Results 1  10
of
12
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Abstract

Cited by 1300 (17 self)
 Add to MetaCart
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
A Proof Technique for Rely/Guarantee Properties
 In Proceedings of the 5th Conference on Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science 206
, 1986
"... A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
(Show Context)
A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees to provide in return. This paper presents a proof technique that permits us to infer that a program P satisfies a rely/guarantee specification R oe G, given that we know P satisfies a finite collection of rely/guarantee specifications R i oe G i ; (i 2 I). The utility of the proof technique is illustrated by using it to derive global liveness properties of a system of concurrent processes from a collection of local liveness properties satisfied by the component processes. The use of the proof rule as a design principle, and the possibility of its incorporation into a formal logic of rely/guarantee assertions, is also discussed. 1 Introduction A rely/guarantee specification for a program P...
Automated Temporal Reasoning about Reactive Systems
, 1996
"... . There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective a ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
Proving Entailment Between Conceptual State Specifications (Extended Abstract)
 THEORETICAL COMPUTER SCIENCE
, 1988
"... The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, highlevel temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal spe ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, highlevel temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal specification language is by introducing conceptual state variables, which are auxiliary (unimplemented) variables whose values serve as an abstract representation of the internal state of the process being specified. The kind of specifications resulting from the latter approach are called conceptual state specifications. This paper considers a central problem in reasoning about conceptual state specifications: the problem of proving entailment between specifications. A technique, based on the notion of simulation between machines, is shown to be sound for proving entailment. A kind of completeness result can also be shown, if specifications are assumed to satisf...
An Improved Algorithm for the Automatic Verification of Finite State Systems Using Temporal Logic
 In Proceedings of the Symposium on Logic in Computer Science
, 1986
"... An improved algorithm for the automatic verification of finite state systems using temporal logic ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
An improved algorithm for the automatic verification of finite state systems using temporal logic
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which capture the desired liveness or eventuality properties. The theory and techniques of state. transition specification are developed from first principles to a point at which it is possible to write example specifications,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
A modular proof of correctness for a network synchronizer
 IN PROCEEDINGS OF THE AMSTERDAM WORKSHOP ON DISTRIBUTED ALGORITHMS. CWI
, 1987
"... In this paper we offer a formal, rigorous proof of the correctness of Awerbuch's algorithm for network synchronization. We specify both the algorithm and the correctness con dition using the I/O automaton model, which has previously been used to describe and verify algorithms for concurrenc ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
In this paper we offer a formal, rigorous proof of the correctness of Awerbuch's algorithm for network synchronization. We specify both the algorithm and the correctness con dition using the I/O automaton model, which has previously been used to describe and verify algorithms for concurrency control and resource allocation. We show that the model is also a powerful tool for reasoning about distributed graph algorithms. Our proof of correctness follows closely the intuitive arguments made by the designer of the algorithm by exploiting the model's natural support for such important design techniques as stepwise refinement and modularity. In particular, since the algorithm uses simpler algorithms for synchronization within and between 'clusters' of nodes, our proof can import as lemmas the correctness of these simpler algorithms.
An HDLC Protocol Specification and its Verification using Image Protocols
, 1982
"... We use an eventdriven process model to specify a version of the HighLevel Data Link Control (HDLC) protocol between two communicating protocol entities. The protocol is verified using the method of projections. The verification serves as a rigorous exercise to demonstrate the applicability of this ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
We use an eventdriven process model to specify a version of the HighLevel Data Link Control (HDLC) protocol between two communicating protocol entities. The protocol is verified using the method of projections. The verification serves as a rigorous exercise to demonstrate the applicability of this method to the analysis of reallife communication protocols. The HDLC protocol has two characteristics found in most reallife communication protocols. First, the HDLC protocol operates under realtime constraints that are important not only for its performance but also for its correct logical behavior. We specify this realtime behavior using time variables and time events. Second, the HDLC protocol has three distinguishable functions: connection management, and oneway data transfers between the protocol entities. For each of these functions, we construct an image protocol using the method of projections. With each image protocol we obtain inductively complete invariant assertions that state various desirable logical safety properties. From the properties of image protocols it follows that these safety properties as proved for the image protocols are also satisfied by the HDLC protocol presented herein. We also suggest a minor modification to HDLC that will make it wellstructured.
A discipline for constructing multiphase communicating protocols
 ACM Transactions of Computer Systems
, 1985
"... Many communication protocols can be observed to go through different phases performing a distinct function in each phase. A multiphase model for such protocols is presented. A phase is formally defined to be a network of communicating finitestate machines with certain desirable correctness properti ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Many communication protocols can be observed to go through different phases performing a distinct function in each phase. A multiphase model for such protocols is presented. A phase is formally defined to be a network of communicating finitestate machines with certain desirable correctness properties; these include proper termination and freedom from deadlocks and unspecified receptions. A multifunction protocol is constructed by first constructing separate phases to perform its different functions. It is shown how to connect these phases together to realize the multifunction protocol so that the resulting network of communicating finite state machines is also a phase (i.e., it possesses the desirable properties defined for phases). The modularity inherent in multiphase protocols facilitates not only their construction hut also their understanding and modification. An abundance of protocols have been found in the literature that can be constructed as multiphase protocols. Three examples are presented here: two versions of IBM’s BSC protocol for data link control and a token ring network protocol.
[Logics and MeAnings of Programs]: Specifying and Verifying and Reasoning about Programs specification techniques General Terms: Verification
"... A method for specifying program modules in a concurrent program is described. It is based upon temporal logic, but uses new kinds of temporal assertions to make the specifications simpler and easier to understand. The semantics of the specifications is described informally, and a sequence of example ..."
Abstract
 Add to MetaCart
(Show Context)
A method for specifying program modules in a concurrent program is described. It is based upon temporal logic, but uses new kinds of temporal assertions to make the specifications simpler and easier to understand. The semantics of the specifications is described informally, and a sequence of examples are given culminating in a specification of three modules comprising the alternatingbit communication protocol. A formal semantics is given in the appendix.