
A Theory of Program Refinement Ewen W.K.C. Denney Doctor of Philosophy University of Edinburgh 1998 Do mo ph`arantan Abstract We give a canonical program refinement calculus based on the lambda calculus and classical first-order predicate logic, and study its proof theory and seman- tics. The intention is to construct a metalanguage for refinement in which basic principles of program development can be studied. The idea is that it should be possible to induce a refinement calculus in a generic manner from a programming language and a program logic. For con- creteness, we adopt the simply-typed lambda calculus augmented with primitive recursion as a paradigmatic typed functional programming language, and use classical first-order logic as a simple program logic. A key feature is the construction of the refinement calculus in a modular fashion, as the combination of two orthogonal extensions to the underlying pro- gramming language (in this case, the simply-typed lambda calculus). The crucial observation is that a refinement calculus is given by extending a programming language to allow indeterminate expressions (or `stubs') involving the construction `some program x such that P '. Factoring this into `some x:::' and `::: such that P ', we first study extensions to the lambda calculus providing separate analyses of what we might call `true' stubs, and structured specifications. The questions we are concerned with in these calculi are how do stubs interact with the programming language, and what is a suitable notion of structured specification for program development. The full refinement calculus is then constructed in a natural way as the com- bination of these two subcalculi. The claim that the subcalculi are orthogonal extensions to the lambda calculus is justified by a result that a refinement can actually be factored into simpler judgements in the subcalculi, that is, into logical reasoning and simple decomposition. The semantics for the calculi are given using Henkin models with additional structure. Both simply-typed lambda calculus and first-order logic are interpreted using Henkin models themselves. The two subcalculi require some extra structure and the full refinement calculus is modelled by Henkin models with a combination of these extra requirements. There are soundness and completeness results for each calculus, and by virtue of there being certain embeddings of models we can infer that the refinement calculus is a conservative extension of both of the subcalculi which, in turn, are conservative extensions of the lambda calculus. Acknowledgements Thanks to Gordon Plotkin and John Power for supervising this thesis and for providing advice and encouragement. I hope their suffering over my writing has not been in vain. Marcelo Fiori also supervised the early stages. Thanks also to John for his famous chats. I had useful conversations with Alex Bunkenburg, Joe Morris, Alvaro´ Moreira, Masahito Hasegawa, Thomas Kleymann, David Aspinall, and Jitka Stˇr´ıbrn´a. This work was supported by an EPSRC studentship and, in the final year, by a part-time research contract with Gordon Plotkin. This thesis was examined by Don Sannella and Peter O'Hearn. Thanks to them for all their helpful comments. Thanks to Yukki and my parents for their support. agus m`oran taing. Declaration I declare that this thesis was composed by myself and that the work contained therein is my own, except where explicitly stated otherwise in the text. (Ewen W.K.C. Denney) Table of Contents Chapter 1 Introduction 4 1.1RefinementMethodology....................... 5 1.1.1 StepwiseDevelopment.................... 6 1.1.2 ProgrammingKnowledge................... 10 1.2ProgramLogicsandSpecification.................. 12 1.3Calculi................................. 14 1.3.1 RefinementTerms....................... 15 1.3.2 RefinementTypes....................... 17 1.3.3 RefinementCalculus..................... 18 1.4OtherMethodologies......................... 19 1.5Choices................................ 22 1.6RelatedWork............................. 23 1.6.1 RefinementTerms....................... 23 1.6.2 RefinementTypes....................... 25 1.6.3 RefinementCalculi...................... 27 1.7SummaryofThesis.......................... 28 1.8Notation................................ 30 Chapter 2 Preliminaries 32 2.1Simply-typedLambdaCalculus................... 32 2.1.1 Syntax............................. 32 2.1.2 λ×→-AxiomSystems..................... 35 2.1.3 BooleansandNaturals.................... 35 2.2ModelsofSimply-typedLambdaCalculus............. 39 2.3First-orderLogicofSimply-typedLambdaCalculus........ 44 2.4ModelsofFirst-orderLogic..................... 48 Chapter 3 Refinement Terms 52 3.1Introduction.............................. 52 3.2TheCalculus............................. 53 1 Chapter 0 | 2 3.2.1 Syntax............................. 53 3.2.2 Judgements.......................... 55 3.2.3 λ?-AxiomSystems...................... 55 3.3Metatheory.............................. 73 3.4Models................................. 76 3.5First-orderLogicofSimply-typedRefinement........... 83 3.6Conclusions.............................. 87 Chapter 4 Refinement Types 88 4.1Introduction.............................. 88 4.2Example................................ 90 4.3TheCalculus............................. 94 4.3.1 Syntax............................. 94 4.3.2 Judgements.......................... 96 4.3.3 λ(:)-AxiomSystems...................... 97 4.3.4 RulesoftheCalculus..................... 99 4.3.5 BooleansandNaturals.................... 111 4.3.6 Metatheory.......................... 114 4.4Divisionby2Revisited........................ 119 4.5Models................................. 120 4.6Conclusions.............................. 134 Chapter 5 Refinement Calculus 135 5.1Introduction.............................. 135 5.2TheCalculus............................. 137 5.2.1 Syntax............................. 137 5.2.2 Judgements.......................... 139 5.2.3 λv-AxiomSystems...................... 139 5.2.4 RulesoftheCalculus..................... 140 5.3AnExampleofRefinement...................... 154 5.4Comparisons.............................. 159 5.4.1 ExtendedML......................... 159 5.4.2 Aspinall's λASL+ ....................... 160 5.4.3 TypeTheory......................... 161 5.4.4 Lego.............................. 162 5.4.5 RefinementCalculusofBack,MorganandMorris..... 163 5.5Metatheory.............................. 167 5.6Models................................. 177 Chapter 0 | 3 5.6.1 Discussion........................... 178 5.6.2 λv-HenkinModels...................... 179 5.7Conclusion............................... 192 Chapter 6 Conclusions and Further Work 193 6.1Conclusions.............................. 193 6.1.1 RefinementTerms....................... 195 6.1.2 RefinementTypes....................... 195 6.2TechnicalExtensionsandConjectures................ 196 6.3OperationalSemantics........................ 199 6.3.1 RefinementTerms....................... 199 6.3.2 RefinementTypes....................... 202 6.4Annotations.............................. 202 6.5SearchCalculi............................. 203 6.6LogicalVariables........................... 205 6.7SecondOrder:DataRefinement................... 205 6.8FullRecursion............................. 206 6.9ProgramTransformation....................... 206 6.10AbstractViewpoint.......................... 207 6.11AspectsoftheSoftwareLife-cycle.................. 208 6.11.1Prototyping.......................... 208 6.11.2Maintenance.......................... 209 6.11.3ReverseEngineering..................... 209 Appendix A Notation 210 Bibliography 211 Chapter 1 Introduction Program refinement is a programming methodology in which a formal description of what a program should do | a specification | is gradually refined into an executable program satisfying that specification. This thesis is a study of program refinement for a simple idealised program- ming and specification language. Although our analysis is theoretical, we give motivation from practical considerations. The kind of issues with which we are concerned are: • What logical machinery and semantic principles are involved in program refinement? • Are there interesting fragments of refinement calculus which have practical uses? • Given a program logic, what is a suitable specification language based on it for program refinement? • Understanding the general relationship between a refinement calculus, a programming language, and a program logic. • How might the structure of a calculus inform the architecture of tools for program development? Although we pose these questions here in general terms, for concreteness we use typed λ-calculus as a paradigmatic functional programming language, and classical first-order logic as a program logic. It is our hope that by making clear how these choices affect our analysis, we will attain some degree of generality. The significance of these decisions is discussed below. In order to address these questions, we carry out a modular analysis of a simple refinement calculus. We suggest that a refinement calculus can be understood as 4 a combination of two extensions to the underlying programming language | one accounting for specifications, and the other for what we call `pure' refinement. Just as the lambda calculus can be used as a metalanguage for studying func- tional programming languages, so the lambda calculus based refinement calculus we develop could be used as a metalanguage for studying refinement in func- tional programming languages. The interest in studying
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages224 Page
-
File Size-