Morris J. Laws of data refinement. Acta Informatica 26 (1989) 287--308.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....and postcondition rule described above. For abstract data types, refinement means again that each implementation of refinement is an implementation of the original specification [Win83, GM94] Such data type refinement can be mediated by a change in the way data is modeled [GM94, MG90, Mor94, Mor89] One can use an abstraction function [Hoa72] or relation [LP97, Nip86, Sch90, SWO97] to translate between logical assertions in the theory of one abstract model and another. For example, suppose the specification C is a refinement of A, and C is stated using a theory TC , which we assume ....

Morris, J. M. Laws of data refinement. Acta Informatica, 26(4):287--308, February 1989.

....significantly, while verification is tied to analysis and support tools, program derivation deals with the very essence of the design process, the way one thinks about problems and constructs solutions. In sequential programming, formal derivation enjoys a long standing and prestigious tradition [4, 5, 7, 8, 14, 15]. By contrast, derivation is a relatively new concern in concurrent programming. Although a clean and comprehensive characterization of the field is difficult to make and is beyond the scope of this paper, three general directions seem to have emerged in the concurrency area. Constructivist ....

J. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....and concrete systems. If A is an action that acts on variables a, C is an action that acts on variables c, and I is an abstraction invariant then we write A v I C for A is data refined by C under abstraction invariant I . The weakest precondition definition of A v I C can be found in [2, 3, 16, 18]. The following rule for data refinement of guarded actions (with output) is easily derived from the definition: Rule 7 Q I ) P I [a; cnE ; F ] y Delta P Gamma a; y : E ; y v I y Delta Q Gamma c; y : F ; y An action system M is refined by action system N under abstraction ....

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....significantly, while verification is tied to analysis and support tools, program derivation deals with the very essence of the design process, the way one thinks about problems and constructs solutions. In sequential programming, formal derivation enjoys a long standing and prestigious tradition [4, 5, 7, 8, 14, 15]. By contrast, derivation is a relatively new concern in concurrent programming. Although a clean and comprehensive characterization of the field is difficult to make and is beyond the scope of this paper, three general directions seem to have emerged in the concurrency area. Constructivist ....

J. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....# # Here # denotes the vector of coordinates of the state space, and # the vector of specification variables occurring in the specification. This formula, which is a special case of the main result of [2] is slightly different from the one occurring in the literature on refinement calculus (e.g. [5, 6, 7]) it has the advantage of sometimes giving a weaker precondition (in fact, the weakest possible sound one) and it preserves conjunctiveness of wp . We shall, however, only use it to deduce from it the following special result (which was proved in [1] in a state space with coordinate vectors ## ....

....## ## # ## ## # #Hd#### Tl### Hd## (5) eof # # ### (6) AB66 4 The statement ## ##### is a so called assertion statement, whose semantics is defined by wp###### # # # # # In other words, assertion statement ### behaves like skip when boolean condition # is satisfied, and aborts otherwise. See [5, 7] for further discussion. Boolean function eof will mainly be used as a so called coercion statement, whose semantics is defined by wp#### # ## # ## # (Note that we do not introduce a special bracket pair to distinguish the coercion statement from its underlying boolean expression. As explained ....

[Article contains additional citation context not shown here]

J.M. Morris, Laws of data refinement. Acta Inf. 26 (1989), 287--308.

....interface. The relationship between a specification with precondition # and postcondition # , both expressed in the model variable # , on the one hand, and the body # , expressed in the field # , on the other, should be described by a coordinate transformation [2] also known as data refinement [11, 12]. That is to say, for model invariant # and implementation invariant # , the implementation body # should satisfy ### # ## #### ## ## # ### # # # # ## # #### ## ## # # # ## # # Using the one point rule, we may simplify this to ### # ## ### ## # # #### # # #### # #### ## ## # # # ## # # In ....

J.M. Morris, `Laws of data refinement'. Acta Inf. 26 (1989), 287--308.

.... concrete program variables using an abstraction relation [11] In the refinement calculus, the abstraction relation is modelled by an abstraction command, and we say that S : Sigma 7 Sigma is data refined by S 0 : Sigma 0 7 Sigma 0 under abstraction command ff : Sigma 0 7 Sigma if [9, 21, 24]: ff; S S 0 ; ff: For a more comprehensive treatment of data refinement of predicate transformers see [9, 21, 24] Here we will simply look at how data refinement distributes through thd fusion and product operators. For predicate transformer T , the right adjoint of T , denoted T r , ....

.... modelled by an abstraction command, and we say that S : Sigma 7 Sigma is data refined by S 0 : Sigma 0 7 Sigma 0 under abstraction command ff : Sigma 0 7 Sigma if [9, 21, 24] ff; S S 0 ; ff: For a more comprehensive treatment of data refinement of predicate transformers see [9, 21, 24]. Here we will simply look at how data refinement distributes through thd fusion and product operators. For predicate transformer T , the right adjoint of T , denoted T r , satisfies T ; T r skip skip T r ; T: T has a right adjoint if and only if T is universally disjunctive [24] In ....

J.M. Morris. Laws of data refinement. Acta Inf., 26:287--308, 1989.

....significantly, while verification is tied to analysis and support tools, program derivation deals with the very essence of the design process, the way one thinks about problems and constructs solutions. In sequential programming, formal derivation enjoys a long standing and prestigious tradition [4, 5, 7, 8, 14, 15]. By contrast, derivation is a relatively new concern in concurrent programming. Although a clean and comprehensive characterization of the field is difficult to make and is beyond the scope of this paper, three general directions seem to have emerged in the concurrency area. Constructivist ....

J. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....generics. Gries and Prins [21] suggest a stratified proof of a program obtained by transformation: if a generic is correct and an implementation of its abstract type is correct, the transformed algorithm will be correct. Morgan [42] extends these techniques for proofs of data refinements. Morris [43] provides calculational laws for refinement of programs written in terms of abstract types such as bags and sets. Related methods might be used for proofs of refinements with a system such as ours; a library of proven lemmas about generic components would greatly simplify the task of proving a ....

J. M. Morris, "Laws of Data Refinement," Acta Informatica, vol. 26, pp. 287-308, 1989.

....is interpreted by predicate transformers in the tradition of Dijkstra s wp calculus [12] and the refinement calculus [34, 5, 32] but extended to communicating programs. For performing the abstractions we use a variant of the data refinement theory of Back [4] Gardiner Morgan [16] and Morris [35]. Details can be found in the monograph [37] Compilation and Synthesis for Real Time Embedded Controllers 5 The exposition up to now is of course oversimplified. Firstly, the model of the instruction s e#ect is too abstract. For example, the Transputer instructions reference memory locations ....

J. M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....However, in practice we want to calculate data refinements in a structure preserving way. In this, we can improve on Theorem 7, using the fact that the decoding D is of the form fRg. As a result, we get rules that are essentially equivalent to traditional rules for data refinement by calculation [3, 17, 18, 20]. We number the rules in the same way as in Theorem 7, but we only state the cases where the assumption that D is universally disjunctive gives us a better result than before. Theorem 13 Assume that D is the universally disjunctive decoding D = fRg. Then (c) magic # D = fdom: Rg ; magic, d) ....

....the rules to the level of program variables. It is not our aim to derive a complete collection of such rules, but we shall give an example of how such rules are derived. In practice, what we get is syntactic rules for data refinement, much like those that have been described in detail elsewhere [8, 17, 18]. As an example, consider the rule for encoding a demonic assignment with a functional abstraction (Theorem 16 (c) P ] # (frg ; hfi) frg ; jf j ; P ; f Gamma1 ] r] In assignment notation, we have [x : x 0 j b] # (fcg ; hx=y : ei = frule aboveg fcg ; x=y : x j x = e) x : x ....

[Article contains additional citation context not shown here]

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....a simpler checker. 11 Related work Most work on data abstraction seems to be directed at one of two goals: algorithm design or structuring large systems. When data abstraction is used for algorithm design, the representation is inlined into the site of use as the refinement step of the design [5, 16, 25, 22, 39, 69 17, 14]. Consequently, the work on this kind of data abstraction is largely unconnected with the large system structuring problems that we are concerned with in this paper. This is not to deny that the underlying mathematics of data abstraction applies to both enterprises. Indeed, our first verification ....

Joseph M. Morris. Laws of data refinement. Acta Informatica, 26(4):287-- 308, February 1989. 166

....the sets by lists for the sake of an efficient implementation. When is this kind of data refinement valid The key concepts here are algebras and homomorphisms. Data refinement in the imperative world has been studied by Morgan [Mor88] and Gardiner [GM89, GM88] Gries and Volpano [GV90] Morris [Mor89] and others. The data structures are considered given, and the main question is how to replace one by another and retain correctness. But if the data structures were developed in a kind of family tree, then their relationships already give strong hints about using one in place of another. This ....

Joseph M. Morris. Laws of data refinement. Acta Informatica, (26):287 -- 308, 1989.

....If S is a statement on the variables x, z, S # is a statement on the variables x # , z, and R(x, x # , z) is the abstraction invariant, then we write S #R S # for S is data refined by S # under abstraction invariant R . The weakest precondition definition of data refinement as described in [4, 14, 15] is as follows: Definition 1 (Data Refinement in WP) S #R S # if for each postcondition P independent of the concrete variables x # , R # [S]P # [S # ] #x. R # P ) The definition of data refinement in B AMN [3] is given below. Let pre(S) S]true, i.e. pre(S) represents the condition ....

J. M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

.... of representing programs as predicate transformers are discussed in [GM91] and [DS90] The extension from Dijkstra s language to the refinement calculus was made by Back [Bac78] Bac81] Bac88a] then redeveloped independently twice in the late 1980 s by Morris [Mor87] Mor90c] Mor90b] Mor89] and by Morgan and Robinson [MR87] MRG88] Mor90a] 2.2.1 Values and States Let Var be a countable set of variables. Generally we will not distinguish between sets and sequences of variables, so we assume some total ordering over Var, which gives a one to one correspondence between a set of ....

Joseph M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989. Ref. on page 9.

....and concrete state (a and c respectively) and CI is a concrete state invariant. For this situation, we get simpler calculations: 4 a; x : h Pre ; Post i becomes c; x : h Pre [a n AF(c) Post [a n AF(c) i i.e. simple substitution 2 for a with AF (c) Further details can be found in [7, 4, 8, 2, 9]. 3 Initial specification The initial specification is shown in Figure 2. This specification was derived systematically from the Object Z specification developed by Gordon Rose using techniques similar to those described in [5] Only the five selected operations are shown. 3.1 State The state of ....

J. M. Morris. Laws of data refinement. Acta Informatica, 26, 1989.

....The refinement approach starts with a formal, abstract specification of the required product and transforms this in a sequence of small steps into a form suitable for execution. 1. 2 What is the refinement calculus The refinement calculus, developed independently by Back, Morgan and Morris, [1, 2, 3, 4, 5, 6, 7, 8] provides a uniform method for deriving programs from specifications. The calculus extends a programming language with an abstract specification construct. The calculus defines formally an ordering between specifications that allows one specification to be substituted for another. The semantics of ....

....that is being used. In fact, since RRE allows Prolog bodies for rules you can add arbitrary rules in that system, but the resulting derivations may be unsound. We may also wish to introduce new refinement relations and associated rules, such as for certain formulations of data refinement [8, 34]. Support for larger derivations means larger theories and so the theorem prover needs to be able to handle large theories efficiently. The RRE prover is quite primitive in this respect, with minimal support for theory libraries and dependency management. Chapter 6 Consequences for the PRT ....

J. M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

....mainly by example, without attempting to describe the mathematical underpinnings of the method. Of course it is very important that the specification language be given a formal semantics so that we can formally derive the laws of refinement, but that is a separate issue and is discussed elsewhere [1 6]. We use various typefaces in specifications and explanatory text, just to help the eye; they have no significance otherwise. 2. A simple example Figure 1 is a specification in a Pascal like syntax of a simple library catalogue, with explanations following. The actual type definitions of BOOK ....

....refines another, but refine modules constructively; we decide on the new set of variables and an abstraction invariant, and then make the new module by operating on the old module with the laws of data and procedural refinement. For a more comprehensive treatment of the refinement calculus see [1 6]. 7. Implementing the library One way to implement the library described by the specification of Figure 7 is to expand textually all the definitions and include s, arriving at a module in the style of Figure 2, and then implement the procedures and functions. But that is not what we want ....

J. M. Morris, Laws of data refinement, Acta Informatica 26 (1989) 287-308.

No context found.

Morris J. Laws of data refinement. Acta Informatica 26 (1989) 287--308.

No context found.

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

No context found.

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

No context found.

J.M. Morris. Laws of data refinement. Acta Inf., 26:287--308, 1989.

No context found.

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

No context found.

J. M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

No context found.

J.M. Morris. Laws of data refinement. Acta Informatica, 26:287--308, 1989.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC