1 / 24

Temporal Specification

Temporal Specification. Chris Patel Vinay Viswanathan. Background. Temporal logic was first introduced by Amir Pnueli in 1977 Pnueli’s logic was based on the temporal modality “forever” Additional temporal modalities have been created Next Until Since. Background (2).

morey
Download Presentation

Temporal Specification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Temporal Specification Chris Patel Vinay Viswanathan

  2. Background • Temporal logic was first introduced by Amir Pnueli in 1977 • Pnueli’s logic was based on the temporal modality “forever” • Additional temporal modalities have been created • Next • Until • Since

  3. Background (2) • Early verification approaches consisted of extending state-based methods with temporal logic. • Suffered from insufficient expressiveness • Raised the sophistication of reasoning required for verification • Resulting approaches were not embraced

  4. Concepts • Temporal logic consists of a notation that lets us argue when statements are true • Time is discrete and extends indefinitely into the future

  5. Temporal Logic • The specification of a system in temporal logic consists of • Safety Conditions • Conditions which must not occur in during system operations • Liveness Conditions • Specify what the system must do • Fairness Conditions • Describe how nondeterministic specifications must be resolved

  6. The Elevator Problem 1. There are many elevators serving multiple floors. 2. On board each elevator is a set of destination push buttons, one for each floor, which backlight when depressed, and remain lit until arrival at the selected floor. 3. On board each elevator are two directional signal lights, one for going up, and the other for going down. 4. On board each elevator is a set of lights, one for each floor. One of these lights is always lit, indicating the elevator is at that floor. 5. On each floor there are two summons push buttons, one for summoning the elevator to go up, and the other to go down. These backlight when pushed, and remain lit until an elevator arrives that will go in the selected direction. The top and bottom floors each have only a single summons push button. 6. On each floor, beside each elevator are two floor directional lights, one showing the direction the elevator will take. When an elevator arrives at the floor, the appropriate light shows the direction the elevator will take when leaving the floor. The top and bottom floors have only a single directional light each. 7. Elevator doors are either closed or not closed. Opening, closing, or emergency stops are not considered. On each floor, there are doors for each elevator. Both the elevator doors and the floor doors have to be open for people to enter or leave the elevator at a floor. 8. The specification is not concerned with what happens under failure conditions.

  7. Temporal Operators • a : means that eventually a will be true • a : means that henceforth a is true • a : means that at the next state (instant in time) a will be true • a : means that at the previous state (instant in time) a was true

  8. Graphical Interval Logic • A graphical interval logic formula is evaluated in a context • Can be some interval • Can be a sequence of states in a computation • Every context has a first state • The logic provides two search primitives for constructing intervals • Search to a formula w, represented • Search to the right end of the context, represented

  9. Graphical Interval Logic • A search to a formula locates the first state at which the formula holds in the tail sequence. • A search begins with the dot and moves forward until it reaches a state at which the formula holds. • A search fails if the formula does not hold at any future state. • Searches can be combined

  10. Graphical Interval Logic • Search for the first state w1 holds, but end prior to the first state at which w2 holds

  11. Graphical Interval Logic • From readers/writers… • Writers take priority over readers not already using the database…

  12. Temporal Logic vs. Statecharts S1 S2 S1 S2 S2 S1 t=1 t=20 t=25 t=100

  13. Temporal Logic vs. Statecharts • Temporal logic provides the capability to specify requirements without having to describe deterministic scenarios. • Can describe what is required, rather than how to implement it • Temporal logic is a specification language, whereas statecharts are just an implementation formalism • Implementation is a poor means of specification

  14. Temporal Logic vs. Statecharts Consider… • If event1, then event2 must not occur for n cycles: Always ( {ev1} Implies Always <=nNot{ev2} ) • If event2, then event1 must have occurred 3 cycles earlier: Always ( {ev2} Implies Previous Previous Previous {ev1} ) • A statechart representation will turn into an exercise in implementing the above specifications

  15. RAPIDE

  16. An architecture instance

  17. Rapide Sub-Languages • Types define component interfaces • Architecture declare components and connections • Executable programming constructs for component modules • Pattern define subsets of poset computation • Specification specifying constraints on interfaces

  18. Rapide Language

  19. Posets(Concepts) • Events are generated by communication between two components of the system • Events are generated by actions and functions • Events are ordered with respect to : time and causality

  20. Posets(Causality) Events A and B are dependent if (A precedes B): • A and B are generated by the same process or • A process is triggered by A and then generated B or • A process generated A and then assigns to a variable v, another process reads v  and then generates B or • A triggers a connection which generates B or • A precedes C which precedes B (transitive closure).

  21. Partially Ordered Execution

  22. Event Pattern xa_prepare_ret() || xa_commit_call

  23. Architecture & System Development • Monitor System Development • Simulation and analysis of distributed systems • Reference Architectures • Scalability, Testing & Validation, Interoperability

  24. Rapide Modeling Process

More Related