## Proving Entailment Between Conceptual State Specifications (Extended Abstract) (1988)

Venue: | THEORETICAL COMPUTER SCIENCE |

Citations: | 15 - 0 self |

### BibTeX

@ARTICLE{Stark88provingentailment,

author = {Eugene W. Stark},

title = {Proving Entailment Between Conceptual State Specifications (Extended Abstract)},

journal = {THEORETICAL COMPUTER SCIENCE},

year = {1988},

volume = {56}

}

### Years of Citing Articles

### OpenURL

### Abstract

The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, high-level temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal specification language is by introducing conceptual state variables, which are auxiliary (unimplemented) variables whose values serve as an abstract representation of the internal state of the process being specified. The kind of specifications resulting from the latter approach are called conceptual state specifications. This paper considers a central problem in reasoning about conceptual state specifications: the problem of proving entailment between specifications. A technique, based on the notion of simulation between machines, is shown to be sound for proving entailment. A kind of completeness result can also be shown, if specifications are assumed to satisf...

### Citations

1202 |
The temporal logic of programs
- Pnueli
- 1977
(Show Context)
Citation Context ... first-order temporal logic T (V ), whose sentences are interpreted as properties of V - histories. The language T (V ) is syntactically similar to other linear-time temporal logics ([Lam80], [MP83], =-=[Pnu77]), contain-=-ing the temporal operators 2 (henceforth) and 3 (eventually). However, we do not permit the use of the next state operator fl, since the notion of the "next" state is (by design) meaningless... |

413 |
Proof of correctness of data representations
- Hoare
- 1972
(Show Context)
Citation Context ...standard representation function, abstraction function, or interpretationstechniques for proving an implementation relationship between an abstract data type and its concrete representation ([GHM78], =-=[Hoa72]-=-, [Jon81]) If an abstract data type is viewed as a process, whose communications correspond to invocations of operations of the data type, then standard techniques are capable of proving only safety o... |

198 |
Temporal logic can be more expressive
- Wolper
- 1983
(Show Context)
Citation Context ...ower. This lack of expressive power can be compensated to a certain extent by the introduction of a number of powerful temporal operators such as until, chop or combine, and iterated combine ([BK84], =-=[Wol81]-=-). However, these operators do not permit ones intuitive understanding of the desired process behavior to be formalized in the most direct and natural way, and also make reasoning about the resulting ... |

193 |
Specifying concurrent program modules
- Lamport
- 1983
(Show Context)
Citation Context ... 1 A specification describes a process by stating properties that are required to hold of all histories that can be produced by that process. As has been shown by a number of authors ([BK83], [BK84], =-=[Lam83]-=-, [HO80], [SM81]), such process specifications can be expressed as sentences in linear-time temporal logic. One of the difficulties with temporal logic as a specification language is that, at least in... |

141 |
Proving liveness properties of concurrent programs
- Owicki, Lamport
- 1982
(Show Context)
Citation Context ...by the simulation relation ae, also has the property that its M 0 -part satisfies the specification of a FIFO buffer. This proof can be performed by the proof lattice techniques of Owicki and Lamport =-=[OL82]-=-. We omit the details. 10 7 A Completeness Result The sufficient conditions given by the Entailment Theorem for proving an entailment are not necessary in general. However, if we assume the specificat... |

93 |
Development methods for computer programs including a notion of interference
- Jones
- 1981
(Show Context)
Citation Context ...representation function, abstraction function, or interpretationstechniques for proving an implementation relationship between an abstract data type and its concrete representation ([GHM78], [Hoa72], =-=[Jon81]-=-) If an abstract data type is viewed as a process, whose communications correspond to invocations of operations of the data type, then standard techniques are capable of proving only safety or invaria... |

60 |
Abstract Data Types and Software Validation
- Guttag, Horowitz, et al.
- 1978
(Show Context)
Citation Context ...n of the standard representation function, abstraction function, or interpretationstechniques for proving an implementation relationship between an abstract data type and its concrete representation (=-=[GHM78]-=-, [Hoa72], [Jon81]) If an abstract data type is viewed as a process, whose communications correspond to invocations of operations of the data type, then standard techniques are capable of proving only... |

42 |
Verification of concurrent programs: A temporal proof system
- Manna, Pnueli
- 1983
(Show Context)
Citation Context ...sponding first-order temporal logic T (V ), whose sentences are interpreted as properties of V - histories. The language T (V ) is syntactically similar to other linear-time temporal logics ([Lam80], =-=[MP83], [Pnu77])-=-, containing the temporal operators 2 (henceforth) and 3 (eventually). However, we do not permit the use of the next state operator fl, since the notion of the "next" state is (by design) me... |

34 |
Sometime" is sometimes "not never": on the temporal logic of programs
- Lamport
- 1980
(Show Context)
Citation Context ... a corresponding first-order temporal logic T (V ), whose sentences are interpreted 7 as properties of V -histories. The language T (V ) is syntactically similar to other linear-time temporal logics (=-=[Lam80], [MP83], -=-[Pnu77]), containing the temporal operators 2 (henceforth) and 3 (eventually). However, we do not permit the use of the next state operator fl, since the notion of the "next" state is (by de... |

31 |
Sometime” Is Sometimes “Not Never
- Lamport
- 1980
(Show Context)
Citation Context ..., a corresponding first-order temporal logic T (V ), whose sentences are interpreted as properties of V - histories. The language T (V ) is syntactically similar to other linear-time temporal logics (=-=[Lam80], [MP83], -=-[Pnu77]), containing the temporal operators 2 (henceforth) and 3 (eventually). However, we do not permit the use of the next state operator fl, since the notion of the "next" state is (by de... |

23 |
Concurrency control for resilient nested transactions
- Lynch
- 1986
(Show Context)
Citation Context ...ng only safety or invariance properties. In contrast, our technique permits both safety properties and liveness or eventuality properties to be proved. The technique used by Goree and Lynch ([Gor81], =-=[Lyn83]-=-) in a hierarchical proof of invariance properties of a concurrency control algorithm can also be viewed as a special case of the technique presented here. The results of this paper are a reformulatio... |

13 | Foundations of a theory of specification for distributed systems
- STARK
- 1984
(Show Context)
Citation Context ...f a concurrency control algorithm can also be viewed as a special case of the technique presented here. The results of this paper are a reformulation of results reported in the author's Ph.D. thesis (=-=[Sta84]-=-). In that document, a number of processes are specified using the conceptual state technique, and several correctness proofs are performed using the technique described here. Experience with these ex... |

11 |
Verifying Temporal Properties without using Temporal Logic
- Alpern, Schneider
- 1985
(Show Context)
Citation Context ...ect to M 0 seems at least as problematic. Perhaps, though, by imposing suitable restrictions on the temporal specification language, a result along these lines could be obtained. Alpern and Schneider =-=[AS85] have obta-=-ined similar completeness results in a setup where temporal properties are specified as "property recognizers," which are similar to Buchi automata. 8 Summary We have introduced the notion o... |

10 |
Temporal logic specification of distributed systems
- Schwartz, Melliar-Smith
- 1981
(Show Context)
Citation Context ...n describes a process by stating properties that are required to hold of all histories that can be produced by that process. As has been shown by a number of authors ([BK83], [BK84], [Lam83], [HO80], =-=[SM81]-=-), such process specifications can be expressed as sentences in linear-time temporal logic. One of the difficulties with temporal logic as a specification language is that, at least in the most basic ... |

9 |
Verifying network protocols using temporal logic
- Hailpern, Owicki
- 1980
(Show Context)
Citation Context ...ification describes a process by stating properties that are required to hold of all histories that can be produced by that process. As has been shown by a number of authors ([BK83], [BK84], [Lam83], =-=[HO80]-=-, [SM81]), such process specifications can be expressed as sentences in linear-time temporal logic. One of the difficulties with temporal logic as a specification language is that, at least in the mos... |

7 |
Now you may Compose Temporal Specifications
- Barringer, Kuiper, et al.
- 1984
(Show Context)
Citation Context ...cutions. 1 A specification describes a process by stating properties that are required to hold of all histories that can be produced by that process. As has been shown by a number of authors ([BK83], =-=[BK84]-=-, [Lam83], [HO80], [SM81]), such process specifications can be expressed as sentences in linear-time temporal logic. One of the difficulties with temporal logic as a specification language is that, at... |

7 |
Internal Consistency of a Distributed Transaction System With Orphan Detection," MS Thesis, Technical lieport MIT/LCS/TR-286, Mrr Laboratory for Computer Science
- Goree
- 1983
(Show Context)
Citation Context ... of proving only safety or invariance properties. In contrast, our technique permits both safety properties and liveness or eventuality properties to be proved. The technique used by Goree and Lynch (=-=[Gor81]-=-, [Lyn83]) in a hierarchical proof of invariance properties of a concurrency control algorithm can also be viewed as a special case of the technique presented here. The results of this paper are a ref... |

4 |
Specification and Verification Techniques for Parallel Programs Based on Message Passing Semantics," MIT/LCS/TR-191
- Yonezawa
- 1977
(Show Context)
Citation Context ...used to summarize the past history of module behavior. The basic idea of conceptual state specifications is not new, having been proposed previously in various forms by a number of authors. Yonezawa (=-=[Yon77]) describe-=-s a specification method that uses "conceptual representations," to specify behaviors in the actor model of computation. The history variables of Hailpern and Owicki ([HO80]) can be viewed a... |

3 |
A Temporal Logic Specification Method Supporting Hierarchical Development
- Barringer, Kuiper
- 1983
(Show Context)
Citation Context ... its executions. 1 A specification describes a process by stating properties that are required to hold of all histories that can be produced by that process. As has been shown by a number of authors (=-=[BK83]-=-, [BK84], [Lam83], [HO80], [SM81]), such process specifications can be expressed as sentences in linear-time temporal logic. One of the difficulties with temporal logic as a specification language is ... |