The Temporal Logic of Reactive and Concurrent Systems

Similar documents
Perspectives of Information Systems

Guide to Teaching Computer Science

International Series in Operations Research & Management Science

AQUA: An Ontology-Driven Question Answering System

Conducting the Reference Interview:

COMMUNICATION-BASED SYSTEMS

PH.D. IN COMPUTER SCIENCE PROGRAM (POST M.S.)

Lecture Notes in Artificial Intelligence 4343

Instrumentation, Control & Automation Staffing. Maintenance Benchmarking Study

P. Belsis, C. Sgouropoulou, K. Sfikas, G. Pantziou, C. Skourlas, J. Varnas

MARE Publication Series

Objectives. Chapter 2: The Representation of Knowledge. Expert Systems: Principles and Programming, Fourth Edition

THE PROMOTION OF SOCIAL AWARENESS

Maximizing Learning Through Course Alignment and Experience with Different Types of Knowledge

Controlled vocabulary

PRODUCT PLATFORM AND PRODUCT FAMILY DESIGN

Evolution of Collective Commitment during Teamwork

Introduction to Modeling and Simulation. Conceptual Modeling. OSMAN BALCI Professor

Knowledge-Based - Systems

Classroom Connections Examining the Intersection of the Standards for Mathematical Content and the Standards for Mathematical Practice

CLASSIFICATION OF PROGRAM Critical Elements Analysis 1. High Priority Items Phonemic Awareness Instruction

How to Judge the Quality of an Objective Classroom Test

STUDYING RULES For the first study cycle at International Burch University

Practical Integrated Learning for Machine Element Design

Diagnostic Test. Middle School Mathematics

Kentucky s Standards for Teaching and Learning. Kentucky s Learning Goals and Academic Expectations

Guidelines for the Use of the Continuing Education Unit (CEU)

BENG Simulation Modeling of Biological Systems. BENG 5613 Syllabus: Page 1 of 9. SPECIAL NOTE No. 1:

On Human Computer Interaction, HCI. Dr. Saif al Zahir Electrical and Computer Engineering Department UBC

A R "! I,,, !~ii ii! A ow ' r.-ii ' i ' JA' V5, 9. MiN, ;

US and Cross-National Policies, Practices, and Preparation

1 Use complex features of a word processing application to a given brief. 2 Create a complex document. 3 Collaborate on a complex document.

Communication and Cybernetics 17

Document number: 2013/ Programs Committee 6/2014 (July) Agenda Item 42.0 Bachelor of Engineering with Honours in Software Engineering

ECE-492 SENIOR ADVANCED DESIGN PROJECT

AUTONOMY. in the Law

Guidelines for Writing an Internship Report

Digital Fabrication and Aunt Sarah: Enabling Quadratic Explorations via Technology. Michael L. Connell University of Houston - Downtown

Language Arts Methods

Indiana Collaborative for Project Based Learning. PBL Certification Process

Proof Theory for Syntacticians

Syllabus for Philosophy of Mathematics Thomas Donaldson; Winter Quarter, 2015

Highlighting and Annotation Tips Foundation Lesson

What is PDE? Research Report. Paul Nichols

EDUCATION IN THE INDUSTRIALISED COUNTRIES

ED487: Methods for Teaching EC-6 Social Studies, Language Arts and Fine Arts

PAGE(S) WHERE TAUGHT If sub mission ins not a book, cite appropriate location(s))

THE DEPARTMENT OF DEFENSE HIGH LEVEL ARCHITECTURE. Richard M. Fujimoto

Pre-vocational Education in Germany and China

Mathematics subject curriculum

Self Study Report Computer Science

University of Groningen. Systemen, planning, netwerken Bosman, Aart

The Ohio State University Library System Improvement Request,

CAAP. Content Analysis Report. Sample College. Institution Code: 9011 Institution Type: 4-Year Subgroup: none Test Date: Spring 2011

HDR Presentation of Thesis Procedures pro-030 Version: 2.01

Intellectual Property

International Business BADM 455, Section 2 Spring 2008

Rules of Procedure for Approval of Law Schools

The Conversational User Interface

ED : Methods for Teaching EC-6 Social Studies, Language Arts and Fine Arts

A Case Study: News Classification Based on Term Frequency

ACADEMIC AFFAIRS GUIDELINES

Master Program: Strategic Management. Master s Thesis a roadmap to success. Innsbruck University School of Management

PHYSICS 40S - COURSE OUTLINE AND REQUIREMENTS Welcome to Physics 40S for !! Mr. Bryan Doiron

Modeling user preferences and norms in context-aware systems

Some Principles of Automated Natural Language Information Extraction

EDIT 576 DL1 (2 credits) Mobile Learning and Applications Fall Semester 2014 August 25 October 12, 2014 Fully Online Course

Module 12. Machine Learning. Version 2 CSE IIT, Kharagpur

Agent-Based Software Engineering

Intension, Attitude, and Tense Annotation in a High-Fidelity Semantic Representation

Last Editorial Change:

b) Allegation means information in any form forwarded to a Dean relating to possible Misconduct in Scholarly Activity.

PROMOTION MANAGEMENT. Business 1585 TTh - 2:00 p.m. 3:20 p.m., 108 Biddle Hall. Fall Semester 2012

English Language Arts Summative Assessment

Mater Dei Institute of Education A College of Dublin City University

Compositional Semantics

A Study of Metacognitive Awareness of Non-English Majors in L2 Listening

Visual CP Representation of Knowledge

Rule-based Expert Systems

LITERACY ACROSS THE CURRICULUM POLICY

Palomar College Curriculum Committee Meeting Agenda Wednesday March 1, 2017 Room AA 140 at 3:00 pm

Major Milestones, Team Activities, and Individual Deliverables

Unit 3. Design Activity. Overview. Purpose. Profile

HCI 440: Introduction to User-Centered Design Winter Instructor Ugochi Acholonu, Ph.D. College of Computing & Digital Media, DePaul University

MMOG Subscription Business Models: Table of Contents

Critical Thinking in Everyday Life: 9 Strategies

CWIS 23,3. Nikolaos Avouris Human Computer Interaction Group, University of Patras, Patras, Greece

Guidelines for Project I Delivery and Assessment Department of Industrial and Mechanical Engineering Lebanese American University

Diploma in Library and Information Science (Part-Time) - SH220

ADVANCED MACHINE LEARNING WITH PYTHON BY JOHN HEARTY DOWNLOAD EBOOK : ADVANCED MACHINE LEARNING WITH PYTHON BY JOHN HEARTY PDF

Tap vs. Bottled Water

Advances in Mathematics Education

I. Standards for Promotion A. PROFESSOR

Degree Qualification Profiles Intellectual Skills

Foundations of Knowledge Representation in Cyc

A GENERIC SPLIT PROCESS MODEL FOR ASSET MANAGEMENT DECISION-MAKING

Ontological spine, localization and multilingual access

Digital Technology Merit Badge Workbook

Course Syllabus Chem 482: Chemistry Seminar

ACCREDITATION STANDARDS

Transcription:

The Temporal Logic of Reactive and Concurrent Systems

Zahar Manna Amir Pnueli The Temporal Logic of Reactive and Concurrent Systems Specificatian With 96 Illustrations Springer Science+Business Media, LLC

Zohar Manna Department of Computer Science Stanford University Stanford, CA 94305 USA Computer Science Department Weizmann Institute of Science Rehovot, 76100 Israel Amir Pnueli Computer Science Department Weizmann Institute Rehovot, 76100 Israel Library of Congress Cataloging-in-Publication Data Manna, Zohar. The temporal logic of reactive and concurrent systems / Zohar Manna, Amir Pnueli. p. cm. Includes bibliographical references and index. Contents: v. 1. Specificat ion ISBN 978-1-4612-6950-2 ISBN 978-1-4612-0931-7 (ebook) DOI 10.1007/978-1-4612-0931-7 1. Electronic digital computers --Programming. 2. Logic, Symbolic and mathematical. 1. Pnueli, A. II. Title. QA 76.6.M3564 1991 005.1 dc20 91-28181 Printed on acid-free paper. 1992 Springer Scienee+Business Media New York Originally published by Springer-Verlag New York, Ine. in 1992 Softeover reprint of the hardeover Ist edition 1992 All rights reserved. This work may not be translated or eopied in whole or in part without the written pennission of the publisher Springer Science+ Business Media, LLC except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any fonn of infonnation storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter deve10ped is forbidden. The use of general descriptive names, trade names, trademarks, etc., in this publication, even if the fonner are not especially identified, is not too be taken as a sign that such names, as understood by the Trade Marks and Merchandise Marks Acts, may accordingly be used freely by anyone. Production managed by Karen Phillipsj Manufacturing supervised by Robert Paella. Camera-ready copy prepared from the authors' TEX file. 987654321 ISBN 978-1-4612-6950-2

To Nitza and Ariela

Preface This book is about reactive programs, the systems they control, and a methodology for the formal specification, verification, and development of such programs, using the tool of temporal logic. A reactive program is a program whose role is to maintain an ongoing interaction with its environment rather than to compute some final value on termination. The family of reactive programs includes most of the classes of programs whose correct and reliable construction is considered to be particularly challenging, including concurrent and real-time programs, embedded and process control programs, and operating systems. A fundamental element in reactive programs is that of concurrency. By definition, a reactive program runs concurrently with its environment. Also most of the sample programs studied in this book are concurrent programs, which consist of several processes executed concurrently. The techniques presented are often used to specify and analyze the interaction between the concurrent components of such programs. We may therefore describe the subject matter of the book as the study and analysis of interaction, either between a program and its environment or between concurrent processes within a program. As has been amply demonstrated in many case histories, the correct construction of reliable reactive programs is one of the most challenging programming activities. Seemingly innocuous small concurrent programs have been known to exhibit completely unanticipated behaviors that, in some cases, may lead to crashes of critical systems. This is why formal approaches to the development of correct programs, such as the one promoted in this book, are so essential to the area of reactive programs. A formal methodology typically consists of several elements. One element is a specification language in which the anticipated requirements from a program can be formally specified. Another is a repertoire of proof methods by which the correctness of a proposed program, relative to the specification, can be formally verified. The advantages of a formal methodology are obvious. Formal specification forces the designers of a program to make early precise decisions about the major functionalities of the program and to remove ambiguities from the descrip-

viii Preface tion of its expected behavior. Formal verification of a desired property guarantees that the property holds over all possible executions of the program. As a specification language, we adopt temporal logic, which is an appropriate and convenient language for specifying the dynamic behavior of reactive programs and describing their properties. The main advantage of the temporal language is that it provides a succinct and natural expression of frequently occurring program properties using a set of special operators. A considerable part of this volume is devoted to a comprehensive and selfcontained introduction to temporal logic and the illustration of its use for specifying properties of reactive systems. Intended Audience and Prerequisites The book is intended for people who are interested in the design, construction, and analysis of reactive systems and who wish to learn the language of temporal logic and how to apply it to the specification, verification, and development of reactive systems. The background assumed of our readers consists, on one hand, of some familiarity and experience with programming and programming languages, in particular, some acquaintance with the basic notions of concurrent execution of programs; and on the other hand, a reasonable understanding of first-order logic and the notions of validity and provability by deductive systems. No prior knowledge of temporal logic is assumed, and no detailed knowledge of any particular programming language is necessary, since these two topics are introduced here. Contents The book is partitioned into two volumes. The first volume, subtitled Specification and consisting of Chapters 1 to 4, presents a computational model and a programming language for reactive programs and the specification language of temporal logic. The second volume, subtitled Verification and consisting of Chapters 5 to 11, is dedicated to the presentation of proof methods for verifying that a given program satisfies its specification. Chapter 1 introduces the computational model and the programming language. In the programming language, we make a special effort to give a comprehensive representation of the main mechanisms for communication and synchronization between concurrent processes. Consequently, the language allows processes to communicate both by shared variables and by message-passing. Our intention in this book is to present a uniform approach to communication within reactive programs, which is independent of the particular communication mechanisms employed. Consequently, we show how some central paradigms in concurrent programming, such as mutual exclusion or producer-consumer, can be programmed in terms of either shared variables or different versions of messagepassing.

Preface ix Chapter 2 further elaborates the computational model. The computational model used in the book represents concurrency by interleaving of atomic actions chosen, one at a time, from parallel processes. This chapter examines the question of how faithfully this representation corresponds to real concurrent execution of programs, in which several parallel statements execute at the same time. By imposing a syntactical restriction on the programs we study and introducing fairness requirements, we ensure exact correspondence between interleaved and real concurrent execution of a program. Chapter 3 introduces the language of temporal logic, presenting its syntax and semantics. The temporal language contains two symmetric groups of temporal operators, one dealing with the future and the other with the past. We list and discuss many properties of the temporal operators. Formal means for the derivation of temporal properties are provided by a deductive proof system. Chapter 4 explores the utility of temporal logic as a language for specifying properties of reactive programs. Program properties are classified into a hierarchy of classes, based on their expression in temporal logic. The most important classes are the classes of safety, response, and reactivity properties. For each class, we provide a comprehensive set of examples of commonly encountered program properties. We also explore the important topic of modular specification, where each module (process) of the program is independently specified. This concludes Volume 1. Volume 2 is dedicated to the presentation of techniques and heuristics for the verification of program properties expressed by temporal formulas. It is organized in three parts, presenting rules for the verification of properties that belong to the classes of safety, response, and reactivity. Chapters 5 to 7 deal with the verification of safety properties, Chapters 8 to 10 with the verification of response properties, and Chapter 11 with the remaining classes. Teaching the Book The material contained in the book can be used as a basis for computer science courses on several levels. Each volume is suitable for a one-semester course. The complete book has been taught in a two-semester course at Stanford University and the Weizmann Institute. Such a course can be given both at a senior undergraduate level and at a graduate level. The Fast Track There are several sections of Volume 1 that are not essential or central to the understanding of the main topics of the book. If one is interested in a course that covers less material, then these sections are the first candidates for dropping out altogether or assigning as independent reading. In Chapter 1 these are Sections 1.2, 1.6, and 1.11. In Chapter 2, Sections 2.9

x Preface and 2.10 cover more-advanced and less-essential matters and are candidates for skipping. In Chapter 4, Sections 4.7, 4.8, and 4.9 are less central than the others. Problems Each chapter concludes with a set of problems. Some of the problems are intended to let the readers test their understanding of the material covered in the chapter. Other problems introduce material that was not covered in the chapter. There are problems that explore alternatives to the way some topics were introduced and developed. The problems are graded according to their difficulty. Difficult problems are annotated by *. Research-level problems are annotated by **. To indicate which problems pertain to a given portion of the text, we annotate the text with references to the appropriate problems, and we provide a page reference with each problem. In solving a problem, readers may use any results that appeared in the text prior to the corresponding page reference. They may also use the results of any previous problem and previous parts of the same problem. A booklet containing answers to the problems is available to instructors. Please contact the publisher directly. Bibliography Following each chapter, there is a brief bibliographic discussion mentioning some ofthe research contributions relevant to the topics covered in the chapter. In spite of our sincere effort to refer to all the important relevant works, we may have missed some. We apologize for that omission and would welcome any corrections and comments. A Support System We recommend to our readers a program, available on the Macintosh, that checks the validity of propositional temporal formulas. This program can help with exercises concerning temporal logic. For information about obtaining the system, write to Temporal Prover Box 9215 Stanford, CA 94309 Acknowledgment We wish to acknowledge the help of many colleagues and students in reading the manuscript in its (almost infinite) number of versions and for their useful comments and suggestions. Particularly helpful suggestions were made by Rajeev Alur, Eddie Chang, Avraham Ginzburg, David Gries, Tom Henzinger, Daphne Koller, Narciso Marti-Oliet, Roni Rosner, Richard Waldinger and Liz Wolf.

Preface xi We would like to thank our students at Stanford University and the Weizmann Institute for their detailed comments and helpful criticisms. For support of the research behind this book, we thank the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, and the European Community Esprit project. Sarah Fliegelman has done a magnificent job of typesetting the book. The detailed technical knowledge and expertise, provided by ~ - w i Joe z aweening, r d have been invaluable. Eric Muller spent long hours patiently preparing all the computer-generated diagrams, and Yehuda Barbut provided the hand-drawn sketches. Rajeev Alur has been of special assistance in the preparation of problems for this volume and has written the booklet of solutions. Roni Rosner was most helpful in the preparation of the bibliographic remarks. We are particularly grateful to Carron Kirkwood for the design of the cover of the book. Stanford University Weizmann Institute Z.M. A.P.

Contents Preface Part I: Models of Concurrency 1 Chapter 1: Basic Models 3 1.1 The Generic Model 5 1.2 Modell: Transition Diagrams 12 1.3 Model 2: Shared-Variables Text 21 1.4 Semantics of Shared-Variables Text 33 1.5 Structural Relations Between Statements 40 1.6 Behavioral Equivalence 44 1.7 Grouped Statements 52 1.8 Semaphore Statements 56 1.9 Region Statements 66 1.10 Model 3: Message-Passing Text 70 1.11 Model 4: Petri Nets 86 Problems 93 Bibliographic Notes 100 Chapter 2: Modeling Real Concurrency 103 2.1 Interleaving and Concurrency 104 2.2 Limiting the Critical References 108 2.3 Justice (Weak Fairness) 125 2.4 Implications of the Justice Requirements 131 2.5 Compassion (Strong Fairness) 139 2.6 Synchronization Statements 143 2.7 Communication Statements 144 2.8 Summary: Fair Transition Systems 148 2.9 Fairness in Petri Nets 151 2.10 Semantic Considerations of Fairness 153 Problems 159 Bibliographic Notes 173 vii

xiv Contents Part II: Specifications Chapter 3: Temporal Logic 3.1 State Formulas 3.2 Temporal Formulas: Future Operators 3.3 Temporal Formulas: Past Operators 3.4 Basic Properties of the Temporal Operators 3.5 A Proof System 3.6 Axioms for a Proof System 3.7 Basic Inference Rules 3.8 Derived Inference Rules 3.9 Equality and Quantifiers 3.10 From General Validity to Program Validity Problems Bibliographic Notes Chapter 4: Properties of Programs 4.1 The Local Language 4.2 The Classification of Properties 4.3 Examples of Safety: State Invariances 4.4 Examples of Safety: Past Invariances 4.5 Examples of Progress Properties: From Guarantee to Reactivity 4.6 Example: A Resource Allocator 4.7 Expressivity of the Specification Language 4.8 Specification of Reactive Modules 4.9 Composing Modular Specifications Problems Bibliographic Notes References Index to Symbols General Index 177 179 180 186 192 201 214 217 221 225 233 245 258 268 275 275 281 306 313 321 329 337 344 354 371 384 389 403 409

2024 © educationdocbox.com Privacy Policy | Terms of Service | Feedback