Researc h Articles pGCL � formal reasoning for random algorithms � Carroll Morgan and Annab elle McIv er Pr o gr amming R ese ar ch Gr oup� University of Oxfor d http���www�comlab�ox�ac�uk�o ucl�g roup s�pro bs f carroll�anabel g �comlab�ox �ac�u k Abstract Dijkstr a�s guar de d�c ommand language GCL c ontains explicit �demonic� nondeterminism� r epr esenting abstr action fr om �or ignor anc e of � which of two pr o gr am fr agments wil l b e exe cute d� We intr o duc e probabilistic nondeter� minism to the language� c al ling the r esult pGCL� Imp ortant is that b oth forms of nondeterminism ar e pr esent � b oth demonic and pr ob abilistic� unlike e arlier appr o aches� we do not de al only with one or the other� The pr o gr amming lo gic of �we akest pr e c onditions� for GCL b e c omes a lo gic of �gr e atest pr e�exp e ctations� for pGCL� we emb e d pr e dic ates �Bo ole an�value d expr essions over state variables� into arithmetic by writing � P � � an expr ession that is � when P holds and � when it do es not� Thus in a trivial sense � P � is the pr ob ability that P is true� and such emb e dde d pr e dic ates ar e the b asis for the mor e elab or ate arithmetic expr essions that we c al l �exp e ctations�� pGCL is suitable for describing r andom algorithms� at le ast over discr ete distributions� In our pr esentation of it and its lo gic we give two examples� an err atic �se quenc e ac cumulator�� that fails with some pr ob ability to move along the se quenc e� and R abin �s �choic e�c o or dination � algorithm� The �rst il lustr ates pr ob abilistic invariants� the se c ond il lustr ates pr ob abilistic variants� Keyw ords� Pr o gr am c orr e ctness� pr ob ability� demonic nondeterminism� r andom algorithm� pr e dic ate tr ans� former� we akest pr e c ondition� guar de d c ommand� c orr e ctness pr o of� invariant� variant� Computing Review Categories� D����� D����� F����� F����� G����� G��� � In tro duction explicit op erator� the construct this u that Dijkstra�s Guarded Command Language GCL ��� is a w eak est�precondition based metho d of describing com� c ho oses b et w een the alternativ es unpredictably and� putations and their meaning� here w e extend it to as a sp eci�cation� indicates abstraction from the issue probabilistic programs� those that implemen t random of whic h will b e executed� The customer will b e happ y algorithms� and w e giv e examples of its use� with either this or that � and the implemen tor ma y Most sequen tial programming languages con tain c ho ose b et w een them according to his o wn concerns� a construct for �deterministic� c hoice� where the pro� gram selects one from a n um b er of alternativ es in some Early researc h on probabilistic seman tics to ok a predictable w a y� for example� in di�eren t route� demonic c hoice w as not regarded as fundamen tal � rather it w as abandoned altogether� if test then this else that � ��� b eing replaced b y probabilistic c hoice �� � � � �� �� ��� Th us probabilistic seman tics w as div orced from the the c hoice b et w een this and that is determined b y test con temp oraneous w ork on sp eci�cation and re�ne� and the curren t state� men t� b ecause without demonic c hoice there is no In con trast� Dijkstra�s language of guarded com� means of abstraction� mands brings nondeterministic or �demonic� c hoice to More recen tly ho w ev er it has b een disco v ered prominence� in whic h the program�s b eha viour is not �� � �� � ho w to bring the t w o topics bac k together� tak� predictable� not determined b y the curren t state� A t ing the more natural approac h of adding probabilistic �rst �� �� demonic c hoice w as presen ted as a conse� c hoice� while retaining demonic c hoice� In fact deter� quence of �o v erlapping guards�� almost an acciden t � ministic c hoice is a sp ecial case of probabilistic c hoice� but as its imp ortance b ecame more widely recognised whic h in turn is a re�nemen t of demonic c hoice� it dev elop ed a life of its o wn� No w ada ys it merits an W e giv e the resulting probabilistic extension of GCL the name � pGCL �� � P art of this rep ort is a �transliteration� of another rep ort ���� from generalised substitutions ��� to guarded commands� Section � giv es a brief and shallo w o v erview of The case study �Rabin�s algorithm� has not app eared b efore� � SA CJ�SAR T� No ��� ����
Recommend
More recommend
