. We describe the Refinement Calculator, a tool which supports

. We describe an attempt to formalise the semantics of the

. The refinement calculus provides a theory for the stepwise refinement

The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or

Window inference is a method for contextual rewriting and refinement, supported by the HOL Window Inference Library. This paper describes a user-friendly interface for window inference. The interface permits the user to select subexpressions by pointing and clicking and to select transformations from menus. The correctness of each transformation step is proved automatically by the HOL system. The interface can be tailored to particular user-defined theories. One such extension, for program refinement, is described. 1 Introduction Though the original purpose of the HOL system [8] was as a tool for hardware verification, it has become popular also as a basis for software verification (see for example [1, 5, 7]). However, the theories built for supporting the software development process are normally difficult to use, especially if one does not have any previous detailed knowledge of the HOL system. In order to make such theories available to a general audience, it is essential that user...

This report discusses how to refine reactive systems using the HOL theorem prover. We show how Action Systems -- the formal framework supported -- can be formalised in HOL. We describe a simple refinement example. We also discuss how the work presented here can be used in connection with the Refinement Calculator, a tool supporting program refinement.

Gentle introductions to the programming logic UNITY, the theorem proving environment HOL, and the embedding of the first into the latter are presented. Equipped with this apparatus a methodology for designing distributed algorithms is described.