Expression Refinement

This thesis presents a refinement calculus for expressions. The aim of refinement calculi is to make programming a mathematical activity, and thereby improve the correctness of programs. To achieve this, a refinement calculus provides a formal language and a set of rules that allow transformations of the language terms. Using a refinement calculus, to produce a correct program, the programmer writes a possibly non-algorithmic or inefficient term that nevertheless obviously describes the intended program. This term is the specification, and it is transformed into an efficient program by syntactic transformation, using the rules of the refinement calculus. This transformation is refinement

Diversity and Adjudication

This paper takes an axiomatic and calculational view of diversity (or "N-version programming"), where multiple implementations of the same specification are executed in parallel to increase dependability. The central notion is "adjudication": once we have multiple, potential different, outcomes, how do we come to a single result? Adjudication operators are explicitly defined and some general properties for these explored

E3: A Logic for Reasoning Equationally in the Presence of Partiality

. Partiality abounds in specifications and programs. We present a threevalued typed logic for reasoning equationally about programming in the presence of partial functions. The logic in essence is a combination of the equational logic E and typed LPF. Of course, there are already many logics in which some classical theorems acquire the status of neither-true-nor-false. What is distinctive here is that we preserve the equational reasoning style of E, as well as most of its main theorems. The principal losses among the theorems are the law of the excluded middle, the anti-symmetry of implication, a small complication in the trading law for existential quantification, and the requirement to show definedness when using instantiation. The main loss among proof methods is proof by mutual implication; we present some new proof strategies that make up for this loss. Some proofs are longer than in E, but the heuristics commonly used in the proof methodology of E remain valid. We pres..