Temporal logic is gaining recognition as an attractive and versatile formalism for rigorously specifying and reasoning about computer programs, digital circuits and message-passing systems. This book introduces Tempura, a programming language based on temporal logic. Tempura provides a way of directly executing suitable temporal logic specifications of digital circuits, parallel programs and other dynamic systems. Since every Tempura statement is also a temporal formula, the entire temporal logic formalism can be used as the assertion language and semantics. One result is that Tempura has the two seemingly contradictory properties of being a logic programming language and having imperative constructs such as assignment statements. The presentation

Abstract-Verifying the correctness of sequential circuits has been an important problem for a long time. But lack of any formal and efficient method of verification has prevented the creation of practical design aids for this purpose. Since- all the known techniques of simulation apd prototype testing are time consuming and not very reliable, there is an acute need for such tools. In this paper we describe an automatic verification system for sequential circuits in which specifications are expressed in a propositional temporal logic. In contrast to most other mechanical verification systems, our system does not require any user assistance and is quite;fast-experimental results show that state machines with several hundred states can be checked for correctness in a matter of seconds! The verification system uses a simple and efficient algorithm, called a model checker. The algorithm works in two steps: in the first step, it builds a labeled state-transition graph; and in the second step, it determines the truth of a temporal formula with. respect to the state-transition graph. We discuss two different techniques that we thave implemented for automatically generating the state-transition graphs: The first involves extracting the state graph directly feom the circuit by exhaustive simulation. The second obtains the state graph by compilation from an HDL specification of the original circuit. Index Terms-Asynchronous circuits, hardware verification, sequential circuit verification, temporal logic, temporal logic model checking. I.

The paper describes a graphical interval logic that is the foundation of a toolset supporting formal specification and verification of concurrent software systems. Experience has shown that most software engineers find standard temporal logics difficult to understand and to use. The objective of this work is to enable software engineers to specify and reason about temporal properties of concurrent systems more easily by providing them with a logic that has an intuitive graphical representation and with tools that support its use. To illustrate the use of the graphical logic, the paper provides some specifications for an elevator system and proves several properties of the specifications. The paper also describes the toolset and the implementation. 1 Introduction One of the great challenges facing today's software engineers is the development of correct programs for real applications. Recent advances in hardware reliability and fault tolerance technology can assure extremely lo...

The notion of time is ubiquitous in any activity that requires intelligence. In particular, several important notions like change, causality, action are described in terms of time. Therefore, the representation of time and reasoning about time is of crucial importance for many Artificial Intelligence systems. Specifically during the last 10 years, it has been attracting the attention of many AI researchers. In this survey, the results of this work are analysed. Firstly, Temporal Reasoning is defined. Then, the most important representational issues which determine a Temporal Reasoning approach are introduced: the logical form on which the approach is based, the ontology (the units taken as primitives, the temporal relations, the algorithms that have been developed,. . . ) and the concepts related with reasoning about action (the representation of change, causality, action,. . . ). For each issue the different choices in the literature are discussed. 1 Introduction The notion of time i...

Calculus (DC) which can specify real-time requirements of computing system. This paper investigates how real-time behaviour of programs can be described within this logical framework. In order to describe local variable declaration, quantifications over program variables are inevitable, and therefore a higherorder DC is established in the paper. This higher-order DC has a complete proof system, if we assume finite variability of program variables. Zhou Chaochen is the Director of UNU/IIST, on leave of absence from the Software Institute, the Chinese Academy of Sciences, where he is a Professor. Address: UNU/IIST, P.O. Box 3158, Macau. E-mail: zcc@iist.unu.edu Dimitar P. Guelev is a PhD student of logic at the Department of Mathematical Logic and its Applications, Faculty of Mathematics and Informatics, Sofia University. He was a fellow of UNU/IIST from March until August 1998. His scientific interests include modal logic, temporal logic and probabilistic logic. E-mail: gelevdp@fmi.uni-sofia.bg Zhan Naijun is a Fellow of UNU/IIST (July 1998 to August 1999), on leave from Institute of Software, Chinese Academy of Sciences, where he is a PhD student. Address: Institute of Software, P.O. Box 8718, Beijing, 100080, China. Email: znj@ox.ios.ac.cn Copyright c fl 1999 by UNU/IIST, Zhou Chaochen, Dimitar P. Guelev Contents i Contents 1

The paper uses left and right neighbourhoods as primitive interval modalities to define other unary and binary modalities of intervals in a first order logic with interval length. A complete first order logic for the neighbourhood modalities is presented. The paper demonstrates how the logic can support formal specification and verification of liveness and fairness, and also of various notions of real analysis. 1 Introduction Interval temporal logics, based on ITL [11], have shown to be useful for the specification and verification of safety properties of real-time systems. In these logics one can succinctly express properties like: "for all intervals of a given size, OE must hold", and "if OE holds for an interval, then there is a subinterval where / holds", and so on. However, these logics cannot express more abstract liveness properties like "eventually there is an interval where OE holds" and "OE will hold infinitely often in the future". The reason for this limitation is that the...

Abstract. This article extends and improves work on tableau-based decision methods for hybrid logic by Bolander and Braüner [5]. Their paper gives tableau-based decision procedures for basic hybrid logic (with unary modalities) and the basic logic extended with the global modality. All their proof procedures make use of loop-checks to ensure termination. Here we take a closer look at termination for hybrid tableaus. We cover both types of system used in hybrid logic: prefixed tableaus and internalised tableaus. We first treat prefixed tableaus. We prove a termination result for the basic language (with n-ary operators) that does not involve loop-checks. We then successively add the global modality and n-ary inverse modalities, show why various different types of loop-check are required in these cases, and then re-prove termination. Following this we consider internalised tableaus. At first sight, such systems seem to be more complex. However we define a internalised system which terminates without loop-checks. It is simpler than previously known internalised systems (all of which require loopchecks to terminate) and simpler than our prefix systems (no non-local side conditions on rules are required).

Timed RAISE Specification Language(TRSL) is an extension of RAISE Specification Language by adding time constructors for specifying real-time application. Duration Calculus(DC) is a real-time interval logic which can be used to specify and reason about timing and logical constraints on duration properties of Boolean states in a dynamic system. This paper gives a denotational semantics to a subset of TRSL expressions, using Duration Calculus extended with super-dense chop modality and notations to capture time point properties of piecewise continuous states of arbitrary types. Using this semantics, we present a proof rule for verifying TRSL iterative expressions and implement the rule to prove the satisfaction by a sample TRSL specification of its real-time requirements. Li Li is a Fellow of UNU/IIST, on leave of absence from University of Science and Technology of China, where he is a Ph.D student. E-mail: ll@iist.unu.edu. He Jifeng is a Senior Research Fellow of UNU/IIST, on leave o...

There is an increasing awareness of the need for the behavioural models suited for specifying and reasoning about both programs and digital devices. This report presents a specification language based on Interval Temporal Logic for the mixed hardware/software systems. The language is equipped with a novel parallel operator in support of integration of systems evolved at various time rate. Its mixed interval structure enables us to model both discrete time and continuous time systems. The framework provides a unifying means for presenting the main features of event-based hardware description languages and state-based programming languages. The paper gives a number of tests, known as healthiness conditions, which can be applied to specifications and intermediate designs to maintain their feasibility during the development process. We also provide an observation-oriented semantics to the core of the VERILOG Hardware Description Language, and formalise the temporal language TEMPURA in this...

: HOL is a public domain system for generating proofs in higher order predicate calculus. It has been in experimental and commercial use in several countries for a number of years. ELLA 2 is a hardware design language developed at the Royal Signals and Radar Establishment (RSRE) and marketed by Computer General Electronic Design. It supports simulation models at a variety of different abstraction levels. A preliminary methodology for reasoning about ELLA designs using HOL is described. Our approach is to semantically embed a subset of the ELLA language in higher order logic, and then to make this embedding convenient to use with parsers and pretty-printers. There are a number of semantic issues that may affect the ease of verification. We discuss some of these briefly. We also give a simple example to illustrate the methodology. 1 Presented at the International Workshop on Formal Methods in VLSI Design, Miami, January 1991. 2 ELLA is a registered trademark of the Secretary of St...