win and sin: predicate transformers for concurrency

  title={win and sin: predicate transformers for concurrency},
  author={Leslie Lamport},
  journal={ACM Trans. Program. Lang. Syst.},
  • L. Lamport
  • Published 1 July 1990
  • Physics
  • ACM Trans. Program. Lang. Syst.
The <italic>weakest liberal precondition</italic> and <italic>strongest postcondition</italic> predicate transformers are generalized to the <italic>weakest invariant</italic> and <italic>strongest invariant</italic>. These new predicate transformers are useful for reasoning about concurrent programs containing operations in which the grain of atomicity is unspecified. They can also be used to replace behavioral arguments with more rigorous assertional ones. 

Figures from this paper

Predicate transformers in the semantics of Circus
A more adequate basis for the formalisation of refinement and verification-condition generation rules is provided and this framework makes it possible to include logical variables and angelic nondeterminism in Circus.
A Predicate Transformer Semantics for a Concurrent Language of Refinement
This paper provides a more adequate basis for the formalisation of refinement and verificationcondition generation rules and makes it possible to include logical variables and angelic nondeterminism in Circus.
Metric Predicate Transformers: Towards a Notion of Refinement for Concurrency
The weakest precondition semantics for the parallel language is shown to be isomorphic to the standard metric state transformer semantics, and a notion of refinement for predicate transformers is proposed which corresponds to the familiar notion of simulation for state transformers.
Logical Foundations for Compositional Verification and Development of Concurrent Programs in UNITY
Adopting the assumption-commitment paradigm, conventional properties of UNITY programs are extended with an explicit rely condition on interference; previous variants of the logic can be retrieved by specialising or omitting this rely condition.
Local and temporal predicates in distributed systems
A temporal counterpart to the knowledge change theorem of Chandy and Misra is established which formally proves that the global view of a distributed system provided by its various observations does not differ too much from its truth behavior.
Predicate transformers in the context of symbolic modeling of transition systems
A procedure is developed for transforming such formulas by assignment operators and the obtained formulas are proved to correspond to strongest postconditions.
Conjunctive predicate transformers for reasoning about concurrent computation
This paper suggests predicate transformers for reasoning about progress properties and for deducing properties obtained by parallel composition and presents theorems about the predicatetransformers and suggests how they can be used in program design.
Properties of a predicate transformer of the VRS system
The following main property of the predicate transformer is proved: it calculates the strongest postcondition for symbolic states, as a function of formula transformation.


The ``Hoare Logic'' of CSP, and All That
A simple meta-rule of the generalized Hoare logic-the decomposition principle-is described, showing how all these methods for reasoning about concurrent programs can be derived using it.
Proving the Correctness of Multiprocess Programs
  • L. Lamport
  • Computer Science
    IEEE Transactions on Software Engineering
  • 1977
The inductive assertion method is generalized to permit formal, machine-verifiable proofs of correctness for multiprocess programs, represented by ordinary flowcharts, and no special synchronization mechanisms are assumed.
Proving Assertions about Parallel Programs
Reasoning about nonatomic operations
A method is presented that permits assertional reasoning about a concurrent program even though the atomicity of the elementary operations is left unspecified. It is based upon a generalization of
Ten Years of Hoare's Logic: A Survey—Part I
  • K. Apt
  • Computer Science
  • 1981
A survey of various results concerning Hoare's approach to proving partial and total correctness of programs is presented. Emphasis is placed on the soundness and completeness issues. Various proof
A New Approach to Proving the Correctness of Multiprocess Programs
A new, nonassertional approach to proving multiprocess program correctness is described by proving the correctness of a new algorithm to solve the mutual exclusion problem. The algorithm is an
On folk theorems
This paper shall attempt to provide a reasonable definition of or, rather, criteria fbr ~btk theorems, followed by a detailed example illustrating the ideas, and take a piece of ~blklore and show it is a theorem, or take a theorem and show that it is ff~lklore.
A new solution of Dijkstra's concurrent programming problem
A simple solution to the mutual exclusion problem is presented which allows the system to continue to operate despite the failure of any individual component.