Results 1  10
of
14
Composing Specifications
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1993
"... ..."
(Show Context)
A Proof Technique for Rely/Guarantee Properties
 In Proceedings of the 5th Conference on Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science 206
, 1986
"... A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
(Show Context)
A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees to provide in return. This paper presents a proof technique that permits us to infer that a program P satisfies a rely/guarantee specification R oe G, given that we know P satisfies a finite collection of rely/guarantee specifications R i oe G i ; (i 2 I). The utility of the proof technique is illustrated by using it to derive global liveness properties of a system of concurrent processes from a collection of local liveness properties satisfied by the component processes. The use of the proof rule as a design principle, and the possibility of its incorporation into a formal logic of rely/guarantee assertions, is also discussed. 1 Introduction A rely/guarantee specification for a program P...
Dynamic Module Replacement in a Distributed Programming System
 in a Distributed Programming System, MITLCSTR 303
, 1983
"... The replacement of parts of software systems is an important aspect of programming methodology. Most of the research in this area has centered around support for modular construction and the clear separation of interface from implementation. The emphasis has been on producing easily modified static ..."
Abstract

Cited by 53 (0 self)
 Add to MetaCart
The replacement of parts of software systems is an important aspect of programming methodology. Most of the research in this area has centered around support for modular construction and the clear separation of interface from implementation. The emphasis has been on producing easily modified static program structures.
Verifying Temporal Properties without Temporal Logic
, 1989
"... this paper were first presented at the "IEEE Symposium on Logic in Computer Science," Ithaca, New York, June 1987 ..."
Abstract

Cited by 41 (0 self)
 Add to MetaCart
this paper were first presented at the "IEEE Symposium on Logic in Computer Science," Ithaca, New York, June 1987
An AutomataTheoretic Approach to Modular Model Checking
, 1998
"... this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in 8CTL and 8CTL
Simulation Techniques For Proving Properties Of RealTime Systems
 IN REX WORKSHOP '93, LECTURE NOTES IN COMPUTER SCIENCE
, 1993
"... The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) mo ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
(Show Context)
The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) model for timingbased systems. Sketches are presented of several typical examples for which the method has been used successfully. Other complementary tools are also described, in particular, invariants for safety proofs, progress functions for timing proofs, and execution correspondences for liveness proofs.
Proving Entailment Between Conceptual State Specifications (Extended Abstract)
 THEORETICAL COMPUTER SCIENCE
, 1988
"... The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, highlevel temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal spe ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, highlevel temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal specification language is by introducing conceptual state variables, which are auxiliary (unimplemented) variables whose values serve as an abstract representation of the internal state of the process being specified. The kind of specifications resulting from the latter approach are called conceptual state specifications. This paper considers a central problem in reasoning about conceptual state specifications: the problem of proving entailment between specifications. A technique, based on the notion of simulation between machines, is shown to be sound for proving entailment. A kind of completeness result can also be shown, if specifications are assumed to satisf...
A LatticeStructured Proof Technique Applied to a Minimum Spanning Tree Algorithm (Extended Abstract)
 Laboratory for Computer Science, Massachusetts Institute of Technology
, 1988
"... Jennifer Lundelius Welch Leslie Lamport Digital Equipment Corporation, Systems Research Center Abstract: rithms are often hard to prove correct because they have no natural decomposition into separately provable parts. This paper presents a proof technique for the modular verification of su ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
(Show Context)
Jennifer Lundelius Welch Leslie Lamport Digital Equipment Corporation, Systems Research Center Abstract: rithms are often hard to prove correct because they have no natural decomposition into separately provable parts. This paper presents a proof technique for the modular verification of such nonmodular algorithms. It generalizes existing verification techniques based on a totallyordered hierarchy of refinements to allow a partiallyordered hierarchythat is; a lattice of different views of the algorithm. The technique is applied to the wellknown distributed minimum spanning tree algorithm of Gallager, Humblet and Spira, which has until recently lacked a rigorous proof. 1.
A Comparison of Simulation Techniques and Algebraic Techniques for Verifying Concurrent Systems
 Formal Aspects of Computing
, 1997
"... Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output automata; both safety and liveness properties are considered. A small but typical circuit is verified in both of these ways, first using forward simulations, an execution correspondence lemma, and a simple fairness argument, and second using deductions within the process algebra DIOA for I/O automata. An extended evaluation and comparison of the two methods is given.
Composing and Refining Dense Temporal Logic Specifications
 Formal Aspects of Computing
, 1999
"... . A dense temporal logic development method for the specification, refinement, composition and verification of reactive systems is introduced. A reactive system is specified by a pair consisting of a machine and a condition that indicate the valid computations of this machine. Compositionality is ac ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. A dense temporal logic development method for the specification, refinement, composition and verification of reactive systems is introduced. A reactive system is specified by a pair consisting of a machine and a condition that indicate the valid computations of this machine. Compositionality is achieved by adding to each machine step whether it is a environment, system or communication step. Refinement can be expressed straightforward in the logic because the stutter problem is elegantly solved by using the dense structure of the logic. Compositionality enables us to break refinement between complex systems into refinement between small and simple systems. The latter can then be verified by existing proof rules for refinement which are reformulated in our formalism. 1. Introduction We present a compositional refinement method for reactive systems. A system is called reactive if it maintains some ongoing interaction with its environment, for example an operating system. This contrast...