R. J. R. Back and J. von Wright. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W. P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness, volume 430 of Lecture Notes in Computer Science, pages 42--66. Springer Verlag, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the behaviour of P during execution, and thus its temporal properties, will be the same as the behaviour of P . Since the re nement calculus was originally designed for sequential programs total correctness was sucient. The re nement calculus has however been lifted to work on both parallel [Bac89, Bac90, Ser90, BS91, Bac93] and reactive (or distributed) Bac90, vW92b, BvW94, BS96] systems, by using action systems [BKS83, BKS84, BKS88] to model parallel and distributed systems as sequential programs. Although preserving total correctness is also sucient for parallel systems, stepwise re nement of reactive or ....

....will be the same as the behaviour of P . Since the re nement calculus was originally designed for sequential programs total correctness was sucient. The re nement calculus has however been lifted to work on both parallel [Bac89, Bac90, Ser90, BS91, Bac93] and reactive (or distributed) [Bac90, vW92b, BvW94, BS96]. systems, by using action systems [BKS83, BKS84, BKS88] to model parallel and distributed systems as sequential programs. Although preserving total correctness is also sucient for parallel systems, stepwise re nement of reactive or distributed systems also requires preservation of temporal ....

[Article contains additional citation context not shown here]

R.J.R. Back. Re nement Calculus, Part II: Parallel and Reactive Programs. In J.W. de Bakker, W.P. de Roever, and G. Rozenberg, editors, Stepwise Re nement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of LNCS, pages 67-93. SpringerVerlag, 1990. 39

....the parallel composition depends on how the individual action systems, the reactive components, interact with each other via the global variables that they reference. For instance, a reactive component does not terminate by itself. The termination is a global property of the composed action system [1]. Since the initialization actions are well defined, and non deterministic choice between actions is both associative and commutative, the parallel composition is also associative and commutative. Therefore, the meaning of several parallelly composed action systems can be unfolded in any order ....

R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.--P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness. Proceedings. 1989.

....( and inequations ( v ) If P v Q then Q is considered to be an implementation of P . It is more deterministic and terminates more often. Although hardware never terminates , here we deem termination to occur when the hardware generates a finish output signal on a specific wire. 4. 2 Normal form implementation Normal form programs are a bridge between programs in PL and either software (traditional machine code) 18]orhardware (digital circuit) implementations of them# here the latter is outlined. With some further transformation, the hardware normal form maybeinterpreted as ....

....that b ) s c) since either the start signal or one of the control latches must be high for the circuit to be active. The program STEP gives the state change of a circuit within one clock cycle. Here we model it as a sequential program consisting of three substeps. STEP = SEQ[STEP1 # STEP2 # SKIP 1 # STEP3] where SKIP 1 models a delayofoneclock cycle. The first substep sends output readiness, given by OF , to its parallel partners, and at the same time it receives the corresponding readiness status of its partners on the other end of its channels. These communications are ....

[Article contains additional citation context not shown here]

R.J.R. Back, Refinement calculus, part II: parallel and reactive programs, in J.W. de Bakker, W.-P.de Roever, G. Rozenberg (eds.), Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, Springer-Verlag, LNCS 430, pp. 67--93, 1990.

....global variables. The meaning of a hybrid action system is obtained by unfolding the hybrid alternation into an ordinary iteration (6) This is important for the definition of a non trivial parallel composition. 6 Parallel Composition Parallel composition is defined between action systems in [2]. Consider two action systems A and B A b = j[ var X : T do A 1 [ Am od B b = j[ var Y : S do B 1 [ Bn od where Z are imported global variables to A and U are imported global variables to B, and the local variables X and Y are assumed to be disjoint. The parallel ....

....of the parallel composition depends on how the individual action systems, the reactive components, interact with each other via the global variables that they use. For instance, a reactive component does not terminate by itself. Termination is a global property of the composed action system [2]. Since the initialisations are well defined, and non deterministic choice between actions is both associative and commutative, the parallel composition is also associative and commutative. Therefore, the meaning of several parallel composed action systems can be unfolded in any order without ....

R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.--P. de Roever, and G. Rozenberg, (eds.), Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness. Proceedings. 1989.

....method of program construction. It was originally proposed by Back [2] and it has later been studied and extended by several researchers, see [17, 18] among others. In recent years data refinement within the refinement calculus has been a topic for extensive research [9, 10] Back and Sere [4, 7] have extended the refinement calculus to handle parallel algorithms as well as reactive programs. In both cases parallel and concurrent activity is modelled within a purely sequential framework. We shall here concentrate on reactive programs. Procedures were added to the refinement calculus ....

....framework. We shall here concentrate on reactive programs. Procedures were added to the refinement calculus independently by Back [3] and Morgan [16] with slightly di#erent ways in which parameter passing is handled. We extend the data refinement of reactive action systems as described by Back [4] to handle remote procedures. We extend the preliminary work by Back and Sere [8] considerably by developing a more general rule for the refinement of remote procedures together with a number of useful special cases of it. We pay special attention to the compositionality of the developed rules ....

[Article contains additional citation context not shown here]

R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.--P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness. Proceedings. 1989.

.... Project Description: ESPRIT Basic Research project 7071 Jonathan Bowen et al. Oxford University Computing Laboratory Programming Research Group 11 Keble Road, OXFORD OX1 3QD Tel: 44 865 273838 Fax: 44 865 273839 Email: procos request comlab.ox.ac.uk Abstract An overview of the current and planned activities of the ESPRIT Basic Research ....

.... Project Description: ESPRIT Basic Research project 7071 Jonathan Bowen et al. Oxford University Computing Laboratory Programming Research Group 11 Keble Road, OXFORD OX1 3QD Tel: 44 865 273838 Fax: 44 865 273839 Email: procos request comlab.ox.ac.uk Abstract An overview of the current and planned activities of the ESPRIT Basic Research project (no. 7071) on Provably Correct Systems is presented. This is afollow on project to ....

[Article contains additional citation context not shown here]

R.J.R. Back. Refinement calculus, part II: Parallel and reactive programs. In J.W. de Bakker, W.-P.deRoever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems -- Models, Formalisms, Correctness,volume 430 of Lecture Notes in Computer Science,pages 67--93. Springer-Verlag, 1990.

....proposed that offer active objects, e.g. Oblique [Car95] which supports distributed object oriented computation and Oblets [BN96] which are written in Oblique and which have a family of Web browsers capable of running Oblets. We reason about OO action systems in the refinement calculus framework [Bac90]. The refinement calculus and related calculi [Mor88, Mor87] have become popular foundations for program construction and for reasoning about specifications and implementations that meet their specifications. The refinement calculus uses weakest precondition predicate transformers as the semantic ....

.... Moreover, Abadi and Leino develop a Hoare style logic for reasoning about object oriented programs [AL97] Reasoning about DisCo specifications is carried out within TLA [Lam91] The way we define inheritance or sub typing as class refinement is based on data refinement for action systems [Bac90, BS94, SW97]. Class refinement in the data refinement framework has also been studied by Mikhajlova and Sekerinski [MS97] They construct new classes by inheritance and overriding, but do not consider the addition of new methods. Moreover, their objects are not active and distributed as ours are. Class ....

[Article contains additional citation context not shown here]

R.J.R. Back. Refinement calculus, part II: parallel and reactive programs. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of Lecture Notes in Computer Science, pages 67--93, Springer-Verlag, 1990.

....is relevant for many frameworks of refinement, but we need a specific carrier to express our results. We choose the action system formalism of Back and Kurki Suonio [BKS83] as a paradigm for describing parallel systems. Refinement of action systems was studied by Back, Sere and Wright, in e.g. [BS91, Bac89, BvW94]. Our observations are directly useful to many other transition system based formalisms, e.g. AL91, KMP94, Jon91] 2 Preliminaries 2.1 Refinement calculus The basic domains of refinement calculus arise by pointwise extension from the boolean lattice. The truth values Bool = fT; Fg form a ....

R.J.R. Back. Refinement calculus, part II: Parallel and reactive programs. In REX Workshop for Refinement of Distributed Systems, LNCS 430, Nijmegen, The Netherlands, 1989. Springer--Verlag.

....have SWT UFM The proof of this formula is a simple consequence of the invariant proved for SWT. q Of course we may also introduce a refinement concept for state machines explicitly in terms of relations between states leading to variations of simulations and bisimulations (see [1] 2] 5] [6], and also [3] This is useful if components are refined that are described by state machines. We do not carry out this idea here explicitly. We call a relation between state machines with initial states s and s , initial output y and y and transition function D and D a refinement if B D ....

R.J.R. Back: Refinement Calculus, Part II: Parallel and Reactive Programs. REX Workshop. In: J. W. de Bakker, W.-P. de Roever, G. Rozenberg (eds): Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science 430, 1989, 67-93

....Techniques involving stepwise design or refinement have been first proposed by N.Wirth [Wir71] and influenced almost all modern program development methods. Other early work about refinement, which is based on operators on logic and involves a calculus, is the research done by R.J.R. Back, Bac81, Bac90] and later by C. Morgan, Mor90] A work which presents a transformation method from trace logic via process terms to implementations in Petri nets is [Old91a] ffl A well known approach of this sort is the formal specification notation Z, Abr85, Spi89] which is based on set theory and first ....

....introduced by A.P. Ravn in [Rav95] On the other hand, the program specification language SL that is more abstract and flexible than occam 15 itself has been developed in Oldenburg, cf. ORSS92, Sch94a] The specification language SL combines regular expressions with ideas from action systems, Bac90] and with time conditions; it allows to describe the distributed architecture of the intended implementation of the real time system and the timed communication between the different components. The most important result of the Habilitationsschrift is the following Main Theorem: Let Req be a ....

R.J.R. Back, Refinement Calculus, Part II: Parallel and Reactive Programs. In: J.W. de Bakker, W.-P. de Roever, G. Rozenberg (Eds.), Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, LNCS 430 (SpringerVerlag) , 1990, 67-93.

.... and mathematically sound way for bridging the gap between specifications and programs [Old91, Ros94] We consider communicating systems as an approach to distributed computing that integrates the state transformation aspect of iterative programs in the sense of UNITY [CM88] and action systems [Bac90] with the CSP paradigm of synchronous message passing along communication channels. When designing such systems several different aspects like concurrency, communication, nondeterminism, deadlock, termination, divergence and assignment to variables have to be considered. A state trace readiness ....

R.J.R. Back. Refinement calculus, Part II: Parallel and Reactive Programs. In J.W. de Bakker, W.P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems - Models, Formalisms, Correctness, LNCS 430, pages 67-- 93. Springer-Verlag, 1990.

....developed by [ORSS92, Sch94a] SL allows us to describe a distributed architecture consisting of time dependent sequential processes that work in parallel and communicate with each other in a synchronous fashion. Syntactically, SL combines regular expressions [CH74] with ideas from action systems [Bac90] and with time conditions on the readiness of commincation channels [Sch94a] In this part of the paper we consider the interface between DC implementables and SL. This is challenging because DC and hence DC implementables are state based, describing a system as a collection of time dependent ....

R.J.R. Back, Refinement calculus, part II: parallel and reactive programs. In: J.W. de Bakker, W.-P. de Roever, G. Rozenberg (Eds.), Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness. LNCS 430 (SpringerVerlag, 1990), 67--93.

.... Calculus (DC for short) 4, 3] a state based interval temporal logic for the description of time dependent requirements, and SL time , an event based specification language close to the programming level [13, 18] The latter combines regular expressions [2] with ideas from action systems [1] and with time conditions [18] it allows us to describe the distributed architecture of the intended implementation of the real time system and the timed communication between the different components. This research was partially supported by the German Ministry for Education and Research ....

R.J.R. Back. Refinement Calculus, Part II: Parallel and Reactive Programs. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of LNCS, pages 67--93. Springer-Verlag, 1990.

....Much work remains to be done to achieve our goal of large repositories of software components with their proofs of correctness. This is a step in that direction. 9 Related Work Many people have studied methods for designing systems by composition of components [1, 2] and by systematic re nement [3, 4, 16, 35]. A signi cant amount of work has been done on compositional methods within the Unity framework [14, 15, 28, 27] Composition using rely guarantee properties and systematic speci cations of interfaces have been proposed by Jones [19, 21 23, 36] This paper di ers from most of the earlier work in ....

R. Back. Renement calculus, Part II: Parallel and reactive programs. In REX Workshop on Stepwise Renement of Distributed Systems, volume 430 of Lecture Notes in Computer Science, pages 67-93. Springer-Verlag, 1989.

....of sequences of states. Such proofs are at best of limited value, since a possibility that is overlooked in writing the specification is likely to be overlooked when writing the proof. At the end of Section 2. 1, it is hinted that DisCo can be formalized in terms of Back s refinement calculus [2], which does provide a formal proof method. However, as explained below, the incompleteness of Back s proof system makes it incapable of verifying the implementations in this example. Moreover, Back s method requires a translation of liveness properties, involving the introduction of counter ....

R. J. R. Back. Refinement calculus, part ii: Parallel and reactive programs. In J. W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems, volume 430 of Lecture Notes in Computer Science, pages 67--93. Springer-Verlag, May/June 1989.

....of the program must satisfy in order to achieve that required property (referred to as the weakest precondition) In order to specify real time and concurrent systems, however, it is necessary to model reactive programs . Although some work has been done in the framework of the re nement calculus [2], in general, such programs cannot be described readily in terms of initial and nal states alone. Hence, Mahony and Hayes [12, 9] adapted the predicate transformer approach of the re nement calculus to describe a program in terms of an assumption about the environment in which the program acts ....

R.-J. Back. Renement calculus, part II: Parallel and reactive programs. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Renement of Distributed Systems, volume 430 of LNCS, pages 67-93. Springer-Verlag, 1990.

....others. Program development via stepwise refinement. Our approach to program development is based on stepwise refinement and program transformations, as described for sequential programs in the work of Back [6] Gries, and Hoare [44] and for parallel programs in the work of, for example, Back [5], Martin [56] and Van de Velde [74] Operational models. Our operational model is based on defining programs as state transition systems, as in the work of Chandy and Misra [24] Lynch and Tuttle [52] Lamport [51] Manna and Pnueli [54] and Pnueli [61] 1.2.2 Related and complementary work ....

.... [50] in emphasizing sequential style specifications over specifications describing ongoing behavior (e.g. safety and progress properties) Our emphasis on program development by stepwise refinement builds on the work of Back [6] Gries [42] and Hoare [44] for sequential programs, and Back [5], Martin [56] and Van de Velde [74] for parallel programs. Sequential programming models. We base our programming model on the standard sequential model as defined for example by Gries [42] Parallel programming models. Since we are more interested in sequential style specifications than in ....

R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of Lecture Notes in Computer Science, pages 67--93. Springer-Verlag, 1990.

....(CEC) under the ESPRIT Basic Research Action No. 7071: ProCoS II: Provably Correct Systems . 1 language SL that is more abstract and flexible than occam itself has been developed by [ORSS92, Sch94a] The specification language SL combines regular expressions with ideas from action systems [Bac90] and with time conditions; it allows to describe the distributed architecture of the intended implementation of the real time system and the timed communication between the different components. In this paper we consider the interface between DC implementables and SL. While DC and hence DC ....

R.J.R. Back, Refinement Calculus, Part II: Parallel and Reactive Programs, in: J.W. de Bakker, W.-P. de Roever, G. Rozenberg, Eds., Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, LNCS 430 (Springer-Verlag, 1990) pp. 67-93.

No context found.

R. J. R. Back and J. von Wright. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W. P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness, volume 430 of Lecture Notes in Computer Science, pages 42--66. Springer Verlag, 1990.

No context found.

R.J.R. Back: Refinement Calculus, Part II: Parallel and Reactive Programs. REX Workshop. In: J. W. de Bakker, W.-P. de Roever, G. Rozenberg (eds): Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science 430, 67-93

No context found.

R. J. R. Back and J. von Wright. Refinement Calculus, part II: Parallel and Reactive Programs. In J. W. de Bakker, W.-P. de Roever and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of Lecture Notes in Computer Science, pages 67 V 93. springer-Verlag, 1990.

No context found.

R. J. R. Back and J. von Wright. Refinement Calculus, part II: Parallel and Reactive Programs. In J. W. de Bakker, W.-P. de Roever and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of Lecture Notes in Computer Science , pages 67 -- 93. springer-Verlag, 1990.

No context found.

R.-J. Back. Refinement calculus, part II: Parallel and reactive programs. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems, volume 430 of LNCS, pages 67--93. Springer-Verlag, 1990.

No context found.

R.J.R. Back: Refinement Calculus, Part II: Parallel and Reactive Programs. REX Workshop. In: J. W. de Bakker, W.-P. de Roever, G. Rozenberg (eds): Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science 430, 67-93

No context found.

R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.--P. de Roever, and G. Rozenberg, editors,

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC