Results 1  10
of
54
An automatatheoretic approach to linear temporal logic
 Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science
, 1996
"... Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over s ..."
Abstract

Cited by 294 (27 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automatatheoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1
Why is modal logic so robustly decidable?
 OF DIMACS SERIES IN DISCRETE MATHEMATICS AND THEORETICAL COMPUTER SCIENCE, AMERICAN MATHEMATICAL SOCIETY
, 1996
"... ..."
Once and For All
, 2011
"... It has long been known that pasttime operators add no expressive power to linear temporal logics. In this paper, we consider the extension of branching temporal logics with pasttime operators. Two possible views regarding the nature of past in a branchingtime model induce two different such exten ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
It has long been known that pasttime operators add no expressive power to linear temporal logics. In this paper, we consider the extension of branching temporal logics with pasttime operators. Two possible views regarding the nature of past in a branchingtime model induce two different such extensions. In the first view, past is branching and each moment in time may have several possible futures and several possible pasts. In the second view, past is linear and each moment in time may have several possible futures and a unique past. Both views assume that past is finite. We discuss the practice of these extensions as specification languages, characterize their expressive power, and examine the complexity of their modelchecking and satisfiability problems.
Hyperproperties
, 2008
"... Properties, which have long been used for reasoning about systems, are sets of traces. Hyperproperties, introduced here, are sets of properties. Hyperproperties can express security policies, such as secure information flow, that properties cannot. Safety and liveness are generalized to hyperpropert ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
(Show Context)
Properties, which have long been used for reasoning about systems, are sets of traces. Hyperproperties, introduced here, are sets of properties. Hyperproperties can express security policies, such as secure information flow, that properties cannot. Safety and liveness are generalized to hyperproperties, and every hyperproperty is shown to be the intersection of a safety hyperproperty and a liveness hyperproperty. A verification technique for safety hyperproperties is given and is shown to generalize prior techniques for verifying secure information flow. Refinement is shown to be valid for safety hyperproperties. A topological characterization of hyperproperties is given. 1
I Do Declare: Consensus in a Logic Language ∗
"... The Paxos consensus protocol can be specified concisely, but is notoriously difficult to implement in practice. We recount our experience building Paxos in Overlog, a distributed declarative programming language. We found that the Paxos algorithm is easily translated to declarative logic, in large p ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
The Paxos consensus protocol can be specified concisely, but is notoriously difficult to implement in practice. We recount our experience building Paxos in Overlog, a distributed declarative programming language. We found that the Paxos algorithm is easily translated to declarative logic, in large part because the primitives used in consensus protocol specifications map directly to simple Overlog constructs such as aggregation and selection. We discuss the programming idioms that appear frequently in our implementation, and the applicability of declarative programming to related application domains. 1.
Software Specification: A Comparison of Formal Methods
, 2001
"... Data Types and Software Validation ," Communications of the ACM, Vol. 21, No. 12, 1978, pp. 10481064. ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
Data Types and Software Validation ," Communications of the ACM, Vol. 21, No. 12, 1978, pp. 10481064.
Propositional Temporal Logics and Equivalences
 the Proc. of CONCUR
, 1992
"... We compare propositional temporal logics by comparing the equivalences that they induce on models. Linear time, branching time and partial order temporal logics are considered. The logics are interpreted on occurrence transition systems, generated by labelled prime event structures without autoco ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
(Show Context)
We compare propositional temporal logics by comparing the equivalences that they induce on models. Linear time, branching time and partial order temporal logics are considered. The logics are interpreted on occurrence transition systems, generated by labelled prime event structures without autoconcurrency. The induced equivalences are also compared to directly defined equivalences, e.g., history preserving bisimulation, pomset bisimulation, pomset trace equivalence, and others. It is then shown which of the induced equivalences are and which are not preserved under action refinement. Rather unexpectedly, the addition of the backward next step operator to the weakest logic considered yields a logic stronger than all others. It is shown that weak history preserving bisimulation can be obtained as the equivalence induced by a slightly constrained version of that logic. 1 Introduction Currently a lot of formalisms to describe concurrent computations exist. Even only regarding ...
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which capture the desired liveness or eventuality properties. The theory and techniques of state. transition specification are developed from first principles to a point at which it is possible to write example specifications,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
Branching vs. linear time – semantical perspective
 In Proc. 5th Int’l Symp. on ATVA, LNCS 4762
"... Abstract. The discussion in the computerscience literature of the relative merits of linear versus branchingtime frameworks goes back to early 1980s. One of the beliefs dominating this discussion has been that the lineartime framework is not expressive enough semantically, making lineartime log ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Abstract. The discussion in the computerscience literature of the relative merits of linear versus branchingtime frameworks goes back to early 1980s. One of the beliefs dominating this discussion has been that the lineartime framework is not expressive enough semantically, making lineartime logics lacking in expressiveness. In this work we examine the branchinglinear issue from the perspective of process equivalence, which is one of the most fundamental notions in concurrency theory, as defining a notion of process equivalence essentially amounts to defining semantics for processes. Over the last three decades numerous notions of process equivalence have been proposed. Researchers in this area do not anymore try to identify the “right ” notion of equivalence. Rather, focus has shifted to providing taxonomic frameworks, such as “the linearbranching spectrum”, for the many proposed notions and trying to determine suitability for different applications. We revisit this issue here from a fresh perspective. We postulate three principles that we view as fundamental to any discussion of process equivalence. First, we borrow from research in denotational semantics and take contextual equivalence as the primary notion of equivalence. This eliminates many testing scenarios as either too strong or too weak. Second, we require the description of a process to fully specify all relevant behavioral aspects of the process. Finally, we require observable process behavior to be reflected in its input/output behavior. Under these postulates the distinctions between the linear and branching semantics tend to evaporate. As an example, we apply these principles to the framework of transducers, a classical notion of statebased processes that dates back to the 1950s and is well suited to hardware modeling. We show that our postulates result in a unique notion of process equivalence, which is trace based, rather than tree based. 1