L. Lamport. Proving possibility properties. Theoretical Computer Science, 206(1--2):341--352, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....does not diverge. This requirement is true. The other general requirements mentioned in Chapter 10 we verified to be true as well. Next, we verify as third requirement whether in WA I T 6 it is possible to reach Custodian carries out decision. This is a kind of sanity check on the model [115]. R3) AG (in(WA I T 6) EF in(Custodian carries out decision) Receive offical report and report of seizure Decide upon follow up action remind public prosecutor WAIT 1 after(1) WAIT 2 complaint arrives after(2) WAIT 3 Cassation procedure cassation request arrives ....

....( what can happen ) not about necessities ( what will happen ) For reactive systems, including workflow systems, possibility properties are not really interesting, unless as a sanity check on the model that certain nodes and hyperedges are indeed reachable. This agrees with the view of Lamport [115]. Third, temporal logic properties and activity diagrams are complementary, not substitutes for one each other. Some constructs are more easily modelled by a property, others more easily by an activity diagram. For example, the requirement that some activities A and B should always be done ....

L. Lamport. Proving possibility properties. Theoretical Computer Science, 206(1--2):341--352, 1998.

....be enabled (by following a certain sequence of interal actions) yet the action cannot be 8 guaranteed to be executed through the use of strong fairness (or progression) Thus, we discovered the need to define the concept of possible fairness. Lamport has also considered the notion of possibility[20] but our approach, we believe, is much simpler with respect to the development of fair objects. Definition: May Pi may lead to P [ May Pi (P ) oe) Delta = Pi] oe) 9ae oe : 9 : Pi] ae Delta ) P ] Definition: Always possible Pi is always possible in Pi ....

L. Lamport. Proving possibility properties. Technical report-web tla, December, 18th july 1995.

....enabled (by following a certain sequence of interal actions) yet the action cannot be guaranteed to be executed through the use of strong fairness or progression (see system4, below) In such cases, we require the notion of possible fairness. Lamport has also considered the notion of possibility[23] but our approach, we believe, is much simpler with respect to the development of fair objects. Definition 5. May System Pi may lead to P [ May Pi (P ) oe) Delta = Pi] oe) 9ae oe : 9 : Pi] ae Delta ) 3P ] Definition 6. Always possible P is always ....

Lamport, L.: Proving Possibility Properties. DEC technical report (1995).

....during the verification of the client correctness criteria. 4.5 Explicit Properties and Hypothesis Revisited The explicit properties are expressed using the temporal logic presented in section 4.2. They should be safety or fairness properties or complex compositions of such properties (see [Lamport 95] A safety property states that something bad will never occur while a fairness property states that something good will finally occur. The properties are not related to the states of the components. They are related to the occurrences of transitions and mainly occurrences of interface ....

....it assumes on its environment. It remains to verify whether the consequences on the environment is ensured or not. Actually components have proof obligations enforced by their environment. Proof Obligations from the Environment Here we distinguish safety properties (2:P ) from the others (see [Lamport 95] For safety properties, it is sufficient to prove them locally on the concerned component. It is the case for ( cl Gammahon ) and ( srv Gammahon ) Actually, it is sufficient that the concerned component ensures that the bad happening does not occur. If such a property is true, its language is ....

Lamport L., "Proving Possibility Properties", Research Report, Systems Research Center, 130 Lytton Avenume, Paolo Alto, California 94301, July 1995.

....including well founded induction on the number of trains that appear in the P interval and may prevent the clock from progressing beyond t ffl. The full details are beyond the page limit of this paper and will be reported elsewhere. 4 A different approach to proving non Zenoness is reported in [Lam95] T = t gate 2 fdown; goingDowng 8i : 1: N ] trains[i] 6= I T t gate 2 fdown; goingDowng 9i : 1: N ] trains[i] P schedTime[i] u1 T t gate = goingUp lastUp t gammaUp T t gate 2 fdown; goingDowng 9i : 1: N ] trains[i] P schedTime[i] u2 raise tick enterI enterI ....

L. Lamport. Proving possibility properties. Technical Report 137, Digital Equipment Corporation, Systems Research Center, July 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC