Ana Cavalcanti

The Semantics of Circus

Circus is a concurrent language for refinement; it is a unification of imperative CSP, Z, and the refinement calculus. We describe the language of Circus and the formalisation of its model in Hoare & Hes unifying theories of programming.

A UTP semantics for Circus

Circus specifications define both data and behavioural aspects of systems using a combination of Z and CSP constructs. Previously, a denotational semantics has been given to Circus; however, a shallow embedding of Circus in Z, in which the mapping from Circus constructs to their semantic representation as a Z specification, with yet another language being used as a meta-language, was not useful for proving properties like the refinement laws that justify the distinguishing development technique associated with Circus. This work presents a final reference for the Circus denotational semantics based on Hoare and He’s Unifying Theories of Programming (UTP); as such, it allows the proof of meta-theorems about Circus including the refinement laws in which we are interested. Its correspondence with the CSP semantics is illustrated with some examples. We also discuss the library of lemmas and theorems used in the proofs of the refinement laws. Finally, we give an account of the mechanisation of the Circus semantics and of the mechanical proofs of the refinement laws.

A Refinement Strategy for Circus

We present a refinement strategy for Circus, which is the combination of Z, CSP, and the refinement calculus in the setting of Hoare and He’s unifying theories of programming. The strategy unifies the theories of refinement for processes and their constituent actions, and provides a coherent technique for the stepwise refinement of concurrent and distributed programs involving rich data structures. This kind of development is carried out using Circus’s refinement calculus, and we describe some of its laws for the simultaneous refinement of state and control behaviour, including the splitting of a process into parallel subcomponents. We illustrate the strategy and the laws using a case study that shows the complete development of a small distributed program.

A Tutorial Introduction to CSP in Unifying Theories of Programming

In their Unifying Theories of Programming (UTP), Hoare & He use the alphabetised relational calculus to give denotational semantics to a wide variety of constructs taken from different programming paradigms. A key concept in their programme is the design: the familiar precondition-postcondition pair that describes the contract between a programmer and a client. We give a tutorial introduction to the theory of alphabetised relations, and its sub-theory of designs. We illustrate the ideas by applying them to theories of imperative programming, including Hoare logic, weakest preconditions, and the refinement calculus.

Algebraic reasoning for object-oriented programming

We present algebraic laws for a language similar to a subset of sequential Java that includes inheritance, recursive classes, dynamic binding, access control, type tests and casts, assignment, but no sharing. These laws are proved sound with respect to a weakest precondition semantics. We also show that they are complete in the sense that they are sufficient to reduce an arbitrary program to a normal form substantially close to an imperative program; the remaining object-oriented constructs could be further eliminated if our language had recursive records. This suggests that our laws are expressive enough to formally derive behaviour preserving program transformations, we illustrate that through the derivation of provably-correct refactorings.

Features of CML: A formal modelling language for Systems of Systems

We discuss the initial design for CML, the first formal language specifically designed for modelling and analysing Systems of Systems (SoSs). It is presented through the use of an example: an SoS of independent telephone exchanges. Its overall behaviour is first specified as a communicating process: a centralised telephone exchange. This description is then refined into a network of telephone exchanges, each handling a partition of the set of subscribers (telephone users). The refinement is motivated by a non-functional requirement to minimise the cabling required to connect geographically distributed subscribers, who are clustered. The exchanges remain as independent systems with respect to their local subscribers, whose service is unaffected by the loss of remote exchanges.

Refinement in Circus

We describe refinement in Circus, a concurrent specification language that integrates imperative CSP, Z, and the refinement calculus. Each Circus process has a state and accompanying actions that define both the internal state transitions and the changes in control flow that occur during execution. We define the meaning of refinement of processes and their actions, and propose a sound data refinement technique for process refinement. Refinement laws for CSP and Z are directly relevant and applicable to Circus, but our focus here is on new laws for processes that integrate state and control. We give some new results about the distribution of data refinement through the combinators of CSP. We illustrate our ideas with the development of a distributed system of cooperating processes from a centralised specification.

ZRC --- A Refinement Calculus for Z

Abstract. The fact that Z is a specification language only, with no associated program development method, is a widely recognised problem. As an answer to that, we present ZRC, a refinement calculus based on Morgans work that incorporates the Z notation and follows its style and conventions. This work builds upon existing refinement techniques for Z, but distinguishes itself mainly in that ZRC is completely formalised. In this paper, we explain how programs can be derived from Z specifications using ZRC. We present ZRC-L, the language of our calculus, and its conversion laws, which are concerned with the transformation of Z schemas into programs of this language. Moreover, we present the weakest precondition semantics of ZRC-L, which is the basis for the derivation of the laws of ZRC. More than a refinement calculus, ZRC is a theory of refinement for Z.

Theoretical Aspects of Computing - ICTAC 2006

Invited Papers.- Verifying a Hotel Key Card System.- Z/Eves and the Mondex Electronic Purse.- Verification Constraint Problems with Strengthening.- Semantics.- Quantitative ?-Calculus Analysis of Power Management in Wireless Networks.- Termination and Divergence Are Undecidable Under a Maximum Progress Multi-step Semantics for LinCa.- A Topological Approach of the Web Classification.- Concurrency.- Bisimulation Congruences in the Calculus of Looping Sequences.- Stronger Reduction Criteria for Local First Search.- A Lattice-Theoretic Model for an Algebra of Communicating Sequential Processes.- A Petri Net Translation of ?-Calculus Terms.- Model Checking.- Handling Algebraic Properties in Automatic Analysis of Security Protocols.- A Compositional Algorithm for Parallel Model Checking of Polygonal Hybrid Systems.- Thread-Modular Verification Is Cartesian Abstract Interpretation.- Formal Languages.- Capture-Avoiding Substitution as a Nominal Algebra.- Prime Decomposition Problem for Several Kinds of Regular Codes.- A New Approach to Determinisation Using Bit-Parallelism.- Logic and Type Theory.- Proving ATL* Properties of Infinite-State Systems.- Type Safety for FJ and FGJ.- Partizan Games in Isabelle/HOLZF.- Proof-Producing Program Analysis.- Real-Time and Mobility.- Reachability Analysis of Mobile Ambients in Fragments of AC Term Rewriting.- Interesting Properties of the Real-Time Conformance Relation tioco.- Model Checking Duration Calculus: A Practical Approach.- Spatio-temporal Model Checking for Mobile Real-Time Systems.- Tutorials: Extended Abstracts.- Tutorial on Formal Methods for Distributed and Cooperative Systems.- Decision Procedures for the Formal Analysis of Software.

A process algebraic framework for specification and validation of real-time systems

Following the trend to combine techniques to cover several facets of the development of modern systems, an integration of Z and CSP, called Circus, has been proposed as a refinement language; its relational model, based on the unifying theories of programming (UTP), justifies refinement in the context of both Z and CSP. In this paper, we introduce Circus Time, a timed extension of Circus, and present a new UTP time theory, which we use to give semantics to Circus Time and to validate some of its laws. In addition, we provide a framework for validation of timed programs based on FDR, the CSP model-checker. In this technique, a syntactic transformation strategy is used to split a timed program into two parallel components: an untimed program that uses timer events, and a collection of timers. We show that, with the timer events, it is possible to reason about time properties in the untimed language, and so, using FDR. Soundness is established using a Galois connection between the untimed UTP theory of Circus (and CSP) and our time theory.