Results 1 
7 of
7
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
"... Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of ..."
Abstract

Cited by 24 (16 self)
 Add to MetaCart
Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Nondeterministic Expressions and Predicate Transformers
 Information Processing Letters
, 1997
"... . Nondeterminacy is important in the formal specification and formal derivation of programs, but nondeterminacy within expressions is theoretically problematical. The refinement calculus sidesteps the problem by admitting nondeterminacy only at the level of statements, leading to a style of prog ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
. Nondeterminacy is important in the formal specification and formal derivation of programs, but nondeterminacy within expressions is theoretically problematical. The refinement calculus sidesteps the problem by admitting nondeterminacy only at the level of statements, leading to a style of programming that favours statements and procedures over expressions and functions. But expressions are easier to manipulate than statements, and the poverty of the expression notation has made the formal derivation of imperative programs tedious. Here we introduce nondeterministic expressions into the refinement calculus by constructing a weakest precondition semantics for imperative specifications and programs that holds good even when expressions may be nondeterministic. Keywords nondeterministic expressions; weakest preconditions; refinement calculus 1 Introduction Consider the little problem of making a program to compute the sign ('+' or '') of an integer n, not caring whether '+' o...
Specificational Functions
"... this paper, and nothing of substance in what follows depends on it. Note that (2x:T j true) differs from ? T in that ? T is refined even by a "nonterminating" expression such as an application of the recursive function f where f = x:T ffl f x. There is a bottom for each type, indicated by ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
this paper, and nothing of substance in what follows depends on it. Note that (2x:T j true) differs from ? T in that ? T is refined even by a "nonterminating" expression such as an application of the recursive function f where f = x:T ffl f x. There is a bottom for each type, indicated by subscripting, but we nearly always omit the type, either because it is not significant in the context, or it can be easily inferred. In refinement calculi, partial operations such as 3=0 are commonly equated with ?, and similarly for nonterminating expressions. It is also customary to use ? as a "don't care" term by which the customer indicates that she has no interest in the outcomes. Although it may be useful in other contexts to distinguish these various roles for ?, in program derivation they are similar in that they represent error situations in which the outcome is unpredictable and unconstrained.
Expression Refinement Explained
, 1999
"... This paper describes a calculus for the stepwise and piecewise refinement of expressions. It provides a means for the derivation of executable expressions from initial specifications. We take the view that a refinement calculus consists of: a specification language, which usually includes constructs ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
This paper describes a calculus for the stepwise and piecewise refinement of expressions. It provides a means for the derivation of executable expressions from initial specifications. We take the view that a refinement calculus consists of: a specification language, which usually includes constructs which are nonexecutable, but is a "superlanguage " of a programming language; a refinement relation between specifications, which possesses particular properties necessary for the refinement of specifications in a stepwise and piecewise manner; and a set of laws determining how such refinements may proceed.
Investigating Miraculous Specifications
 In Northern Formal Methods Workshop
, 1998
"... In order to use expressions as the basis of a specification language, we admit undefinedness, and introduce nondeterminism through the use of a choice operator. We extend expressiveness of the language by allowing choice from a set of values. Such a set could be infinite, giving unbounded nondeterm ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
In order to use expressions as the basis of a specification language, we admit undefinedness, and introduce nondeterminism through the use of a choice operator. We extend expressiveness of the language by allowing choice from a set of values. Such a set could be infinite, giving unbounded nondeterminism, or it could be empty, producing miracles. In this paper we treat the miraculous specification, examining its uses and highlighting related problems. In particular, we find that miracles promote the possibility of specification in parts, and piecewise refinement. However, their undesirable properties mean that we must limit their use. A biased choice operator is introduced as a method of totalising miraculous expressions. Finally, the formation of miraculous functions is considered with reference to their use and manipulation. 1
Under consideration for publication in Theory and Practice of Logic Programming 1 Transforming floundering into success
, 2012
"... We show how logic programs with “delays ” can be transformed to programs without delays in a way which preserves information concerning floundering (also known as deadlock). This allows a declarative (modeltheoretic), bottomup or goal independent approach to be used for analysis and debugging of p ..."
Abstract
 Add to MetaCart
We show how logic programs with “delays ” can be transformed to programs without delays in a way which preserves information concerning floundering (also known as deadlock). This allows a declarative (modeltheoretic), bottomup or goal independent approach to be used for analysis and debugging of properties related to floundering. We rely on some previously introduced restrictions on delay primitives and a key observation which allows properties such as groundness to be analysed by approximating the (ground) success set.