## Calculating Sharp Adaptation Rules (2000)

Venue: | Information Processing Letters |

Citations: | 16 - 4 self |

### BibTeX

@ARTICLE{Naumann00calculatingsharp,

author = {David A. Naumann},

title = {Calculating Sharp Adaptation Rules},

journal = {Information Processing Letters},

year = {2000},

volume = {77},

pages = {2001}

}

### OpenURL

### Abstract

Introduction For reasoning about total correctness of while-programs, the rules proposed by Hoare [10] have stood the test of time. But for procedure calls, a number of dierent rules have appeared (e.g, [11,9,2,1,5,12]). There appears to be no consensus on the \right" rule, and some proposals even turn out to be unsound. The results reported in this note were found in an attempt to derive an adaptation rule |rather than pulling it from a magician's hat| using tools from renement calculus. This sheds new light on the subject, explaining and extending the applicability of recent proposals, and it brings to light a new form of specication statement. Adaptation rules. For the moment, let us take for granted a semantics for commands and predicates. Say a triple f pre g S f post g is valid if every computation of command S from a state satisfying pre terminates in

### Citations

1469 | An Axiomatic Basis for Computer Programming
- Hoare
- 1969
(Show Context)
Citation Context ...ting Sharp Adaptation Rules David A. Naumann Stevens Institute of Technology, Hoboken, NJ 07030 USA 0 Introduction For reasoning about total correctness of while-programs, the rules proposed by Hoare =-=[10] hav-=-e stood the test of time. But for procedure calls, a number of dierent rules have appeared (e.g, [11,9,2,1,5,12]). There appears to be no consensus on the \right" rule, and some proposals even tu... |

84 |
Procedures and parameters: An axiomatic approach
- Hoare
- 1971
(Show Context)
Citation Context ...oduction For reasoning about total correctness of while-programs, the rules proposed by Hoare [10] have stood the test of time. But for procedure calls, a number of dierent rules have appeared (e.g, [=-=11,9,2,1,5,12]). Th-=-ere appears to be no consensus on the \right" rule, and some proposals even turn out to be unsound. The results reported in this note were found in an attempt to derive an adaptation rule |rather... |

70 | Ten years of Hoareās logic, a survey, part I
- Apt
- 1981
(Show Context)
Citation Context ...oduction For reasoning about total correctness of while-programs, the rules proposed by Hoare [10] have stood the test of time. But for procedure calls, a number of dierent rules have appeared (e.g, [=-=11,9,2,1,5,12]). Th-=-ere appears to be no consensus on the \right" rule, and some proposals even turn out to be unsound. The results reported in this note were found in an attempt to derive an adaptation rule |rather... |

41 |
Refinement Calculus: A Systematic Introduction Graduate
- Back, Wright
- 1998
(Show Context)
Citation Context ...ers can be used to link specications with programs because for pre : A X and post : A Y there is a transformer prespost, of type PY ! PX, satisfying the fundamental theorem of renement calculus [3,1=-=-=-5]: for all S, prespost v S i f pre g S f post g (1) Before dening prespost we review some connections between relations and transformers [8,7,16]. A transformer is universally disjunctive if it distr... |

41 |
Assignment and procedure call proof rules
- Gries, Levin
- 1980
(Show Context)
Citation Context ...oduction For reasoning about total correctness of while-programs, the rules proposed by Hoare [10] have stood the test of time. But for procedure calls, a number of dierent rules have appeared (e.g, [=-=11,9,2,1,5,12]). Th-=-ere appears to be no consensus on the \right" rule, and some proposals even turn out to be unsound. The results reported in this note were found in an attempt to derive an adaptation rule |rather... |

38 | Hoare logic and auxiliary variables
- Kleymann
- 1998
(Show Context)
Citation Context |

20 | O.: An algebraic construction of predicate transformers
- Gardiner, Martin, et al.
- 1994
(Show Context)
Citation Context ...atisfying the fundamental theorem of renement calculus [3,15]: for all S, prespost v S i f pre g S f post g (1) Before dening prespost we review some connections between relations and transformers [8,=-=7,16-=-]. A transformer is universally disjunctive if it distributes over arbitrary unions; such transformers are called maps for short. A comap is a universally conjunctive transformer. For relation p : A ... |

18 |
Proving total correctness of recursive procedures
- America, Boer
- 1990
(Show Context)
Citation Context |

15 | A sharp proof rule for procedures in wp semantics
- Bijlsma, Matthews, et al.
- 1989
(Show Context)
Citation Context |

13 | A categorical model for higher order imperative programming
- Naumann
- 1998
(Show Context)
Citation Context ...atisfying the fundamental theorem of renement calculus [3,15]: for all S, prespost v S i f pre g S f post g (1) Before dening prespost we review some connections between relations and transformers [8,=-=7,16-=-]. A transformer is universally disjunctive if it distributes over arbitrary unions; such transformers are called maps for short. A comap is a universally conjunctive transformer. For relation p : A ... |

10 |
The Cuppest Capjunctive Capping, and Galois
- Morgan
- 1994
(Show Context)
Citation Context ...g dSe of any S, dened by dSe = [rc S]. It is a comap and satises the ceiling property: S v S 0 dSe v S 0 for all comaps S 0 . Properties ofsoor and ceiling can be proved straightforwardly (or see [14=-=,7,-=-16]). 2 Sharp Adaptation Rules Derived We aim tosnd the weakest pre 0 : B X for given post 0 : B Y , relative to a given (pre; post) with types as before. We calculate: (pre 0 ; post 0 ) (pre; post... |

9 |
Programming from Speci second edition
- Morgan
- 1994
(Show Context)
Citation Context ...ers can be used to link specications with programs because for pre : A X and post : A Y there is a transformer prespost, of type PY ! PX, satisfying the fundamental theorem of renement calculus [3,1=-=-=-5]: for all S, prespost v S i f pre g S f post g (1) Before dening prespost we review some connections between relations and transformers [8,7,16]. A transformer is universally disjunctive if it distr... |

6 |
Algebraic proofs of consistency and completeness
- Gardiner
- 1995
(Show Context)
Citation Context ...atisfying the fundamental theorem of renement calculus [3,15]: for all S, prespost v S i f pre g S f post g (1) Before dening prespost we review some connections between relations and transformers [8,=-=7,16-=-]. A transformer is universally disjunctive if it distributes over arbitrary unions; such transformers are called maps for short. A comap is a universally conjunctive transformer. For relation p : A ... |

4 | Calculating with procedure calls
- Bijlsma
- 1993
(Show Context)
Citation Context ...parameters; in proof rules the distinction between parameter types manifests itself in quantications and in restrictions on specications (e.g, preconditions being independent from result parameters [4]). For pre0 and post0, the auxiliary state is a single integer, and the program state, initial andsnal, is a pair (r; x) with r real and x an integer. For relations p : X Y and q : Y Z we write (p... |

1 | Triggered by Wim Feijen's treatment of \98 ! 89". Manuscript EWD1201 - Dijkstra - 1995 |

1 |
Positively capjunctive cappings, and Galois. Typescript KRML 87, Compaq Systems Research Center, available upon request from the author
- Leino
- 1998
(Show Context)
Citation Context ...'. Moreover, pSq is positively conjunctive and has the ceiling property: S v S 0 pSq v S 0 for all positively conjunctive S 0 . The proof is similar to the proofs of the ceiling property of de (see [=-=-=-13]). Sharp adaptation for positive conjunctivity. We calculate: (pre 0 ; post 0 ) (pre; post) (9) and (1) ( 8S 2 PC :: [post] ; hprei v S ) [post 0 ] ; hpre 0 i v S) ceiling, S 2 PC ( 8S 2 PC :: p... |