Results 1  10
of
38
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
Verification of ASM Refinements Using Generalized Forward Simulation
 JUCS
, 2001
"... Abstract: This paper describes a generic proof method for the correctness of refinements of Abstract State Machines based on commuting diagrams. The method generalizes forward simulations from the refinement of I/O automata by allowing arbitrary m:n diagrams, and by combining it with the refinement ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
Abstract: This paper describes a generic proof method for the correctness of refinements of Abstract State Machines based on commuting diagrams. The method generalizes forward simulations from the refinement of I/O automata by allowing arbitrary m:n diagrams, and by combining it with the refinement of data structures.
A CSP Approach To Action Systems
, 1992
"... The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an eventbased approach to distributed computing. The actionsystem formalism, introduced by Back & KurkiSuonio [BKS83], is a statebased approach to distributed computing. Using weakestprecondition formulae, M ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an eventbased approach to distributed computing. The actionsystem formalism, introduced by Back & KurkiSuonio [BKS83], is a statebased approach to distributed computing. Using weakestprecondition formulae, Morgan [Mor90a] has defined a correspondence between action systems and the failuresdivergences model for CSP. Simulation is a proof technique for showing refinement of action systems. Using the correspondence of [Mor90a], Woodcock & Morgan [WM90] have shown that simulation is sound and complete in the CSP failuresdivergences model. In this thesis, Morgan's correspondence is extended to the CSP infinitetraces model [Ros88] in order to deal more properly with unbounded nondeterminism. It is shown that simulation is sound in the infinitetraces model, though completeness is lost in certain cases. The new correspondence is then extended to include a notion of internal action. This allows the ...
Exploring Summation and Product Operators in the Refinement Calculus
 Mathematics of Program Construction
, 1994
"... Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic prope ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an objectoriented programming language. 1 Introduction Dijkstra introduced weakestprecondition predicate transformers as a means of verifying total correctness properties of ...
An ObjectOriented Refinement Calculus with Modular Reasoning
, 1992
"... In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedur ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedures that are invoked by late binding. The first model allows multiple dispatch late binding, in the style of CLOS. This model is then specialised to the single dispatch case, giving a model that associates types with objects, which is similar to existing class based objectoriented languages. Both models are then restricted so that they support modular reasoning. The concept of modular reasoning has been defined informally in the literature, both for nonobjectoriented systems and for objectoriented systems. This thesis gives the first formal definition of modular reasoning for objectoriented languages. Intuitively, the definition seems to capture the minimum possible requirements necessa...
Reasoning Algebraically about Loops
 ACTA INFORMATICA
, 1997
"... We show how to formalise different kinds of loop constructs within the refinement calculus, and how to use this formalisation to derive general transformation rules for loop constructs. The emphasis is on using algebraic methods for reasoning about equivalence and refinement of loop constructs, rath ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
We show how to formalise different kinds of loop constructs within the refinement calculus, and how to use this formalisation to derive general transformation rules for loop constructs. The emphasis is on using algebraic methods for reasoning about equivalence and refinement of loop constructs, rather than operational ways of reasoning about loops in terms of their execution sequences. We apply the algebraic reasoning techniques to derive a collection of transformation rules for action systems an for guarded loops. These include transformation rules that have been found important in practical program derivations: data refinement and atomicity refinement of action systems; and merging, reordering, and data refinement of loops with stuttering transitions.
Fusion and Simultaneous Execution in the Refinement Calculus
 Acta Informatica
, 1997
"... In the refinement calculus, program statements are modelled as predicate transformers. A product operator for predicate transformers was introduced by Martin [18] and Naumann [25] using category theoretic considerations. ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
In the refinement calculus, program statements are modelled as predicate transformers. A product operator for predicate transformers was introduced by Martin [18] and Naumann [25] using category theoretic considerations.
A Tool for Data Refinement
, 1997
"... We describe a tool for data refinement based on the Refinement Calculator. The tool supports the calculational approach to data refinement. As a consequence of the program calculation, a refinement theorem is automatically derived. The operation of the tool is illustrated with a case study. ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
We describe a tool for data refinement based on the Refinement Calculator. The tool supports the calculational approach to data refinement. As a consequence of the program calculation, a refinement theorem is automatically derived. The operation of the tool is illustrated with a case study.
Reasoning about Program Composition
, 1996
"... This paper presents a theory for concurrent program composition based on a predicate transformer call the the weakest guarantee and a corresponding binary relation guarantees. The theory stems from a novel view of relyguarantee techniques for reasoning about program composition and provides a gener ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
This paper presents a theory for concurrent program composition based on a predicate transformer call the the weakest guarantee and a corresponding binary relation guarantees. The theory stems from a novel view of relyguarantee techniques for reasoning about program composition and provides a general and uniform framework for handling temporal properties as well as other kinds of program properties such as refinement and encapsulation. 1 Introduction The contribution of this paper is a predicatetransformer based theory for reasoning about the composition of concurrent programs. This section contains the motivation for this contribution and a discussion of the central issues. The predicate transformers wp and wlp provide an elegant basis for reasoning about sequential programs because they focus attention on the most fundamental aspects of these programs: their initial and final states [DS90]. By identifying a program with its predicate transformer, we can reason about programs using...
Compositional action system refinement
 Formal Aspects of Computing
, 2003
"... We show how a parallel composition of action systems can be refined by refining the components separately, and checking noninterference against invariants and guarantee conditions, which are abstract and stable. The guarantee condition can be thought of as a very abstract specification of how a syst ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
We show how a parallel composition of action systems can be refined by refining the components separately, and checking noninterference against invariants and guarantee conditions, which are abstract and stable. The guarantee condition can be thought of as a very abstract specification of how a system affects the global state, and it allows us to show that an action system refinement is valid in a given environment, even if we do not know any of the details of that environment. The paper extends the traditional notion of action systems slightly, and it makes use of a generalisation of the attribute model for program variables.