Presentation is loading. Please wait.

Presentation is loading. Please wait.

Temporal Specification Chris Patel Vinay Viswanathan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Temporal Specification Chris Patel Vinay Viswanathan."— Presentation transcript:

1 Temporal Specification Chris Patel Vinay Viswanathan

2 Background Temporal logic was first introduced by Amir Pnueli in 1977 Pnueli’s logic was based on the temporal modality “forever” Additional temporal modalities have been created Next Until Since

3 Background (2) Early verification approaches consisted of extending state-based methods with temporal logic. Suffered from insufficient expressiveness Raised the sophistication of reasoning required for verification Resulting approaches were not embraced

4 Concepts Temporal logic consists of a notation that lets us argue when statements are true Time is discrete and extends indefinitely into the future

5 Temporal Logic The specification of a system in temporal logic consists of Safety Conditions Conditions which must not occur in during system operations Liveness Conditions Specify what the system must do Fairness Conditions Describe how nondeterministic specifications must be resolved

6 The Elevator Problem 1. There are many elevators serving multiple floors. 2. On board each elevator is a set of destination push buttons, one for each floor, which backlight when depressed, and remain lit until arrival at the selected floor. 3. On board each elevator are two directional signal lights, one for going up, and the other for going down. 4. On board each elevator is a set of lights, one for each floor. One of these lights is always lit, indicating the elevator is at that floor. 5. On each floor there are two summons push buttons, one for summoning the elevator to go up, and the other to go down. These backlight when pushed, and remain lit until an elevator arrives that will go in the selected direction. The top and bottom floors each have only a single summons push button. 6. On each floor, beside each elevator are two floor directional lights, one showing the direction the elevator will take. When an elevator arrives at the floor, the appropriate light shows the direction the elevator will take when leaving the floor. The top and bottom floors have only a single directional light each. 7. Elevator doors are either closed or not closed. Opening, closing, or emergency stops are not considered. On each floor, there are doors for each elevator. Both the elevator doors and the floor doors have to be open for people to enter or leave the elevator at a floor. 8. The specification is not concerned with what happens under failure conditions.

7 Temporal Operators a : means that eventually a will be true a : means that henceforth a is true a : means that at the next state (instant in time) a will be true a : means that at the previous state (instant in time) a was true

8 Graphical Interval Logic A graphical interval logic formula is evaluated in a context –Can be some interval –Can be a sequence of states in a computation Every context has a first state The logic provides two search primitives for constructing intervals –Search to a formula w, represented –Search to the right end of the context, represented

9 Graphical Interval Logic A search to a formula locates the first state at which the formula holds in the tail sequence. A search begins with the dot and moves forward until it reaches a state at which the formula holds. A search fails if the formula does not hold at any future state. Searches can be combined

10 Graphical Interval Logic Search for the first state w1 holds, but end prior to the first state at which w2 holds

11 Graphical Interval Logic From readers/writers… –Writers take priority over readers not already using the database…

12 Temporal Logic vs. Statecharts S1S2 S1 S2 S2 S1 t=1 t=20 t=25 t=100

13 Temporal Logic vs. Statecharts Temporal logic provides the capability to specify requirements without having to describe deterministic scenarios. –Can describe what is required, rather than how to implement it Temporal logic is a specification language, whereas statecharts are just an implementation formalism –Implementation is a poor means of specification

14 Temporal Logic vs. Statecharts Consider… If event1, then event2 must not occur for n cycles: Always ( {ev1} Implies Always <=n Not{ev2} ) If event2, then event1 must have occurred 3 cycles earlier: Always ( {ev2} Implies Previous Previous Previous {ev1} ) A statechart representation will turn into an exercise in implementing the above specifications

15 RAPIDE

16 An architecture instance

17 Rapide Sub-Languages Types define component interfaces Architecture declare components and connections Executable programming constructs for component modules Pattern define subsets of poset computation Specification specifying constraints on interfaces

18 Rapide Language

19 Posets(Concepts) Events are generated by communication between two components of the system Events are generated by actions and functions Events are ordered with respect to : time and causality

20 Posets(Causality) Events A and B are dependent if (A precedes B): A and B are generated by the same process or A process is triggered by A and then generated B or A process generated A and then assigns to a variable v, another process reads v and then generates B or A triggers a connection which generates B or A precedes C which precedes B (transitive closure).

21 Partially Ordered Execution

22 Event Pattern xa_prepare_ret() || xa_commit_call

23 Architecture & System Development Monitor System Development Simulation and analysis of distributed systems Reference Architectures Scalability, Testing & Validation, Interoperability

24 Rapide Modeling Process

Download ppt "Temporal Specification Chris Patel Vinay Viswanathan."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.
Complex Organizational System A Complex System Model for Organizations, Companies and Social Actions.

Complex Organizational System A Complex System Model for Organizations, Companies and Social Actions.
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Set 14: Simulations 1.

CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Set 14: Simulations 1.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Unit 7 Discrete Controllers

Unit 7 Discrete Controllers
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.

Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
ALGORITHMS THIRD YEAR BANHA UNIVERSITY FACULTY OF COMPUTERS AND INFORMATIC Lecture two Dr. Hamdy M. Mousa.

ALGORITHMS THIRD YEAR BANHA UNIVERSITY FACULTY OF COMPUTERS AND INFORMATIC Lecture two Dr. Hamdy M. Mousa.
DEVELOPING LANGUAGES IN GENETICA A general and effective approach to domain-specific problem-solving is to use a high-level language specialized on the.

DEVELOPING LANGUAGES IN GENETICA A general and effective approach to domain-specific problem-solving is to use a high-level language specialized on the.
Visual Tools for Temporal Reasoning G. Kutty, L.K. Dillon, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna.

Visual Tools for Temporal Reasoning G. Kutty, L.K. Dillon, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
CPSC 668Set 14: Simulations1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.

CPSC 668Set 14: Simulations1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Logic Based LSC Consistency Testing Presenter: Anup Niroula.

Logic Based LSC Consistency Testing Presenter: Anup Niroula.

Similar presentations

Ads by Google