C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of predicate transformer semantics in support of compositional development methods for sequential programs. Weakest precondition program semantics were first suggested by Dijkstra [8] and have been blended successfully with the assumption commitment paradigm independently by Back [4] Morgan [21], Morris [23] and Nelson [24] These formalisms have much in common and are referred to collectively as the refinement calculus. The refinement calculus is a broad spectrum, specification programming language together with a collection of refinement rules that support top down design. High level ....

....predicate transformers. They are represented on network graphs as diamond shaped nodes, see Fig. 2(c) defs function def :# f# # ## a . # (fa) Relations may be embedded as predicate transformers to give abstract specifications of desired relations between inputs and outputs. Following Morgan [21], we introduce the specification statement as the primary method of expressing relational specifications. In addition to a relation between inputs and outputs (the commitment) the specification statement also includes an assumption about the properties of inputs. Specification statements are ....

[Article contains additional citation context not shown here]

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3), July 1988. Reprinted in [22].

....[3] as a way of reasoning about CSP programs. Later this framework has been extended and many interesting and non trivial parallel algorithms have been derived and studied as action systems [4, 6, 7] Action systems can be formally derived in a stepwise manner within the refinement calculus [1, 17, 18]. A useful tool when deriving these systems is the superposition refinement rule [7] that has been formalized within this calculus. Superposition is a program modularization and structuring method for developing parallel and distributed systems [3, 12, 13] In superposition some new functionality ....

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403 -- 419, July 1988.

.... languages in which the federated components are written, whereas DeCo exploits the fact that Haskell can be used not only for coordination but also for as much computation as is useful for a given federation (for data adaptation, for example) Examples of coordination languages include Polylith [13], Strand and PCL [5] and Linda [3] A domain specific language (DSL) is a language tailored to a particular application domain. A domain specific embedded language (DSEL) is a DSL built as an extension to an existing base language. DeCo is constructed as a DSEL based on Haskell whose domain is ....

J. M. Purtilo. The POLYLITH software bus. ACM Transactions on Programming Languages and Systems (TOPLAS), 16(1):151--174, 1994.

....and understandability of that model requires some familiarity with the specification language (Circus) itself, which we provide in section 3, below. Circus Circus is a unified programming language that combines Z [1, 26] and CSP [14, 20] constructs, together with specification statements [18] and guarded commands [12] With Z and CSP integrated into the language, Circus can be used to describe both the state and behavioural aspects of concurrent systems. Though there are several other examples of combining Z and CSP in the literature [13] Circus distinguishes itself by a theory of ....

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403-419, 1988.

....normal termination to model state changes in the source program. We use erroneous termination to model errors in the source program. For our source language, these errors are array index out of bounds errors. We use miraculous termination to model the programmer being off the hook (see, e.g. [0,19, 21, 20, 17]) 4 An assignment command x : E updates the state by setting the variable x to the value of the expression E and then terminates normally. The commands assert P and assume P terminate normally, without changing the state, if P evaluates to true ; otherwise, the assert statement terminates ....

Carroll Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....used in this paper. Another verification technique, based on the so called schedulerluck games, is presented in [14] Other work is based on the extension of model checking techniques to the probabilistic case [32, 19,10] and on the extension of predicate transformers to the probabilistic case [27]. Prior to the algorithm of Aspnes and Herlihy, the best known randomized algorithm for consensus with shared memory was due to Abrahamson [1] The algorithm has exponential expected running time. The algorithm of Aspnes and Herlihy was improved by Attiya, Dolev, and Shavit [7] by eliminating the ....

C. Morgan, A. McIver, K. Seidel: Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3): 325353 (1996)

....and Conjunctivity are proved as well. Keywords: Weakest Precondition, Operational Semantics, Formal Verification, Coq 1 Introduction The weakest precondition, wp, proposed by E. W. Dijkstra [5] proved to be useful in various areas of software development and has been investigated extensively [1, 13, 12]. There have been a number of attempts to support wp and refinement calculus with computer assisted reasoning systems such as HOL [16, 19, 9] Isabelle [14, 17, 18] Ergo [3] PVS [8] and Alf [10] Unfortunately, among these works, only Laibinis and Wright [9] deals with general recursion. In ....

C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....sections is concerned with program re nements of distributed or concurrent programs. 5 An overview of some existing work on re nements 5. 1 The re nement calculus The re nement calculus originates with Ralph Back [Bac78, Bac80] and was reintroduced by Joseph Morris [Mor89] and Carrol Morgan [Mor88, MG90, Mor90]. The calculus provides a framework for systematic program development. The main idea behind the re nement calculus is considering both speci cations and code to be programs. A notion of re nement is then de ned on these programs as a re exive and transitive relation that preserves total ....

C. Morgan. The speci cation statement. ACM Transactions on Programming Languages and Systems, 10(3), 1988.

....at execution time, so the run time overhead is serious. Researches exist in which pointer and array variables are statically analyzed [6, 7] Much of this research tries to statically determine possible aliases of pointer variables and array elements, but these still remain the uncertain cases [16]. Since our dependence cache slicing uses dynamic information, we can get reasonable slice precision with affordable execution overhead. In [3] a constrained slice, which is a generalization of static and dynamic slices, is proposed. This method takes a subset of the inputs of the program as a ....

Ramalingam, G.: The Undecidability of Aliasing, ACM Transactions on Programming Languages and Systems, Vol. 16, No. 5, pp. 1467--1471 (1994).

....stepwise refinement paradigm for the construction of parallel and distributed systems. The refinement calculus is a formalization of the stepwise refinement method of program construction. It was originally proposed by Back [2] and it has later been studied and extended by several researchers, see [17, 18] among others. In recent years data refinement within the refinement calculus has been a topic for extensive research [9, 10] Back and Sere [4, 7] have extended the refinement calculus to handle parallel algorithms as well as reactive programs. In both cases parallel and concurrent activity is ....

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....which supports distributed object oriented computation and Oblets [BN96] which are written in Oblique and which have a family of Web browsers capable of running Oblets. We reason about OO action systems in the refinement calculus framework [Bac90] The refinement calculus and related calculi [Mor88, Mor87] have become popular foundations for program construction and for reasoning about specifications and implementations that meet their specifications. The refinement calculus uses weakest precondition predicate transformers as the semantic basis. Also Naumann [Nau94] uses predicate transformers to ....

C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems 10:3, pages 403--419, 1988.

....form the distribution of the processes and data links on a network. But the algorithm of each process contain explicit communication primitives. Hayes et al. [18] working on MLP (Mixed Language Programming) proposes using remote procedure calls (RPC s) by export import of procedure names. Purtilo [19] proposed a software bus system (Polylith) also allowing independence between configuration (which he calls Application structure ) and algorithms (which he calls individual components ) The specification of how components or modules communicate is claimed to be independent of the component ....

"The Polylith Software Bus", J.M. Purtilo, ACM Transactions on Programming Languages and Systems, Vol 16 No. 1, pp 151 - 174, 1994

....strict formality. The combination of formality and step wise refinement characterises a number of approaches known as program refinement methods. The earliest work on program refinement was that of Ralph Back [Bac81, Bac88] This work was later reinvented and extended both by Carroll Morgan [MR87, Mor88b] and by Joe Morris [Mor87] Each of these methods takes an existing programming language (Dijkstra s guardedcommand language) and extends it by adding a new specification statement that can be used to describe an arbitrary requirement. The addition of a specification statement yields a ....

....model. The relational model cannot describe miracle. The inability to describe miracles is not a disadvantage in itself, since miracles cannot be implemented. However, various authors have argued that the presence of miracles in a calculus leads to a simpler and more powerful formalism [Mor88a, Mor88b, Nel89] The partial model describes abort with the predicate F. Neither of the other models can describe behaviour that is required not to terminate. The assumption of users of the relational and total models is that nobody ever requires nontermination. This being the case, abort becomes just ....

Carroll C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....(including pure synchronization) is accomplished via blocking, asymmetric, synchronous, two party interactions called Input Output Commands. For the most part, subsequent work has attempted to generalize the input output commands. In both the Shared Actions [12] and the Multiway Rendezvous [5] models, communication is captured by a sequential program that modifies the combined state of a fixed set of participating processes. In the Multiparty Interactions model [7] only processes that participate in a communication are permitted to read the combined state, all modifications being ....

Charlesworth, A., The Multiway Rendezvous, ACM Transactions on Programming Languages and Systems 9(2), pp. 350-366 (1987).

....Connection Oriented Architecture In a RESTCLK network an application object may communicate with another if and only if a communication pathway is established beforehand between obj ports belonging to the objects. Such a connection oriented architecture is also used in the polylith software bus [38]. This is to be contrasted with connectionless communication architectures as in RPC [37, 4, 46] In RPC establishment of pathways between senders and receivers is not a responsibility of an application system. We have assumed in RESTCLK that management objects of an application system will be ....

....of RESTCLK. These examples illustrate the use of observation and control for transparent dynamic reconfiguration of application systems in various situations. We also use these examples to compare RESTCLK solutions for dynamic reconfiguration with solutions proposed in other systems like polylith [19, 38, 21, 22, 20, 5] and conic [25, 27, 26, 24] These two are the only other significant systems that we are aware of, which propose novel communication systems organization that facilitate dynamic system reconfigurations of the kinds discussed here. The examples discussed in this chapter will illustrate clearly the ....

[Article contains additional citation context not shown here]

J. Purtilo. The polylith software bus. ACM Transactions on Programming Languages and Systems, Jan 1994. 177

....that can exploit reuse even when it exists only on a subset of execution paths incoming to the redundant load. Therefore, PRE has become the basis of modern register promotion techniques [CK94a,BG96b,SJ98,LCK # 98] 137 Unfortunately, detecting load reuse is in general undecidable [Ram94] and so no compile time PRE complete load reuse analysis exists. Therefore, we use an empirical, run time analysis that measures the reuse in the program as the program executes. In order to provide a close approximation of PREcompleteness, this simulation based limit study should collect all ....

G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467--1471, September 1994.

....component based application development. It provides a means for data exchange and communication among components, hiding distributed information from the developer. Middleware enables a user to integrate heterogeneous systems while ignoring the constraints imposed by the underlying architecture [Purtilo94]. There are many products available such as CORBA, DCOM, Java RMI, JavaBeans, MQIntegrator, Component Broker, and Polylith that provide these middleware solutions. This chapter on middleware is an introduction to how these products can be related to the integration strategies and integration ....

....controller and extender) 67 1. 1 1. 1. 1. CONTROLLER TRANSLATOR EXTENDER TRANSLATOR CONTROLLER EXTENDER Broker Adapter Component Broker Figure 22: Component Broker in the Integration Taxonomy 5. 7 Polylith Polylith is a middleware solution developed at the University of Maryland [Purtilo94]. It was built to allow applications to communicate across process boundaries using messages made up of arbitrarily complex type structures. The Polylith architecture consists of two important components that directly relate to integration: the software bus and the packaging system. The clients ....

J. Purtilo. The Polylith software bus. ACM Transactions on Programming Languages and Systems, Jan. 1994.

....then we can conclude that S [X ] v S [Y ] This property is known as monotonicity with respect to refinement, and it is important because we want the ability to refine a specification in parts. The refinement calculus for imperative programs was developed independently by Morris [9, 10] and Morgan [7, 8], based on work by Back [1] 3 Expressions At a simple level, an expression is something which has a value, i.e. which can be evaluated. In addition, an expression has a type. This could be a simple type, such as an integer, a boolean or a character. But it could have a more complicated compound ....

C. Morgan. The Specification Statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....such a way that, if predicate pre holds on the initial state, termination is ensured in a state satisfying predicate post over the initial and nal states; if pre does not hold, the computation aborts. Semantics for pGCL can be given either relationally [7] or in terms of expectation transformers [13]. We shall use the latter, due to its semplicity in calculations. Expectation transformer semantics is an extension of the predicate transformer one. An expectation is a [0; 1] valued function on a state space X and may be thought of as a probabilistic predicate . The set Q of all expectations is ....

Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325{ 353, May 1996.

....fpgCfqg but we are not told exactly what C is. The question we are concerned with in this section is whether we can derive all other speci cations that follow from it, without making use of knowledge of C. To formulate this we consider Hoare triples fpg fqg with an unspeci ed command. Following [5, 11, 1], we call such a Hoare triple with a hole a speci cation statement. Throughout this section we assume a given set X of variables, regarded as the Modi es set. To derive one speci cation statement from the other we use the usual rule of Consequence from Hoare logic, and the Frame Rule; see Table ....

C. C. Morgan. The specication statement. ACM Transactions on Programming Languages and Systems, 10(3), Jul 1988. Reprinted in [4]. 15

....can be found in e.g. 21, 20] Kozen proposes in [21] a probabilistic dynamic logic in which arithmetical laws govern the program analysis. The thesis work of Jones [20] presents a proof system for probability in a state less setting. An important strand of research in the syntactic approach (cf. [23, 24]) is focussed on predicate transformers. In [23] extending the predicate transformer work of [24] a calculus of greatest pre expectations is given for a language with both probabilistic choice and nondeterminism. This calculus is illustrated by its application to the examples of an erratic ....

....laws govern the program analysis. The thesis work of Jones [20] presents a proof system for probability in a state less setting. An important strand of research in the syntactic approach (cf. 23, 24] is focussed on predicate transformers. In [23] extending the predicate transformer work of [24], a calculus of greatest pre expectations is given for a language with both probabilistic choice and nondeterminism. This calculus is illustrated by its application to the examples of an erratic sequence accumulator , an example recurring in this paper, and Rabin s choice coordination ....

[Article contains additional citation context not shown here]

C. Morgan, A. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18:325-353, May 1996.

....commands one at a time and then combine them into an if or do command once all the necessary cases have been covered. To do this, we need a semantics for guarded commands independent of the if or do that normally surrounds them; this is provided by an extension to the guarded commands language ([8, 9]) that treats the normal if command as being a composition using distinct operators: guarding ( demonically nondeterministic alternative composition ( and if itself. Each of these operators has its own weakest preconditions semantics (do is defined in terms of if and recursion, as usual) ....

Carroll Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988. 18

....since we have seen it fail, in fact the old version o ers proven, reliable behavior outside of those known errors. It can be used to protect the system from incidental errors created in the new versions. Thus, in this era of frameworks wherein components can be swapped in and out during run time [4, 5, 7, 8, 10], there is no reason to simply ignore the version history of a component when it comes time to evolve it. Instead, we can treat the component versions as a special multi versioned system, one where we know the speci c di erences between versions. Running a speci ed set of these versions, rather ....

J. Purtilo. The POLYLITH Software Bus. ACM Transactions on Programming Languages and Systems, 16(1):151-174, Jan. 1994.

....more precise (c) Both imprecise Figure 1: Comparison of implicit and explicit representations of aliases. 2. 4 Analysis Precision and Sensitivity Since the basic problem of determining pointer induced aliases is undecidable for programs with multiple levels of indirection [LR91, Lan92b, Ram94] practical pointer aliasing algorithms are approximate. Many algorithms use intraprocedural propagation of aliases through pointer assignment statements in a manner conceptually similar to the single level pointer aliasing algorithm in Chapter 10 of [ASU86] with extensions to handle ....

G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467--1471, September 1994.

....that this de nition is equivalent to the following: S vS 0 (8q S:q S 0 :q) Correctness and re nement can also be connected through speci cation statements. If S is conjunctive and is only allowed to change the variables y, then fpg S fqg y : p; q] v S 5 (this is proved in [13]) Equivalently, this can be stated as follows: fpg S fqg fpg; y : y j q] v S This means that fpg; y : y j q] is the most abstract speci cation of a statement S that satis es the correctness triple fpg S fqg. Thus, any statement that satis es this triple must be a re nement of fpg; y : y ....

C.C. Morgan. The Specication Statement. ACM Transactions on Programming Languages and Systems, 10:403-419, 1988.

.... The paper presents a novel approach to design of software based safetycritical systems allowing to enhance the system s dependability [7] Enhancing of the dependability is achieved from two sources: the first is an application of a formal framework the probabilistic refinement calculus [4, 11] for the development of the system; the second is the use of so called parameterized refinement a new extension of the notion of program refinement as our main design technique. Formal methods like the refinement calculus [1] give us techniques to formally specify the functionality of ....

....Programs: Weakest Precondition Semantics Weakest precondition calculus proposed by Dijkstra [5] is a basis for reasoning about the correctness of imperative (in general, non deterministic) programs. An extension of the calculus is the probabilistic weakest precondition calculus of Morgan et al. [11] which supports reasoning about correctness of programs combining non determinism and probabilities. In the sequel we will refer to such programs as to the probabilistic ones. The correspondence between weakest precondition calculus for standard and for probabilistic program is illustrated in Fig. ....

[Article contains additional citation context not shown here]

C. C. Morgan, A. K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996.

.... [26] Development of a method similar to the refinement calculus but incorporating probabilistic reasoning [23] led to the extension of the guarded command language by Dijkstra [10] by a binary probabilistic choice operator [13] together with a notion of refinement between probabilistic programs [13, 21]. In our previous work [17] used the method to obtain a quantified measure of system safety. The reasoning was conducted in a sequential style. Here we extend those ideas to treat parallel behaviour, since many safety critical systems exhibit parallel activity. For instance, a system transmitting ....

.... non Gamma deterministic choice (1) 2 j if B 1 P rog [ conditional composition [ Bm P rog fi j do B 1 P rog [ iterative composition [ Bm P rog od j j[ var x; P rog ]j : z block with local variables x and global variables z extended by binary probabilistic choice [13, 21] P rog : j P rog p Phi P rog probabilistic choice: 2) Here Q; B 1 : Bm are predicates, x; z are lists of variables, x 0 are values of variables x obtained as a result of assignment, E is a list of expressions, p is probability, p 2 [0; 1] The statement abort is the never ....

[Article contains additional citation context not shown here]

C. C. Morgan, A. K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996. 29

....and removed while the basic computation of the original algorithm is preserved. In this way the algorithm becomes more coarse grained and centralized. Only the essential parts of the algorithm are then left for verification. The coarsement method is formalized within the refinement calculus [1, 10, 11]. Moreover, we show that coarsement can be seen as a special kind of superposition refinement [3] within this calculus. Abstract presented at the 13th Symposium on the Principles of Distributed Computing (PODC 94) Los Angeles, USA, August 1994. 1 We describe the method by verifying a ....

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

.... [App98, Muc97,BGS94] Currently, in compilers for Instruction Level Parallelism (ILP) processors alias analysis is even more important since it can improve the performance of the instruction scheduler [Fis81,Fis84] However, exact alias analysis is impractical, and in general undecidable [Ram94], because of the difficulties in determining which objects are referenced by pointers at a given point in a program. Hence, every approach to alias analysis makes some conservative approximations to the alias relation, determining what is called a mayalias relation. A pair of expressions (e1,e2) ....

G. Ramalingam, The Undecibility of Aliasing, ACM Transaction on Programming Languages and Systems, Vol. 16, n. 5, 1994, 1467-1471.

....Each of these areas is summarized briefly below. Distributed Configurable Systems The research in the area of distributed configurable systems has been focussed on dynamically changing the relationships and connections between components, and in replacing components while the system is running [16, 18, 22, 32, 40]. Transaction models are generally used to control when replacement takes place, and mechanisms have been developed to transfer state to the new component [23] However, emphasis is on reconfiguring a system for a new task or in simply on thefly component replacement, and the general assumption is ....

....The leading candidate for application is CORBA, the distributed component standard, but other promising frameworks include dynamic link libraries and JavaBeans. Existing research frameworks exploring issues in distributed configurable systems may also provide good beginning foundations (e.g. [4, 26, 32, 33, 34, 38]) There are many needed directions for future work, besides the transfer to current component frameworks. These include: ffl Extending the current work to handle voting mechanisms and state computations, including global and persistent state that the component has access to. ffl Investigating ....

J. Purtilo. The POLYLITH Software Bus. ACM Transactions on Programming Languages and Systems, 16(1):151--174, Jan. 1994.

....of its points x, we say that a formula # (a sequent # # #)isvalid in x,insymbolsF,x = # (F,x =## #) if for every valuation on F , the formula (the sequent) is true at x. We remark that the given notion of validity of a sequent on a frame is di#erent from the one given by B.M. Kapron in [20]; his notion corresponds to global consequence and ours to the local consequence relation. Let K be a class of frames. Sq (K) denotes the class of all sequents that are valid in every frame in K, i.e. # # # # Sq (K) ##F#K, F # # # #. It is easy to show that Sq (K) is a normal deductive ....

....Amsterdam, 1994. 18] J. Jaspars and E. Thijsee, Fundamentals of partial modal logic,inPartiality, Modality and Nonmonotonicity, edited by P. Doherty, CSLI Publications, Stanford, 1995. 19] B. Jonsson and A. Tarski. Boolean Algebras With Operators, Part I, Amer.J.ofMath. 73 (1951) pp. 891 939. [20] B.M. Kapron, Modal Sequents and Definability, TheJournalofSymbolicLogic, 45 (1987) pp. 757 762. 21] N. Kurtonina and M. de Rijke, Simulating without Negation, Journal of Logic and Computation, 7 (1997) pp. 501 522. 22] A. Petrovich, Distributive Lattices with an Operator, Studia Logica, 56, ....

[Article contains additional citation context not shown here]

Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996.

....rules for data refinement of programs can be derived from the general algebraic properties of the encoding operator. We work within the refinement calculus framework described in [7] This is a formalisation using classical strongly typed higher order logic of the traditional refinement calculus [1, 2, 16] which was based on the weakest precondition semantics of programs [9] The basis of the refinement calculus is the predicate transformer hierarchy, where program are modeled as predicate transformers, which in turn are built from predicates, functions and relations using homomorphic operators ....

C.C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

....use of different analysis methods. The may aliasing problem is proved polynomial for single level pointers [21] and NP hard for multiplelevel pointers [21, 25] The problem is also proved P space hard for finite level ( 2) pointer dereferences [19] and undecidable for recursive data structures [20, 30]. The FA relation is similar to the points to relation [37] and the PWA relation [2, 24] The approach in [37] is based on a non standard type inference technique; it handles type casting and indirect calls through function pointers, but does not allow structure types as in C. The approach in [2, ....

G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467-- 1471, September 1994.

No context found.

J. M. Purtilo: The Polylith Software Bus. ACM Transactions on Programming Languages and Systems, 16(1), 1994

No context found.

J. M. Purtilo: The Polylith Software Bus, ACM Transactions on Programming Languages and Systems, January 1994

No context found.

C.C. Morgan, A.K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325-353, May 1996.

No context found.

C.C. Morgan, A.K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996.

No context found.

C. C. Morgan, A. K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325-353, May 1996.

....a precise polynomial time verification algorithm for shallow programs. Main Results The main complexity results established in this paper are as follows (in all cases, we assume that programs are shallow) In the presence of recursive data structures, typestate verification is undecidable [19, 24]. s0 : x : new ( s1 : y : new ( z : y; y.close( z : x; s2 : z.read( while ( s4 : f.read( f.close( Fig. 1. Program fragments illustrating the effect of aliasing on typestate verification. Verification is in P for omission closed properties: a property is ....

G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467--1471, 1994.

.... these architectural approaches have consistently failed to address the relationship between the abstract architectural models and concrete system implementations [ 16] On the other hand, a number of software interoperability technologies have emerged primarily, though not exclusively (e.g. [11,22,25]) from industry [27,32,35] These technologies provide solutions for composing implementation level, coarse grain software components, giving developers powerful system building tools. However, although it has been shown that they indeed influence the architectural characteristics of systems [4] ....

J. Purtilo. The Polylith Software Bus. ACM Transactions on Programming Languages and Systems, January 1994.

.... 14 A, FIN 20520 Turku, Finland email: etroubit ra.abo.fi Turku Centre for Computer Science TUCS Technical Report No 173 April 1998 ISBN 952 12 0196 7 ISSN 1239 1891 Abstract Probabilistic choice and demonic nondeterminism have been combined in a model for sequential programs [11, 8] in which program refinement is defined by removing demonic nondeterminism. Here we study the more general topic of data refinement in the probabilistic setting, extending standard techniques to probabilistic programs. We use the method to obtain a quantitative assessment of safety of a ....

....the local state cannot be observed directly an assumption that is vital for the discussion of data refinement. In this paper we consider datatypes whose operations may have probabilistic choices, and thus our model for programs is a relational style structure augmented with probabilities [11, 8]. As in standard relational models, a program is represented by a relation between (initial) states and possibly many (final) states. But in our model we include the probabilistic structure underlying our programs behaviours by by taking the final states in fact to be probability distributions ....

[Article contains additional citation context not shown here]

C. C. Morgan, A. K. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996.

....than Booleans. The underlying model is of a branching time computation using the now common sets of probability distributions , and it is connected to a program logic via the expectation transformers originally introduced by Kozen [13] for deterministic probabilistic programs and extended by us [20] to include demonic programs as well. Formulae become real rather than Boolean valued functions of the state space; they can then be interpreted directly as probabilities, but more generally they are to be regarded as expectations (of random variables from probability theory) The resulting ....

....steps. 1 The path distributions are determined by transition probabilities in the usual way (measures over Borel sets based on cylinders) One advantage of using calculus is to side step explicit mention of the path distributions, relying instead on the correspondence proved elsewhere [14, 13, 20] between program logic and transition semantics. But there are practical benefits as well: we find that general expectations allow us to treat more than probabilities indeed often an expected quantitity such as number of steps to termination is required, rather than a specific probability. ....

[Article contains additional citation context not shown here]

Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325--353, May 1996.

....than Booleans. The underlying model is of a branching time computation using the now common sets of probability distributions , and it is connected to a program logic via the expectation transformers originally introduced by Kozen [13] for deterministic probabilistic programs and extended by us [20] to include demonic programs as well. Formulae become real rather than Boolean valued functions of the state space; they can then be interpreted directly as probabilities, but more generally they are to be regarded as expectations (of random variables from probability theory) The resulting ....

....steps. 1 The path distributions are determined by transition probabilities in the usual way (measures over Borel sets based on cylinders) One advantage of using calculus is to side step explicit mention of the path distributions, relying instead on the correspondence proved elsewhere [14, 13, 20] between program logic and transition semantics. But there are practical bene ts as well: we nd that general expectations allow us to treat more than probabilities indeed often an expected quantitity such as number of steps to termination is required, rather than a speci c probability. This ....

[Article contains additional citation context not shown here]

Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325-353, May 1996.

No context found.

C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10(3):403--419, July 1988.

No context found.

C. C. Morgan. The specification statement. ACM Transactions on Programming Languages and Systems, 10:403--419, 1988.

No context found.

C. Morgan, A. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325-353, 1996.

No context found.

PURTILO, J. M. The Polylith Software Bus. ACM Transactions on Programming Languages and Systems (TOPLAS) 16, 1 (January 1994), 154--174.

No context found.

C. C. Morgan. The speci cation statement. ACM Transactions on Programming Languages and Systems, 10(3), Jul 1988.

No context found.

C. Morgan, A. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 8(1):1-30, January 1999.

No context found.

Purtilo, J. M.: The Polylith Software Bus. ACM Transactions on Programming Languages and Systems, #6(#), #994. 95

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC