The refinement calculus is a formal technique for the development of programs which are provably ... more The refinement calculus is a formal technique for the development of programs which are provably correct with respect to their specifications. A formal language is presented for the description of program development using the refinement calculus. The language provides an abstract representation of the overall program development, reflecting its tree-like structure. The language is used for recording developments in the refinement editor -- an automated tool supporting the refinement calculus.
We present a very general language for expressing tactic programs. The paper describes some essen... more We present a very general language for expressing tactic programs. The paper describes some essential tactic combinators (tacticals), and gives them a formal semantics. Those definitions are used to produce a complete calculus for reasoning about tactics written in this language. The language is extended to cover structural combinators which enable the tactics to be precisely targeted upon particular sub-expressions.
One module is said to be refined by a second if no program using the second module can detect tha... more One module is said to be refined by a second if no program using the second module can detect that it is not using the first; in that case the second module can replace the first in any program. Data refinement transforms the interior pieces of a module — its state and consequentially its operations — in order to refine the module overall. A method for data refinement is sound if applying it actually does refine the module; a method is complete if any refinement of modules can be realised by its application. It has been known for some time that there are two methods of data refinement which are jointly complete for boundedly-nondeterministic programs: any refinement can be realised by applying one method then the other. Those two methods are formulated in terms of relations between states. Here it is shown that using predicate transformers, instead, allows a single complete method.
In this paper we formalise three different views of a virtual shared memory system and show that ... more In this paper we formalise three different views of a virtual shared memory system and show that they are equivalent. The formalisation starts with five basic component processes specified in the language of CSP [Hoa85], which can be adapted as necessary by two operations called labelling and clamping, and are combined in two basic ways: either they are chained, so that the output of one component becomes the input of the next, or they are put in parallel, so that their communications are arbitrarily interleaved. Using the laws of CSP we show that these basic processes and operators satisfy a number of algebraic equivalences, which enable us to prove equivalence of the different models of the memory system by reasoning entirely at the level of processes, instead of at the lower and more complicated level of events. As a result the proofs of equivalence of the different models are purely algebraic and very simple. The specification is intended to provide a general framework for any a...
The refinement calculus is a formal technique for the development of programs which are provably ... more The refinement calculus is a formal technique for the development of programs which are provably correct with respect to their specifications. A formal language is presented for the description of program development using the refinement calculus. The language provides an abstract representation of the overall program development, reflecting its tree-like structure. The language is used for recording developments in the refinement editor -- an automated tool supporting the refinement calculus.
We present a very general language for expressing tactic programs. The paper describes some essen... more We present a very general language for expressing tactic programs. The paper describes some essential tactic combinators (tacticals), and gives them a formal semantics. Those definitions are used to produce a complete calculus for reasoning about tactics written in this language. The language is extended to cover structural combinators which enable the tactics to be precisely targeted upon particular sub-expressions.
One module is said to be refined by a second if no program using the second module can detect tha... more One module is said to be refined by a second if no program using the second module can detect that it is not using the first; in that case the second module can replace the first in any program. Data refinement transforms the interior pieces of a module — its state and consequentially its operations — in order to refine the module overall. A method for data refinement is sound if applying it actually does refine the module; a method is complete if any refinement of modules can be realised by its application. It has been known for some time that there are two methods of data refinement which are jointly complete for boundedly-nondeterministic programs: any refinement can be realised by applying one method then the other. Those two methods are formulated in terms of relations between states. Here it is shown that using predicate transformers, instead, allows a single complete method.
In this paper we formalise three different views of a virtual shared memory system and show that ... more In this paper we formalise three different views of a virtual shared memory system and show that they are equivalent. The formalisation starts with five basic component processes specified in the language of CSP [Hoa85], which can be adapted as necessary by two operations called labelling and clamping, and are combined in two basic ways: either they are chained, so that the output of one component becomes the input of the next, or they are put in parallel, so that their communications are arbitrarily interleaved. Using the laws of CSP we show that these basic processes and operators satisfy a number of algebraic equivalences, which enable us to prove equivalence of the different models of the memory system by reasoning entirely at the level of processes, instead of at the lower and more complicated level of events. As a result the proofs of equivalence of the different models are purely algebraic and very simple. The specification is intended to provide a general framework for any a...
Uploads
Papers by Paul Gardiner