| [1] |
Larissa Meinicke and Ian J. Hayes.
Algebraic reasoning for probabilistic action systems and while-loops.
Acta Informatica, 45(5):321-382, 2008.
[ bib |
DOI ]
Back and von Wright have developed algebraic laws for reasoning about loops in a total correctness framework using the refinement calculus. We extend their work to reasoning about probabilistic loops in the probabilistic refinement calculus. We apply our algebraic reasoning to derive transformation rules for probabilistic action systems and probabilistic while-loops. In particular we focus on developing data refinement rules for these two constructs. Our extension is interesting since some well known transformation rules that are applicable to standard programs are not applicable to probabilistic ones: we identify some of these important differences and we develop alternative rules where possible. Keywords: Kleene algebra, probability, refinement algebra, total-correctness |
| [2] |
R. Colvin, I.J. Hayes, and P.A. Strooper.
Calculating modules in contextual logic program refinement.
Theory and Practice of Logic Programming, 8(01):1-31, 2008.
[ bib |
DOI |
http ]
The refinement calculus for logic programs is a framework for deriving logic programs from specifications. It is based on a wide-spectrum language that can express both specifications and code, and a refinement relation that models the notion of correct implementation. In this paper we extend and generalise earlier work on contextual refinement. Contextual refinement simplifies the refinement process by abstractly capturing the context of a subcomponent of a program, which typically includes information about the values of the free variables. This paper also extends and generalises module refinement. A module is a collection of procedures that operate 5B on a common data type; module refinement between a specification module A and an implementation module C allows calls to the procedures of A to be systematically replaced with calls to the corresponding procedures of C. Based on the conditions for module refinement, we present a method for calculating an implementation module from a specification module. Both contextual and module refinement within the refinement calculus have been generalised from earlier work and the results are presented in a unified framework. Keywords: Logic programs, refinement, modules, context |
| [3] |
I.J. Hayes.
Procedures and parameters in the real-time program refinement
calculus.
Science of Computer Programming, 64(3):286-311, February 2007.
[ bib |
DOI ]
The real-time refinement calculus is a formal method for the systematic derivation of real-time programs from real-time specifications in a style similar to the non-real-time refinement calculi of Back and Morgan. In this paper we extend the real-time refinement calculus with procedures and provide refinement rules for refining real-time specifications to procedure calls. A real-time specification can include constraints on, not only what outputs are produced, but also when they are produced. The derived programs can also include time constraints on when certain points in the program must be reached; these are expressed in the form of deadline commands. Such programs are machine independent. An important consequence of the approach taken is that, not only are the specifications machine independent, but the whole refinement process is machine independent. To implement the machine independent code on a target machine one has a separate task of showing that the compiled machine code will reach all its deadlines before they expire. Keywords: Real-time programming; Procedures and parameters; refinement calculus |
| [4] | I. J. Hayes, C. B. Jones, and J. E. Nicholls. Understanding the differences between VDM and Z. FACS FACTS, 2006-2:56-78, 2006. [ bib ] |
| [5] |
K. Lermer, C. J. Fidge, and I. J. Hayes.
A theory for execution time derivation in real-time programs.
Theoretical Computer Science, 346(1):3-27, November 2005.
[ bib ]
We provide an abstract command language for real-time programs and outline how a partial correctness semantics can be used to compute execution times. The notions of a timed command, refinement of a timed command, the command traversal condition, and the worst-case and best-case execution time of a command are formally introduced and investigated with the help of an underlying weakest liberal precondition semantics. The central result is a theory for the computation of worst-case and best-case execution times from the underlying semantics based on supremum and infimum calculations. The framework is applied to the analysis of a message transmitter program and its implementation. Keywords: Real-time programming; Control-flow analysis; Execution-time derivation and prediction; Predicate transformer semantics; Partial correctness |
| [6] |
K. Lermer, C.J. Fidge, and I.J. Hayes.
Linear approximation of execution-time constraints.
Formal Aspects of Computing, 15(4):319-348, December 2003.
[ bib ]
This paper defines an algorithm for predicting worst-case and best-case execution times, and determining execution-time constraints of control-flow paths through real-time programs using their partial correctness semantics. The algorithm produces a linear approximation of path traversal conditions, worst-case and best-case execution times and strongest postconditions for timed paths in abstract real-time programs. We further derive techniques to determine the set of control-flow paths with decidable worst-case and best-case execution times. The approach is based on a weakest liberal precondition semantics and relies on supremum and infimum calculations similar to standard computations from linear programming and Presburger arithmetic. The methodology is generic in that it is applicable to any executable language that can be supplied with a predicate transformer semantics and hence provides a verification basis for high level as well as assembler level execution-time analysis techniques. Keywords: Real-time program analysis; Timing-path analysis; Timing prediction; Worst-case and best-case execution times; Automatic constraint determination. |
| [7] |
I. J. Hayes, R. Colvin, D. Hemer, P. A. Strooper, and R. Nickson.
A refinement calculus for logic programs.
Theory and Practice of Logic Programming, 2(4-5):425-460,
July 2002.
[ bib ]
Existing refinement calculi provide frameworks for the stepwise development of imperative programs from specifications. This paper presents a refinement calculus for deriving logic programs. The calculus contains a wide-spectrum logic programming language, including executable constructs such as sequential conjunction, disjunction, and existential quantification, as well as specification constructs such as general predicates, assumptions and universal quantification. A declarative semantics is defined for this wide-spectrum language based on executions. Executions are partial functions from states to states, where a state is represented as a set of bindings. The semantics is used to define the meaning of programs and specifications, including parameters and recursion. To complete the calculus, a notion of correctness-preserving refinement over programs in the wide-spectrum language is defined and refinement laws for developing programs are introduced. The refinement calculus is illustrated using example derivations and prototype tool support is discussed.
|
| [8] |
G. Smith and I. J. Hayes.
An introduction to Real-Time Object-Z.
Formal Aspects of Computing, 13(2):128-141, May 2002.
[ bib ]
This paper presents Real-Time Object-Z: an integration of the object-oriented, state-based specification language Object-Z with the timed trace notation of the timed refinement calculus. This integration provides a method of formally specifying and refining systems involving continuous variables and real-time constraints. The basis of the integration is a mapping of the existing Object-Z history semantics to timed traces. Keywords: Real-time specification; real-time refinement; Object-Z; timed refinement calculus |
| [9] |
I. J. Hayes.
Reasoning about real-time repetitions: Terminating and
nonterminating.
Science of Computer Programming, 43(2-3):161-192, 2002.
[ bib |
http |
.pdf ]
It is common for a real-time system to contain a nonterminating process monitoring an input and controlling an output. Hence a real-time program development method needs to support nonterminating repetitions. In this paper we develop a general proof rule for reasoning about possibly nonterminating repetitions. The rule makes use of a Floyd-Hoare-style loop invariant that is maintained by each iteration of the repetition, a Jones-style relation between the pre- and post-states on each iteration, and a deadline specifying an upper bound on the starting time of each iteration. The general rule is proved correct with respect to a predicative semantics. Keywords: Real-time refinement; nonterminating repetitions. |
| [10] |
I. J. Hayes, C. J. Fidge, and K. Lermer.
Semantic characterisation of dead control-flow paths.
IEE Proceedings-Software, 148(6):175-186, December 2001.
[ bib |
.pdf ]
Many program verification, testing and performance prediction techniques rely on analysis of statically-identified control-flow paths. However, some such paths may be `dead' because they can never be followed at run time, and should therefore be excluded from analysis. It is shown how the formal semantics of those statements comprising a path provides a sound theoretical foundation for identification of dead paths.
|
| [11] |
I. J. Hayes and M. Utting.
A sequential real-time refinement calculus.
Acta Informatica, 37(6):385-448, 2001.
[ bib |
.pdf ]
We present a comprehensive refinement calculus for the development of sequential, real-time programs from real-time specifications. A specification may include not only execution time limits, but also requirements on the behaviour of outputs over the duration of the execution of the program. Keywords: Refinement calculus; machine-independent; real-time specification; real-time refinement; real-time programming; deadline command; timing constraint analysis; time-invariant properties. |
| [12] | C. J. Fidge, I. J. Hayes, and G. Watson. The deadline command. IEE Proceedings-Software, 146(2):104-111, April 1999. [ bib | .ps ] |
| [13] | D. Carrington, I. Hayes, R. Nickson, G. Watson, and J. Welsh. A program refinement tool. Formal Aspects of Computing, 10(2):97-124, 1998. [ bib | .ps ] |
| [14] | I. J. Hayes. Expressive power of specification languages. Formal Aspects of Computing, 10(2):187-192, 1998. [ bib ] |
| [15] |
R. Nickson and I. Hayes.
Supporting contexts in program refinement.
Science of Computer Programming, 29(3):279-302, 1997.
[ bib ]
A program can be refined either by transforming the whole program or by refining one of its components. The refinement of a component is, for the main part, independent of the remainder of the program. However, refinement of a component can depend on the context of the component for information about the variables that are in scope and what their types are. The refinement can also take advantage of additional information, such as any precondition the component can assume. The aim of this paper is to introduce a technique, which we call program window inference, to handle such contextual information during derivations in the refinement calculus. The idea is borrowed from a technique, called window inference, for handling context in theorem proving. Window inference is the primary proof paradigm of the Ergo proof editor. This tool has been extended to mechanize refinement using program window inference.
|
| [16] | I. J. Hayes. Supporting module reuse in refinement. Science of Computer Programming, 27(2):175-184, 1996. [ bib ] |
| [17] | I. J. Hayes and J. W. Sanders. Specification by interface separation. Formal Aspects of Computing, 7(4):430-439, 1995. [ bib | .pdf ] |
| [18] | I. J. Hayes and B. P. Mahony. Using units of measurement in formal specifications. Formal Aspects of Computing, 7(3):329-347, 1995. [ bib | .pdf ] |
| [19] | I. J. Hayes, C. B. Jones, and J. E. Nicholls. Understanding the differences between VDM and Z. ACM Software Engineering News, 19(3):75-81, July 1994. Unrefereed. Previously published in FACS Europe [20]. [ bib ] |
| [20] | I. J. Hayes, C. B. Jones, and J. E. Nicholls. Understanding the differences between VDM and Z. FACS Europe, 1(1):7-30, 1993. Unrefereed. Also published in ACM Software Engineering News, 19(3):75-81, July 1994. [ bib ] |
| [21] | I. J. Hayes. Multi-relations in Z: A cross between multi-sets and binary relations. Acta Informatica, 29(1):33-62, February 1992. [ bib | .pdf ] |
| [22] | B. P. Mahony and I. J. Hayes. A case-study in timed refinement: A mine pump. IEEE Trans. on Software Engineering, 18(9):817-826, 1992. [ bib | .pdf ] |
| [23] | I. J. Hayes. VDM and Z: A comparative case study. Formal Aspects of Computing, 4(1):76-99, 1992. [ bib | .pdf ] |
| [24] | I. J. Hayes and C. B. Jones. Specifications are not (necessarily) executable. IEE/BCS Software Engineering Journal, 4(6):330-338, November 1989. [ bib ] |
| [25] | C. A. R. Hoare, I. J. Hayes, He Jifeng, C. Morgan, A. W. Roscoe, J. W. Sanders, I. H. Sørensen, J. M. Spivey, and B. A. Sufrin. Laws of programming. Communications of the ACM, 30(8):672-686, August 1987. Corrigenda: CACM 30(9):770. [ bib ] |
| [26] | I. J. Hayes. Specification directed module testing. IEEE Transactions on Software Engineering, SE-12(1):124-133, January 1986. [ bib | .pdf ] |
| [27] | I. J. Hayes. Applying formal specification to software development in industry. IEEE Transactions on Software Engineering, SE-11(2):169-178, February 1985. [ bib | .pdf ] |
This file has been generated by bibtex2html 1.88.
Last updated: