Calculational Verification of Reactive Programs with Reactive Relations and Kleene Algebra

Reactive programs are ubiquitous in modern applications, and so verification is highly desirable. We present a verification strategy for reactive programs with a large or infinite state space utilising algebraic laws for reactive relations. We define novel operators to characterise interactions and state updates, and an associated equational theory. With this we can calculate a reactive program’s denotational semantics, and thereby facilitate automated proof. Of note is our reasoning support for iterative programs with reactive invariants, which is supported by Kleene algebra. We illustrate our strategy by verifying a reactive buffer. Our laws and strategy are mechanised in Isabelle/UTP, which provides soundness guarantees, and practical verification support

Predicative Semantics of Loops

A predicative semantics is a mapping of programs to predicates. These predicates characterize sets of acceptable observations. The presence of time in the observations makes the obvious weakest fixed-point semantics of iterative constructs unacceptable. This paper proposes an alternative. We will see that this alternative semantics is monotone and implementable (feasible). Finally a programming theorem for iterative constructs is proposed, proved, and demonstrated. A novel aspect of this theorem is that it is not based on invariants. Keywords Predicative semantics, fixedpoint semantics, recursion, loops, refinement calculi. 0 FORMALIZATION 0.0 Specifications and refinement Define xnat as the set of all natural numbers (nat) joined with an additional object 1. We will suppose the following properties of 1: it is larger than any natural number; 1 + i = 1 \Gamma i = 1; for all natural numbers i; and 1 \Gamma 1 = 0. I will use a `batch' model for specifications borrowed, in most res..

Semantics of quasi-boolean expressions.

No abstract

Logic Group Preprint Series

We provide rules for calculating with invariants in process algebra with data, and illustrate these with examples. The new rules turn out to be equivalent to the well known Recursive Specification Principle which states that guarded recursive equations have at most one solution. In the setting with data this is reformulated as `every convergent linear process operator has at most one fixed point ' (CL-RSP). As a consequence, one can carry out verifications in well-known process algebras satisfying CL-RSP using invariants