Results

**11 - 17**of**17**### Metric Predicate Transformers: Towards a Notion of Refinement for Concurrency

, 1994

"... For two parallel languages with recursion a compositional weakest precondition semantics is given using two new metric resumption domains. The underlying domains are characterized by domain equations involving functors that deliver `observable' and `safety' predicate transformers. Further a refineme ..."

Abstract
- Add to MetaCart

For two parallel languages with recursion a compositional weakest precondition semantics is given using two new metric resumption domains. The underlying domains are characterized by domain equations involving functors that deliver `observable' and `safety' predicate transformers. Further a refinement relation is defined for this domains and illustrated by rules dealing with concurrent composition. It turns out, by extending the classical duality of predicate vs. state transformers, that the weakest precondition semantics for the parallel languages is isomorphic to the standard metric state transformers semantics. Moreover, the proposed refinement relation on the predicate transformer domain will correspond to the familiar notion of simulation in the state transformer domain. Contents 1 Introduction 1 2 Mathematical Preliminaries 3 3 Four Languages with Recursion 5 4 Domains for Predicate Transformers 8 5 Predicate Transformer Semantics 14 6 Refinement, Simulation and State Transforme...

### Program Specification

, 2001

"... Introduction In order to prove mathematically the correctness of a program one must first specify what it means for it to be correct. In this chapter a notation for specifying the desired behaviour of imperative programs is described. This notation is due to C.A.R. Hoare. Executing an imperative pro ..."

Abstract
- Add to MetaCart

Introduction In order to prove mathematically the correctness of a program one must first specify what it means for it to be correct. In this chapter a notation for specifying the desired behaviour of imperative programs is described. This notation is due to C.A.R. Hoare. Executing an imperative program has the effect of changing the state, i.e. the values of program variables 1 . To use such a program, one first establishes an initial state by setting the values of some variables to values of interest. One then executes the program. This transforms the initial state into a final one. One then inspects (using print commands etc.) the values of variables in the final state to get the desired results. For example, to compute the result of dividing y into x one might load x and y into program variables X and Y, respectively. One might then execute a su

### Isomorphisms between Predicate and State Transformers

, 1993

"... We study the relation between state transformers based on directed complete partial orders and predicate transformers. Concepts like `predicate', `liveness', `safety' and `predicate transformers' are formulated in a topological setting. We treat state transformers based on the Hoare, Smyth and Pl ..."

Abstract
- Add to MetaCart

We study the relation between state transformers based on directed complete partial orders and predicate transformers. Concepts like `predicate', `liveness', `safety' and `predicate transformers' are formulated in a topological setting. We treat state transformers based on the Hoare, Smyth and Plotkin powerdomains and consider continuous, monotonic and unrestricted functions. We relate the transformers by isomorphisms thereby extending and completing earlier results and giving a complete picture of all the relationships. 1991 Mathematics Subject Classification: 68Q55, 68Q10, 68Q60, 06A06. 1991 CR Categories: D.3.1, F.1.2, F.3.1, F.3.2. Keywords and Phrases: Predicates, liveness, safety, predicate transformers, state transformers, weakest preconditions, refinement, Hoare power domain, Smyth power domain, Plotkin power domain. Note: The research of Marcello Bonsangue was supported by a grant of the Centro Nazionale delle Ricerche (CNR), Italy, announcement no. 203.15.3 of 15/2/90. 1 Contents 1

### Duration: Twelve lecturesSpecification and Verification I

"... These lecture notes are for the course entitled Specification and Verification I. Some of the material is derived from previously published sources. 1 Chapters 1–4 introduces the classical ideas of specification and proof of program properties due to Floyd and Hoare. Chapter 5 is an introduction to ..."

Abstract
- Add to MetaCart

These lecture notes are for the course entitled Specification and Verification I. Some of the material is derived from previously published sources. 1 Chapters 1–4 introduces the classical ideas of specification and proof of program properties due to Floyd and Hoare. Chapter 5 is an introduction to program refinement using an approach due to Paul Curzon. Chapter 6 presents higher order logic and Chapter 7 explains how Floyd-Hoare logic can be defined within higher order logic. The topic of this course is the specification and verification of software. It is a prerequisite for the Part II course on the specification and verification of hardware entitled Specification and Verification II. Learning Guide These notes contain all the material that will be covered in the course. It should thus not be necessary to consult any textbooks etc. The copies of transparencies give the contents of the lectures. However note that I sometimes end up going faster or slower than expected so, for example, material shown in Lecture n might actually get covered in Lecture n+1 or Lecture n−1. The examination questions will be based on material in the lectures. Thus if I end up not covering some topic in the lectures, then I would not expect to set an examination question on it. This course has been fairly stable for several years, so past exam questions are a reasonable guide to the sort of thing I will set this year (and so are worth doing for practice).

### A Hofmann-Mislove theorem for bitopological spaces ∗

, 2007

"... We present a Stone duality for bitopological spaces in analogy to the duality between topological spaces and frames, and discuss the resulting notions of sobriety and spatiality. Under the additional assumption of regularity, we prove a characterisation theorem for subsets of a bisober space that ar ..."

Abstract
- Add to MetaCart

We present a Stone duality for bitopological spaces in analogy to the duality between topological spaces and frames, and discuss the resulting notions of sobriety and spatiality. Under the additional assumption of regularity, we prove a characterisation theorem for subsets of a bisober space that are compact in one and closed in the other topology. This is in analogy to the celebrated Hofmann-Mislove theorem for sober spaces. We link the characterisation to Taylor’s and Escardó’s reading of the Hofmann-Mislove theorem as continuous quantification over a subspace. As an application, we define locally compact d-frames and show that these are always spatial.

### What is a differential partial combinatory algebra?

, 2011

"... In this thesis we combine Turing categories with Cartesian left additive restriction categories and again with differential restriction categories. The result of the first combination is a new structure which models nondeterministic computation. The result of the second combination is a structure wh ..."

Abstract
- Add to MetaCart

In this thesis we combine Turing categories with Cartesian left additive restriction categories and again with differential restriction categories. The result of the first combination is a new structure which models nondeterministic computation. The result of the second combination is a structure which models the notion of linear resource consumption. We also study the structural background required to understand what new features Turing structure should have in light of addition and differentiation – most crucial to this development is the way in which idempotents split. For the combination of Turing categories with Cartesian left additive restriction categories we will also provide a model.

### On Specification Carrying Software, its Refinement and Composition

"... In this paper, we present the framework of evolving specifications (especs), implementing, in the categorical setting of algebraic specifications, a logical view of state, known from Hoare logic to abstract state machines (evolving algebras). The categorical support for both top-down and bottom-up d ..."

Abstract
- Add to MetaCart

In this paper, we present the framework of evolving specifications (especs), implementing, in the categorical setting of algebraic specifications, a logical view of state, known from Hoare logic to abstract state machines (evolving algebras). The categorical support for both top-down and bottom-up development is thus extended from the refinement and composition of the structure of programs, to the refinement and composition of their behaviors. While they were originally defined as specifications carrying state machines, especs can also be viewed from another angle, as software components carrying their specifications. As first-class citizens of software systems, specifications are thus made available both statically, as generalized interfaces, and dynamically, as the carriers of adaptability. From this point of view, especs seem particularly suitable for capturing and analyzing the dynamic aspects of architectural composition. In this expository note, we shall survey the main ideas, and outline some examples, including a summary of a method for analysis and transformation of security protocols, where runtime architectural changes result from the internal dynamics of connectors, or components. In such cases, an architectural view with the abstraction level predetermined by the features of the chosen architecture description language, may conceal the essence, whereas the practical application requires versatility. A. “Software Philosophy” I.