By David Gries (auth.), V. S. Alagar, Maurice Nivat (eds.)

This quantity constitutes the complaints of the 4th foreign convention on Algebraic technique and software program know-how, held in Montreal, Canada in July 1995.
It comprises complete papers or prolonged abstracts of the invited talks, refereed chosen contributions, and learn prototype instruments. The invited audio system are David Gries, Jeanette Wing, Dan Craigen, Ted Ralston, Ewa Orlowska, Krzysztof Apt, Joseph Goguen, and Rohit Parikh. The 29 refereed papers awarded have been chosen from a few a hundred submissions; they're equipped in sections on algebraic and logical foundations, concurrent and reactive platforms, software program expertise, common sense programming and databases.

Show description

We then add a fourth conjunction into the precondition to assert the restriction x r ≤ k. The following example uses a constant differential inclusion that allows the rate of change of x to be between 0 and 2. The PVS output in Figure 6 contains an additional parameter x r as the rate of change of x. The value of x r is constrained in the precondition. 4 Correctness of Translation Consider a timed I/O automaton A, and its PVS translation B. A closed execution of B is an alternating finite sequence of states and actions (including time passage actions): β = s0 , b1 , s1 , b2 , .

Most closely related to the work presented in this paper is of course timed STAIRS as presented in [HHRS05a]. Here the notions of positive and negative behavior, mandatory choice and refinement are formalized in relation to sequence diagrams. Timed STAIRS has a more fine-grained analysis of refinement than presented here.

These hand-translations were done assuming that all the differential equations are constant, and that the all invariants and stopping conditions are convex. In the proof of invariants, we are able to use a strategy to handle the induction step involving the parameterized trajectory, thus the length of the proofs in the hand translated version were comparable to those with the translators output. However, such a strategy is still not available for use in simulation proofs, and therefore additional proof steps were necessary when proving simulation relations with the translator output, making the proofs longer by 105% in the worst case1 .

