Abstract
We propose a method for proving refinement between programs, based on augmenting the program by ghost (auxiliary) variables and statements that assign values to these variables. We show that, in many cases, this augmentation can replace the need for an explicit refinement mapping from the variables of one system to the private variables of the other system. A novel feature of the proposed methodology is that the expressions assigned to the ghost variables may depend on the future. This may replace the need for prophecy variables that are defined by a decreasing induction and require some version of finite-image hypothesis. We believe that proving refinement by program augmentation leads to a more natural style of refinement and is easier to design and comprehend. Allowing future-dependent expressions in a program requires extensions to the temporal methodology for proving properties of programs. These extensions are explained and discussed in the paper.
This research was supported in part by a basic research grant from the Israeli Academy of Sciences, and by the European Community ESPRIT Basic Research Action Project 6021 (REACT).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi and L. Lamport. The existence of refinement mappings. Theoretical Computer Science, 82(2):253–284, May 1991.
J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors. Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness. Lecture Notes in Computer Science 430. Springer-Verlag, 1990.
B. Jonsson. Modular verification of asynchronous networks. In Proc. 6th ACM Symp. Princ. of Dist. Comp., pages 152–166, 1987.
Y. Kesten, Z. Manna, and A. Pnueli. Temporal verification of simulation and refinement. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, A Decade of Concurrency, volume 803 of Lect. Notes in Comp. Sci., pages 273–346. Springer-Verlag, 1994.
L. Lamport. The existence of refinement mapping. TLA Note 92-03-19, March 1992.
P. Lucas. Two constructive realizations of the block concept and their equivalences. Technical Report Technical Report TR 25.085, IBM Laboratory Vienna, 1968.
Z. Manna and A. Pnueli. Completing the temporal picture. Theor. Comp. Sci., 83(1):97–130, 1991.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, New York, 1991.
Z. Manna and A. Pnueli. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, New York, 1995.
M. Marcus and A. Pnueli. Using ghost variables to prove refinement. Technical report, Weizmann Institute, 1996.
S. Owicki and D. Gries. An axiomatic proof technique for parallel programs. Acta Informatica, 6:319–340, 1976.
J.C. Reynolds. The Craft of Programming. Prentice-Hall, Engelwood Cliffs, NJ, 1981.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Marcus, M., Pnueli, A. (1996). Using ghost variables to prove refinement. In: Wirsing, M., Nivat, M. (eds) Algebraic Methodology and Software Technology. AMAST 1996. Lecture Notes in Computer Science, vol 1101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0014319
Download citation
DOI: https://doi.org/10.1007/BFb0014319
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61463-0
Online ISBN: 978-3-540-68595-1
eBook Packages: Springer Book Archive