On the Semantics of Refinement Calculi Hongseok Yang 1 and Uday S. Reddy 2 1 University of Illinois at Urbana-Champaign, hyang@cs.uiuc.edu 2 University of Birmingham, u-reddy@cs.uiuc.edu Abstract. Refinement calculi for imperative programs provide an in- tegrated framework for programs and specifications and allow one to develop programs from specifications in a systematic fashion. The seman- tics of these calculi has traditionally been defined in terms of predicate transformers and poses several challenges in defining a state transformer semantics in the denotational style. We define a novel semantics in terms of sets of state transformers and prove it to be isomorphic to positively multiplicative predicate transformers. This semantics disagrees with the traditional semantics in some places and the consequences of the dis- agreement are analyzed. 1 Introduction Two dominant semantic views of imperative programs are in terms of state transformers, initiated by McCarthy [17], Scott and Strachey [30], and pred- icate transformers, initiated by Dijkstra [11]. State transformers give a clear correspondence with the operational semantics, where commands do, after all, transform the state of a machine. The predicate transformer view, on the other hand, has been argued to be suitable for showing that programs achieve certain goals, i.e., to questions of correctness. A definitive relationship between the two views was established by Plotkin [28], following other work [9, 31, 4], where it is shown that Dijkstra’s predicate transformers are isomorphic to nondeterminis- tic state transformers defined using the Smyth powerdomain. The isomorphism establishes a tight connection between the predicate transformer view and opera- tional behavior, which is not obvious otherwise. It is also of important conceptual value as it allows the two semantic views to coexist side by side. The ideas ex- pressed using either view can be converted into the other, and there is no conflict between the two views. In more recent work, predicate transformers have been put to new uses. Re- finement calculi, developed by Hehner [16], Back [3, 5], Morris [24], Morgan [19] and Nelson [27], extend Dijkstra’s programming language with “specification statements.” Typically written as [ϕ,ψ], a specification statement stands for some statement that is yet to be developed but which is expected to satisfy the specification 〈ϕ, ψ〉, i.e., transform states satisfying ϕ to states satisfying ψ. J. Tiuryn (Ed.): FOSSACS 2000, LNCS 1784, pp. 359–374, 2000. c  Springer-Verlag Berlin Heidelberg 2000