The Algebraic Properties of if-then-else with Commutative Three-Valued Tests

This thesis studies an algebraic model of computable programs and the if-then-else operation. The programs here are considered deterministic, but not assumed to be always halting, so they are modelled by a semigroup of partial functions, with several extra operations in addition to the original binary operation of the semigroup. The if-then-else operation involves not only programs, but logical tests too. Hence, it calls for a separate algebra of tests. Evaluating a test often requires running another program, so the tests are also possibly non halting. When tests do not always halt, the results of conjunctions (logical ‘and’) and disjunctions (logical ‘or’) can differ, depending on whether sequential or parallel evaluation is applied. The parallel evaluation is what this thesis adopts. The overall ‘program algebra’ consists of two sorts, one of programs and the other of tests. Each sort has its own operations, and there are hybrid operations such as if-then-else which involve both sorts. This thesis establishes the axioms of all these operations by building an embedding from the abstract program algebra into a concrete one. At the end is a discussion on the algebra of tests without the programs, where the differences between the two evaluation paradigms are explored in detail

On Hoare-McCarthy algebras

We discuss an algebraic approach to propositional logic with side effects. To this end, we use Hoare's conditional [1985], which is a ternary connective comparable to if-then-else. Starting from McCarthy's notion of sequential evaluation [1963] we discuss a number of valuation congruences and we introduce Hoare-McCarthy algebras as the structures that characterize these congruences.Comment: 29 pages, 1 tabl

Propositional logic with short-circuit evaluation: a non-commutative and a commutative variant

Short-circuit evaluation denotes the semantics of propositional connectives in which the second argument is evaluated only if the first argument does not suffice to determine the value of the expression. Short-circuit evaluation is widely used in programming, with sequential conjunction and disjunction as primitive connectives. We study the question which logical laws axiomatize short-circuit evaluation under the following assumptions: compound statements are evaluated from left to right, each atom (propositional variable) evaluates to either true or false, and atomic evaluations can cause a side effect. The answer to this question depends on the kind of atomic side effects that can occur and leads to different "short-circuit logics". The basic case is FSCL (free short-circuit logic), which characterizes the setting in which each atomic evaluation can cause a side effect. We recall some main results and then relate FSCL to MSCL (memorizing short-circuit logic), where in the evaluation of a compound statement, the first evaluation result of each atom is memorized. MSCL can be seen as a sequential variant of propositional logic: atomic evaluations cannot cause a side effect and the sequential connectives are not commutative. Then we relate MSCL to SSCL (static short-circuit logic), the variant of propositional logic that prescribes short-circuit evaluation with commutative sequential connectives. We present evaluation trees as an intuitive semantics for short-circuit evaluation, and simple equational axiomatizations for the short-circuit logics mentioned that use negation and the sequential connectives only.Comment: 34 pages, 6 tables. Considerable parts of the text below stem from arXiv:1206.1936, arXiv:1010.3674, and arXiv:1707.05718. Together with arXiv:1707.05718, this paper subsumes most of arXiv:1010.367

Guarded Kleene Algebra with Tests: Coequations, Coinduction, and Completeness

Guarded Kleene Algebra with Tests (GKAT) is an efficient fragment of KAT, as it allows for almost linear decidability of equivalence. In this paper, we study the (co)algebraic properties of GKAT. Our initial focus is on the fragment that can distinguish between unsuccessful programs performing different actions, by omitting the so-called early termination axiom. We develop an operational (coalgebraic) and denotational (algebraic) semantics and show that they coincide. We then characterize the behaviors of GKAT expressions in this semantics, leading to a coequation that captures the covariety of automata corresponding to these behaviors. Finally, we prove that the axioms of the reduced fragment are sound and complete w.r.t. the semantics, and then build on this result to recover a semantics that is sound and complete w.r.t. the full set of axioms

Formalizing and Verifying a Modern Build Language

CLOUDMAKE is a software utility that automatically builds executable programs and libraries from source code—a modern MAKE utility. Its design gives rise to a number of possible optimizations, like cached builds, and the exe-cutables to be built are described using a functional programming language. This paper formally and mechanically verifies the correctness of central CLOUDMAKE algorithms. The paper defines the CLOUDMAKE language using an operational semantics, but with a twist: the central operation exec is defined axiomatically, making it pluggable so that it can be replaced by calls to compilers, linkers, and other tools. The formalization and proofs of the central CLOUDMAKE algorithms are done entirely in DAFNY, the proof engine of which is an SMT-based program verifier