: The paper shows that characterizing the causal relationship between significant events is an important but non-trivial aspect for understanding the behavior of distributed programs. An introduction to the notion of causality and its relation to logical time is given; some fundamental results concerning the characterization of causality are presented. Recent work on the detection of causal relationships in distributed computations is surveyed. The issue of observing distributed computations in a causally consistent way and the basic problems of detecting global predicates are discussed. To illustrate the major difficulties, some typical monitoring and debugging approaches are assessed, and it is demonstrated how their feasibility is severely limited by the fundamental problem to master the complexity of causal relationships. Keywords: Distributed Computation, Causality, Distributed System, Causal Ordering, Logical Time, Vector Time, Global Predicate Detection, Distributed Debugging, ...

. In this survey paper we present some of the recent developments in the temporal formal system for the specification, verification and development of reactive programs. While the general methodology remains very much the one presented in some earlier works on the subject, such as [MP83c, MP83a, Pnu86], there have been several technical improvements and gained insights in understanding the computational model, the logic itself, the proof system and its presentation, and connections with alternative formalisms, such as finite automata. In this paper we explicate some of these improvements and extensions. The main difference between this and preceding versions is that here we consider a notion of validity for temporal formulae, which is anchored at the initial state of the computation. The paper discusses some of the consequences of this decision. Key words: Temporal Logic, Reactive Systems, Concurrent Programs, Specification, Verification, Proof System, Classification of Prtoperties, Sa...

A temporal logic for causality (Tlc) is introduced. The logic is interpreted over causal structures corresponding to partial order executions of programs. For causal structures describing the behavior of a finite fixed set of processes, a Tlc-formula can, equivalently, be interpreted over their linearizations. The main result of the paper is a tableau construction that gives a singly-exponential translation from a Tlc formula ' to a Streett automaton that accepts the set of linearizations satisfying '. This allows both checking the validity of Tlc formulas and model-checking of program properties. As the logic Tlc does not distinguish among different linearizations of the same partial order execution, partial order reduction techniques can be applied to alleviate the state-space explosion problem of model-checking. 1 Introduction One of the most successful techniques for automatic verification of finite-state systems has been model-checking . A model-checking algorithm decides wheth...

A basic result concerning LTL, the propositional temporal logic of linear time, is that it is expressively complete; it is equal in expressive power to the first order theory of sequences. We present here a smooth extension of this result to the class of partial orders known as Mazurkiewicz traces. These partial orders arise in a variety of contexts in concurrency theory and they provide the conceptual basis for many of the partial order reduction methods that have been developed in connection with LTL-specifications. We show that LTrL, our linear time temporal logic, is equal in expressive power to the first order theory of traces when interpreted over (finite and) infinite traces. This result fills a prominent gap in the existing logical theory of infinite traces. LTrL also constitutes a characterisation of the so called trace consistent (robust) LTL-specifications. These are specifications expressed as LTL formulas that do not distinguish between different linearisations of the same trace and hence are amenable to partial order reduction methods.

Distributed architectures and solutions are described for classes of constraint satisfaction problems, called network consistency problems. An inherent assumption of these architectures is that the communication network mimics the structure of the constraint problem. The solutions are required to be self-stabilizing and to treat arbitrary networks, which makes them suitable for dynamic or error-prone environments. We first show that even for relatively simple constraint networks, such as rings, there is no self-stabilizing solution that guarantees convergence from every initial state of the system using a completely uniform, asynchronous model (where all processors are identical). An almost-uniform, asynchronous, network consistency protocol with one specially designated node is shown and proven correct. We also show that some restricted topologies such as trees can accommodate the uniform, asynchronous model when neighboring nodes cannot take simultaneous steps. 1 Introduction Consid...

Abstract not found

We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerful enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapshots, parallel execution of program segments, or inevitability under concurrency fairness assumption. We show that the model checking problem for the logic is NPhard, even if past modalities cannot be nested. Then, we give a one exponential time model checking algorithm for the logic without nested past modalities. We show that all the interesting partial order properties can be model checked using our algorithm. Next, we show that it is possible to extend the model checking algorithm to cover the whole language and its extension to CTL*P . Finally, we prove that the logic is undecidable and we discuss consequences of our results on using propositional versions of partial order temporal logics to s...

Designers of autonomous distributed algorithms (i.e., algorithms whose complete input is available before the start of execution) customarily refer to temporal ordering in describing the behavior of their algorithms---statements like "after A, task B is performed." In the absence of an explicit termination detection for A built into the algorithm such a statement should be puzzling. However, the available proof methodologies do not seem to hinge on such statements. This paper provides firm theoretical ground for such assertions by pinpointing the essential difference between sequential and concurrent algorithms. Moreover we proposes a proof methodoloy along these lines. By being highly congruent with current designers intuition, our proof methodology is also suitable for design purposes. The paper illustrates the method on a variation of the celebrated dis-

. In this paper, we present two logics that allow for specifying distributed information systems, emphasizing communication among sites. The low-level logic D 0 offers features that are easy to implement but awkward to use for specification, while the high-level logic D 1 offers convenient specification features that are not easy to implement. We show that D 1 specifications may be automatically translated to D 0 in a sound and complete way. In order to prove soundness and completeness, we define our translation as a simple map of institutions. Our result may be useful for making implementation platforms like Corba easier accessible by providing high-level planning and specification methods for communication. 1 Introduction Two logics are presented that allow for specifying distributed information systems, emphasizing communication among sites. The low-level logic D 0 offers features that are easy to implement but awkward to use for specification, while the high-level logic D 1 offers...

The aim of this paper is to present existing propositional temporal logics with branching and partially ordered time. These logics are used for specifying and proving properties of programs and systems. The branching time approach is useful e.g. for non-deterministic programs and can be applied also for concurrent programs. The partial order approach is especially useful for concurrent programs and allows one to study more subtle properties than those based on branching time. A survey of branching time logics, computation tree logics, partial order temporal logics and logics based on event structures is given. The following issues are concerned in this paper: the completeness of proof systems, the finite model property, decidability, model checking and expressiveness of the logics. 1 Introduction The aim of this paper is to present existing formal languages of propositional temporal logic with frames based on branching time structures or, more general, partial orders. Bran...