Cliff B. Jones

Learn More
Development methods for (sequential) programs that run in isolation have been studied elsewhere. Programs that run in parallel can interfere with each other, either via shared storage or by sending messages. Extensions to earlier development methods are proposed for the rigorous development of interfering programs. In particular, extensions to the(More)
syntax In Extended BNF (Backus-Naur Form), the syntax is roughly: Term = Exp | Type Exp = VSymb | CESymb{Exp}{Type} | DESymb VSymb‘:’Type‘·’Exp Type = CTSymb{Exp}{Type} | DTSymb VSymb‘:’Type‘·’Type | ‘<’VSymb‘:’Type‘·’Exp‘>’ In other words, expressions are built up from variables using two kinds of combinators: • compound expressions, whereby a constant is(More)
Recursive definition often results in partial functions; iteration gives rise to programs which may fail to terminate for some imputs. Proofs about such functions or programs should be conducted in logical systems which reflect the possibility of “undefined values”. This paper provides an axiomatization of such a logic together with examples of its use.
operation is true of a retrieved state, the representation state must satisfy the pre-condition of the representation operation. Theorem 8.6 For the first example in the preceding section, the sequent form of the domain obligation 8.4: ws ∈ Dicta, w ∈Word ` pre-CHECKWORD(w , retr -Dict(ws)) ⇒ pre-CHECKWORDa(w ,ws) is vacuously true because the operation on(More)
The challenge of finding compositional ways of (formally) developing concurrent programs is considerable. Various forms of rely and guarantee conditions have been used to record and reason about interference in ways which do indeed provide compositional development methods for such programs.This paper presents a new approach to justifying the soundness of(More)
This paper gives a comprehensive description of a typed version of the logic known as LPF. This logic is basic to formal specification and verified design in the software development method VDM. If appropriately extended to deal with recursively defined functions, the data types used in VDM, etc., it gives the VDM notation and its associated rules of(More)