11 research outputs found
Refinement algebra for probabilistic programs
We identify a refinement algebra for reasoning about probabilistic program transformations in a total-correctness setting. The algebra is equipped with operators that determine whether a program is enabled or terminates respectively. As well as developing the basic theory of the algebra we demonstrate how it may be used to explain key differences and similarities between standard (i.e. non-probabilistic) and probabilistic programs and verify important transformation theorems for probabilistic action systems.29 page(s
Probabilistic Demonic Refinement Algebra
We propose an abstract algebra for reasoning about probabilistic programs in a total-correctness framework. In contrast to probablisitic Kleene algebra it allows genuine reasoning about total correctness and in addition to Kleene star also has a strong iteration operator. We define operators that determine whether a program is enabled, has certain failure or does not have certain failure, respectively. The algebra is applied to the derivation of refinement rules for probabilistic action systems
Demonic Kleene Algebra
Nous rappelons dâabord le concept dâalgĂšbre de Kleene avec domaine (AKD). Puis, nous expliquons comment utiliser les opĂ©rateurs des AKD pour dĂ©finir un ordre partiel appelĂ© raffinement dĂ©moniaque ainsi que dâautres opĂ©rateurs dĂ©moniaques (plusieurs de ces dĂ©finitions proviennent de la littĂ©rature). Nous cherchons Ă comprendre comment se comportent les AKD munies des opĂ©rateurs dĂ©moniaques quand on exclut les opĂ©rateurs angĂ©liques usuels. Câest ainsi que les propriĂ©tĂ©s de ces opĂ©rateurs dĂ©moniaques nous servent de base pour axiomatiser une algĂšbre que nous appelons AlgĂšbre dĂ©moniaque avec domaine et opĂ©rateur t-conditionnel (ADD-[opĂ©rateur t-conditionnel]). Les lois des ADD-[opĂ©rateur t-conditionnel] qui ne concernent pas lâopĂ©rateur de domaine correspondent Ă celles prĂ©sentĂ©es dans lâarticle Laws of programming par Hoare et al. publiĂ© dans la revue Communications of the ACM en 1987. Ensuite, nous Ă©tudions les liens entre les ADD-[opĂ©rateur t-conditionnel] et les AKD munies des opĂ©rateurs dĂ©moniaques. La question est de savoir si ces structures sont isomorphes. Nous dĂ©montrons que ce nâest pas le cas en gĂ©nĂ©ral et nous caractĂ©risons celles qui le sont. En effet, nous montrons quâune AKD peut ĂȘtre transformĂ©e en une ADD-[opĂ©rateur t-conditionnel] qui peut ĂȘtre transformĂ©e Ă son tour en lâAKD de dĂ©part. Puis, nous prĂ©sentons les conditions nĂ©cessaires et suffisantes pour quâune ADD-[opĂ©rateur t-conditionnel] puisse ĂȘtre transformĂ©e en une AKD qui peut ĂȘtre transformĂ©e Ă nouveau en lâADD-[opĂ©rateur t-conditionnel] de dĂ©part. Les conditions nĂ©cessaires et suffisantes mentionnĂ©es prĂ©cĂ©demment font intervenir un nouveau concept, celui de dĂ©composition. Dans un contexte dĂ©moniaque, il est difficile de distinguer des transitions qui, Ă partir dâun mĂȘme Ă©tat, mĂšnent Ă des Ă©tats diffĂ©rents. Le concept de dĂ©composition permet dây arriver simplement. Nous prĂ©sentons sa dĂ©finition ainsi que plusieurs de ses propriĂ©tĂ©s.We first recall the concept of Kleene algebra with domain (KAD). Then we explain how to use the operators of KAD to define a demonic refinement ordering and demonic operators (many of these definitions come from the literature). We want to know how do KADs with the demonic operators but without the usual angelic ones behave. Then, taking the properties of the KAD-based demonic operators as a guideline, we axiomatise an algebra that we call Demonic algebra with domain and t-conditional (DAD-[opĂ©rateur t-conditionnel]). The laws of DAD-[opĂ©rateur t-conditionnel] not concerning the domain operator agree with those given in the 1987 Communications of the ACM paper Laws of programming by Hoare et al. Then, we investigate the relationship between DAD-[opĂ©rateur t-conditionnel] and KAD-based demonic algebras. The question is whether every DAD-[opĂ©rateur t-conditionnel] is isomorphic to a KAD-based demonic algebra. We show that it is not the case in general. However, we characterise those that are. Indeed, we demonstrate that a KAD can be transformed into a DAD-[opĂ©rateur t-conditionnel] which can be transformed back into the initial KAD. We also establish necessary and sufficient conditions for which a DAD-[opĂ©rateur t-conditionnel] can be transformed into a KAD which can be transformed back into the initial DAD-[opĂ©rateur t-conditionnel]. Finally, we define the concept of decomposition. This notion is involved in the necessary and sufficient conditions previously mentioned. In a demonic context, it is difficult to distinguish between transitions that, from a given state, go to different states. The concept of decomposition enables to do it easily. We present its definition together with some of its properties
Finite representability of semigroups with demonic refinement
The motivation for using demonic calculus for binary relations stems from the behaviour of demonic turing machines, when modelled relationally. Relational composition (; ) models sequential runs of two programs and demonic refinement (â) arises from the partial order given by modeling demonic choice (â) of programs (see below for the formal relational definitions). We prove that the class R(â,;) of abstract (â€,â) structures isomorphic to a set of binary relations ordered by demonic refinement with composition cannot be axiomatised by any finite set of first-order (â€,â) formulas. We provide a fairly simple, infinite, recursive axiomatisation that defines R(â,;). We prove that a finite representable (â€,â) structure has a representation over a finite base. This appears to be the first example of a signature for binary relations with composition where the representation class is non-finitely axiomatisable, but where the finite representation property holds for finite structures
Finite Representability of Semigroups with Demonic Refinement
Composition and demonic refinement of binary relations are
defined by \begin{align*} (x, y)\in (R;S)&\iff \exists z((x, z)\in R\wedge (z,
y)\in S)
R\sqsubseteq S&\iff (dom(S)\subseteq dom(R) \wedge
R\restriction_{dom(S)}\subseteq S)
\end{align*} where and
denotes the restriction of to pairs where
.
Demonic calculus was introduced to model the total correctness of
non-deterministic programs and has been applied to program verification.
We prove that the class of abstract
structures isomorphic to a set of binary relations ordered by demonic
refinement with composition cannot be axiomatised by any finite set of
first-order formulas. We provide a fairly simple, infinite,
recursive axiomatisation that defines . We prove that a
finite representable structure has a representation over a
finite base. This appears to be the first example of a signature for binary
relations with composition where the representation class is non-finitely
axiomatisable, but where the finite representations for finite representable
structures property holds
Scheduling of guarded command based models
Formal methods provide a means of reasoning about computer programs
in order to prove correctness criteria. One subtype of formal methods is
based on the weakest precondition predicate transformer semantics and uses
guarded commands as the basic modelling construct. Examples of such
formalisms are Action Systems and Event-B. Guarded commands can intuitively
be understood as actions that may be triggered when an associated
guard condition holds. Guarded commands whose guards hold are nondeterministically
chosen for execution, but no further control flow is present
by default. Such a modelling approach is convenient for proving correctness,
and the Refinement Calculus allows for a stepwise development method. It
also has a parallel interpretation facilitating development of concurrent software,
and it is suitable for describing event-driven scenarios. However, for
many application areas, the execution paradigm traditionally used comprises
more explicit control flow, which constitutes an obstacle for using the above
mentioned formal methods. In this thesis, we study how guarded command
based modelling approaches can be conveniently and efficiently scheduled in
different scenarios. We first focus on the modelling of trust for transactions
in a social networking setting. Due to the event-based nature of the scenario,
the use of guarded commands turns out to be relatively straightforward. We
continue by studying modelling of concurrent software, with particular focus
on compute-intensive scenarios. We go from theoretical considerations to the
feasibility of implementation by evaluating the performance and scalability
of executing a case study model in parallel using automatic scheduling performed
by a dedicated scheduler. Finally, we propose a more explicit and
non-centralised approach in which the flow of each task is controlled by a
schedule of its own. The schedules are expressed in a dedicated scheduling
language, and patterns assist the developer in proving correctness of the
scheduled model with respect to the original one
Model Checking and Model-Based Testing : Improving Their Feasibility by Lazy Techniques, Parallelization, and Other Optimizations
This thesis focuses on the lightweight formal method of model-based testing for checking safety properties, and derives a new and more feasible approach.
For liveness properties, dynamic testing is impossible, so feasibility is increased by specializing on an important class of properties, livelock freedom, and deriving a more feasible model checking algorithm for it.
All mentioned improvements are substantiated by experiments