Results 1  10
of
11
A Proof Technique for Rely/Guarantee Properties
 In Proceedings of the 5th Conference on Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science 206
, 1986
"... A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees to provide in return. This paper presents a proof technique that permits us to infer that a program P satisfies a rely/guarantee specification R oe G, given that we know P satisfies a finite collection of rely/guarantee specifications R i oe G i ; (i 2 I). The utility of the proof technique is illustrated by using it to derive global liveness properties of a system of concurrent processes from a collection of local liveness properties satisfied by the component processes. The use of the proof rule as a design principle, and the possibility of its incorporation into a formal logic of rely/guarantee assertions, is also discussed. 1 Introduction A rely/guarantee specification for a program P...
Verifying Temporal Properties without Temporal Logic
, 1989
"... this paper were first presented at the "IEEE Symposium on Logic in Computer Science," Ithaca, New York, June 1987 ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
this paper were first presented at the "IEEE Symposium on Logic in Computer Science," Ithaca, New York, June 1987
Using Message Passing for Distributed Programming: Proof Rules and Disciplines
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1984
"... sequenti... ..."
A Temporal Logic Approach to Object Certification
 Data & Knowledge Engineering
, 1996
"... A brief overview is made of the use of temporal logic formalisms for specifying and verifying concurrent systems in general and information systems in particular. The requirements imposed by objectorientation on such formalisms are examined. A logic is proposed fulfilling those requirements (except ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
A brief overview is made of the use of temporal logic formalisms for specifying and verifying concurrent systems in general and information systems in particular. The requirements imposed by objectorientation on such formalisms are examined. A logic is proposed fulfilling those requirements (except concerning nonmonotonic features), allowing the uniform treatment of both local and global properties of systems with concurrent, interacting components organized in classes, and supporting specialization. A semantics and a calculus (following an axiomatic, Hilbert style) are presented in detail. The calculus includes rules for the sound inheritance and reflection of theorems between classes. Practical aspects of the usage of such a logic for both specification and verification are considered. To this end a set of metatheorems is provided for expediting the proof of invariants. Finally, the need and availability of automatic theorem proving for systems querying is briefly discussed. Key wo...
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which capture the desired liveness or eventuality properties. The theory and techniques of state. transition specification are developed from first principles to a point at which it is possible to write example specifications,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
Stenning’s protocol implemented in UDP and verified in Isabelle
 In Proc. 11th CATS, Computing: The Australasian Theory Symposium
, 2005
"... This paper is about the mechanical verification of UDP based network programs. It uses the UDP portion of a formal model of the Internet protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). The model includes asynchronous message passing, message loss and host failure. The ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
This paper is about the mechanical verification of UDP based network programs. It uses the UDP portion of a formal model of the Internet protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). The model includes asynchronous message passing, message loss and host failure. The model is based around the sockets library, the primary API used for writing UDP and TCP based applications. This paper demonstrates that formal, machinechecked, proof is possible in the UDP model by presenting the proof of a safety property for an implementation of Stenning’s Protocol. The protocol is implemented in a fragment of the OCaml language, using the sockets library for UDP network communication. The entire development including the safety proof is carried out in the proof assistant Isabelle; this assures soundness. Thus this paper demonstrates that it is possible to machine verify very concrete representations of distributed programs in a detailed semantics that accurately reflects the programs representations of this protocol have been machine verified. The proof, based on an implementation, provides a contrast to other verifications.
A discipline for constructing multiphase communicating protocols
 ACM Transactions of Computer Systems
, 1985
"... Many communication protocols can be observed to go through different phases performing a distinct function in each phase. A multiphase model for such protocols is presented. A phase is formally defined to be a network of communicating finitestate machines with certain desirable correctness properti ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Many communication protocols can be observed to go through different phases performing a distinct function in each phase. A multiphase model for such protocols is presented. A phase is formally defined to be a network of communicating finitestate machines with certain desirable correctness properties; these include proper termination and freedom from deadlocks and unspecified receptions. A multifunction protocol is constructed by first constructing separate phases to perform its different functions. It is shown how to connect these phases together to realize the multifunction protocol so that the resulting network of communicating finite state machines is also a phase (i.e., it possesses the desirable properties defined for phases). The modularity inherent in multiphase protocols facilitates not only their construction hut also their understanding and modification. An abundance of protocols have been found in the literature that can be constructed as multiphase protocols. Three examples are presented here: two versions of IBM’s BSC protocol for data link control and a token ring network protocol.
Object Certification
 Fifth International Workshop on the Deductive Approach to Information Systems, pages 5578. UP Catalunha
, 1994
"... A brief overview is made of the use of temporal logic formalisms for specifying and verifying concurrent systems in general and information systems in particular. The requirements imposed by objectorientation on such formalisms are examined. A logic is proposed fulfilling those requirements (except ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
A brief overview is made of the use of temporal logic formalisms for specifying and verifying concurrent systems in general and information systems in particular. The requirements imposed by objectorientation on such formalisms are examined. A logic is proposed fulfilling those requirements (except concerning nonmonotonic features), allowing the uniform treatment of both local and global properties of systems with concurrent, interacting components organized in classes, and supporting specialization. A semantics and a calculus (following an axiomatic, Hilbert style) are presented in detail. The calculus includes rules for the sound inheritance and reflection of theorems between classes. Practical aspects of the usage of such a logic for both specification and verification are considered. To this end a set of metatheorems is provided for expediting the proof of invariants. Finally, the need and availability of automatic theorem proving for systems querying is briefly discussed. 1 Intr...
Under consideration for publication in Formal Aspects of Computing Processes with Local and Global Liveness Requirements
"... Abstract. The deterministic QS model, introduced in [CS95], captures (local) liveness properties, commonly specified in Temporal Logic, and not fully captured by nondeterministic process models. Liveness explains how some processes engage spontaneously in some actions and wait passively for the tri ..."
Abstract
 Add to MetaCart
Abstract. The deterministic QS model, introduced in [CS95], captures (local) liveness properties, commonly specified in Temporal Logic, and not fully captured by nondeterministic process models. Liveness explains how some processes engage spontaneously in some actions and wait passively for the triggering of other actions by other processes. In this paper, we extend the QS model to describe liveness properties, through the introduction of a new operator deeply influenced by Temporal Logic, and denoting a global liveness requirement. The new operator applied to a process term induces a transactional behaviour until the execution of some specified action. We define the suitable denotational, axiomatic, and operational semantic domains to obtain a trinity of semantics in the sense of Hennessy. We prove that this extended model is a conservative extension of the previous one.