562 research outputs found
A Refinement Calculus for Logic Programs
Existing refinement calculi provide frameworks for the stepwise development
of imperative programs from specifications. This paper presents a refinement
calculus for deriving logic programs. The calculus contains a wide-spectrum
logic programming language, including executable constructs such as sequential
conjunction, disjunction, and existential quantification, as well as
specification constructs such as general predicates, assumptions and universal
quantification. A declarative semantics is defined for this wide-spectrum
language based on executions. Executions are partial functions from states to
states, where a state is represented as a set of bindings. The semantics is
used to define the meaning of programs and specifications, including parameters
and recursion. To complete the calculus, a notion of correctness-preserving
refinement over programs in the wide-spectrum language is defined and
refinement laws for developing programs are introduced. The refinement calculus
is illustrated using example derivations and prototype tool support is
discussed.Comment: 36 pages, 3 figures. To be published in Theory and Practice of Logic
Programming (TPLP
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
Structural operational semantics through context-dependent behaviour
We present an operational semantics for an imperative language with concurrency and procedures. The approach is novel because we expose the building block operations – variable assignment and condition checking – in the labels on the transitions; these form the context-dependent behaviour of a program. Using this style results in two main advantages over existing formalisms for imperative programming language semantics: firstly, our individual transition rules are less cluttered, and secondly, we are able to more abstractly and intuitively describe the semantics of procedures, including by-value and by-reference parameters. Existing techniques in the literature tend to result in complex and hard-to-read rules for even simple language constructs, or avoid discussion of procedures and parameters entirely. Our semantics for procedures utilises the context-dependent behaviour in the transition label to neatly handle variable name scoping, and defines the semantics of recursion without requiring additional rules. We also demonstrate how the semantics may be extended to handle function calls within expressions, array element and record field updates, and higher-order programming constructs
A semantics for behavior trees
In this paper we give a formal definition of the requirements translation language Behavior Trees. This language has been used with success in industry to systematically translate large, complex, and often erroneous requirements documents into a structured model of the system. It contains a mixture of state-based manipulations, synchronisation, message passing, and parallel, conditional, and iterative control structures. The formal semantics of a Behavior Tree is given via a structure-preserving translation to a version of Hoare’s process algebra CSP, extended with state-based constructs such as guards and updates, and a message passing facility similar to that used in publish/subscribe protocols. We first provide the extension of CSP and its operational semantics, which preserves the meaning of the original CSP operators, and then the Behavior Tree notation and its translation into the extended version of CSP
AIRNET: A real-time comunications network for aircraft
A real-time local area network was developed for use on aircraft and space vehicles. It uses token ring technology to provide high throughput, low latency, and high reliability. The system was implemented on PCs and PC/ATs operating on PCbus, and on Intel 8086/186/286/386s operating on Multibus. A standard IEEE 802.2 logical link control interface was provided to (optional) upper layer software; this permits the controls designer to utilize standard communications protocols (e.g., ISO, TCP/IP) if time permits, or to utilize a very fast link level protocol directly if speed is critical. Both unacknowledged datagram and reliable virtual circuit services are supported. A station operating an 8 MHz Intel 286 as a host can generate a sustained load of 1.8 megabits per second per station, and a 100-byte message can be delivered from the transmitter's user memory to the receiver's user memory, including all operating system and network overhead, in under 4 milliseconds
- …