Results 11  20
of
29
Statement inversion and strongest postcondition
 Science of Computer Programming
, 1993
"... A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulat ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulation relation between commands is described using inverse commands. A generalized form of inverse is de ned for arbitrary conjunctive commands. The generalized inverses are shown to be closely related to strongest postconditions. 1
Program Window Inference
 SOFTWARE VERIFICATION RESEARCH CENTRE, THE UNIVERSITY OF QUEENSLAND, ST
, 1995
"... A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information a ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information about the variables that are in scope and what their types are. The refinement can also take advantage of additional information, such as any precondition the component can assume. The aim of this paper is to introduce a technique, which we call program window inference, to handle such contextual information during derivations in the refinement calculus. The idea is borrowed from a technique, called window inference, for handling context in theorem proving. Window inference has been incorporated into the proof development tool Ergo, and this tool has been adapted to support program window inference for program refinement.
The Weakest Precondition Calculus: Recursion and Duality
 Formal Aspects of Computing
, 1994
"... . An extension of Dijkstra's guarded command language is studied, including unbounded demonic choice and a backtrack operator. We consider three orderings on this language: a refinement ordering defined by Back, a new deadlock ordering, and an approximation ordering of Nelson. The deadlock ordering ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
. An extension of Dijkstra's guarded command language is studied, including unbounded demonic choice and a backtrack operator. We consider three orderings on this language: a refinement ordering defined by Back, a new deadlock ordering, and an approximation ordering of Nelson. The deadlock ordering is in between the two other orderings. All operators are monotonic in Nelson's ordering, but backtracking is not monotonic in Back's ordering and sequential composition is not monotonic for the deadlock ordering. At first sight recursion can only be added using Nelson's ordering. We show that, under certain circumstances, least fixed points for nonmonotonic functions can be obtained by iteration from the least element. This permits the addition of recursion even using Back's ordering or the deadlock ordering in a fully compositional way. In order to give a semantic characterization of the three orderings that relates initial states to possible outcomes of the computation, the relation betwe...
Window inference in isabelle
 University of Cambridge Computer Laboratory
, 1995
"... Window inference is a transformational style of reasoning that provides an intuitive framework for managing context during the transformation of subterms under transitive relations. This report describes the design for a prototype window inference tool in Isabelle, and discusses possible directions ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Window inference is a transformational style of reasoning that provides an intuitive framework for managing context during the transformation of subterms under transitive relations. This report describes the design for a prototype window inference tool in Isabelle, and discusses possible directions for the final tool. 1
Development of Correct RealTime Systems by Refinement
, 1997
"... Contents I The Background 1 1 Instead of an Introduction: Formal Methods in Computing Science 3 1.1 How to get Systems Correct . . . . . . . . . . . . . . . . . . . . . 4 1.2 On the Use of Formal Methods . . . . . . . . . . . . . . . . . . . 4 1.3 Essentials of Formal Methods . . . . . . . . . . . ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Contents I The Background 1 1 Instead of an Introduction: Formal Methods in Computing Science 3 1.1 How to get Systems Correct . . . . . . . . . . . . . . . . . . . . . 4 1.2 On the Use of Formal Methods . . . . . . . . . . . . . . . . . . . 4 1.3 Essentials of Formal Methods . . . . . . . . . . . . . . . . . . . . 6 1.4 Some Classical Formal Approaches . . . . . . . . . . . . . . . . . 8 1.5 Formal Approaches to Realtime Restrictions . . . . . . . . . . . 10 1.6 The ProCoS Approach . . . . . . . . . . . . . . . . . . . . . . . . 13 1.7 The Aim of the Habilitationsschrift . . . . . . . . . . . . . . . . . 14 1.8 The Structure of the Habilitationsschrift . . . . . . . . . . . . . . 16 2 Modal Logic and the Duration Calculus 19 2.1 What is Modal Logic? . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2 The Systems T, S4 and S5 . . . . . . . . . . . . . . . . . . . . . . 21 2.3 Modal and Temporal Logic . . . . . . . . . . . . . . . . . . . .
A Unifying Model for Specification and Design
 Proceedings of the Workshop on Proof Theory of Concurrent ObjectOriented Programming
, 1996
"... The application of formal languages in the software development process is becoming more and more evident. Providing formal semantics and tools for the synthesis, analysis and transformation of behavioural models is usually the first step in the process of formal methods development. Many formal met ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
The application of formal languages in the software development process is becoming more and more evident. Providing formal semantics and tools for the synthesis, analysis and transformation of behavioural models is usually the first step in the process of formal methods development. Many formal methods exist but, as yet, there is an absence of a metatheory of formal methods. Such a metatheory is the subject of this paper: we call it a unifying framework. We present a generalisation of the software development model which reflects the standard approach of using different languages at different stages of development. A unifying model will give a better understanding of why and how this happens; together with strengthening the rigour of such standard multisemantic approaches to software development. 1
Requirement Specifications and Their Realizations: Toward a Unified Framework
, 1996
"... This paper has evolved from a GDM report [34]. In the next report [35], specification systems with more structure are studied; e.g., with a syntax for constructions and specifications. Under rather modest assumptions, a number of useful concepts are introduced and discussed. ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
This paper has evolved from a GDM report [34]. In the next report [35], specification systems with more structure are studied; e.g., with a syntax for constructions and specifications. Under rather modest assumptions, a number of useful concepts are introduced and discussed.
Formal verification of software source code through semiautomatic modeling
 Software and System Modeling
, 2005
"... Abstract. We describe the experience of modeling and formally verifying a software cache algorithm using the model checker RuleBase. Contrary to prevailing wisdom, we used a highly detailed model created directly from the C code itself, rather than a highlevel abstract model. ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We describe the experience of modeling and formally verifying a software cache algorithm using the model checker RuleBase. Contrary to prevailing wisdom, we used a highly detailed model created directly from the C code itself, rather than a highlevel abstract model.
Integration Problems in Telephone Feature Requirements
, 1999
"... The feature interaction problem is prominent in telephone service development. Through a number of case studies, we have discovered that no single semantic framework is suitable for the synthesis and analysis of formal feature requirements models, and the choice of modelling language has certain ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The feature interaction problem is prominent in telephone service development. Through a number of case studies, we have discovered that no single semantic framework is suitable for the synthesis and analysis of formal feature requirements models, and the choice of modelling language has certain knockon effects on the transformational design steps which lead to implementation.
Metric Predicate Transformers: Towards a Notion of Refinement for Concurrency
, 1994
"... For two parallel languages with recursion a compositional weakest precondition semantics is given using two new metric resumption domains. The underlying domains are characterized by domain equations involving functors that deliver `observable' and `safety' predicate transformers. Further a refineme ..."
Abstract
 Add to MetaCart
For two parallel languages with recursion a compositional weakest precondition semantics is given using two new metric resumption domains. The underlying domains are characterized by domain equations involving functors that deliver `observable' and `safety' predicate transformers. Further a refinement relation is defined for this domains and illustrated by rules dealing with concurrent composition. It turns out, by extending the classical duality of predicate vs. state transformers, that the weakest precondition semantics for the parallel languages is isomorphic to the standard metric state transformers semantics. Moreover, the proposed refinement relation on the predicate transformer domain will correspond to the familiar notion of simulation in the state transformer domain. Contents 1 Introduction 1 2 Mathematical Preliminaries 3 3 Four Languages with Recursion 5 4 Domains for Predicate Transformers 8 5 Predicate Transformer Semantics 14 6 Refinement, Simulation and State Transforme...