Temporal logic is gaining recognition as an attractive and versatile formalism for rigorously specifying and reasoning about computer programs, digital circuits and message-passing systems. This book introduces Tempura, a programming language based on temporal logic. Tempura provides a way of directly executing suitable temporal logic specifications of digital circuits, parallel programs and other dynamic systems. Since every Tempura statement is also a temporal formula, the entire temporal logic formalism can be used as the assertion language and semantics. One result is that Tempura has the two seemingly contradictory properties of being a logic programming language and having imperative constructs such as assignment statements. The presentation

Verifying that a temporal logic specification satisfies a temporal property requires some form of theorem proving. However, although proof procedures exist for such logics, many are either unsuitable for automatic implementation or only deal with small fragments of the logic. In this thesis the algorithms for, and strategies to guide, a fully automated temporal resolution theorem prover are given, proved correct and evaluated. An approach to applying resolution, a proof method for classical logics suited to mechanisation, to temporal logics has been developed by Fisher. The method involves translation to a normal form, classical style resolution within states and temporal resolution over states. It has only one temporal resolution rule and is therefore particularly suitable as the basis of an automated temporal resolution theorem prover. As the application of the temporal resolution rule is the most costly part of the method, involving search amongst graphs, different algorithms on w...

THE aim of this thesis is to investigate logical formalisms for describing, reasoning about, specifying, and perhaps ultimately verifying the properties of systems composed of multiple intelligent computational agents. There are two obvious resources available for this task. The first is the (largely AI) tradition of reasoning about the intentional notions (belief, desire, etc.). The second is the (mainstream computer science) tradition of temporal logics for reasoning about reactive systems. Unfortunately, neither resource is ideally suited to the task: most intentional logics have little to say on the subject of agent architecture, and tend to assume that agents are perfect reasoners, whereas models of concurrent systems from mainstream computer science typically deal with the execution of individual program instructions. This thesis proposes a solution which draws upon both resources. It defines a model of agents and multi-agent systems, and then defines two execution models, which ...

A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees to provide in return. This paper presents a proof technique that permits us to infer that a program P satisfies a rely/guarantee specification R oe G, given that we know P satisfies a finite collection of rely/guarantee specifications R i oe G i ; (i 2 I). The utility of the proof technique is illustrated by using it to derive global liveness properties of a system of concurrent processes from a collection of local liveness properties satisfied by the component processes. The use of the proof rule as a design principle, and the possibility of its incorporation into a formal logic of rely/guarantee assertions, is also discussed. 1 Introduction A rely/guarantee specification for a program P...

. In this survey paper we present some of the recent developments in the temporal formal system for the specification, verification and development of reactive programs. While the general methodology remains very much the one presented in some earlier works on the subject, such as [MP83c, MP83a, Pnu86], there have been several technical improvements and gained insights in understanding the computational model, the logic itself, the proof system and its presentation, and connections with alternative formalisms, such as finite automata. In this paper we explicate some of these improvements and extensions. The main difference between this and preceding versions is that here we consider a notion of validity for temporal formulae, which is anchored at the initial state of the computation. The paper discusses some of the consequences of this decision. Key words: Temporal Logic, Reactive Systems, Concurrent Programs, Specification, Verification, Proof System, Classification of Prtoperties, Sa...

The paper describes a graphical interval logic that is the foundation of a toolset supporting formal specification and verification of concurrent software systems. Experience has shown that most software engineers find standard temporal logics difficult to understand and to use. The objective of this work is to enable software engineers to specify and reason about temporal properties of concurrent systems more easily by providing them with a logic that has an intuitive graphical representation and with tools that support its use. To illustrate the use of the graphical logic, the paper provides some specifications for an elevator system and proves several properties of the specifications. The paper also describes the toolset and the implementation. 1 Introduction One of the great challenges facing today's software engineers is the development of correct programs for real applications. Recent advances in hardware reliability and fault tolerance technology can assure extremely lo...

In this paper we introduce the concept of a Petri net component and show how systems can be composed from components. A component communicates with its environment via distinguished input and output places, which formalizes communication by message passing. Then, we present a compositional semantics for components. The semantics is an extension of processes for place/transition systems (partial order semantics). We show that the semantics is fully abstract with respect to the behaviour of closed components (essentially, processes of place/transition systems). A main feature of the compositional semantics is that composition of components corresponds to conjunction. The semantics can be easily combined with a temporal logic interpreted on processes of a place/transition system. We introduce such a logic and show how it can be combined with the semantics to achieve a rely-guarantee concept. Keywords: Petri net component, compositional semantics, rely-guarantee specification, partial ord...

this paper were first presented at the "IEEE Symposium on Logic in Computer Science," Ithaca, New York, June 1987

. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...

We define two logics of safety specifications for reactive systems. The logics provide a setting for the study of composition rules. The two logics arise naturally from extant specification approaches; one of the logics is intuitionistic, while the other one is linear.