C. B. Jones
- 1 ABRIAL, J.-R., AND SCHUMAN, S.A. Non-deterministic system specification. In Semantics of Concurrent Computation, G. Kahn (Ed.). Springer-Verlag, New York, 1979, pp. 34-50. Google Scholar
- 2 ACZEL, P. A note on program verification. Private communication, Jan. 1982.Google Scholar
- 3 APT, K.R., FRANCEZ, N., AND DE ROEVER, W.P. A proof system for communicating sequential processes. ACM Trans. Program. Lang. Syst. 2, 3 (July 1980), 359-385. Google Scholar
- 4 BURSTALL, R.M. Program proving as hand simulation with a little induction. In Proceedings, IFIP Congress 1974. ELsevier North-Holland, New York, 1974, pp. 308-312.Google Scholar
- 5 DIJKSTRA, E.W. A Discipline of Programming. Prentice-HaU, Englewood Cliffs, N.J., 1976. Google Scholar
- 6 DIJKSTRA, E.W., LAMPORT, L., MARTIN, A.J., SCHOLTEN, C.S., AND STEFFENS, E.F.M. On-thefly garbage collection: An exercise in cooperation. Commun. ACM 21, 11 (Nov. 1978), 966-975. Google Scholar
- 7 FLOYD, R.W. Assigning meanings to programs. In Proceedings of 19th Symposium on Applied Mathematics. American Mathematical Society, Providence, R.I., 1967, pp. 19-31.Google Scholar
- 8 FRANCEZ, N., ANn PNUELI, A. A proof method for cyclic programs. Acta Inf. 9, 2 (Apr. 1978), 133-157.Google Scholar
- 9 HAILPERN, B., AND OWICKI, S. Verifying network protocols using temporal logic. Private communication, 1981. Google Scholar
- 10 HOARE, C.A.R. Communicating sequential processes. Commun. ACM21, 8 (Aug. 1978), 666-677. Google Scholar
- 11 HOARE, C.A.R. Monitors: An operating system structuring concept. Commun. ACM 17, 10 (Oct. 1974), 549-557. Google Scholar
- 12 HOARE, C.A.R. Proof of correctness of data representations. Acta Inf. 1, 4 (Nov. 1972), 271-281.Google Scholar
- 13 HOARE, C.A.R. Proof of a program: FIND. Commun. ACM 14, 1 (Jan. 1971), 39-45. Google Scholar
- 14 HOARE, C.A.R. An axiomatic basis for computer programming. Commun. ACM 12, 10 (Oct. 1969), 576-580, 583. Google Scholar
- 15 JACKSON, M.A. System Development. Prentice-HaU International, Englewood Cliffs, N.J., 1982. Google Scholar
- 16 JONES, C.B. Development methods for computer programs including a notion of interference. Tech. Rep. PRG 25, Programming Research Group, Oxford Univ., Oxford, Eng., 1981.Google Scholar
- 17 JONES, C.B. Towards more formal specifications. In Software Engineerin~ Entwurf und Specifikation, C. Floyd and H. Kopetz (Eds.). B.G. Teubner, Stuttgart, W. Germany, 1981, pp. 14-45. Google Scholar
- 18 JONES, C.B. Software Development: A Rigorous Approach. Prentice-Hall International, Englewood Cliffs, N.J., 1980. Google Scholar
- 19 JONES, C.B. Constructing a theory of a data structure as an aid to program development. Acta Inf. 11, 2 (Jan. 1979), 119-137.Google Scholar
- 20 JONES, C.B. Formal development of programs. Tech. Rep. TR 12.117, IBM Hursley Laboratory, England, June 1973.Google Scholar
- 21 JONES, C.B. Formal development of correct algorithms: An example based on Earley's recogniser. In Proceedings of an ACM Conference on Proving Assertions about Programs (Las Cruces, N.M., Jan. 6-7, 1972). Published as combined issue: SIGPLAN Notices (ACM) 7, 1 (Jan. 1972), and SIGACT News 14 (Jan. 1972), 150-169. Google Scholar
- 22 KAHN, G. A preliminary theory for parallel programs. Tech. Rep. 6, IRIA, Le Chesnay, France, 1973.Google Scholar
- 23 LAMPORT, L. The "Hoare logic" of concurrent programs. Acta Inf. 14, 1 (June 1980), 21-37.Google Scholar
- 24 LAUER, P.E. Consistent formal theories of the semantics of programming languages. Tech. Rep TR25.121, IBM Laboratory Vienna, Nov. 1971.Google Scholar
- 25 LEVIN, G.M., AND GRIES, D. A proof technique for communicating sequential processes. Acta Inf. 15, 3 (June 1981), 281-302.Google Scholar
- 26 MANNA, Z. Properties of programs and the first-order predicate calculus. J. ACM 16, 2 (Apr. 1969), 244-255. Google Scholar
- 27 MANNA, Z., AND PNUELI, A. The modal logic of programs. In Proceedings, Sixth International Conference on Artificial Languages and Programming (Graz, Austria, July 1979), pp. 385-409. Google Scholar
- 28 MILNER, R. A Calculus of Communicating Systems. Springer-Verlag, New York, 1980. Google Scholar
- 29 MrLNER, R. An algebraic definition of simulation between programs. Tech. Rep. AIM-142, Computer Science Dept., Stanford Univ., Stanford, Calif., Feb. 1971. Google Scholar
- 30 MORRIS, J.H., JR. A correctness proof using recursively defined functions. In Formal Semantics of Programming Languages, R. Rustin (Ed.). Prentice-Hall, Englewood Cliffs, N.J., 1972.Google Scholar
- 31 NAUR, P. Proof of algorithms by general snapshots. BIT 6 (1966), 310-316.Google Scholar
- 32 OWICRI, S.S. Axiomatic proof techniques for parallel programs. Tech. Rep. TR 75-251, Dept. of Computer Science, Cornell Univ., Ithaca, N.Y., 1975. Google Scholar
- 33 OwxcKI, S., AND GRXES, D. Verifying properties of parallel programs: An axiomatic approach. Commun. ACM 19, 5 (May 1976), 279-285. Google Scholar
- 34 PLOTKIN, G.D. A power domain construction. SIAMJ. Comput. 5, 3 (Sept. 1976), 452-487.Google Scholar
- 35 PNUEU, A. The temporal semantics of concurrent programs. In Semantics of Concurrent Computation, G. Kahn (Ed.). Springer-Verlag, New York, 1979, pp. 1-20. Google Scholar
- 36 SMYTH, M.B. Power domains. J. Comput. Syst. Sci. 16 (1978), 23-36.Google Scholar
- 37 U.S. DEPT. OF DEFENSE. Reference Manual for the Ada Programming Language (Proposed standard document). July 1980.Google Scholar
- 38 VON LAMSWEERDE, A., AND SINTZOFF, M. Formal derivation of strongly correct parallel programs. Tech. Rep. R338, MBLE, Belgium, Oct. 1976.Google Scholar
- 39 WIRTH, N. Program development by stepwise refinement. Commun. ACM 14, 4 (Apr. 1971), pp. 221-227. Google Scholar
- 40 ZHOU, C.C., AND HOARE, C.A.R. Partial correctness of Communicating sequential processes. In Proceedings, 2d International Conference on Distributed Computing Systems (Apr. 1981).Google Scholar
- 41 ZHOU, C.C., A~D HOARE, C.A.R. Partial correctness of communicating processes and protocols. Tech. Rep. PRG-20, Programming Research Group, Oxford Univ., Oxford, Eng., 1981.Google Scholar
Index Terms
- Tentative steps toward a development method for interfering programs
Recommendations
Artefacts and agile method tailoring in large-scale offshore software development programmes
Context: Large-scale offshore software development programmes are complex, with challenging deadlines and a high risk of failure. Agile methods are being adopted, despite the challenges of coordinating multiple development teams. Agile processes are ...
Sprinting toward Open Source Development
The PyPy project's development approach combines the distributed paradigm prevalent in free and open source software development with sprints, which are usually associated with agile development and Extreme Programming. However, broader acceptance of ...
Baby Steps: Agile Transformation at BabyCenter.com
The authors describe BabyCenter.com's four-year journey from chaos to a relatively mature agile organization. From engineering teams tasked with more projects than developers, delivery dates set long before projects were scoped or staffed, and ...
Reviews
Randal P. Leavitt
C. B. Jones has produced a very interesting report. It summarizes the work done during his two year stay at Oxford, and illustrates the extension of his rigorous software development method to include the programming of concurrent processes. These programs are referred to as interfering because the concurrent tasks can interfere with each other's operation either by means of shared variables or with message passing. For this type of complicated software, the proposed development method, based on formal rules, will reduce design errors and, consequently, incrase productivity. Readers of Jones's other work will find this theme familiar. Rigorous software development, according to Jones, must be supported by formal theory without getting bogged down in excessive detail. It encompasses top-down analysis with active decomposition, ensuring at each stage of refinement that the design satisfies the specifications. Other approaches for verifying concurrent programs are characterized by proofs for isolated components, followed by a final proof that all these component proofs do not conflict. Consequently, the design cannot be validated until the decomposition is complete. For Jones, considering a formally supported development strategy for very large programs, these approches are not acceptable. He has, instead, proposed an extension of his rigorous method for isolated program development, and illustrated how it can be applied to develop interfering programs. The basic idea is to include precise interference statements in the program specification. These include “rely-conditions” defining the assumptions used during development, and “guarantee-conditions” restricting the interferences an implementation can generate. To illustrate the technique, Jones includes a step-by-step refinement for two Ada programs—one to find the minimum index of an array element having a specified property, and the other to record equivalence relationships. These are first developed as isolated programs without concurrency, and then redeveloped to show an equivalent concurrent implementation. The non-interfering versions are shown to be a special case of the more general interfering development method. There are, however, some deficiencies in Jones's report. Anyone unfamiliar with his earlier work will find the notation particularly difficult to follow. It is very clearly defined in Software development: a rigorous approach [1]. The book and the article together constitute some very rewarding reading. Jones's development method does not deal with some important problems, such as deadlock, Ada exceptions, total correctness, and some aspects of how global variables are shared by tasks. The Ada examples are not syntactically correct, though they are understandable. Proper syntax does make examples easier to read, however. Jones does not claim to have defined a complete proof system. The given proof rules are not stable and further examples need to be worked out. This report essentially demonstrates that some useful results can be derived by extending Jones's rigorous methods, but many avenues still remain to be explored. Jones makes several almost indirect observations in this report that deserve notice. One is that program specifications will have to include some comment about performance if they are to be properly understood as requiring concurrency. (Non-concurrent implementations can always satisfy the requirements if performance is not a factor.) Another is that very strong pressure exists to adopt language features that make the degree of interference controllable. The Ada rendezvous concept is particularly useful in this way.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments