Abstract. We develop a powerdomain construction, [.], which is analogous to the powerset construction and also fits in with the usual sum, product and exponentiation constructions on domains. The desire for such a construction arises when considering programming languages with nondeterministic features or parallel features treated in a nondeterministic way. We hope to achieve a natural, fully abstract semantics in which such equivalences as (pparq)=(qparp) hold. The domain (D Truthvalues) is not the right one, and instead we take the (finitely) generable subsets of D. When D is discrete they are ordered in an elementwise fashion. In the general case they are given the coarsest ordering consistent, in an appropriate sense, with the ordering given in the discrete case. We then find a restricted class of algebraic inductive partial orders which is closed under [. as well as the sum, product and exponentiation constructions. This class permits the solution of recursive domain equations, and we give some illustrative semantics using 5[.]. It remains to be seen if our powerdomain construction does give rise to fully abstract semantics, although such natural equivalences as the above do hold. The major deficiency is the lack of a convincing treatment of the fair parallel construct. 1. Introduction. When one follows the Scott-Strachey approach to the

Abstract. Impulse differential inclusions are introduced as a framework for modelling hybrid phenomena. Connections to standard problems in area of hybrid systems are discussed. Conditions are derived that allow one to determine whether a set of states is viable or invariant under the action of an impulse differential inclusion. For sets that violate these conditions, methods are developed for approximating their viability and invariance kernels, that is the largest subset that is viable or invariant under the action of the impulse differential inclusion. The results are demonstrated on examples. 1.

We present a two-sorted algebra, called a Peirce algebra, of relations and sets interacting with each other. In a Peirce algebra, sets can combine with each other as in a Boolean algebra, relations can combine with each other as in a relation algebra, and in addition we have both a relationforming operator on sets (the Peirce product of Boolean modules) and a set-forming operator on relations (a cylindrification operation). Two applications of Peirce algebras are given. The first points out that Peirce algebras provide a natural algebraic framework for modelling certain programming constructs. The second shows that the so-called terminological logics arising in knowledge representation have evolved a semantics best described as a calculus of relations interacting with sets.

This paper presents sound and complete Hoare logics for partial and total correctness of recursive parameterless procedures in the context of unbounded nondeterminism. For total correctness, the literature so far has either restricted recursive procedures to be deterministic or has studied unbounded nondeterminism only in conjunction with loops rather than procedures. We consider both single procedures and systems of mutually recursive procedures. All proofs have been checked with the theorem prover Isabelle/HOL.

The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an event-based approach to distributed computing. The action-system formalism, introduced by Back & Kurki-Suonio [BKS83], is a state-based approach to distributed computing. Using weakest-precondition formulae, Morgan [Mor90a] has defined a correspondence between action systems and the failures-divergences model for CSP. Simulation is a proof technique for showing refinement of action systems. Using the correspondence of [Mor90a], Woodcock & Morgan [WM90] have shown that simulation is sound and complete in the CSP failures-divergences model. In this thesis, Morgan's correspondence is extended to the CSP infinite-traces model [Ros88] in order to deal more properly with unbounded nondeterminism. It is shown that simulation is sound in the infinite-traces model, though completeness is lost in certain cases. The new correspondence is then extended to include a notion of internal action. This allows the ...

Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an object-oriented programming language. 1 Introduction Dijkstra introduced weakest-precondition predicate transformers as a means of verifying total correctness properties of ...

Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Defining data types : : : : : : : : : : : : : : : : : : : : : 6 2.4 Describing processes : : : : : : : : : : : : : : : : : : : : : 8 2.5 Expressing convergence using second order validity : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.6 Truth definitions: the analytical hierarchy : : : : : : : : 10 2.7 Inductive definitions : : : : : : : : : : : : : : : : : : : : : 13 3 Canonical semantics of higher order logic : : : : : : : : : : : : 15 3.1 Tarskian semantics of second order logic : : : : : : : : : 15 3.2 Function and re

We study the existence and computation of extremal solutions of a system of inequations defined over lattices. Using the Knaster-Tarski fixed point theorem, we obtain sufficient conditions for the existence of supremal as well as infimal solution of a given system of inequations. Iterative techniques are presented for the computation of the extremal solutions whenever they exist, and conditions under which the termination occurs in a single iteration are provided. These results are then applied for obtaining extremal solutions of various inequations that arise in computation of maximally permissive supervisors in control of logical discrete event systems (DESs) first studied by Ramadge and Wonham. Thus our work presents a unifying approach for computation of supervisors in a variety of situations. Keywords: Fixed points, lattices, inequations, discrete event systems, supervisory control, language theory. 1 Introduction Given a set X and a function f : X ! X, x 2 X is called a fixed p...

. We explore the situation calculus within the framework of inductive definability. A consequence of this view of the situation calculus is to establish direct connections with different variants of the - calculus [Park, 1970; Hitchcock and Park, 1973; Pratt, 1981; Kozen, 1983; Emerson and Clarke, 1980], structural operational semantics of concurrent processes [Plotkin, 1981], and logic programming [Apt, 1990]. First we show that the induction principle on situations [Reiter, 1993] is implied by an inductive definition of the set of situations. Then we consider the frame problem from the point of view of inductive definability and by defining fluents inductively we obtain essentially the same form of successor state axioms as [Reiter, 1991]. Our approach allows extending this result to the case where ramification constraints are present. Finally we demonstrate a method of applying inductive definitions for computing fixed point properties of GOLOG programs. 1 Introduction...

This paper studies paralsg recursion. The trace speci#cationlpeci#c used in this paper incorporates sequential,j nondeterminism, reactiveness(inclvenessg,F'k traces), three forms of paral'VgJj (inclVgJjqMkEglglgl fair-interlkEglgl synchronous paralonousg and general recursion. In order to use Tarski's theorem to determine the #xpoints of recursions, we need to identify awelVjgJ,FIq partial order.Several orders are considered,incldered new order calrg the lexical order, which tends tosimulM, the execution of a recursion in asimilk manner as the EglVqgJ,E, order. A theorem of this paper shows that no appropriate order exists for the lhegIIIE Tarski's theoremalor is not enough to determine the #xpoints ofparalVI recursions. Instead of usingTarski's theoremdirectl, we reason about the #xpoints of terminatingand nonterminatingbehavioursseparateli Such reasoningis supported by the leg of a new compositioncalio partition. We propose a #xpoint techniquecalni the partitioned #xpoint, which is thelgqk #xpoint of the nonterminatingbehaviours after the terminatingbehaviours reach their greatest #xpoint. The surprisingresul is thataltg,M, a recursion may not beljV"EgJqVE' monotonic, it must have the partitioned #xpoint, which isequal to thelegj lgjIjI,gJqF' #xpoint. Since the partitioned #xpoint iswel de#ned in anycompl,q lmpl,q theresulq areappljFMgJ to various semanticmodeli Existing#xpoint techniquessimpl becomespecial cases of the partitioned #xpoint. Forexamplj an EglIIqgJq',EFglEFg recursion has itslsgj EglMMFIgJq #xpoint, which can be shown to be the same as the partitioned #xpoint. The new technique is moregeneral than thelegq EglEEkIgJq #xpoint in that the partitioned #xpoint can be determined even when a recursion is notEglVjjVgJq monotonic.Exampln of non-monotonic recur...