutomatic Transformation System
 In Constructing Programs from Specifications
, 1991
"... This paper describes the theoretical framework and an implemented system (Dtre) for the specification and verified refinement of specifications using operations on abstract data types. The system is semiautomatic in that users can specify some (possibly none) of the implementations and the system w ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
This paper describes the theoretical framework and an implemented system (Dtre) for the specification and verified refinement of specifications using operations on abstract data types. The system is semiautomatic in that users can specify some (possibly none) of the implementations and the system will determine the rest of the implementations. Data types are specified as parameterized theories within manysorted firstorder logic; usually these theories are centered around inductive sorts. Abstract specifications (theories) are refined in a stepwise fashion into increasingly more concrete theories. Our primary method of refinement is based on theory interpretation [1, 2, 3]. Theories and interpretations provide a clean, logically based separation between types and their implementations; thus permitting specification to proceed independently of implementation while simultaneously providing a basis for rapid and verifiably correct transformation to efficient code. Dtre provides a conven...
Program Refinement by Theorem Prover
 In BCS FACS Sixth Refinement Workshop  Theory and Practise of Formal Software Development. 5th  7th January
, 1994
"... We describe a prototype tool for developing programs by stepwise refinement in a weakest precondition framework, based on the HOL theorem proving system. Our work is based on a mechanisation of the refinement calculus, which is a theory of correctness preserving program transformations. We also use ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
We describe a prototype tool for developing programs by stepwise refinement in a weakest precondition framework, based on the HOL theorem proving system. Our work is based on a mechanisation of the refinement calculus, which is a theory of correctness preserving program transformations. We also use a tool for window inference that is part of the HOL system. Our tool permits subcomponents of a program to be refined separately, and the tool keeps track of the overall effects of each individual refinement. In particular, we show how specifications can be refined into code and how data refinements (i.e., replacing an abstract data structure with one that is more concrete) can be handled. All refinements are proved as theorems in the HOL logic, so our system is in fact a secure environment for program development. 1 Introduction Stepwise refinement is a methodology for developing programs from highlevel program specifications into efficient implementations. In this approach to program dev...
An Algebraic Construction of Predicate Transformers
 Science of Computer Programming
, 1994
"... . In this paper we present an algebraic construction of monotonic predicate transformers, using a categorical construction which is similar to the algebraic construction of the integers from the natural numbers. When applied to the category of sets and total functions once, it yields a category isom ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
. In this paper we present an algebraic construction of monotonic predicate transformers, using a categorical construction which is similar to the algebraic construction of the integers from the natural numbers. When applied to the category of sets and total functions once, it yields a category isomorphic to the category of sets and relations; a second application yields a category isomorphic to the category of monotonic predicate transformers. This hierarchy cannot be extended further: the category of total functions is not itself an instance of the categorical construction, and can only be extended by it twice. 1 Introduction Predicate transformers were introduced originally by Dijkstra [8] in order to provide an elegant semantics for his programming language. Their strength lies in the fact that they can be used to model nondeterministic and nonterminating behaviour in terms of total functions, rather than relations. Not all monotonic predicate transformers represent programs in ...
Program Slicing via FermaT Transformations
, 2002
"... In this paper we give a brief introduction to the foundations of WSL transformation theory and describe how the concept of program slicing can be formalised in the theory. This formalism naturally lends itself to several generalisations including amorphous slicing and conditioned slicing. One novel ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
In this paper we give a brief introduction to the foundations of WSL transformation theory and describe how the concept of program slicing can be formalised in the theory. This formalism naturally lends itself to several generalisations including amorphous slicing and conditioned slicing. One novel generalisation is "semantic slicing" which combines slicing and abstraction to a specification. Interprocedural semantic slicing has been implemented in the FermaT transformation system [16]: an industrialstrength transformation system designed for forward and reverse engineering, reengineering and program comprehension.