# win and sin: predicate transformers for concurrency

@article{Lamport1990winAS, title={win and sin: predicate transformers for concurrency}, author={Leslie Lamport}, journal={ACM Trans. Program. Lang. Syst.}, year={1990}, volume={12}, pages={396-428} }

The <italic>weakest liberal precondition</italic> and <italic>strongest postcondition</italic> predicate transformers are generalized to the <italic>weakest invariant</italic> and <italic>strongest invariant</italic>. These new predicate transformers are useful for reasoning about concurrent programs containing operations in which the grain of atomicity is unspecified. They can also be used to replace behavioral arguments with more rigorous assertional ones.

## 93 Citations

Predicate transformers in the semantics of Circus

- Computer ScienceIEE Proc. Softw.
- 2003

A more adequate basis for the formalisation of refinement and verification-condition generation rules is provided and this framework makes it possible to include logical variables and angelic nondeterminism in Circus.

A Predicate Transformer Semantics for a Concurrent Language of Refinement

- Computer Science
- 2002

This paper provides a more adequate basis for the formalisation of refinement and verificationcondition generation rules and makes it possible to include logical variables and angelic nondeterminism in Circus.

Metric Predicate Transformers: Towards a Notion of Refinement for Concurrency

- Computer ScienceCONCUR
- 1995

The weakest precondition semantics for the parallel language is shown to be isomorphic to the standard metric state transformer semantics, and a notion of refinement for predicate transformers is proposed which corresponds to the familiar notion of simulation for state transformers.

A Foundation for Modular Reasoning About Safety and Progress Properties of State-Based Concurrent Programs

- Computer ScienceTheor. Comput. Sci.
- 1997

Logical Foundations for Compositional Verification and Development of Concurrent Programs in UNITY

- Computer ScienceAMAST
- 1995

Adopting the assumption-commitment paradigm, conventional properties of UNITY programs are extended with an explicit rely condition on interference; previous variants of the logic can be retrieved by specialising or omitting this rely condition.

Local and temporal predicates in distributed systems

- PhilosophyTOPL
- 1995

A temporal counterpart to the knowledge change theorem of Chandy and Misra is established which formally proves that the global view of a distributed system provided by its various observations does not differ too much from its truth behavior.

Predicate Transformers for Reasoning about Concurrent Computation

- Computer ScienceSci. Comput. Program.
- 1995

Predicate transformers in the context of symbolic modeling of transition systems

- Computer Science
- 2010

A procedure is developed for transforming such formulas by assignment operators and the obtained formulas are proved to correspond to strongest postconditions.

Conjunctive predicate transformers for reasoning about concurrent computation

- Computer Science
- 1993

This paper suggests predicate transformers for reasoning about progress properties and for deducing properties obtained by parallel composition and presents theorems about the predicatetransformers and suggests how they can be used in program design.

Properties of a predicate transformer of the VRS system

- Computer Science
- 2010

The following main property of the predicate transformer is proved: it calculates the strongest postcondition for symbolic states, as a function of formula transformation.

## References

SHOWING 1-10 OF 66 REFERENCES

The ``Hoare Logic'' of CSP, and All That

- Computer ScienceTOPL
- 1984

A simple meta-rule of the generalized Hoare logic-the decomposition principle-is described, showing how all these methods for reasoning about concurrent programs can be derived using it.

Proving the Correctness of Multiprocess Programs

- Computer ScienceIEEE Transactions on Software Engineering
- 1977

The inductive assertion method is generalized to permit formal, machine-verifiable proofs of correctness for multiprocess programs, represented by ordinary flowcharts, and no special synchronization mechanisms are assumed.

Reasoning about nonatomic operations

- PhysicsPOPL '83
- 1983

A method is presented that permits assertional reasoning about a concurrent program even though the atomicity of the elementary operations is left unspecified. It is based upon a generalization of…

Ten Years of Hoare's Logic: A Survey—Part I

- Computer ScienceTOPL
- 1981

A survey of various results concerning Hoare's approach to proving partial and total correctness of programs is presented. Emphasis is placed on the soundness and completeness issues. Various proof…

A New Approach to Proving the Correctness of Multiprocess Programs

- Computer ScienceTOPL
- 1979

A new, nonassertional approach to proving multiprocess program correctness is described by proving the correctness of a new algorithm to solve the mutual exclusion problem. The algorithm is an…

On folk theorems

- MathematicsCACM
- 1980

This paper shall attempt to provide a reasonable definition of or, rather, criteria fbr ~btk theorems, followed by a detailed example illustrating the ideas, and take a piece of ~blklore and show it is a theorem, or take a theorem and show that it is ff~lklore.

A new solution of Dijkstra's concurrent programming problem

- Computer ScienceCACM
- 1974

A simple solution to the mutual exclusion problem is presented which allows the system to continue to operate despite the failure of any individual component.