## Exploring Summation and Product Operators in the Refinement Calculus (1994)

Venue: | Mathematics of Program Construction |

Citations: | 19 - 10 self |

### BibTeX

@INPROCEEDINGS{Back94exploringsummation,

author = {R. J. R. Back and M. J. Butler},

title = {Exploring Summation and Product Operators in the Refinement Calculus},

booktitle = {Mathematics of Program Construction},

year = {1994},

pages = {128--158},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an object-oriented programming language. 1 Introduction Dijkstra introduced weakest-precondition predicate transformers as a means of verifying total correctness properties of ...

### Citations

3615 | Communicating Sequential Processes
- Hoare
- 1985
(Show Context)
Citation Context ...The product operator provides a way of composing more general initialisations achieving the same effect. In [7], the actions of an action system are given labels and a correspondence with Hoare's CSP =-=[13]-=- is established. A version of parallel composition of action systems is described in which commonly labelled actions from the respective action systems are composed such that they are executed simulta... |

1510 |
A Discipline of Programming
- Dijkstra
- 1976
(Show Context)
Citation Context ... in an object-oriented programming language. 1 Introduction Dijkstra introduced weakest-precondition predicate transformers as a means of verifying total correctness properties of sequential programs =-=[8]-=-. In the refinement calculus of Back and others, specifications and programs are regarded uniformly as predicate transformers, and refinement laws are derived from properties of predicate transformers... |

1156 |
The Z Notation: A Reference Manual
- Spivey
- 1989
(Show Context)
Citation Context ...nvolves constructing a statement S such that fpreg; [post]sS. If post is a relation rather than a predicate, we can model postconditions on the before and after states in the manner of VDM [14] and Z =-=[24]-=-. Rules for the stepwise refinement of specification statements of the form fpreg; [post] into more familiar program constructs may be found in [1, 16, 19]. All predicate transformers S constructed us... |

503 | Programming from Specifications - Morgan - 1998 |

159 |
A theoretical basis for stepwise refinement and the programming calculus
- Morris
- 1987
(Show Context)
Citation Context ... In the refinement calculus of Back and others, specifications and programs are regarded uniformly as predicate transformers, and refinement laws are derived from properties of predicate transformers =-=[1, 16, 19]-=-. The refinement calculus provides various choice and assignment operators that are generalisations of Dijkstra's operators, and the applications of these operators are well-known. However, the applic... |

135 |
A generalization of Dijkstraâ€™s calculus
- Nelson
- 1989
(Show Context)
Citation Context ...c function and for ordinal ff let f ff be defined inductively by f ff = (fi ! ff \Delta f f fi ): Then f has a least fixed-point given by f ff for some ordinal ff. This version of the theorem is from =-=[23]-=- and is based on [12]. Proof of Theorem 16: Firstly, we have F (F fi 1 +F fi 2 ) = F 1 (hOE 1 i; (F fi 1 +F fi 2 ); fOE \Gamma1 1 g) + F 2 (hOE 2 i; (F fi 1 +F fi 2 ); fOE \Gamma1 2 g) = fTheorem 9 (S... |

109 |
Correctness preserving program refinements: Proof theory and applications
- Back
- 1980
(Show Context)
Citation Context ... In the refinement calculus of Back and others, specifications and programs are regarded uniformly as predicate transformers, and refinement laws are derived from properties of predicate transformers =-=[1, 16, 19]-=-. The refinement calculus provides various choice and assignment operators that are generalisations of Dijkstra's operators, and the applications of these operators are well-known. However, the applic... |

88 | On the Refinement Calculus - Morgan, Vickers - 1994 |

73 |
Data refinement refined
- He, Hoare, et al.
- 1986
(Show Context)
Citation Context ...n and the choice operators preserve refinement. The well-known technique of data refinement involves replacing abstract program variables with concrete program variables using an abstraction relation =-=[11]-=-. In the refinement calculus, the abstraction relation is modelled by an abstraction command, and we say that S : \Delta(\Sigma) is data refined by S 0 : \Delta(\Sigma 0 ) under abstraction command ff... |

64 |
Systematic Software Development using VDM (second edition
- Jones
- 1990
(Show Context)
Citation Context ...re; post) involves constructing a statement S such that fpreg; [post]sS. If post is a relation rather than a predicate, we can model postconditions on the before and after states in the manner of VDM =-=[14]-=- and Z [24]. Rules for the stepwise refinement of specification statements of the form fpreg; [post] into more familiar program constructs may be found in [1, 16, 19]. All predicate transformers S con... |

61 |
Stepwise refinement of parallel algorithms
- Back, Sere
- 1990
(Show Context)
Citation Context ...In the case that S 2 ? = ?, then this theorem shows that superposition is a form of data refinement with h 1 i as the abstraction statement. Superposition refinement of action systems is described in =-=[3]-=-, where superposition on individual actions is described in terms of sequential composition. Our superposition operator could be used instead. 6.3 Modification Consider the following two predicate tra... |

48 |
Data refinement of predicate transformers
- Gardiner, Morgan
- 1991
(Show Context)
Citation Context ...relation is modelled by an abstraction command, and we say that S : \Delta(\Sigma) is data refined by S 0 : \Delta(\Sigma 0 ) under abstraction command ff : \Sigma 0 7\Gamma! \Sigma if ff; SsS 0 ; ff =-=[9, 26]-=-. We can easily show that summation preserves data refinement: 9 Theorem 15 Let S 1 : \Delta(\Sigma 1 ), S 0 1 : \Delta(\Sigma 0 1 ), S 2 : \Delta(\Sigma 2 ), S 0 2 : \Delta(\Sigma 0 2 ), be predicate... |

36 |
Decentralisation of Process Nets with Centralised Control
- Back, Kurki-Suonio
- 1983
(Show Context)
Citation Context ...oduct operators, we know that if either assignment is nonterminating, then the combined assignment is nonterminating, e.g., S 1\Omega abort = abort. The action system formalism of Back & Kurki-Suonio =-=[2]-=- uses predicate transformers to model parallel programs. An action system consists of an initialisation predicate transformer and a set of action predicate transformers. Execution of an action system ... |

30 | Refinement Calculus
- Back, Wright
- 1998
(Show Context)
Citation Context ... (T 1 \Theta T 2 ) (S 1 ; T 1 ) \Theta (S 2 ; T 2 )s(S 1 \Theta S 2 ); (T 1 \Theta T 2 ): In the case that T 1 and T 2 are universally conjunctive, then the inequalities become equalities. Proof: See =-=[5]-=-. This result allows us to show how the derived product operator preserve data-refinement. First we note the following from [26]: for predicate transformer S, the right adjoint of S, denoted S r , sat... |

28 |
Induction rules and termination proofs
- Hitchcock, Park
- 1972
(Show Context)
Citation Context ...dinal ff let f ff be defined inductively by f ff = (fi ! ff \Delta f f fi ): Then f has a least fixed-point given by f ff for some ordinal ff. This version of the theorem is from [23] and is based on =-=[12]-=-. Proof of Theorem 16: Firstly, we have F (F fi 1 +F fi 2 ) = F 1 (hOE 1 i; (F fi 1 +F fi 2 ); fOE \Gamma1 1 g) + F 2 (hOE 2 i; (F fi 1 +F fi 2 ); fOE \Gamma1 2 g) = fTheorem 9 (Selection)g F 1 F fi 1... |

24 | A CSP Approach To Action Systems
- Butler
- 1992
(Show Context)
Citation Context ...hed. A version of parallel composition of action systems is described in which commonly labelled actions from the respective action systems are composed such that they are executed simultaneously. In =-=[6]-=-, this composition is defined by the properties that it should satisfy. One such property is that the composition should only be enabled when both actions are enabled. The product operator almost sati... |

19 |
Preordered Categories and Predicate Transformers
- Martin
- 1991
(Show Context)
Citation Context ...nd M.J. Butler Dept. of Computer Science,sAbo Akademi Turku, Finland 9 September 1994 Abstract Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin =-=[15]-=- using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of ... |

13 |
Two-Categories and Program Structure: Data Types, Refinement Calculi, and Predicate Transformers
- Naumann
- 1992
(Show Context)
Citation Context ...culus R.J.R. Back and M.J. Butler Dept. of Computer Science,sAbo Akademi Turku, Finland 9 September 1994 Abstract Product and summation operators for predicate transformers were introduced by Naumann =-=[21]-=- and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algeb... |

12 | A tool for data refinement
- Ruksenas, Wright
- 1997
(Show Context)
Citation Context ...relation is modelled by an abstraction command, and we say that S : \Delta(\Sigma) is data refined by S 0 : \Delta(\Sigma 0 ) under abstraction command ff : \Sigma 0 7\Gamma! \Sigma if ff; SsS 0 ; ff =-=[9, 26]-=-. We can easily show that summation preserves data refinement: 9 Theorem 15 Let S 1 : \Delta(\Sigma 1 ), S 0 1 : \Delta(\Sigma 0 1 ), S 2 : \Delta(\Sigma 2 ), S 0 2 : \Delta(\Sigma 0 2 ), be predicate... |

10 |
Refinement Concepts Formalised in Higher Order Logic
- Back, Wright
- 1990
(Show Context)
Citation Context ...ere introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of =-=[4]-=-, and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, wh... |

10 |
The Cuppest Capjunctive Capping, and Galois
- Morgan
- 1994
(Show Context)
Citation Context ... to prove the following absorption rule: Theorem 28 For conjunctive S 1 ; S 2 , S 1sS 2 ) S 1 fi S 2 = S 2 : Proof: S 2 is the least conjunctive predicate transformer satisfying (5) and (6). 2 Morgan =-=[17]-=- has developed an operator 2 on predicate transformers such that 2S is the least-refined predicate transformer that is both universally conjunctive and refines S. By these properties, it is easy to sh... |

8 |
Refinement and decomposition of value-passing action systems
- Butler
- 1993
(Show Context)
Citation Context ...ialisations are demonic updates [I 1 ], [I 2 ], and their composition is simply [I 1 I 2 ]. The product operator provides a way of composing more general initialisations achieving the same effect. In =-=[7]-=-, the actions of an action system are given labels and a correspondence with Hoare's CSP [13] is established. A version of parallel composition of action systems is described in which commonly labelle... |

7 |
Modular reasoning in an object-oriented refinement calculus
- Utting, Robinson
- 1992
(Show Context)
Citation Context ...s important in object-oriented programming. Late binding means that the effect of executing a procedure depends on the value of the state on which it is to be executed. For example, Utting & Robinson =-=[25]-=- model late binding in the refinement calculus by regarding a procedure as being a function from values to statements: proc : \Sigma ! \Delta(\Sigma): The effect of executing procedure proc in state o... |

4 |
On the essence of Oberon
- Naumann
- 1994
(Show Context)
Citation Context ...n effect may be achieved, for example, by using stored procedures as provided in Oberon [20] where procedures are themselves values. A predicate transformer model of stored procedures may be found in =-=[22]-=-. 24 That is, the effect of (T 1 + T 2 ) depends on whether S 1 or S 2 is executed beforehand. Proof: S + 1 ; (T 1 + T 2 ) = (S 1 + abort); (T 1 +T 2 ) = fDistribution of + and ;g (S 1 ; T 1 ) +(abort... |

3 |
Adding specification constructs to the refinement calculus
- Ward
- 1993
(Show Context)
Citation Context ...m 25 provides an easy way of calculating the combination of two specifications: fpg; [P ] fi fqg; [Q] = fpsqg; [P Q]: If P and Q are contradictory, i.e., PsQ =?, then their fusion is miraculous. Ward =-=[27]-=- has defined a similar combinator specifically for specification statements (which is defined by combining relations) though the combination behaves as abort when P and Q are contradictory. In Ward's ... |

2 |
Object-Oriented Programming with Oberon. Lecture Notes from Eastern Finland
- Gutknecht
- 1994
(Show Context)
Citation Context ...ents: proc : \Sigma ! \Delta(\Sigma): The effect of executing procedure proc in state oe is then determined by the statement (proc oe). This is sometimes referred to as instance-centered late binding =-=[10]-=-. 3 A simpler notion of late binding uses types rather than values to determine which statement is selected when a procedure is called (so-called class-centered late binding [10]). Here we show how th... |

2 |
Object-Oriented Programming in Oberon-2
- Mossenboeck
- 1994
(Show Context)
Citation Context ... binding" for the case where the procedure associated with an instance/class may change during execution. Such an effect may be achieved, for example, by using stored procedures as provided in Ob=-=eron [20]-=- where procedures are themselves values. A predicate transformer model of stored procedures may be found in [22]. 24 That is, the effect of (T 1 + T 2 ) depends on whether S 1 or S 2 is executed befor... |