## Temporal Proof Methodologies for Real-time Systems (1991)

Venue: | In Proceedings of the 18th Annual Symposium on Principles of Programming Languages |

Citations: | 63 - 11 self |

### BibTeX

@INPROCEEDINGS{Henzinger91temporalproof,

author = {Thomas A. Henzinger and Zohar Manna and Amir Pnueli},

title = {Temporal Proof Methodologies for Real-time Systems},

booktitle = {In Proceedings of the 18th Annual Symposium on Principles of Programming Languages},

year = {1991},

pages = {353--366},

publisher = {ACM Press}

}

### OpenURL

### Abstract

. We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with real-time properties of concurrent and reactive systems. A global, discrete, and asynchronous clock is incorporated into the model by defining the abstract notion of a real-time transition system as a conservative extension of traditional transition systems: qualitative fairness requirements are replaced (and superseded) by quantitative lower-bound and upperbound real-time requirements for transitions. We show how to model real-time systems that communicate either through shared variables or by message passing, and how to represent the important real-time constructs of priorities (interrupts), scheduling, and timeouts in this framework. Two styles for the specification of real-time properties are presented. The first style uses bounded versions of the temporal operators; the real-time requirements expressed in this style are classified ...

### Citations

201 | Real-Time Logics: Complexity and Expressiveness
- Alur, Henzinger
- 1993
(Show Context)
Citation Context ...roach to the specification of timing properties has been advocated first in [KVdR83] and [Ko89], where the language is called MTL; it is analyzed for its complexity and expressiveness in [EMSS89] and =-=[AH90]-=-. An alternative approach to the specification of timing constraints of reactive systems introduces no new temporal operators but interprets one of the nonrigid state variables (we use the variable t)... |

141 |
Proving liveness properties of concurrent programs
- Owicki, Lamport
- 1982
(Show Context)
Citation Context ...e against the complexity of the state invariants: the hidden-clock approach relies on complex proof structures similar to the proof lattices used to establish ordinary (timeless) liveness properties (=-=[OL82]-=-, [MP89]), and uses relatively simple invariants; the explicit-clock method employs only the simple unless rule --- a (timeless)ssafety rule ---, but requires powerful intermediate assertions. 6 Compl... |

103 |
Temporal Logic of Real-Time Systems
- Ostroff
- 1990
(Show Context)
Citation Context ... to express timing properties are presented in [PdR82], [Ro84], and in [Ha88], [PH88], where it is referred to as GCTL. A more systematic exposition of this logic and its applications can be found in =-=[Os90]-=-, where it is called RTTL. To compare the two approaches, consider the requirement of a timed response of q to p within at most 3 time units. In the bounded-operator approach, this requirement is spec... |

87 |
Specifying message passing and time-critical systems with temporal logic, LNCS 651
- Koymans
- 1992
(Show Context)
Citation Context ...und on when it will happen, the formula 33 q predicts an occurrence of q within 3 time units from now. This approach to the specification of timing properties has been advocated first in [KVdR83] and =-=[Ko89]-=-, where the language is called MTL; it is analyzed for its complexity and expressiveness in [EMSS89] and [AH90]. An alternative approach to the specification of timing constraints of reactive systems ... |

74 | Completing the temporal picture
- Manna, Pnueli
- 1989
(Show Context)
Citation Context ...- a (timeless)ssafety rule ---, but requires powerful intermediate assertions. 6 Completeness The unless rule is known to be complete, relative to state reasoning, for establishing unless properties (=-=[MP89b]-=-). It follows immediately that explicit-clock reasoning is relative complete for showing boundedinvariance as well as bounded-response properties. As for bounded-operator reasoning, we first observe t... |

39 |
Applications of Temporal Logic to the Specification of Real Time Systems
- Pnueli, Harel
- 1988
(Show Context)
Citation Context ...approach, because the only new element is the ability to refer explicitly to the clock. Scattered examples of this method to express timing properties are presented in [PdR82], [Ro84], and in [Ha88], =-=[PH88]-=-, where it is referred to as GCTL. A more systematic exposition of this logic and its applications can be found in [Os90], where it is called RTTL. To compare the two approaches, consider the requirem... |

29 |
Real-Time Programming and Asynchronous Message Passing
- Koymans, Vytopil, et al.
- 1983
(Show Context)
Citation Context ...ts no time bound on when it will happen, the formula 33 q predicts an occurrence of q within 3 time units from now. This approach to the specification of timing properties has been advocated first in =-=[KVdR83]-=- and [Ko89], where the language is called MTL; it is analyzed for its complexity and expressiveness in [EMSS89] and [AH90]. An alternative approach to the specification of timing constraints of reacti... |

12 | An Interleaving Model for Real Time
- Henzinger, Manna, et al.
- 1990
(Show Context)
Citation Context ... rules for either class, is shown to be (relative) complete. In our model, we assume a global, discrete, and asynchronous clock, whose actions (clock ticks) are interleaved with other system actions (=-=[HMP90]-=-). In some other work aimed at the formal analysis of real-time systems, it has been claimed that while this interleavingsmodel of computation may be adequate for the qualitative analysis of reactive ... |

7 |
Temporal analysis of real-time systems
- Harel
- 1988
(Show Context)
Citation Context ...t-clock approach, because the only new element is the ability to refer explicitly to the clock. Scattered examples of this method to express timing properties are presented in [PdR82], [Ro84], and in =-=[Ha88]-=-, [PH88], where it is referred to as GCTL. A more systematic exposition of this logic and its applications can be found in [Os90], where it is called RTTL. To compare the two approaches, consider the ... |

5 | The anchored version of the temporal framework," Linear Time, Branching Time - Manna, Pnueli - 1989 |

4 |
Rendez-vous with ADA: A Proof-Theoretical View
- Pnueli, Roever
- 1982
(Show Context)
Citation Context ... approach as the explicit-clock approach, because the only new element is the ability to refer explicitly to the clock. Scattered examples of this method to express timing properties are presented in =-=[PdR82]-=-, [Ro84], and in [Ha88], [PH88], where it is referred to as GCTL. A more systematic exposition of this logic and its applications can be found in [Os90], where it is called RTTL. To compare the two ap... |

1 |
Quantitative temporal reasoning, " Automatic Verification of Finite-state Systems
- Emerson, Mok, et al.
- 1989
(Show Context)
Citation Context ...now. This approach to the specification of timing properties has been advocated first in [KVdR83] and [Ko89], where the language is called MTL; it is analyzed for its complexity and expressiveness in =-=[EMSS89]-=- and [AH90]. An alternative approach to the specification of timing constraints of reactive systems introduces no new temporal operators but interprets one of the nonrigid state variables (we use the ... |

1 |
Temporal Verification of Communication
- Ron
- 1984
(Show Context)
Citation Context ... as the explicit-clock approach, because the only new element is the ability to refer explicitly to the clock. Scattered examples of this method to express timing properties are presented in [PdR82], =-=[Ro84]-=-, and in [Ha88], [PH88], where it is referred to as GCTL. A more systematic exposition of this logic and its applications can be found in [Os90], where it is called RTTL. To compare the two approaches... |