Results 1 
8 of
8
Towards a Box Calculus for Hierarchical Hume
 Trends in Functional Programming 8. Intellect
, 2007
"... We present a first approach towards a calculus of transformations of Hume boxes, using an extended version of Hume called Hierarchical Hume. We introduce some of the atomic rules and explain how to derive higherlevel rules from them. The approach is illustrated through two examples establishing the ..."
Abstract

Cited by 6 (6 self)
 Add to MetaCart
We present a first approach towards a calculus of transformations of Hume boxes, using an extended version of Hume called Hierarchical Hume. We introduce some of the atomic rules and explain how to derive higherlevel rules from them. The approach is illustrated through two examples establishing the equivalence of Hume programs by transformation. 1
Hume box calculus: robust system development through software transformation
 HIGHERORDER SYMB COMPUT
, 2011
"... Hume is a contemporary programming language oriented to systems with strong resource bounds, based on autonomous concurrent “boxes” interacting across “wires”. Hume’s design reflects the explicit separation of coordination and computation aspects of multiprocess systems, which greatly eases establi ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Hume is a contemporary programming language oriented to systems with strong resource bounds, based on autonomous concurrent “boxes” interacting across “wires”. Hume’s design reflects the explicit separation of coordination and computation aspects of multiprocess systems, which greatly eases establishing resource bounds for programs. However, coordination and computation are necessarily tightly coupled in reasoning about Hume programs. Furthermore, in Hume, local changes to coordination or computation, while preserving input/output correctness, can have profound and unforeseen effects on other aspects of programs such as timing of events and scheduling of processes. Thus, traditional program calculi prove inappropriate as they tend to focus exclusively either on the coordination of interacting processes or on computation within individual processes. The Hume box calculus offers a novel approach to manipulating multiprocess systems by accounting seamlessly for both coordination and computation in individual rules. Furthermore, the “Hierarchical Hume” extension enables strong locality of the effects of program manipulation, as well as providing a principled encapsulation mechanism. In this paper, we present an overview of the Hume box calculus and its applications in program development. First of all, a base set of rules for introducing, changing, composing, separating and eliminating Hume boxes and wires, possibly within hierarchies, is presented. Next additional strategies are derived and a constructive approach to program development is illustrated through two examples of system elaboration from truth tables. Finally, at a considerably higher level, the use of the Hume box calculus to verify a generic transformation from a single box to an equivalent multibox program, offering a balanced parallel implementation, is discussed.
Preserving coordination properties when transforming concurrent system components
 IN: COORDINATION MODELS, LANGUAGES AND APPLICATIONS TRACK OF THE 23RD ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, 1515 BROADWAY
, 2008
"... Complexity in concurrent or distributed systems can be managed by dividing component into smaller components. For example, suppose component D is replaced by an assembly of sub components D1 to D4: While the new assembly may have the same functional correctness properties as the original component, ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Complexity in concurrent or distributed systems can be managed by dividing component into smaller components. For example, suppose component D is replaced by an assembly of sub components D1 to D4: While the new assembly may have the same functional correctness properties as the original component, the coordination properties of the whole system may have changed radically, as the additional processes must now be scheduled with attendant impact on the scheduling of the original processes. If the original system is nondeterministic or time dependent, then the system’s functional properties may also change. A well known solution for managing large systems is to structure the components into subparts, an approach that was first taken by Harel [2] for finite state automata (FSA). By illustrating with the Hume programming language, we will argue for a similar approach for program transformation, where the overall structure is preserved by nesting new components inside a supercomponent. Hume[1] explicitly separates coordination and computation concerns. It is based on autonomous boxes linked by wires, which are defined in the finite state coordination language. Transitions within a box is defined in the expression language by a list of matches, each of the form pattern → expression where each pattern is matched against the box input and the associated expression generates output by associated recursive actions. Hume targets safetycritical resource bounded
Formal Verification of Concurrent Scheduling Strategies using TLA
"... There is a high demand for correctness for safety critical systems, often requiring the use of formal verification. Simple, wellunderstood scheduling strategies ease verification but are often very inefficient. In contrast, efficient concurrent schedulers are often complex and hard to reason about. ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
There is a high demand for correctness for safety critical systems, often requiring the use of formal verification. Simple, wellunderstood scheduling strategies ease verification but are often very inefficient. In contrast, efficient concurrent schedulers are often complex and hard to reason about. This paper will show how the TLA logic can be used to verify schedulers of concurrent components. TLA allows us to prove that one program preserves the behaviour of another program, in particular that an efficient scheduling strategy preserves the behaviour of a simpler one. For an arbitrary program we can use the simpler scheduler for correctness verification, knowing that the properties also hold in the more efficient one, which we then implement. This approach is illustrated with the Hume programming language, which is based on concurrent rich automata. We show an efficient extension to the Hume scheduler, and prove that this extension preserves the behaviour of the standard Hume scheduler.
Constructing Correct Circuits: Verification of Functional Aspects of Hardware Specifications with Dependent Types
"... Abstract: This paper focuses on the important, but tricky, problem of determining provably correct program properties automatically from program source. We describe a novel approach to constructing correct lowlevel programs. By using modern, fullspectrum dependent types, we are able to give an exp ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract: This paper focuses on the important, but tricky, problem of determining provably correct program properties automatically from program source. We describe a novel approach to constructing correct lowlevel programs. By using modern, fullspectrum dependent types, we are able to give an explicit and checkable link between the lowlevel program and its highlevel meaning. Our approach closely links programming and theorem proving in that a type correct program is a constructive proof that the program meets its specification. It goes beyond typical modelchecking approaches, that are commonly used to check formal properties of lowlevel programs, by building proofs over abstractions of properties. In this way, we avoid the statespace explosion problem that bedevils modelchecking solutions. We are also able to consider properties over potentially infinite domains and determine properties for potentially infinite programs. We illustrate our approach by implementing a carryripple adder for binary numbers.
A.: Towards automated property discovery within Hume
 2nd International Workshop on Invariant Generation (WING’09
, 2009
"... Hume is a Turingcomplete programming language, designed to guarantee space and time bounds whilst still working on a highlevel. Formal properties of Hume programs, such as invariants and transformations, have previously been verified using the temporal logic of actions (TLA). TLA properties are ve ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Hume is a Turingcomplete programming language, designed to guarantee space and time bounds whilst still working on a highlevel. Formal properties of Hume programs, such as invariants and transformations, have previously been verified using the temporal logic of actions (TLA). TLA properties are verified in an inductive way, which often requires lemma discovery or generalisations. Rippling was developed for guiding inductive proofs, and supports lemmas and generalisation discovery through proof critics. In this paper we show how rippling and proof critics can be used in the verification of Hume invariants represented in TLA. Our approach is based on existing work on the problem of verifying and discovering loop invariants for an imperative program. We then extend this work to Hume program transformations. 1