Benefits of Interval Temporal Logic for Specification of Concurrent Systems

Similar documents
A COMPLETE AXIOM SYSTEM FOR PROPOSITIONAL INTERVAL TEMPORAL LOGIC WITH INFINITE TIME

A Hierarchical Analysis of Propositional Temporal Logic Based on Intervals arxiv:cs/ v2 [cs.lo] 5 Jan 2006

Interactive Verification of Concurrent Systems using Symbolic Execution

Model Checking: An Introduction

REAL-TIME control systems usually consist of some

An Algebraic Semantics for Duration Calculus

Lecture 05: Duration Calculus III

Linear-Time Logic. Hao Zheng

Linking Duration Calculus and TLA

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Automata-based Verification - III

The Journal of Logic and Algebraic Programming

T Reactive Systems: Temporal Logic LTL

Trace Refinement of π-calculus Processes

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

Duration Calculus Introduction

Lecture 03: Duration Calculus I

Timo Latvala. February 4, 2004

Automata-based Verification - III

Temporal Logic Model Checking

Alan Bundy. Automated Reasoning LTL Model Checking

Operational Semantics

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Relational Interfaces and Refinement Calculus for Compositional System Reasoning

Computer-Aided Program Design

Abstractions and Decision Procedures for Effective Software Model Checking

Temporal Logic and Fair Discrete Systems

Verifying Concurrent Systems with Symbolic Execution

CS477 Formal Software Dev Methods

ESE601: Hybrid Systems. Introduction to verification

Lecture Notes on Software Model Checking

A Brief History of Shared memory C M U

Linear Temporal Logic and Büchi Automata

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

PITL2MONA: Implementing a Decision Procedure for Propositional Interval Temporal Logic

Model Checking with CTL. Presented by Jason Simas

Verification Using Temporal Logic

A Brief Introduction to Model Checking

An Algebra of Hybrid Systems

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

Non-elementary Lower Bound for Propositional Duration. Calculus. A. Rabinovich. Department of Computer Science. Tel Aviv University

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

FAIRNESS FOR INFINITE STATE SYSTEMS

An Introduction to Temporal Logics

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

PSL Model Checking and Run-time Verification via Testers

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ.

Chapter 3: Linear temporal logic

Timo Latvala. March 7, 2004

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Hoare Calculus and Predicate Transformers

Automata-Theoretic Model Checking of Reactive Systems

Chapter 5: Linear Temporal Logic

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Proofs Propositions and Calculuses

Logic Model Checking

Model checking the basic modalities of CTL with Description Logic

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Overview. overview / 357

On the coinductive nature of centralizers

Verification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna

On simulations and bisimulations of general flow systems

Safety and Liveness Properties

Declarative modelling for timing

First-order resolution for CTL

Fuzzy Limits of Functions

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

Partial model checking via abstract interpretation

Computation Tree Logic

An Informal introduction to Formal Verification

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Bounded Retransmission in Event-B CSP: a Case Study

Logic. Propositional Logic: Syntax

The State Explosion Problem

The Underlying Semantics of Transition Systems

The theory of regular cost functions.

CIS (More Propositional Calculus - 6 points)

Parameter Synthesis for Timed Kripke Structures

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Expressiveness, decidability, and undecidability of Interval Temporal Logic

A Canonical Contraction for Safe Petri Nets

Chapter 4: Computation tree logic

Lecture 3: Semantics of Propositional Logic

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Logic in Automatic Verification

Diagram-based Formalisms for the Verication of. Reactive Systems. Anca Browne, Luca de Alfaro, Zohar Manna, Henny B. Sipma and Tomas E.

The TLA + proof system

With Question/Answer Animations. Chapter 2

A Duration Calculus with Infinite Intervals

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Shared-Variable Concurrency

CS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers. 1 Complete partial orders (CPOs) 2 Least fixed points of functions

Towards a Mechanised Denotational Semantics for Modelica

Course Runtime Verification

Lecture 11: Timed Automata

Real-Time Systems. Lecture 10: Timed Automata Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany main

Transcription:

Benefits of Interval Temporal Logic for Specification of Concurrent Systems Ben Moszkowski Software Technology Research Laboratory De Montfort University Leicester Great Britain email: benm@dmu.ac.uk http://www.tech.dmu.ac.uk/~benm Cambridge Concurrency Workshop 2010 5 6 July 10 1

Introduction Intervals and discrete linear state sequences offer a compellingly natural and flexible way to model computational processes involving hardware or software. Finite or infinite state sequence: Interval Temporal Logic (ITL) is an established formalism (over 25 years old) for reasoning about such phenomena. It includes operators for sequentially combining formulas. For example, if A and B are formulas, so are following A; B ( chop ) A ( chop-star ). ITL can express various imperative programming constructs (e.g., while-loops) and has executable subsets. The Duration Calculus (DC) is a real-time extension of ITL for hybrid systems. 2

ITL, Point-Based Temporal Logic and Time Reversal For several decades, widely held conventional wisdom: Point-based linear-time temporal logic (e.g., PTL) is much superior to ITL for safety and liveness concurrency properties. ITL s computational intractability seen as limit to tool support. We offer evidence suggesting that a reexamination is in order. Our presentation uses Peterson s mutual exclusion algorithm. Interval properties can be more natural and at higher level than point-based ones. Use transformations with time reversal and from infinite time to finite time. For tool support, transform to lower-level, point-based formulas. Hence point-based linear-time temporal logic primarily serves as a subordinate formalism. 3

4 Syntax of Propositional ITL In what follows, p is any propositional variable and both A and B themselves denote formulas in Propositional ITL (PITL): true p A A B skip A; B A. ; is called chop. is called chop-star.

5 Intervals of Time Discrete linear time is represented by intervals (i.e., sequences of states). An interval σ has a finite, nonzero number of states σ 0, σ 1,.... Can naturally extend to also permit infinite (i.e., ω) states. Each state σ i maps each variable p, q,... to true or false. The value of p in the state σ i is denoted σ i (p). Hence, propositional variables p, q,... are local to states.

Semantics of PITL for Finite Time Let σ = A denote that the interval σ satisfies the PITL formula A. Below is excerpt from semantics of basic PITL constructs: σ = p iff σ 0 (p) = true. (Use p s value in σ s initial state σ 0 ) σ = A iff σ = A. σ = A B iff σ = A or σ = B. Pictorial summary of finite-time semantics of interval constructs: skip A B A A B A Each pair of adjacent subintervals share a state. Can also have chomp, a version of chop with unit gap: A; skip; B. A A 6

7 Some Sample Formulas (Assume Finite Time) p p: t f f p skip p: t f skip; p ( p) p: f t t f skip p true; p ( p) p: f t t f t f true p (true; p) ( p) p: t t t t t t

8 Notes A, A, B, C,... denote arbitrary formulas. w, w,... denote state formulas (no temporal operators). If σ = A for some σ, then A is satisfiable. If σ = A for all σ, then A is valid. Denote as = A. Can extend PITL to include infinite time and A ω (chop-omega).

9 Some Derivable ITL Operators Define false, A B, A B (implies), A B (equivalence),.... Propositional Temporal Logic (PTL) with finite & infinite time: def A skip; A ( next ) more finite A def true ( 2 states) empty def more def empty (finite) inf def finite (just 1 state) (infinite) def finite; A ( eventually ) A def A ( henceforth ) fin A def (empty A) (final state) A B def finite ( (fin A) B ) (temporal assignment) Interval-oriented operators: f f A ω A def (A finite); true (Some finite prefix) A def f A (ALL finite prefixes) def (A finite) inf (Chop-omega)

Sequential Compositionality with Temporal Fixpoints ITL-based assumptions and commitments for a system Sys: w As Sys Co fin w Sequential composition of two formulas Sys and Sys : = w As Sys Co fin w = w As Sys Co fin w = w As (Sys; Sys ) Co fin w Zero or more iterations of a formula Sys: = w As Sys Co fin w = w As Sys Co fin w See Moszkowski 94 (also 96, 98) (Shares some features with Jones rely/guarantee conditions) 10

Commitments as Fixpoints Formalization: = Co Co Intuition: Co is true on an interval iff Co is true on each of a sequence of subintervals. Examples: p s values in the initial and final states are equal (p p) p: f t t f f t t f p p p p p p Any formula A Example: even length (skip; skip) Any formula expressible as (more f B). Examples: (more w), ( (more w) w ) 11

Peterson s Mutual Exclusion Algorithm Process P 0 : do forever (... Noncritical section... ) flag 0 := 1; turn := 0; await(flag 1 = 0 turn = 1); cs 0 := 1; (... Critical section... ) cs 0 := 0; flag 0 := 0; (... Noncritical section... ) Overall program has two processes P 0 and P 1 : flag 0 = flag 1 = cs 0 = cs 1 = 0 turn = 0 (P 0 P 1 ) See textbook Synchronization Algorithms and Concurrent Programming, G. Taubenfeld (Pearson/Prentice Hall, 2006). 12

Safety Property Can express behaviour of the program in PITL. Recall that f A means: A is true in all finite prefix subintervals. Safety property for mutual exclusion expressible as f (more B). ( Includes formulas of form f (more fin w) C ). Safety property for individual process in Peterson s algorithm: ( f (more fin(cs 0 = 1)) (test; stability; test; stability) ). Star-free operand of f reducible to point-based temporal logic. Can use f instead of past-time constructs. 13

Time Reversal and Chop-Star Fixpoints Let σ r denote temporal reverse of finite interval σ: σ σ... σ 0. Let A r be like A in reverse: σ r = A iff σ = A r for finite intervals. Sample finite-time semantic equivalences: (A B) r A r B r (A;B) r B r ;A r more r more ( f A) r (A r ). For finite time: = finite A iff = finite A r. Time reversal of f (more B) with finite time: ( f (more B) ) r (more f B r ). Already have that (more f B r ) is chop-star fixpoint: = (more f B r ) ( (more f B r ) ). Using time reversal ( of this: = finite (more f B r ) ( (more f B r ) ) ) r. Simplify: = finite f (more B) ( f (more B) ). Can extend proof to infinite time. 14

15 Reduction to Conventional Temporal Logic Want to show: f (more B) f (more B ) w. Example: In Peterson s algorithm, let w be cs 0 = 0 cs 1 = 0. Re-express w as f fin w. Can test validity for finite time. Readily extends to infinite time. Or test by reducing to finite time with point-based temporal logic: (more B) (more B ) fin w Temporal reverse of f (more B) reducible to PTL formula. Simplifies testing w As Sys Co fin w. Sys is like a regular expression and easy to reverse. In following, for any f formula only need to check for finite time: = w finite Sys f A fin w = w Sys ω f A fin w. Helps show f (more B) is chop-star fixpoint for infinite time.

Some Related Observations by Others Textbook using Duration Calculus (ITL variant for real time): Real-Time Systems: Formal Specification and and Automatic Verification E.-R. Olderog & H. Dierks, Cambridge University Press Regarding point-based logics: complicated reasoning Regarding timed process algebras: difficult to calculate with KIV interactive theorem prover at Univ. of Augsburg, Germany. Uses ITL as frontend and as backend for UML, Statecharts, etc. FACS journal paper, 2009 (lock-free algs., linearizability, Re/Gu): The (program s) line numbers... are not used in KIV. An additional translation to a special normal form (as e.g. in TLA) using explicit program counters is not necessary. 16

Conclusions We have presented some ideas about reasoning in ITL: Temporal fixpoints for sequential compositionality Prefix subintervals (instead of past-time constructs). Time reversal for reduction to point-based temporal logic. Reductions from infinite time to finite time. View point-based temporal logic as lower level and subordinate. Approach is intriguing (and axiomatisable) but needs further study. Appears related to Dijkstra s Gotos considered harmful thesis. Somewhat analogous to Vardi s Final Showdown article relating linear-time and branch-time temporal logics for model checking. For more about ITL: ITL webpages maintained by Antonio Cau: http://www.tech.dmu.ac.uk/strl/itl/ Using search engine: Interval Temporal Logic 17

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback