Predicate-Transformer Semantics of General Recursion

We develop the semantics of a language with arbitrary atomic statements, unbounded nondeterminacy, and mutual recursion. The semantics is expressed in weakest preconditions and weakest liberal preconditions. Individual states are not mentioned. The predicates on the state space are treated as elements of a distributive lattice. The semantics of recursion is constructed by means of the theorem of Knaster-Tarski. It is proved that the law of the excluded miracle can be preserved, if that is wanted. The universal conjunctivity of the weakest liberal precondition, and the connection between the weakest precondition and the weakest liberal precondition are proved to remain valid. Finally we treat Hoare-triple methods for proving correctness and conditional correctness of programs

NONDETERMINACY AND RECURSION VIA STACKS AND GAMES

The weakest-precondition interpretation of recursive procedures is developed for a language with a combination of unbounded demonic choice and unbounded angelic choice. This compositional formal semantics is proved to be equal to a game-theoretic operational semantics. Two intermediate stages are exploited. One step consists of unfolding the declaration of the recursive procedures. Fixpoint induction is used to prove the validity of this step. The compositional semantics of the unfolded declaration is proved to be equal to a formal semantics of a stack implementation of the recursive procedures. After an introduction to boolean two-person games, this stack semantics is shown to correspond to a game-theoretic operational semantics

An assertional proof for a construction of an atomic variable

The paper proves by assertional means the correctness of a construction of an atomic shared variable for one writer and one reader. This construction uses four unsafe variables and four safe boolean variables. Assignment to a safe but nonatomic variable is modelled as a repetition of random assignments concluded by an actual assignment. The proof obligation consists of four invariants. These are proved using 25 auxiliary invariants. The proof has been constructed and verified with the theorem prover NQTHM