Nguyen, V., D. Cries, S. Owicki. A model and temporal proof system for networks of processes. Proc. of the 12th A CM Symposium on Principles of Programming Languages, New Orleans, Jan. 1985, 121-131.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....along with invariance and well foundedness. What is new in this paper is a systematic method for reducing a temporal property to non temporal proof obligations. Other investigations into decomposing temporal properties include [Barringer et al. 84] Gerth 84] Jones 83] Misra et al. 82] Nguyen et al. 85] and [Stark 84] Most of that work is concerned with decomposing various classes of global temporal properties of a system into local properties of the system components, resulting in so called compositional proof systems. The work in [Gerth 84] is most similar to ours in that temporal ....

Nguyen, V., D. Cries, S. Owicki. A model and temporal proof system for networks of processes. Proc. of the 12th A CM Symposium on Principles of Programming Languages, New Orleans, Jan. 1985, 121-131.

....and Pnueli in [25] advocate using temporal logic along with invariance and well foundedness. What s new in this paper is a systematic method for reducing a temporal property to nontemporal proof obligations. Other investigations into decomposing temporal properties include [3] 10] 12] 27] [28], and [33] Most of that work is concerned with decomposing various classes of global temporal properties of a system into local properties of the system components, resulting in so called compositional proof systems. The work in [10] is most similar to ours in that temporal properties are ....

NGUYEN, V., GRIES, D., AND OWICKI, S. A model and temporal proof system for networks of processes. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages (New Orleans, La., Jan.

....with specialized requirements. One important question raised by this research is the meaning of correctness in the context of rapidly changing data. The classical transaction model is clearly inappropriate. Possible approaches that we have considered include modular verification [Hailpern 80, Nguyen 85] selfstabilizing systems [Dijkstra 74, Kessels 88] and common knowledge [Halpern 84] Using the modular verification technique, the PROFIT programmer would define a set of invariants (defining safety properties) and commitments (defining liveness properties) for each facet. Invariants would be ....

Van Nguyen, David Gries and Susan Owicki. A Model and Temporal Proof System for Networks of Processes. In 12th ACM Symposium on Principles of Programming Languages, pages 121-131. New Orleans LA, January, 1985.

....about composition of migration and reachability snapshot services. 1.3 Other Related Work A number of language independent formalisms have been developed for specifying and reasoning about concurrent systems. These include formalisms based on temporal logic [21, 18, 19] behavior histories [22], and I O automata [20] These formalisms provide a general framework for specifying safety and liveness properties and a means of organizing proofs. They have been used to specify and verify a variety of protocols. One difficulty with existing formalisms is that components are not represented as ....

V. Nguyen, D. Demers, A.and Gries, and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing, 1:7--25, 1986.

....system level services, and their interactions in a common framework. 1.1 Other Related Work A number of language independent formalisms have been developed for specifying and reasoning about concurrent systems. These include formalisms based on temporal logic [28, 24, 25] behavior histories [34], and I O automata [27] These formalisms provide a general framework for specifying safety and liveness properties and a means of organizing proofs. They have been used to specify and verify a variety of protocols. One difficulty with existing formalisms is that components are not represented as ....

V. Nguyen, D. Demers, A.and Gries, and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing, 1:7--25, 1986.

....HP Information Utility [80] 2. 6 Formal Reasoning about Distributed Systems A number of formalisms have been developed for specifying and reasoning about concurrent systems [1, 30, 112, 113] These include language independent formalisms based on temporal logic [108, 96, 98] behavior histories [122], and I O automata [105] These formalisms provide a general framework for specifying safety and liveness properties and a means of organizing proofs. The Unity language [39] is a notation for describing systems. The focus of this work has been the development of methods for program specification ....

....system level services, and their interactions in a common framework. 4.1.1 Other Related Work A number of language independent formalisms have been developed for specifying and reasoning about concurrent systems. These include formalisms based on temporal logic [108, 96, 97] behavior histories [122], and I O automata [105] These formalisms provide a general framework for specifying safety and liveness properties and a means of organizing proofs. They have been used to specify and verify a variety of protocols. One difficulty with existing formalisms is that components are not represented as ....

V. Nguyen, D. Demers, A.and Gries, and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing, 1:7--25, 1986.

....first example exhibits behavior like that of the classic Brock Ackerman [2] example and we show in section 4 how the CT based approach can, when strengthened with axioms such as those proposed by Widom et al. [9] deal with it. The original Brock Ackerman example and even the simplified version in [5] are rather involved. Our example is simpler but illustrates the same point. Our second example is new to this paper and we show in section 4 why general axioms such as those of [9] are inadequate to deal with the problem illustrated by this example. This seems to contradict the results of [9] ....

....at all. They also go on to show that there is no way to express these axioms without using temporal operators and Widom [8] analyses in depth exactly how much of temporal notations are needed to express these axioms (the point being that if we simply allow all the power of temporal logic (as do [5]) we would lose the simplicity of the CT based approach and such a system would be even more complex than the PTbased system) For our purposes though, it is not necessary to look at the precise formal expressions of these axioms. All we need is to note that using these axioms we can formalize ....

V. Nguyen, A. Demers, D. Gries, S. Owicki, A model and temporal proof system for networks of processes, Distributed Computing, 1, 1986.

....reasoning for those segments. That explains our preference, formulated above, for a two predicate specification statement. 11] 35] and [24] provide compositional trace models that handle only safety properties. 33] and [29] extend those techniques to establish liveness properties, whilst [28] and [4] use temporal logic to capture liveness. In each case the result is expressive but unnecessarily complex for our purposes. 14] and [10] provide predicate models which handle both safety and liveness using failures and ready sets, respectively. However they support a singlepredicate ....

Van Nguyen, A. Demers, D. Gries and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing 1, 7-25, 1986.

....order) Martin Lof type theory, modal and temporal logics, to name a few. Logics inspired by programming languages include the Boyer Moore logic [8, 10] and LCF [55] for reasoning about recursively defined functions, dynamic logic [30] process logics [48] and various logics for concurrency [54, 14]. The latter typically contain a first order language for reasoning about static data and temporal operators for reasoning about the dynamic aspects. The models are abstract computations. A variety of maps between general logics have been studied. In general these maps preserve the basic structure ....

V. Nguyen, D. Demers, A.and Gries, and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing, 1:7--25, 1986.

....properly handle decomposition, we need a compositional proof system, in which the temporal properties of a composite process can be deduced from the properties of its components. We refer the reader to [dRZ87] for discussion of some of the requisites from such a system, and to a sequence of works [BKP84, NGO85, WGS87, Zwi88], which attempt to construct such a compositional proof system. As can be seen from the short account of the main elements, of which the temporal methodology consists, some of them are in a more advanced stage of development, and are better understood than the others. However, there seems to be an ....

V. Nguyen, D. Gries, and S. Owicki, A model and temporal proof system for network of processes, Proc. 12th ACM Symp. Princ. of Prog. Lang., 1985, pp. 121--131.

....the effort into smaller subtasks and are therefore more conducive to dealing with very large programs. In response to this criticism, there have been several suggestions for a compositional approach to the temporal analysis of reactive programs. Representatives of these suggestions are [BKP84] [NGO85], and [AL90] In fact, this paper can be described as a direct descendant and elaboration of the approach presented in [BKP84] and some of its extensions discussed in [BKP85] However, there are some differences between these two proposals for a compositional approach to temporal reasoning. The ....

....of the complete system. Thus, the proof methodology we propose can be described as a two level system. On the intra module level we use global reasoning, while on the inter module level we use compositional approaches. This two level approach is not new. One can view the system proposed in [NGO85] as being a two level system. Typical to data flow networks, a system consists of several nodes with communicating channels. The specification of each individual node is derived and developed by other means, sometimes not even specified in the description of the system. The compositional part only ....

V. Nguyen, D. Gries, and S. Owicki. A model and temporal proof system for network of processes. In Proc. 12th ACM Symp. Princ. of Prog. Lang., pages 121--131, 1985.

....real time reactivity. The literature on the applicability of temporal logic to specification and verification is prolific. Temporal logic has been applied to specifying and verifying concurrency [19, 20, 21, 22, 23, 24, 25, 26] program correctness [27, 28, 29, 30, 31] communication based systems [32, 33, 34, 35], parallel programs [36, 37] real time systems [38, 39, 40] and also applied to automata state machines [35, 41, 42] The application of temporal logic to reactive systems has been studied by Pnueli [2] On the combination of two specification methods, there exist a few schemes for concurrency ....

V. Nguyen, D. Gries and S. Owicki, "A model and temporal proof system for network of processes", 12th ACM Symp. Principles of Programming Languages, pp. 121-131, 1985.

.... , how does one prove or disprove that the proposed program P meets its specification, i.e. that all computations of P satisfy the temporal formula Several approaches to the formal verification of temporal properties of reactive programs have been proposed over the years, for example, HO83] [NGO85], OL82] AS89] Lam91] Our own efforts evolved from [MP83] through [MP84] to a proof system that is summarized in [MP91a] and in a forthcoming book [MP94] Verification of temporal properties of reactive programs is not significantly more complex than verification of state properties, such as ....

V. Nguyen, D. Gries, and S. Owicki. A model and temporal proof system for network of processes. In Proc. 12th ACM Symp. Princ. of Prog. Lang., pages 121--131, 1985.

....transmitted along the communication channels of the network. Trace based proof systems are defined in [CH81, Ho81, Ho85, MC81] but unfortunately they exhibit incompleteness [BA81, Ng85] Simple trace logics are modified to increase expressiveness in [Jo85, Pt82] and to obtain completeness in [BA81, HH83, NDGO86, ZRE84]. The modifications tend to be extensive and cumbersome; the simplicity of the underlying logic is lost. This paper explores incompleteness in simple trace based proof systems and identifies two extensions that are necessary and sufficient for achieving relative completeness. The first source of ....

....any shared channels because in A iSi, all c s (say) refer to the same channel trace. In addition, we have the following inference rule: 3.3. 2] Consequence Rule: N sat SI, SI S2 These two inference rules, or variants thereof, underlie all trace based proof systems we know of, including [CH81, Ho85, MC81, NDGO86]. 4. INCOMPLETENESS OF SIMPLE TRACE LOGIC Specification S is valid for a process or network PN if every execution of PN (up to any point in time) yields channel traces that satisfy S. We would like STL to be sound i.e. if we use STL to prove N sat S, then indeed S is valid for network N. A ....

[Article contains additional citation context not shown here]

V. Nguyen, A. Demers, D. Gries, and S. Owicki. A model and temporal proof system for networks of processes. Distributed Computing I (January 1986}, 7-25.

No context found.

V. Nguyen, A.Demers, D.Gries, S.Owicki, A model and temporal proof system for networks of processes, Distributed Computing, 1, 1986.

No context found.

Nguyen, V., Demers, A., Owicki, S., and Gries, D., A Model and Temporal Proof System for Networks of Processes, Distr. Computing, vol. 1, no. 1, pp 7-25, 1986

No context found.

V. Nguyen, D. Gries, S. Owicki, A Model and Temporal Proof System for Networks of Processes. 12th POPL 1985.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC