Bowen Alpern
Fred B. Schneider
Abstract
An approach to proving temporal properties of concurrent programs that does not use temporal logic as an inference system is presented. The approach is based on using Buchi automata to specify properties. To show that a program satisfies a given property, proof obligations are derived from the Buchi automata specifying that property. These obligations are discharged by devising suitable invariant assertions and variant functions for the program. The approach is shown to be sound and relatively complete. A mutual exclusion protocol illustrates its application.
- 1 ALPERN, B. Proving temporal properties of concurrent programs: A non-temporal approach. Ph.D. thesis, Dept. of Computer Science, Cornell Univ., Feb. 1986. Google Scholar
- 2 ALPERN, B., AND SCHNEIDER, F.B. Verifying temporal properties without using temporal logic. Tech. Rep. TR 85-723, Dept. of Computer Science, Cornell Univ., Dec. 1985. Google Scholar
- 3 BARRINGER, H., KUIPER, R., AND PNUELI, A. Now you may compose temporal logic specifications. In Proceedings of the 16th Annual Symposium on Theory of Computing (Washington, D.C., Apr. 1984). ACM, New York, 1984, pp. 51-63. Google Scholar
- 4 CLARKE, E. M., AND GRUMBERG, O. Avoiding the state explosion problem in temporal logic model checking algorithms. In Proceedings of the 6th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (Vancouver, B.C., Canada, Aug., 1987). ACM, New York, 1987, pp. 294-303. Google Scholar
- 5 CLARKE, E. M., EMERSON, E. A., AND SISTLA, A. P. Automatic verification of finite-state concurrent systems using temporal logic specifications: A practical approach. In Proceedings of the lOth ACM Symposium on Principles of Programming Languages (Austin, Tex., Jan. 1983). ACM, New York, 1983, pp. 117-126. Google Scholar
- 6 EILENEERG, S. Automata, Languages and Machines, Vol A. Academic Press, New York, 1974. Google Scholar
- 7 EMERSON, E. A., AND LEI, C.-L. Modalities for model checking: Branching time strikes back. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages (New Orleans, La., Jan. 1985). ACM, New York, 1985, pp. 84-96. Google Scholar
- 8 EMERSON, E. A., AND SISTLA, A.P. Deciding branching time logic: A triple exponential decision procedure for CTL*. In Logics of Programs. Lecture Notes in Computer Science, vol. 164. Springer- Verlag, Berlin, 1983, pp. 176-192. Google Scholar
- 9 FRANCEZ, N. Fairness. Texts and Monographs in Computer Science. Springer-Verlag, Berlin, 1986. Google Scholar
- 10 GERTH, R. Transition logic. In Proceedings of the 16th Annual Symposium on Theory of Computing (Washington, D.C., Apr. 1984). ACM, New York, 1984, pp. 39-50. Google Scholar
- 11 HOARE, C. A.R. An axiomatic basis for computer programming. Commun. ACM 12, 10 (Oct. 1969), 576-580. Google Scholar
- 12 JONES, C.B. Specification and design of (parallel) programs. In Information Processing '83, R. E. A. Mason, Ed. North-Holland, Amsterdam, 1983, pp. 321-332.Google Scholar
- 13 KURSHAN, R. Complementing deterministic Buchi automata in polynomial time. J. Comput. Syst. Sci. 35, i (Aug. 1987), 59-71. Google Scholar
- 14 KURSHAN, g. Reducibility in analysis of coordination. In Discrete Event Systems: Models and Applications, Lecture Notes in Control and Information Sciences. IIASA, vol. 103, Springer-Verlag, New York, 1987, pp. 19-39.Google Scholar
- 15 LAMPORT, L. Specifying concurrent program modules. ACM Trans. Program. Lang. Syst. 6, 2 (Apr. 1983), 190-222. Google Scholar
- 16 LAMPORT, L. What good is temporal logic. In Information Processing '83, R. E. A. Mason, Ed. North-Holland, Amsterdam, 1983, pp. 657-668.Google Scholar
- 17 LAMPORT, L., AND SCHNEIDER, F.B. The "Hoare logic" of CSP, and all that. ACM Trans. Program. Lang. Syst. 6, 2 (Apr. 1984), 281-296. Google Scholar
- 18 LEHMANN, D., PNUELI, A., AND STAVI, J. Impartiality, justice and fairness: The ethics of concurrent termination. In Automata, Languages, and Programming. Lecture Notes in Computer Science, vol. 115. Springer-Verlag, Berlin, 1981, pp. 264-277. Google Scholar
- 19 LICHTENSTEIN, O., AND PNUELI, A. Checking that finite state concurrent programs satisfy their linear specification. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages (New Orleans, La., Jan. 1985). ACM, New York, 1985, pp. 97-107. Google Scholar
- 20 MANNA, Z., AND PNUELI, A. The modal logic of programs. In Proceedings of the 6th International} Colloquium on Automata, Languages, and Programming. Lecture Notes in Computer Science, vol. 71. Springer-Verlag, Berlin, 1979, pp. 385-409. Google Scholar
- 21 MANNA, Z., AND PNUELI, A. Verification of concurrent programs: The temporal framework. In The Correctness Problem in Computer Science, R. S. Boyer and J. S. Moore, Eds. International Lecture Series in Computer Science. Academic Press, London, 1981, pp. 141-154.Google Scholar
- 22 MANNA, Z., AND PNUELI, A. Verification of concurrent programs: Temporal proof principles. In Logic of Programs. Lecture Notes in Computer Science, vol. 131. Springer-Verlag, Berlin, 1981, pp. 200-252. Google Scholar
- 23 MANNA, Z., AND PNUELI, A. How to cook a temporal proof system for your pet language. In Proceedings of the Symposium on Principles of Programming Languages (Austin, Tex., Jan. 1983). ACM, New York, 1983, pp. 141-154. Google Scholar
- 24 MANNA, Z., AND PNUELI, A. Verification of concurrent programs: A temporal proof system. In Foundations of Computer Science IV, Distributed Systems: Part 2, J. W. DeBakkar and J. Van Leuwen, Eds. Mathematical Centre Tracts 159, Amsterdam, 1983, pp. 163-255.Google Scholar
- 25 MANNA, Z., AND PNUELI, A. Adequate proof principles for invariance and liveness properties of concurrent programs. Sci. Comput. Program. 4, 3 (1984), 257-289. Google Scholar
- 26 MANNA, Z., AND PNUELI, A. Specification and verification of concurrent programs by V- automata. In Proceedings of the 14th Symposium Principles of Programming Languages (Munich, Jan. 1987). ACM, New York, 1987, pp. 1-12. Google Scholar
- 27 MISRA, J., CHANDY, K. M., AND SMITH, T. Proving safety and liveness of communicating processes with examples. In Proceedings o{ the ACM SIGACT-SIGOPS Symposium on Principles o{ Distributed Computing (Ottawa, Canada, Aug. 1982). ACM, New York, 1982, pp. 157-164. Google Scholar
- 28 NGUYEN, V., GRIES, D., AND OWlCKI, S. A model and temporal proof system for networks of processes. In Proceedings of the 12th ACM Symposium on Principles o{ Programming Languages (New Orleans, La., Jan. 1985). ACM, New York, 1985, pp. 121-131. Google Scholar
- 29 OWICKI, S. S., AND LAMPORT, L. Proving liveness properties of concurrent programs. ACM Trans. Program. Lang. Syst. 4, 3 (July 1982), 455-496. Google Scholar
- 30 PEWERSON, G.L. Myths about the mutual exclusion problem. Inf. Process. Lett. 12, 3 (June 1981), 115-116.Google Scholar
- 31 PNUELI, A. The temporal logic of programs. In Proceedings of the 18th Symposium on the Foundations of Computer Science (Providence, R.I., Nov. 1977). IEEE, New York, 1977, pp. 46-57.Google Scholar
- 32 SgSTLA, A. P., ANO GERMAN, S. M. Reasoning with many processes. In Proceedings of the Symposium on Logic in Computer Science (Ithaca, N.Y., June 1987). IEEE, New York, 1987, pp. 138-152.Google Scholar
- 33 STARK, E.W. Foundations of a theory of specification for distributed systems. MIT/LCS/TR- 342, Ph.D. thesis, MIT Laboratory for Computer Science, Cambridge, Mass., Aug. 1984. Google Scholar
- 34 VARDI, M. Y., AND WOLPER, P. An automata-theoretic approach to automatic program verification. In Proceedings of the Symposium on Logic in Computer Science (Boston, Mass, June 1986). IEEE, New York, 1986, pp. 332-344.Google Scholar
- 35 WOLPER, P. Temporal logic can be more expressive. Inf. Control 56, 1-2 (1983), 72-99.Google Scholar
Index Terms
- Verifying temporal properties without temporal logic
Recommendations
Constructive linear-time temporal logic: Proof systems and Kripke semantics
In this paper we study a version of constructive linear-time temporal logic (LTL) with the ''next'' temporal operator. The logic is originally due to Davies, who has shown that the proof system of the logic corresponds to a type system for binding-time ...
Reviews
Ann E. Kelley Sobel
Alpern and Schneider define a temporal property of a program as the disjunction of properties that can be specified by deterministic Bu¨chi automata. Proof obligations for a single clause involve exhibiting an invariant (for safety aspects), a variant function (for liveness aspects), and a candidate function, which arbitrates among the automata specifying the disjuncts of the clause. These verification conditions can also be formulated as Hoare triples. The main contribution of the work is to provide a systematic method of reducing a temporal property of a (potentially infinite-state) program to nontemporal proof obligations. Candidate functions, a nonstandard proof instrument, can be eliminated, thereby simplifying the verification conditions. Unfortunately, the proof methodology is not modular since it requires the definition of predicates using control points, which are inserted before and after each atomic action in the annotated program text.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments