Manna, Z., Pnueli,A.: Proving Precedence Properties: The Temporal Way, Technical Report CS84-04, The Weizmann Institute, Rehovot, Israel, February 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... Assuming we employ reduction with respect to a divergence preserving behavioural equivalence to analyze a concurrent system, how can we analyze adequately the liveness (progress) properties of the system Related work to our developments in Section 3 has been done by model checking researchers ([MaPn84], LiPn84] MaPn95] We are also aware of two published approaches ( VaSe96] Gian99] to study liveness properties of systems by inspecting systems minimized with respect to some behavioural equivalences. In the following, after introducing some notation and a novel version of a divergence ....

Manna, Z., Pnueli,A.: Proving Precedence Properties: The Temporal Way, Technical Report CS84-04, The Weizmann Institute, Rehovot, Israel, February 1984.

....logic that enables one to describe how a situation changes over time [RU71] Hence, it is appropriate for reasoning about concurrent programs. Since 1977, there has been significant progress in the development of techniques and methodologies for proving temporal properties of concurrent programs [HO83, MP81, MP83a, MP83b, MP84, OL82, Pn81]. The developed methods reduce program correctness to truth of sentences in first order temporal logic. Thus, these methods require temporal reasoning, and do not provide a reduction of a proof of a temporal property A preliminary version of this paper appeared in Proc. 2nd IEEE Symp. on Logic in ....

....in the underlying assertion languages. This should be contrasted with proof systems for sequential programs, one of whose main features is precisely such a reduction (cf. Ap81,Ap84] We call this proof by reduction. For some isolated classes of properties such reductions have been found [MP83b,MP84], but the general case remained open. A concurrent development is the development of proof techniques for finite state programs. It was already shown by Pnueli [Pn77] that verifying arbitrary temporal properties of finite state programs is decidable. More efficient algorithms were developed in ....

[Article contains additional citation context not shown here]

Manna, Z., Pnueli, A.: Proving precedence properties: The temporal way. Proc. 10 Int'l Colloq. on Automata Languages and Programming, LNCS 154 , Springer Verlag, 1983, pp. 491--512.

.... Hen91a, Lam91] For example, the bounded response property (y) that was expressed by a liveness like bounded operator formula (employing a time bounded version of the liveness operator 3) can alternatively be specified by an explicit clock formula that uses the safety operator U (unless ; cf. [MP83]) 8x: 2( p T = x) T x 3) U q) This formula asserts that if a stimulus p happens at time x, then from this point on the time will not reach x 3 either forever (which is impossible because time must progress) or until the response q happens. Consequently, q must occur within at most ....

Z. Manna and A. Pnueli. Proving precedence properties: the temporal way. In J. Diaz, editor, ICALP 83: Automata, Languages, and Programming, Lecture Notes in Computer Science 154, pages 491--512. Springer-Verlag, 1983.

....contains only unbounded unless operators (i.e. U0 ) it suffices to show that OE is true over all run fragments of the untimed transition system S Gamma that underlies S. This can be achieved with the help of any conventional timeless proof system (for instance, the proof system given in [MP83] For example, to derive the lower bound 3 on the termination of our example P , we show the untimed formula ready ( at U at 0 U at 1 ) at U at 0 U at 2 ) y) nested unless operators associate to the right) Step 2 To add time bounds to this disjunction of nested unless ....

.... of a real time property OE (over V ) we establish instead the S validity of the untimed safety formula OE (over V ) To show the unbounded unless formulas that result from translating bounded invariance and bounded response properties, a single timeless unless rule suffices ( MP83] UNLESS p f g T f rg q p q U r We point out that all three premises of the unless rule are state formulas over the augmented set V of variables; their S validity typically is shown by proving them generally valid. The state formula is called the invariant of the rule, ....

[Article contains additional citation context not shown here]

Z. Manna and A. Pnueli. Proving precedence properties: the temporal way. In J. Diaz, editor, ICALP 83: Automata, Languages, and Programming, Lecture Notes in Computer Science 154, pages 491--512. Springer-Verlag, 1983.

....occurrence of q. The formula 0 (p ( r)W q) using the Unless operator W (a weak version of the Until operator U ) expresses a (continuous) precedence property, ensuring that from any occurrence of p, the first following occurrence of r (if any) must be preceded by an occurrence of q (see [MP83b] for applications of such formulae) The formula 0 1 p 0 1 q expresses a strong fairness property, ensuring that if there are infinitely many p 0 s then there are also infinitely many q 0 s. This property can represent a strong fairness requirement, which states that if a certain ....

Z. Manna and A. Pnueli, Proving precedence properties: the temporal way, Proc. 10th Int. Colloq. Aut. Lang. Prog., Lec. Notes in Comp. Sci. 154, Springer, 1983, pp. 491--512.

.... 1) for program any y from the previously established x = 0 = x = 0) W (x = 1) using the state validities at Gamma m 0 x = 0 x = 0 x = 0 x 1 The combination of rules wait and w mon is complete for proving the P validity of any waiting for formula p = W q for assertions p, and q [MP83]. Case Splitting It often happens that the assertion appearing in rule wait naturally splits into a disjunction: i2M i where M is some finite index range, e.g. M = f1; mg. In this case, it may be easier to prove premises W1 and W2 of the rule in the form: W1. p q i ....

Z. Manna and A. Pnueli. Proving precedence properties: The temporal way. In Proc. 10th Int. Colloq. Aut. Lang. Prog., volume 154 of Lect. Notes in Comp. Sci., pages 491--512. Springer-Verlag, 1983.

.... of properties in [MP89a] the response properties defined here are a special case of the responsiveness class defined there (which allows p and q to be past formulae rather than assertions) The class of precedence properties and proof rules associated with it have been introduced first in [MP83]. We refer the reader to [MP89b] for a top down approach, which attempts to present the most general proof rules that cover as many properties as possible. Here, however, we take the opposite approach of presenting rules that are closely tailored for the restricted classes that are most frequently ....

....section. Note that the interval of P [v] being critical can also be empty. This is why we say at most once. Note that this property does not guarantee that P [u] will eventually get to the critical section, because any of the preceding intervals may extend to the end of the computation. In [MP83] this property is called 1 bounded overtaking. First let us consider two rules that characterize some of the basic properties of the precedence operator. MON (Monotonicity) p= q 0 U . Uq r Gamma1 Uq r p p; q 0 q 0 ; q r q r p= q 0 U . U q r Gamma1 U q r This rule ....

Z. Manna and A. Pnueli, Proving precedence properties: The temporal way, Proc. 10th Int. Colloq. Aut. Lang. Prog., Lec. Notes in Comp. Sci. 154, Springer, 1983, pp. 491--512.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC