Results 1  10
of
17
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 62 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
An ObjectOriented Refinement Calculus with Modular Reasoning
, 1992
"... In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedur ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
In this thesis, the refinement calculus is extended to support a variety of objectoriented programming styles. The late binding of procedure calls in objectoriented languages is modelled by defining an objectoriented system to be a function from procedure names and argument values to the procedures that are invoked by late binding. The first model allows multiple dispatch late binding, in the style of CLOS. This model is then specialised to the single dispatch case, giving a model that associates types with objects, which is similar to existing class based objectoriented languages. Both models are then restricted so that they support modular reasoning. The concept of modular reasoning has been defined informally in the literature, both for nonobjectoriented systems and for objectoriented systems. This thesis gives the first formal definition of modular reasoning for objectoriented languages. Intuitively, the definition seems to capture the minimum possible requirements necessa...
Inplace Refinement for Effect Checking
 IN SECOND INTERNATIONAL WORKSHOP ON AUTOMATED VERIFICATION OF INFINITESTATE SYSTEMS (AVIS’03
, 2003
"... The refinement calculus is a powerful framework for reasoning about programs, specifications, and refinement relations between programs and specifications. In this paper ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
The refinement calculus is a powerful framework for reasoning about programs, specifications, and refinement relations between programs and specifications. In this paper
Statement inversion and strongest postcondition
 Science of Computer Programming
, 1993
"... A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulat ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
A notion of inverse commands is de ned for a language with a weakest precondition semantics, permitting both demonic and angelic nondeterminism as well as miracles and nontermination. Every conjunctive and terminating command is invertible, the inverse being nonmiraculous and disjunctive. A simulation relation between commands is described using inverse commands. A generalized form of inverse is de ned for arbitrary conjunctive commands. The generalized inverses are shown to be closely related to strongest postconditions. 1
Safe Equivalences for Security Properties
, 2010
"... In the field of Security, process equivalences have been used to characterize various informationhiding properties (for instance secrecy, anonymity and noninterference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
In the field of Security, process equivalences have been used to characterize various informationhiding properties (for instance secrecy, anonymity and noninterference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P [ s1 /x] is equivalent to P [ s2 /x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler “works for the benefit of the protocol”, and this is usually not a safe assumption. Nonsafe equivalences, in this sense, include completetrace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish informationhiding properties.
Data Refinement of Mixed Specifications: A Generalization of UNITY
 ACTA INFORMATICA
, 1996
"... Data refinement is an important and widely used technique for program development. In this paper, we give predicate transformer based semantics and refinement rules for mixed specifications that allow specifications to be written as a combination of abstract program and temporal properties. Mixe ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Data refinement is an important and widely used technique for program development. In this paper, we give predicate transformer based semantics and refinement rules for mixed specifications that allow specifications to be written as a combination of abstract program and temporal properties. Mixed specifications may be considered a generalization of the UNITY specification notation to allow safety properties to be specified by abstract programs in addition to temporal properties. Alternatively, mixed specifications may be viewed as a generalization of the UNITY programming notation to allow arbitrary safety and progress properties in a generalized `always section'. The UNITY substitution axiom is handled in a novel way by replacing it with a refinement rule. The derivation of a distributed mutual exclusion algorithm is given to illustrate the method on a nontrivial example. 1 Introduction Data refinement is an important method for program development where abstract data s...
Joining Specification Statements
, 1998
"... The specification statement allows us to easily express what a program statement does. This paper shows how refinement of specification statements can be directly expressed using the predicate calculus. It also shows that the specification statements interpreted as predicate transformers form a comp ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The specification statement allows us to easily express what a program statement does. This paper shows how refinement of specification statements can be directly expressed using the predicate calculus. It also shows that the specification statements interpreted as predicate transformers form a complete lattice, and that this lattice is the lattice of conjunctive predicate transformers. The join operator of this lattice is constructed as a specification statement. The join operators of two interesting sublattices of the set of specification statements are also investigated.
Application of Demonic Fixed Points
, 2009
"... We will present some interesting results about the fixed points of some functions with demonic operators; particularly the function f(X) = Q ∨ P 2X where P< ∧ Q< = Ø, by taking P: = t 2B and Q: = t∼, one gets the demonic semantics we have assigned to while loops in previous papers. We prove ..."
Abstract
 Add to MetaCart
We will present some interesting results about the fixed points of some functions with demonic operators; particularly the function f(X) = Q ∨ P 2X where P< ∧ Q< = Ø, by taking P: = t 2B and Q: = t∼, one gets the demonic semantics we have assigned to while loops in previous papers. We prove that this greatest fixed coincides with the least fixed point with respect to the usual ordering (angelic inclusion) of the same function. This is followed by an example of application. 1 Relation Algebras Both homogeneous and heterogeneous relation algebras are employed in computer science. In this paper, we use heterogeneous relation algebras whose definition is taken from [BeZ86, Sch81, ScS93]. (1) Definition. A relation algebra A is a structure (B,∨,∧,−, ◦, ^ ) over a nonempty set B of elements, called relations. The unary operations −, ^ are total whereas the binary operations ∨,∧, ◦ are partial. We denote by B∨R the set of those elements Q ∈ B for which the union R∨Q is defined and we require that R ∈ B∨R for every R ∈ B. If Q ∈ B∨R, we say that Q has the same type as R. The following conditions are satisfied. (a) (B∨R,∨,∧,−) is a Boolean algebra, with zero element 0R and universal element 1R. (b) Composition: P ◦ (Q ◦R) = (P ◦Q) ◦R. (c) There are elements Rid and idR associated to every relation R ∈ B. Rid behaves as a right identity and idR as a left identity for B∨R. (d) The Schröder rule P ◦Q ≤ R ⇔ P^◦−R ≤ −Q ⇔ −R ◦Q ^ ≤ −P holds whenever one of the three expressions is defined. (e) 1 ◦R ◦ 1 = 1 iff R 6 = 0 (Tarski rule). If R ^ ∈ B∨R, then R is said to be homogeneous. If all R ∈ A have the same type, the operations are all total and A itself is said to be homogeneous. For simplicity, the universal, zero, and identity elements are all denoted by 1, 0, id, respectively. Another operation that occurs in this article is the reflexive transitive closure R∗: R ∗ = i≥0 Ri and R ∗ = id ∨R ◦R ∗ = id ∨R ∗ ◦R, where R0 = id and Ri+1 = R ◦ Ri. From more details about the calculus of relations (see, e.g., [BeZ86, ChT51, ScS93]). As the demonic calculus will serve as an algebraic apparatus for defining the denotational semantics of the nondeterministic programs, we will define in what follows these operators. 2 Demonic
On Research: incremental semantics
, 2008
"... Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNUIIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. ..."
Abstract
 Add to MetaCart
Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNUIIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. As well as providing twothirds of the endowment fund, the Macao authorities also supply UNUIIST with its office premises and furniture and subsidise fellow accommodation. The mission of UNUIIST is to assist developing countries in the application and development of software technology. UNUIIST contributes through its programmatic activities: 1. Advanced development projects, in which software techniques supported by tools are applied, 2. Research projects, in which new techniques for software development are investigated, 3. Curriculum development projects, in which courses of software technology for universities in developing countries are developed, 4. University development projects, which complement the curriculum development projects by aiming to strengthen all aspects of computer science teaching in universities in developing countries, 5. Schools and Courses, which typically teach advanced software development techniques, 6. Events, in which conferences and workshops are organised or supported by UNUIIST, and
Software Technology Involutions on relational program calculi
, 2008
"... Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNUIIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. ..."
Abstract
 Add to MetaCart
(Show Context)
Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNUIIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. As well as providing twothirds of the endowment fund, the Macao authorities also supply UNUIIST with its office premises and furniture and subsidise fellow accommodation. The mission of UNUIIST is to assist developing countries in the application and development of software technology. UNUIIST contributes through its programmatic activities: 1. Advanced development projects, in which software techniques supported by tools are applied, 2. Research projects, in which new techniques for software development are investigated, 3. Curriculum development projects, in which courses of software technology for universities in developing countries are developed, 4. University development projects, which complement the curriculum development projects by aiming to strengthen all aspects of computer science teaching in universities in developing countries, 5. Schools and Courses, which typically teach advanced software development techniques, 6. Events, in which conferences and workshops are organised or supported by UNUIIST, and