Alternating states for dual nondeterminism in imperative programming

The refinement calculus of Back, Morgan, Morris, and others is based on monotone predicate transformers (weakest preconditions) where conjunctions stand for demonic choices between commands and disjunctions for angelic choices. Arbitrary monotone predicate transformers cannot be modelled by relational semantics but can be modelled by so-called multirelations. Results of Morris indicate, however, that the natural domain for the combination of demonic and angelic choice is the free distributive completion (FDC) of the state space. The present paper provides a new axiomatization and more explicit construction of the FDC of an arbitrary ordered set. The FDC concept is self-dual, but the construction is not. We therefore determine the duality function from the FDC to the dual of the FDC of the dual ordered set. The elements of the FDC are classified according to their conjunctivity and disjunctivity. The theory is applied to imperative programming with operators for sequential composition and demonic and angelic choice. The theory based on the FDC is shown to be equivalent to a weakest precondition theory for up-closed predicates. If the order is discrete (i.e. the equality relation), the FDC turns out to be the domain of the choice semantics of Back and Von Wright, whereas up-closed multirelations are functions towards this domain.