841 research outputs found
Lazy Kleene Algebra
We propose a relaxation of Kleene algebra by giving up strictness and right-distributivity of composition. This allows the subsumption of Dijkstra's computation calculus, Cohen's omega algebra and von Wright's demonic refinement algebra. Moreover, by adding domain and codomain operators we can also incorporate modal operators. Finally, it is shown that the predicate transformers form lazy Kleene algebras again, the disjunctive and conjunctive ones even lazy Kleene algebras with an omega operation
Domain and range for angelic and demonic compositions
We give finite axiomatizations for the varieties generated by representable
domain--range algebras when the semigroup operation is interpreted as angelic
or demonic composition, respectively
Demonic Kleene Algebra
Nous rappelons d’abord le concept d’algèbre de Kleene avec domaine (AKD). Puis, nous expliquons comment utiliser les opérateurs des AKD pour définir un ordre partiel appelé raffinement démoniaque ainsi que d’autres opérateurs démoniaques (plusieurs de ces définitions proviennent de la littérature). Nous cherchons à comprendre comment se comportent les AKD munies des opérateurs démoniaques quand on exclut les opérateurs angéliques usuels. C’est ainsi que les propriétés de ces opérateurs démoniaques nous servent de base pour axiomatiser une algèbre que nous appelons Algèbre démoniaque avec domaine et opérateur t-conditionnel (ADD-[opérateur t-conditionnel]). Les lois des ADD-[opérateur t-conditionnel] qui ne concernent pas l’opérateur de domaine correspondent à celles présentées dans l’article Laws of programming par Hoare et al. publié dans la revue Communications of the ACM en 1987. Ensuite, nous étudions les liens entre les ADD-[opérateur t-conditionnel] et les AKD munies des opérateurs démoniaques. La question est de savoir si ces structures sont isomorphes. Nous démontrons que ce n’est pas le cas en général et nous caractérisons celles qui le sont. En effet, nous montrons qu’une AKD peut être transformée en une ADD-[opérateur t-conditionnel] qui peut être transformée à son tour en l’AKD de départ. Puis, nous présentons les conditions nécessaires et suffisantes pour qu’une ADD-[opérateur t-conditionnel] puisse être transformée en une AKD qui peut être transformée à nouveau en l’ADD-[opérateur t-conditionnel] de départ. Les conditions nécessaires et suffisantes mentionnées précédemment font intervenir un nouveau concept, celui de décomposition. Dans un contexte démoniaque, il est difficile de distinguer des transitions qui, à partir d’un même état, mènent à des états différents. Le concept de décomposition permet d’y arriver simplement. Nous présentons sa définition ainsi que plusieurs de ses propriétés.We first recall the concept of Kleene algebra with domain (KAD). Then we explain how to use the operators of KAD to define a demonic refinement ordering and demonic operators (many of these definitions come from the literature). We want to know how do KADs with the demonic operators but without the usual angelic ones behave. Then, taking the properties of the KAD-based demonic operators as a guideline, we axiomatise an algebra that we call Demonic algebra with domain and t-conditional (DAD-[opérateur t-conditionnel]). The laws of DAD-[opérateur t-conditionnel] not concerning the domain operator agree with those given in the 1987 Communications of the ACM paper Laws of programming by Hoare et al. Then, we investigate the relationship between DAD-[opérateur t-conditionnel] and KAD-based demonic algebras. The question is whether every DAD-[opérateur t-conditionnel] is isomorphic to a KAD-based demonic algebra. We show that it is not the case in general. However, we characterise those that are. Indeed, we demonstrate that a KAD can be transformed into a DAD-[opérateur t-conditionnel] which can be transformed back into the initial KAD. We also establish necessary and sufficient conditions for which a DAD-[opérateur t-conditionnel] can be transformed into a KAD which can be transformed back into the initial DAD-[opérateur t-conditionnel]. Finally, we define the concept of decomposition. This notion is involved in the necessary and sufficient conditions previously mentioned. In a demonic context, it is difficult to distinguish between transitions that, from a given state, go to different states. The concept of decomposition enables to do it easily. We present its definition together with some of its properties
Domain Range Semigroups and Finite Representations
Relational semigroups with domain and range are a useful tool for modelling nondeterministic programs. We prove that the representation class of domain-range semigroups with demonic composition is not finitely axiomatisable. We extend the result for ordered domain algebras and show that any relation algebra reduct signature containing domain, range, converse, and composition, but no negation, meet, nor join has the finite representation property. That is any finite representable structure of such a signature is representable over a finite base. We survey the results in the area of the finite representation property
Recommended from our members
Automated verification of refinement laws
Demonic refinement algebras are variants of Kleene algebras. Introduced by von Wright as a light-weight variant of the refinement calculus, their intended semantics are positively disjunctive predicate transformers, and their calculus is entirely within first-order equational logic. So, for the first time, off-the-shelf automated theorem proving (ATP) becomes available for refinement proofs. We used ATP to verify a toolkit of basic refinement laws. Based on this toolkit, we then verified two classical complex refinement laws for action systems by ATP: a data refinement law and Back's atomicity refinement law. We also present a refinement law for infinite loops that has been discovered through automated analysis. Our proof experiments not only demonstrate that refinement can effectively be automated, they also compare eleven different ATP systems and suggest that program verification with variants of Kleene algebras yields interesting theorem proving benchmarks. Finally, we apply hypothesis learning techniques that seem indispensable for automating more complex proofs
Synthesis of Strategies Using the Hoare Logic of Angelic and Demonic Nondeterminism
We study a propositional variant of Hoare logic that can be used for
reasoning about programs that exhibit both angelic and demonic nondeterminism.
We work in an uninterpreted setting, where the meaning of the atomic actions is
specified axiomatically using hypotheses of a certain form. Our logical
formalism is entirely compositional and it subsumes the non-compositional
formalism of safety games on finite graphs. We present sound and complete
Hoare-style calculi that are useful for establishing partial-correctness
assertions, as well as for synthesizing implementations. The computational
complexity of the Hoare theory of dual nondeterminism is investigated using
operational models, and it is shown that the theory is complete for exponential
time
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
- …