A Logic for Concurrent Programming: Safety

The UNITY-logic is a fragment of linear temporal logic. It was designed to specify safety and and progress properties of reactive systems. Experience gained in applying this logic in practice has led us to modify some of its operators. In particular, we had adopted unless as the primary operator for expressing safety properties for many years. We suggest a new operator, co, to take its place. Our experience suggests that the simplicity of formal manipulations is at least as important as the expressive power of an operator. Theoretically, unless and co are equally expressive, while the latter has more pleasing derived rules that allow simpler manipulations. This research is presented in two papers. We study safety properties in the first paper and progress properties in the second paper. We use a small amount of theory to introduce the co operator. The major portion of the paper is devoted to applying the theory in practice: showing how various safety properties can be expressed and manipulated using co.

[1]  K. Mani Chandy,et al.  The drinking philosophers problem , 1984, ACM Trans. Program. Lang. Syst..

[2]  Mark G. Staskauskas The Formal Specification and Design of a Distributed fElectronic Funds-Transfer System , 1988, IEEE Trans. Computers.

[3]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[4]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[5]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[6]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[7]  Markus Kaltenbach,et al.  Model Checking for UNITY , 1994 .

[8]  A. Udaya Shankar,et al.  Refinement and Projection of Relational Specifications , 1990, REX Workshop.

[9]  Jayadev Misra,et al.  Equational reasoning about nondeterministic processes , 1990, Formal Aspects of Computing.

[10]  Leslie Lamport,et al.  win and sin: predicate transformers for concurrency , 1990, TOPL.

[11]  A. Carruth Real-Time Unity , 1994 .

[12]  Jayadev Misra A Foundation of Parallel Programming , 1989 .

[13]  M. G. Staskauskas An experience in the formal verification of industrial software , 1996 .

[14]  Beverly A. Sanders Eliminating the substitution axiom from UNITY logic , 2005, Formal Aspects of Computing.

[15]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[16]  Jerrold L. Wagener Guarded command , 2003 .

[17]  Amir Pnueli,et al.  Impartiality, Justice and Fairness: The Ethics of Concurrent Termination , 1981, ICALP.

[18]  Charanjit S. Jutla,et al.  A methodology for designing proof rules for fair parallel programs , 1997, Formal Aspects of Computing.

[19]  K. Mani Chandy,et al.  How processes learn , 1985, ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing.

[20]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[21]  Edsger W. Dijkstra,et al.  Solution of a problem in concurrent programming control , 1965, CACM.

[22]  Lutz Priese,et al.  Fairness , 1988, Bull. EATCS.

[23]  C. A. R. Hoare,et al.  Developments in concurrency and communication , 1991 .

[24]  Jan K. Pachl A Simple Proof of a Completeness Result for leads-to in the UNITY Logic , 1992, Inf. Process. Lett..

[25]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[26]  Josyula Ramachandra Rao Building on the unity experience: compositionality, fairness and probability in parallelism , 1992 .

[27]  Edsger W. Dijkstra,et al.  Predicate Calculus and Program Semantics , 1989, Texts and Monographs in Computer Science.

[28]  A. J. M. van Gasteren,et al.  Comments on "On the Proof of a Distributed Algorithm": Always-Tru is not Invariant , 1990, Inf. Process. Lett..

[29]  Leslie Lamport,et al.  Proving Liveness Properties of Concurrent Programs , 1982, TOPL.

[30]  Edgar Knapp,et al.  Refinement as a basis for concurrent program design , 1992 .

[31]  Jayadev Misra,et al.  Soundness of the Substitution Axiom , 1990 .

[32]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[33]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[34]  Charanjit S. Jutla,et al.  A predicate transformer approach to semantics of parallel programs , 1989, PODC '89.

[35]  Mark Gerard Staskauskas Specification and Verification of Large-Scale Reactive Programs , 1992 .

[36]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[37]  Edgar Knapp,et al.  A Predicate Transformer for Progress , 1990, Inf. Process. Lett..