Results 11  20
of
31
On the Logic of TLA+
 Computers and Informatics
, 2003
"... TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification. ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification.
A Stuttering Closed Temporal Logic for Modular Reasoning about Concurrent Programs
 In Temporal Logic: First International Conference, ICTL '94, number 827 in Lecture Notes in Artificial Intelligence
, 1994
"... . A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under w stuttering and, thus, provides a fully abstract semantics with respect to some chosen observat ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
. A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under w stuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarsergrained program by a finergrained one, turn out to be easily practicable in the setting of the new temporal logic. 1 Introduction The regular temporal logic [14, 16] provides a powerful tool for global specification and noncompositional verification of existing concurrent programs. However, this logic offers a very poor support for modular specification and verification and, consequently, systematic design of concurrent programs is hard (if not impossible) to do in such a setting. The lack of ...
Denotational Semantics of Object Specification
 ACTA INFORMATICA
, 1998
"... From an arbitrary temporal logic institution we show how to set up the corresponding institution of objects. The main properties of the resulting institution are studied and used in establishing a categorial, denotational semantics of several basic constructs of object specification, namely aggre ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
From an arbitrary temporal logic institution we show how to set up the corresponding institution of objects. The main properties of the resulting institution are studied and used in establishing a categorial, denotational semantics of several basic constructs of object specification, namely aggregation (parallel composition), interconnection, abstraction (interfacing) and monotonic specialization. A duality is established between the category of theories and the category of objects, as a corollary of the Galois correspondence between these concrete categories. The special case of linear temporal logic is analysed in detail in order to show that categorial products do reflect interleaving and reducts may lead to internal nondeterminism.
On TLA as a Logic
, 1996
"... this paper we describe TLA from a logical perspective; our description of TLA has three aspects: 1. As a logic, TLA has a precise syntax and semantics. We define these in the next section. Our intent is not to develop a new TLA, but rather to explain and to refine Lamport's definition of TLA [19]. 2 ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
this paper we describe TLA from a logical perspective; our description of TLA has three aspects: 1. As a logic, TLA has a precise syntax and semantics. We define these in the next section. Our intent is not to develop a new TLA, but rather to explain and to refine Lamport's definition of TLA [19]. 2. Like HOL [13] and other logics, TLA can serve for representing reactive systems in several styles. In particular, a specification may describe concurrent steps as interleaved or simultaneous; communication between components may be synchronous or asynchronous. We discuss a few styles in section 3. 3. Proofs in TLA rely on basic rules of temporal logic, rules for refinement, and rules for composition. We state the principal rules in sections 4 and 5. Following [7, 8], we show that some of them arise from general logical (or algebraic) considerations, largely independent of the details of TLA This paper is a selfcontained presentation of TLA. It is however not a survey, in that it includes technical novelties and in that it is far from comprehensive. Lamport's original work on TLA [19] provides much additional, useful material, and in particular some motivation for the TLA approach and a proof system for TLA. Other papers discuss mechanical verification in TLA [11, 16], refinement and composition [6, 4], realtime systems and hybrid systems [5, 18, 12], and mediumsize examples [20]. There are also works on PTLA [1, 29], a propositional logic based on a preliminary version of TLA. Finally, the logic TLR has many similarities with TLA [28]. 2 Mart'in Abadi and Stephan Merz 2 A Definition of TLA
Specification transformers: a predicate transformer approach to composition
, 2004
"... This paper explores theories that help in (i) proving that a system composed from components satisfies a system specification given only specifications of components and the composition operator, and (ii) deducing desirable properties of components from the system specification and properties of th ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
This paper explores theories that help in (i) proving that a system composed from components satisfies a system specification given only specifications of components and the composition operator, and (ii) deducing desirable properties of components from the system specification and properties of the composition operator. The paper studies compositional systems in general without making assumptions that components are computer programs. The results obtained from such abstract representations are general but also weaker than results that can be obtained from more restrictive assumptions such as assuming that systems are parallel compositions of concurrent programs. Explorations of general theories of composition can help identify fundamental issues common to many problem domains. The theory presented here is based on predicate transformers.
On Using Temporal Logic for Refinement and Compositional Verification of Concurrent Systems
 Theoretical Computer Science
, 1993
"... . A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under wstuttering and, thus, provides a fully abstract semantics with respect to some chosen observa ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
. A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under wstuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarsergrained program by a finergrained one, are easily practicable in the setting of the new temporal logic. 1 Introduction A wellknown problem for the verification and the construction of concurrent programs is that specifications that would be satisfied by a given process viewed in isolation, might be invalidated by actions performed by other processes executing in parallel. Composition principles provide a way to overcome this problem [2, 3, 28]. In compositional verification, properties of...
A Compositional World a survey of recent works on compositionality in formal methods
, 2005
"... We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments. ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments.
Using Eternity Variables to Specify and Prove a Serializable Database Interface
 Sci. Comput. Program
, 2003
"... Eternity variables are introduced to specify and verify serializability of transactions of a distributed database. Eternity variables are a new kind of auxiliary variables. They do not occur in the implementation but are used in specification and verification. Elsewhere it has been proved that et ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
Eternity variables are introduced to specify and verify serializability of transactions of a distributed database. Eternity variables are a new kind of auxiliary variables. They do not occur in the implementation but are used in specification and verification. Elsewhere it has been proved that eternity variables in combination with history variables are semantically complete for proving refinement relations.
Conjunction on processes: Fullabstraction via readytree semantics
 TCS
, 2006
"... A key problem in mixing operational (e.g., processalgebraic) and declarative (e.g., logical) styles of specification is how to deal with inconsistencies arising when composing processes under conjunction. This article introduces a conjunction operator on labelled transition systems capturing the ba ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
A key problem in mixing operational (e.g., processalgebraic) and declarative (e.g., logical) styles of specification is how to deal with inconsistencies arising when composing processes under conjunction. This article introduces a conjunction operator on labelled transition systems capturing the basic intuition of “a and b = false”, and considers a naive preorder that demands that an inconsistent specification can only be refined by an inconsistent implementation. The main body of the article is concerned with characterising the largest precongruence contained in the naive preorder. This characterisation will be based on what we call readytree semantics, which is a variant of pathbased possibleworlds semantics. We prove that the induced readytree preorder is compositional and fullyabstract, and that the conjunction operator indeed reflects conjunction. The article’s results provide a foundation for, and an important step towards a unified framework that allows one to freely mix operators from process algebras and lineartime temporal logics. Key words: Labelled transition system, conjunction, consistency preorder, readytree semantics, readytree preorder, full abstraction.
Reasoning about Composition using Property Transformers and their Conjugates
 Theoretical Computer Science: Exploring New Frontiers of Theoretical Informatics (IFIPTCS’2000), volume 1872 of Lecture Notes in Computer Science
, 2000
"... Compositional design is concerned with both constructing systems by composing components and with deconstructing systems into proposed sets of components. In bottomup design, engineers prove system properties given properties of components and a compositional structure. In topdown design, they pro ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Compositional design is concerned with both constructing systems by composing components and with deconstructing systems into proposed sets of components. In bottomup design, engineers prove system properties given properties of components and a compositional structure. In topdown design, they propose properties of components and a compositional structure given system properties. In this paper we show how the theory of predicate transformers, which has been used so successfully in sequential programming, can be applied to compositional design of systems. The rules of composition we study are more general than the rules employed in sequential programming, and the systems we study are not limited to programs. We exploit theorems about weakest and strongest solutions to equations to obtain a collection of useful predicate transformers, and then we exploit the theory of conjugate transformers to obtain more useful transformers. We show how these transformers are useful fo...