Results 1  10
of
45
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2675 (65 self)
 Add to MetaCart
(Show Context)
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Dynamic Logic
 Handbook of Philosophical Logic
, 1984
"... ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possibl ..."
Abstract

Cited by 888 (7 self)
 Add to MetaCart
ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possible values a 2 N. This operation becomes explicit in DL in the form of the program x := ?, called a nondeterministic or wildcard assignment. This is a rather unconventional program, since it is not effective; however, it is quite useful as a descriptive tool. A more conventional way to obtain a square root of y, if it exists, would be the program x := 0 ; while x < y do x := x + 1: (1) In DL, such programs are firstclass objects on a par with formulas, complete with a collection of operators for forming compound programs inductively from a basis of primitive programs. To discuss the effect of the execution of a program on the truth of a formula ', DL uses a modal construct <>', which
Semantical considerations on FloydHoare Logic
, 1976
"... This paper deals with logics of programs. The objective is to formalize a notion of program description, and to give both plausible (semantic) and effective (syntactic) criteria for the notion of truth of a description. A novel feature of this treatment is the development of the mathematics underlyi ..."
Abstract

Cited by 227 (10 self)
 Add to MetaCart
This paper deals with logics of programs. The objective is to formalize a notion of program description, and to give both plausible (semantic) and effective (syntactic) criteria for the notion of truth of a description. A novel feature of this treatment is the development of the mathematics underlying FloydHoare axiom systems independently of such systems. Other directions that such research might take are considered.
Tentative Steps Toward a Development Method for Interfering Programs
 ACM TOPLAS
, 1983
"... Development methods for (sequential) programs that run in isolation have been studied elsewhere. Programs that run in parallel can interfere with each other, either via shared storage or by sending messages. Extensions to earlier development methods are proposed for the rigorous development of inter ..."
Abstract

Cited by 157 (5 self)
 Add to MetaCart
Development methods for (sequential) programs that run in isolation have been studied elsewhere. Programs that run in parallel can interfere with each other, either via shared storage or by sending messages. Extensions to earlier development methods are proposed for the rigorous development of interfering programs. In particular, extensions tothe specification method based on postconditions that are predicates oftwo states and the development methods of operation decomposition a d data refinement are proposed.
Executing Temporal Logic Programs
, 2000
"... Temporal logic is gaining recognition as an attractive and versatile formalism for rigorously specifying and reasoning about computer programs, digital circuits and messagepassing systems. This book introduces Tempura, a programming language based on temporal logic. Tempura provides a way of direct ..."
Abstract

Cited by 156 (8 self)
 Add to MetaCart
Temporal logic is gaining recognition as an attractive and versatile formalism for rigorously specifying and reasoning about computer programs, digital circuits and messagepassing systems. This book introduces Tempura, a programming language based on temporal logic. Tempura provides a way of directly executing suitable temporal logic specifications of digital circuits, parallel programs and other dynamic systems. Since every Tempura statement is also a temporal formula, the entire temporal logic formalism can be used as the assertion language and semantics. One result is that Tempura has the two seemingly contradictory properties of being a logic programming language and having imperative constructs such as assignment statements. The presentation
Termination of Nested and Mutually Recursive Algorithms
, 1996
"... This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs ..."
Abstract

Cited by 40 (9 self)
 Add to MetaCart
This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs for nested and mutually recursive algorithms can be performed without having to prove the correctness of the algorithms simultaneously. Using this result, nested and mutually recursive algorithms do no longer constitute a special problem and the existing methods for automated termination analysis can be extended to nested and mutual recursion in a straightforward way. We give some examples of algorithms whose termination can now be proved automatically (including wellknown challenge problems such as McCarthy's f_91 function).
Logic Program Synthesis
, 1993
"... This paper presents an overview and a survey of logic program synthesis. Logic program synthesis is interpreted here in a broad way; it is concerned with the following question: given a specification, how do we get a logic program satisfying the specification? Logic programming provides a uniquely n ..."
Abstract

Cited by 39 (10 self)
 Add to MetaCart
This paper presents an overview and a survey of logic program synthesis. Logic program synthesis is interpreted here in a broad way; it is concerned with the following question: given a specification, how do we get a logic program satisfying the specification? Logic programming provides a uniquely nice and uniform framework for program synthesis since the specification, the synthesis process and the resulting program can all be expressed in logic. Three main approaches to logic program synthesis by formal methods are described: constructive synthesis, deductive synthesis and inductive synthesis. Related issues such as correctness and verification as well as synthesis by informal methods are briefly presented. Our presentation is made coherent by employing a unified framework of terminology and notation, and by using the same running example for all the approaches covered. This paper thus intends to provide an assessment of existing work and a framework for future research in logic program synthesis.
Verifying concurrent systems with symbolic execution
 Journal of Logic and Computation (Special Issue
"... Abstract Current techniques for interactively proving temporal properties of concurrent systems translate transition systems into temporal formulas by introducing program counter variables. Proofs are not intuitive, because control flow is not explicitly considered. For sequential programs symbolic ..."
Abstract

Cited by 32 (19 self)
 Add to MetaCart
(Show Context)
Abstract Current techniques for interactively proving temporal properties of concurrent systems translate transition systems into temporal formulas by introducing program counter variables. Proofs are not intuitive, because control flow is not explicitly considered. For sequential programs symbolic execution is a very intuitive, interactive proof strategy. In this paper we will adopt this technique for parallel programs. Properties are formulated in interval temporal logic. An inplementation in the interactive theorem prover KIV has shown that this technique offers a high degree of automation and allows simple, local invariants. 1 Introduction As an example of a concurrent system, consider the parallel program Binom which is shown in Fig. 1 and has been taken from [15]. Two parallel processes calculate the binomial coefficient \Gamma n
Hyperdocuments as Automata: Verification of Tracebased Browsing Properties by Model Checking
, 1997
"... As hypertext systems proliferate and as networks become more ubiquitous, an important problem is to determine how to provide hyperdocument interoperability. Instead of taking the approach of standardizing, and implementing, a large and complex set of browsing features gleaned from some "union&q ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
As hypertext systems proliferate and as networks become more ubiquitous, an important problem is to determine how to provide hyperdocument interoperability. Instead of taking the approach of standardizing, and implementing, a large and complex set of browsing features gleaned from some "union" of existing systems, we present an approach that allows each document to encode its own browsing semantics in the links of the hyperdocument. Any implementation offering the "follow link" operation can then simulate the intent of the author. The method requires a mental shift in how a hyperdocument is viewed abstractly. Instead of treating the links of a document as defining a static directed graph, they are thought of as defining an abstract program, termed the linksautomaton of the document. A branching temporal logic notation, termed HTL*, is introduced for specifying properties a document should exhibit during browsing. An automated program verification technique called model checking is ...
Hyperdocuments as Automata: Tracebased Browsing Property Verification
 In Proceedings of the 1992 European Conference on Hypertext (ECHT92: November 30December 4
, 1992
"... In many hypertext systems, meaningfully traversing a document depends on capabilities, features, and navigational aids that are part of the browser implementation. For example, if a reader browses to a node that has no out links, then backing up, or "warping" to the table of contents can a ..."
Abstract

Cited by 28 (10 self)
 Add to MetaCart
(Show Context)
In many hypertext systems, meaningfully traversing a document depends on capabilities, features, and navigational aids that are part of the browser implementation. For example, if a reader browses to a node that has no out links, then backing up, or "warping" to the table of contents can allow the browsing session to continue. If hyperdocuments are to become interchangeable among hypertext systems, rather than being readable only on the systems from which they are authored, one obvious but complex approach is to try and standardize on (most likely, very many) browsing features and behaviors, forming some standard union of the capabilities of current major implementations. This approach molds (or perhaps restricts) future systems, since new browsing "features" must then be worked into such a standard. An alternate approach, used in this paper, is to deemphasized browser features and emphasize inherent document structure with browsing semantics. An author should be able to create docume...