The temporal logic of actions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

The temporal logic of actions

Full text

Pdf (3.48 MB)

Source

ACM Transactions on Programming Languages and Systems (TOPLAS) archive
Volume 16 , Issue 3 (May 1994) table of contents

Pages: 872 - 923

Year of Publication: 1994

ISSN:0164-0925

Author

Leslie Lamport

Digital Equipment Corp., Palo Alto, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 169, Citation Count: 139

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/177492.177726 What is a DOI?

ABSTRACT

The temporal logic of actions (TLA) is a logic for specifying and reasoning about concurrent systems. Systems and their properties are represented in the same logic, so the assertion that a system meets its specification and the assertion that one system implements another are both expressed by logical implication. TLA is very simple; its syntax and complete formal semantics are summarized in about a page. Yet, TLA is not just a logician's toy; it is extremely powerful, both in principle and in practice. This report introduces TLA and describes how it is used to specify and verify concurrent algorithms. The use of TLA to specify and reason about open systems will be described elsewhere.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ABADI, M. AND LAMPORT, L. 1993. Conjoining specifications. Res. Rep. 118, Digital Equipment Corp., Systems Research Center, Palo Alto, Calif.
	2	ABADI, M. AND LAMPORT, L. 1992. An old-fashioned recipe for real time. Research Report 91, Digital Equipment Corp., Systems Research Center, Palo Alto, Calif.~
	3	Martín Abadi , Leslie Lamport, The existence of refinement mappings, Theoretical Computer Science, v.82 n.2, p.253-284, May 31, 1991 [doi>10.1016/0304-3975(91)90224-P]
	4	ALPERN, B. AND SCHNEIDER, F. B. 1985. Defining liveness. Inf. Process. Lett. 21, 4 (Oct.), 181-185.
	5	Krzysztof R. Apt, Ten Years of Hoare's Logic: A Survey—Part I, ACM Transactions on Programming Languages and Systems (TOPLAS), v.3 n.4, p.431-483, Oct. 1981 [doi>10.1145/357146.357150]
	6	Krzysztof R. Apt , Ernst-Rüdiger Olderog, Verification of sequential and concurrent programs (2nd ed.), Springer-Verlag New York, Inc., Secaucus, NJ, 1997
	7	ASHCROFT, E. A. 1975. }Proving assertions about parallel programs. J. Comput. Syst. Sci. 10, 110-135.
	8	J. R. Burch , E. M. Clarke , K. L. McMillan , D. L. Dill , L. J. Hwang, Symbolic model checking: 1020 states and beyond, Information and Computation, v.98 n.2, p.142-170, June 1992 [doi>10.1016/0890-5401(92)90017-A]
	9	K. Mani Chandy, Parallel program design: a foundation, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1988
	10	DE BAKKER, J. W., HUIZING, C., DE ROEVER, W. P., AND ROZENBERG, G. (Eds.) 1992. Real-Time: Theory in Practice, Lecture Notes in Computer Science, vol. 600. Proceedings of a REX Real-Time Workshop, Springer-Verlag, Berlin.
	11	Edsger W. Dijkstra, The structure of the “THE”-multiprogramming system, Communications of the ACM, v.11 n.5, p.341-346, May 1968 [doi>10.1145/363095.363143]
	12	Edsger Wybe Dijkstra, A Discipline of Programming, Prentice Hall PTR, Upper Saddle River, NJ, 1997
	13	Urban Engberg , Peter Grønning , Leslie Lamport, Mechanical Verification of Concurrent Systems with TLA, Proceedings of the Fourth International Workshop on Computer Aided Verification, p.44-55, June 29-July 01, 1992
	14	FLON, L. AND SUZUKI, N. 1978. Consistent and complete proof rules for the total correctness of parallel programs. In Proceedings of 19th Annual Symposium on Foundations of Computer Science. IEEE, New York, 184-192.
	15	FLOYD, R. W. 1967. Assigning meanings to programs, in Proceedings of the Symposium on Applied Math. Vol. 19, American Mathematical Society, Providence, Rhode Island, 19-32.
	16	S. J. Garland , J. V. Guttag, An overview of LP, the larch power, Proceedings of the 3rd international conference on Rewriting Techniques and Applications, p.137-151, January 1989
	17	Eric C. R. Hehner, Predicative programming Part II, Communications of the ACM, v.27 n.2, p.144-151, Feb. 1984 [doi>10.1145/69610.357990]
	18	C. A. R. Hoare, An axiomatic basis for computer programming, Communications of the ACM, v.12 n.10, p.576-580, Oct. 1969 [doi>10.1145/363235.363259]
	19	Robert M. Keller, Formal verification of parallel programs, Communications of the ACM, v.19 n.7, p.371-384, July 1976 [doi>10.1145/360248.360251]
	20	LAM, S. S. AND SHANKAR, A. U. 1984. Protocol verification via projections. IEEE Trans. Softw. Eng. SE-IO, 4 (July), 325-342.
	21	Leslie Lamport, Hybrid Systems in TLA+, Hybrid Systems, p.77-102, January 1993
	22	Leslie Lamport, Specifying Concurrent Program Modules, ACM Transactions on Programming Languages and Systems (TOPLAS), v.5 n.2, p.190-222, April 1983 [doi>10.1145/69624.357207]
	23	LAMPORT, L. 1983b. What good is temporal logic. In Information Processing 83: Proceedings of the IFIP 9th World Congress, R. E. A. MASON, Ed. North-Holland, Amsterdam, 657-668.
	24	LAMPORT, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. SE-3, 2 (Mar.), 125-143.
	25	LE~SENR~NG, A. C. 1969. Mathematical Logic and Hilbert's e-Symbol. Gordon and Breach, New York.
	26	Richard J. Lipton, Reduction: a method of proving properties of parallel programs, Communications of the ACM, v.18 n.12, p.717-721, Dec. 1975 [doi>10.1145/361227.361234]
	27	Nancy A. Lynch , Mark R. Tuttle, Hierarchical correctness proofs for distributed algorithms, Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, p.137-151, August 10-12, 1987, Vancouver, British Columbia, Canada [doi>10.1145/41840.41852]
	28	Zohar Manna , Amir Pnueli, The temporal logic of reactive and concurrent systems, Springer-Verlag New York, Inc., New York, NY, 1992
	29	J. Misra, Specifying concurrent objects as communicating processes, Science of Computer Programming, v.14 n.2-3, p.159-184, Oct. 1990 [doi>10.1016/0167-6423(90)90019-A]
	30	Susan Speer Owicki, Axiomatic proof techniques for parallel programs., 1975
	31	Amir Pnueli, The Temporal Semantics of Concurrent Programs, Proceedings of the International Sympoisum on Semantics of Concurrent Computation, p.1-20, July 02-04, 1979
	32	PNUELI, A. 1977. The temporal logic of programs. In Procee&ngs of the 18th Annual Symposium on the Foundations of Computer Science, IEEE, New York, 46-57.
	33	SCHROEDER~ M. D., BIRRELL, A. D., BURROWS, M., MURRAY, H., NEED- HAM, R. M., RODEHEFFER, T. L., SATTERTHWAITE, E. H., AND THACKER, C. P. 1990. Autonet: A high-speed, self-configuring local area network using point-to-point links. Res. Rep. 59, Digital Equipment Corporation, Systems Research Center, Palo Alto, Calif.
	34	SHANKAR, A. U. AND LAM, S. S. 1984. Time-dependent communication protocols. In Principles of Communication and Networking Protocols, S. S. LAM, Ed. IEEE Computer Society Press, Los Alamitos, Calif., 504- 519.

CITED BY 139

	Aamod Sane , Roy Campbell, Compiling knowledge-based programs, Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing, p.268, August 20-23, 1995, Ottowa, Ontario, Canada
	Ioan Alfred Letia, A TLA+ specification for agent communication that enables proofs, Proceedings of the third annual conference on Autonomous Agents, p.410-411, April 1999, Seattle, Washington, United States
	Zhen-Hua Duan , Maciej Koutny, A framed temporal logic programming language, Journal of Computer Science and Technology, v.19 n.3, p.341-351, May 2004
	Leslie Lamport, TLA in Pictures, IEEE Transactions on Software Engineering, v.21 n.9, p.768-775, September 1995
	Gudmund Grov , Robert Pointon , Greg Michaelson , Andrew Ireland, Preserving coordination properties when transforming concurrent system components, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	Harold Thimbleby, Creating user manuals for using in collaborative design, Conference companion on Human factors in computing systems: common ground, p.279-280, April 13-18, 1996, Vancouver, British Columbia, Canada
	Rajeev Joshi , Leslie Lamport , John Matthews , Serdar Tasiran , Mark Tuttle , Yuan Yu, Checking Cache-Coherence Protocols with TLA⁺, Formal Methods in System Design, v.22 n.2, p.125-131, March 2003
	Slim REKHIS , Noureddine BOUDRIGA, A formal logic-based language and an automated verification tool for computer forensic investigation, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Philippe Collet , Alain Ozanne , Nicolas Rivierre, On contracting different behavioral properties in component-based systems, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
	Michel Charpentier, Composing invariants, Science of Computer Programming, v.60 n.3, p.221-243, May 2006
	Roberto Segala, The power of simulation relations, Proceedings of the twenty-seventh ACM symposium on Principles of distributed computing, August 18-21, 2008, Toronto, Canada
	C. Donald Wilcox , Gruia-Catalin Roman, Reasoning About Places, Times, and Actions in the Presence of Mobility, IEEE Transactions on Software Engineering, v.22 n.4, p.225-247, April 1996
	Leslie Lamport , John Matthews , Mark Tuttle , Yuan Yu, Specifying and verifying systems with TLA+, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Helge Janicke , Antonio Cau , Hussein Zedan, A note on the formalisation of UCON, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Scott D. Stoller , Yanhong A. Liu, Transformations for model checking distributed Java programs, Proceedings of the 8th international SPIN workshop on Model checking of software, p.192-199, May 2001, Toronto, Ontario, Canada
	Lawrence C. Paulson, Mechanizing a theory of program composition for UNITY, ACM Transactions on Programming Languages and Systems (TOPLAS), v.23 n.5, p.626-656, September 2001
	Gruia-Catalin Roman , Peter J. McCann , Jerome Y. Plun, Mobile UNITY: reasoning and specification in mobile computing, ACM Transactions on Software Engineering and Methodology (TOSEM), v.6 n.3, p.250-282, July 1997
	Kazuhiro Ogata , Kokichi Futatsugi, Formal analysis of Suzuki & Kasami distributed mutual exclusion algorithm, Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems V, p.181-195, March 20-22, 2002
	Uri Abraham , Tamar Pinhas, Exercises in style (Alpha specifications), Fundamenta Informaticae, v.54 n.2-3, p.107-135, February 2003
	Guoping Jia , Guoliang Zheng, Fair transition system specification: an integrated approach, ACM SIGPLAN Notices, v.31 n.3, p.14-21, March 1996
	Jayasri Banerjee , Anup Kumar Bandyopadhyay , Ajit Kumar Mandal, Ordering of events in two-process concurrent system, ACM SIGSOFT Software Engineering Notes, v.32 n.4, July 2007
	Michael Kaminski, Invariance Under Stuttering in a Temporal Logic without the "Until" Operator, Fundamenta Informaticae, v.82 n.1-2, p.127-140, January 2008
	Toufik Taibi, Formal specification of design patterns' relationships, Proceedings of the 2nd IASTED international conference on Advances in computer science and technology, p.310-315, January 23-25, 2006, Puerto Vallarta, Mexico
	Alexander Rabinovich, Automata over continuous time, Theoretical Computer Science, v.300 n.1-3, p.331-363, 07 May 2003
	Awadhesh Kumar Singh , Anup Kumar Bandyopadhyay, Adding the leads-to operator to Dijkstra's calculus, ACM SIGPLAN Notices, v.39 n.2, February 2004
	Wim H. Hesselink, A challenge for atomicity verification, Science of Computer Programming, v.71 n.1, p.57-72, March, 2008
	Doug Goldson , Brijesh Dongol, Concurrent program design in the extended theory of Owicki and Gries, Proceedings of the 2005 Australasian symposium on Theory of computing, p.41-50, January 01, 2005, Newcastle, Australia
	Christophe Damas , Bernard Lambeau , Axel van Lamsweerde, Scenarios, goals, and state machines: a win-win partnership for model synthesis, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, November 05-11, 2006, Portland, Oregon, USA
	K. Mani Chandy , Michel Charpentier, An Experiment in Program Composition and Proof, Formal Methods in System Design, v.20 n.1, p.7-21, January 2002
	Carl A. Gunter , Elsa L. Gunter , Michael Jackson , Pamela Zave, A Reference Model for Requirements and Specifications, IEEE Software, v.17 n.3, p.37-43, May 2000
	Lawrence C. Paulson, Mechanizing UNITY in Isabelle, ACM Transactions on Computational Logic (TOCL), v.1 n.1, p.3-32, July 2000
	G. Manduchi , M. Moro, Automatic verification for a class of distributed systems, Distributed Computing, v.13 n.3, p.127-143, July 2000
	Eli Gafni , Leslie Lamport, Disk Paxos, Distributed Computing, v.16 n.1, p.1-20, February 2003
	Martín Abadi , Leslie Lamport, Open systems in TLA, Proceedings of the thirteenth annual ACM symposium on Principles of distributed computing, p.81-90, August 14-17, 1994, Los Angeles, California, United States
	Muthian Sivathanu , Andrea C. Arpaci-Dusseau , Remzi H. Arpaci-Dusseau , Somesh Jha, A logic of file systems, Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies, p.1-1, December 13-16, 2005, San Francisco, CA
	Martín Abadi , Leslie Lamport, Conjoining specifications, ACM Transactions on Programming Languages and Systems (TOPLAS), v.17 n.3, p.507-535, May 1995
	Mark Moriconi , Xiaolei Qian, Correctness and composition of software architectures, ACM SIGSOFT Software Engineering Notes, v.19 n.5, p.164-174, Dec. 1994
	Emil Sekerinski, An Algebraic Approach to Refinement with Fair Choice, Electronic Notes in Theoretical Computer Science (ENTCS), 214, p.51-79, June, 2008
	João Luis Sobrinho, Network routing with path vector protocols: theory and applications, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany
	Robert B. France , Dae-Kyoo Kim , Sudipto Ghosh , Eunjee Song, A UML-Based Pattern Specification Technique, IEEE Transactions on Software Engineering, v.30 n.3, p.193-206, March 2004
	Leslie Lamport, Fairness and hyperfairness, Distributed Computing, v.13 n.4, p.239-245, November 2000
	J. Strother Moore, A Mechanically Checked Proof of a Multiprocessor Result via a Uniprocessor View, Formal Methods in System Design, v.14 n.2, p.213-228, March 1999
	M. Lemoine , G. Gaudière, From UML to Z, Formal methods for embedded distributed systems: how to master the complexity, Kluwer Academic Publishers, Norwell, MA, 2004
	Konstantinos Antonis , Nikolaos S. Voros, Applying formal methods for the design of wireless telecommunication systems, Proceedings of the 3rd international conference on Mobile multimedia communications, August 27-29, 2007, Nafpaktos, Greece
	Jayadev Misra, A Simple, Object-Based View of Multiprogramming, Formal Methods in System Design, v.20 n.1, p.23-45, January 2002
	Alan Fekete, Liveness conditions in model-based service specifications: a case study, ACM SIGSOFT Software Engineering Notes, v.20 n.4, p.62-71, Oct. 1995
	Emmanuel Letier , Jeff Kramer , Jeff Magee , Sebastian Uchitel, Fluent temporal logic for discrete-time event-based models, ACM SIGSOFT Software Engineering Notes, v.30 n.5, September 2005
	Wim H. Hesselink, Using eternity variables to specify and prove a serializable database interface, Science of Computer Programming, v.51 n.1-2, p.47-85, May 2004
	Awadhesh Kumar Singh , Anup Kumar Bandyopadhyay, Verifying mutual exclusion and liveness properties with split preconditions, Journal of Computer Science and Technology, v.19 n.6, p.795-802, November 2004
	Tommi Mikkonen, On the Dominance of Decompositions in Models and their Aspect-Oriented Implementations, Electronic Notes in Theoretical Computer Science (ENTCS), v.163 n.2, p.19-28, April, 2007
	Jing Dong, A logical framework for design composition, Proceedings of the 22nd international conference on Software engineering, p.698-700, June 04-11, 2000, Limerick, Ireland
	Tommi Mikkonen, Formalizing design patterns, Proceedings of the 20th international conference on Software engineering, p.115-124, April 19-25, 1998, Kyoto, Japan
	Martín Abadi , Leslie Lamport, An old-fashioned recipe for real time, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.5, p.1543-1571, Sept. 1994
	Peter Ladkin , Leslie Lamport , Bryan Olivier , Denis Roegel, Lazy caching in TLA, Distributed Computing, v.12 n.2/3, p.151-174, June 1999
	Viktor Vafeiadis , Maurice Herlihy , Tony Hoare , Marc Shapiro, Proving correctness of highly-concurrent linearisable objects, Proceedings of the eleventh ACM SIGPLAN symposium on Principles and practice of parallel programming, March 29-31, 2006, New York, New York, USA
	Alessio Lomuscio , Mark Ryan, An algorithmic approach to knowledge evolution, Artificial Intelligence for Engineering Design, Analysis and Manufacturing, v.13 n.2, p.119-132, April 1999
	Matthew B. Dwyer , George S. Avrunin , James C. Corbett, Patterns in property specifications for finite-state verification, Proceedings of the 21st international conference on Software engineering, p.411-420, May 16-22, 1999, Los Angeles, California, United States
	Xinwen Zhang , Jaehong Park , Francesco Parisi-Presicce , Ravi Sandhu, A logical specification for usage control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Dominique Cansell , Dominique Méry, Formal and incremental construction of distributed algorithms: on the distributed reference counting algorithm, Theoretical Computer Science, v.364 n.3, p.318-337, 8 November 2006
	Toufik Taibi, Formal specification and validation of multi-agent behaviour using TLA+ and TLC model checker, International Journal of Artificial Intelligence and Soft Computing, v.1 n.1, p.99-113, November 2008
	Nils Klarlund , Mogens Nielsen , Kim Sunesen, Automated logical verification based on trace abstractions, Proceedings of the fifteenth annual ACM symposium on Principles of distributed computing, p.101-110, May 23-26, 1996, Philadelphia, Pennsylvania, United States
	Alexander Knapp , Stephan Merz , Martin Wirsing , Júlia Zappe, Specification and refinement of mobile systems in MTLA and mobile UML, Theoretical Computer Science, v.351 n.2, p.184-202, 21 February 2006
	Hongxu Cai , Zhong Shao , Alexander Vaynberg, Certified self-modifying code, ACM SIGPLAN Notices, v.42 n.6, June 2007
	Peter Csaba Ölveczky , Stian Thorvaldsen, Formal modeling, performance estimation, and model checking of wireless sensor network algorithms in Real-Time Maude, Theoretical Computer Science, v.410 n.2-3, p.254-280, February, 2009
	Andreas Rausch, Software evolution in componentware using requirements/assurances contracts, Proceedings of the 22nd international conference on Software engineering, p.147-156, June 04-11, 2000, Limerick, Ireland
	Jan Mikáč , Paul Caspi, Flush: a system development tool based on scade/lustre, Proceedings of the 10th international workshop on Formal methods for industrial critical systems, p.27-34, September 05-06, 2005, Lisbon, Portugal
	H. Gao , W. H. Hesselink, A general lock-free algorithm using compare-and-swap, Information and Computation, v.205 n.2, p.225-241, February, 2007
	Gerald Lüttgen , Walter Vogler, Conjunction on processes: Full abstraction via ready-tree semantics, Theoretical Computer Science, v.373 n.1-2, p.19-40, March, 2007
	Kazuhiro Ogata , Kokichi Futatsugi, Modeling and verification of real-time systems based on equations, Science of Computer Programming, v.66 n.2, p.162-180, April, 2007
	Ines Doghri, Formal verification of WAHS: an autonomous and wireless P2P auction handling system, Proceedings of the 8th international conference on New technologies in distributed systems, June 23-27, 2008, Lyon, France
	Amy P. Felty , Kedar S. Namjoshi, Feature specification and automated conflict detection, ACM Transactions on Software Engineering and Methodology (TOSEM), v.12 n.1, p.3-27, January 2003
	Xinwen Zhang , Francesco Parisi-Presicce , Ravi Sandhu , Jaehong Park, Formal model and policy specification of usage control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.351-387, November 2005
	Nalini Venkatasubramanian , Carolyn Talcott, Reasoning about meta level activities in open distributed systems, Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing, p.144-152, August 20-23, 1995, Ottowa, Ontario, Canada
	Tevfik Bultan, Action Language: a specification language for model checking reactive systems, Proceedings of the 22nd international conference on Software engineering, p.335-344, June 04-11, 2000, Limerick, Ireland
	Dimitra Giannakopoulou , Jeff Magee, Fluent model checking for event-based systems, ACM SIGSOFT Software Engineering Notes, v.28 n.5, September 2003
	Yifeng Chen , J. W. Sanders, Logic of global synchrony, ACM Transactions on Programming Languages and Systems (TOPLAS), v.26 n.2, p.221-262, March 2004
	H. Gao , J. F. Groote , W. H. Hesselink, Lock-free dynamic hash tables with open addressing, Distributed Computing, v.18 n.1, p.21-42, July 2005
	Dimitra Giannakopoulou , Jeff Magee , Jeff Kramer, Checking progress with action priority: is it fair?, ACM SIGSOFT Software Engineering Notes, v.24 n.6, p.511-527, Nov. 1999
	W. L. Yeung , S. A. Schneider, Design and Verification of Distributed Recovery Blocks with CSP, Formal Methods in System Design, v.22 n.3, p.225-248, May 2003
	Shaz Qadeer, Verifying Sequential Consistency on Shared-Memory Multiprocessors by Model Checking, IEEE Transactions on Parallel and Distributed Systems, v.14 n.8, p.730-741, August 2003
	Wim H. Hesselink, Eternity variables to prove simulation of specifications, ACM Transactions on Computational Logic (TOCL), v.6 n.1, p.175-201, January 2005
	Timo Aaltonen , Tommi Mikkonen, Managing software evolution with a formalised abstraction hierarchy, International Journal of Computer Applications in Technology, v.31 n.1/2, p.120-130, March 2008
	José Pereira , Luís Rodrigues , Rui Oliveira, Semantically Reliable Multicast: Definition, Implementation, and Performance Evaluation, IEEE Transactions on Computers, v.52 n.2, p.150-165, February 2003
	Emin Gün Sirer , Ke Wang, An access control language for web services, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Howard Bowman , John Derrick, Issues in formal methods, Formal methods for distributed processing: a survey of object-oriented approaches, Cambridge University Press, New York, NY, 2001
	Susanne Graf, Characterization of a sequentially consistent memory and verification of a cache memory by abstraction, Distributed Computing, v.12 n.2/3, p.75-90, June 1999
	Xinyu Feng , Zhong Shao , Alexander Vaynberg , Sen Xiang , Zhaozhong Ni, Modular verification of assembly code with stack-based control abstractions, ACM SIGPLAN Notices, v.41 n.6, June 2006
	Martin Büchi , Emil Sekerinski, A Foundation for Refining Concurrent Objects, Fundamenta Informaticae, v.44 n.1-2, p.25-61, January 2000
	Fabien Latry , Julien Mercadal , Charles Consel, Staging telephony service creation: a language approach, Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications, July 19-20, 2007, New York City, New York
	Rajnish Ghughal , Abdel Mokkedem , Ratan Nalumasu , Ganesh Gopalakrishnan, Using “test model-checking” to verify the Runway-PA8000 memory model, Proceedings of the tenth annual ACM symposium on Parallel algorithms and architectures, p.231-239, June 28-July 02, 1998, Puerto Vallarta, Mexico
	Jules Desharnais , Marc Frappier , Ridha Khédri , Ali Mili, Integration of sequential scenarios, ACM SIGSOFT Software Engineering Notes, v.22 n.6, p.310-326, Nov. 1997
	P. Ciancarini , F. Franzé , C. Mascolo, Using a coordination language to specify and analyze systems containing mobile components, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.2, p.167-198, April 2000
	Rajeev Alur , Radu Grosu, Modular refinement of hierarchic reactive machines, ACM Transactions on Programming Languages and Systems (TOPLAS), v.26 n.2, p.339-369, March 2004
	Gerhard Schellhorn, ASM Refinement and generalizations of forward simulation in data refinement: a comparison, Theoretical Computer Science, v.336 n.2-3, p.403-435, 26 May 2005
	Pierluigi San Pietro , Angelo Morzenti , Sandro Morasca, Generation of Execution Sequences for Modular Time Critical Systems, IEEE Transactions on Software Engineering, v.26 n.2, p.128-149, February 2000
	John Penix , Perry Alexander, Efficient Specification-Based Component Retrieval, Automated Software Engineering, v.6 n.2, p.139-170, April 1999
	S. Morasca , A. Morzenti , P. San Pietro, A Case Study on Applying a Tool for Automated System Analysis Based on Modular Specifications Written in TRIO, Automated Software Engineering, v.7 n.2, p.125-155, May 2000
	Lars E. Olson , Carl A. Gunter , P. Madhusudan, A formal framework for reflective database access control policies, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Ralph Jeffords , Constance Heitmeyer, Automatic generation of state invariants from requirements specifications, ACM SIGSOFT Software Engineering Notes, v.23 n.6, p.56-69, Nov. 1998
	Emmanuel Letier , Axel van Lamsweerde, Deriving operational software specifications from system goals, ACM SIGSOFT Software Engineering Notes, v.27 n.6, November 2002
	Emmanuel Letier , Axel van Lamsweerde, Deriving operational software specifications from system goals, Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering, November 18-22, 2002, Charleston, South Carolina, USA
	Bruno Mermet , Dominique Méry, Service specifications: to B, or not to B, Proceedings of the second workshop on Formal methods in software practice, p.62-69, March 04-05, 1998, Clearwater Beach, Florida, United States
	Dachuan Yu , Zhong Shao, Verification of safety properties for concurrent assembly code, ACM SIGPLAN Notices, v.39 n.9, September 2004
	Xinyu Feng , Zhong Shao, Modular verification of concurrent assembly code with dynamic thread creation and termination, ACM SIGPLAN Notices, v.40 n.9, September 2005
	João Luís Sobrinho, An algebraic theory of dynamic network routing, IEEE/ACM Transactions on Networking (TON), v.13 n.5, p.1160-1173, October 2005
	Bart Jacobs, Exercises in coalgebraic specification, Algebraic and coalgebraic methods in the mathematics of program construction, Springer-Verlag New York, Inc., New York, NY, 2002
	Paul C. Attie , Anish Arora , E. Allen Emerson, Synthesis of fault-tolerant concurrent programs, ACM Transactions on Programming Languages and Systems (TOPLAS), v.26 n.1, p.125-185, January 2004
	Xudong He , Huiqun Yu , Tianjun Shi , Junhua Ding , Yi Deng, Formally analyzing software architectural specifications using SAM, Journal of Systems and Software, v.71 n.1-2, p.11-29, April 2004
	Dongfeng Wang , Farokh B. Bastani , I. -Ling Yen, Automated Aspect-Oriented Decomposition of Process-Control Systems for Ultra-High Dependability Assurance, IEEE Transactions on Software Engineering, v.31 n.9, p.713-732, September 2005
	Michele Boreale , Rocco De Nicola , Rosario Pugliese, Trace and testing equivalence on asynchronous processes, Information and Computation, v.172 n.2, p.139-164, January 29, 2002
	Idit Keidar , Roger I. Khazan , Nancy Lynch , Alex Shvartsman, An inheritance-based technique for building simulation proofs incrementally, ACM Transactions on Software Engineering and Methodology (TOSEM), v.11 n.1, p.63-91, January 2002
	L. E. Moser , Y. S. Ramakrishna , G. Kutty , P. M. Melliar-Smith , L. K. Dillon, A graphical environment for the design of concurrent real-time systems, ACM Transactions on Software Engineering and Methodology (TOSEM), v.6 n.1, p.31-79, Jan. 1997
	Dae-Kyoo Kim , Wuwei Shen, Evaluating pattern conformance of UML models: a divide-and-conquer approach and case studies, Software Quality Control, v.16 n.3, p.329-359, September 2008
	Scott F. Smith , Carolyn L. Talcott, Specification Diagrams for Actor Systems, Higher-Order and Symbolic Computation, v.15 n.4, p.301-348, December 2002
	Jing Dong , Paulo S. C. Alencar , Donald D. Cowan , Sheng Yang, Composing pattern-based components and verifying correctness, Journal of Systems and Software, v.80 n.11, p.1755-1769, November, 2007
	Mark-Oliver Stehr, Compositionality for Tightly Coupled Systems: A New Application of the Propositions-as-Types Interpretation, Fundamenta Informaticae, v.82 n.4, p.311-340, February 2008
	Amnon H. Eden , Yoram Hirshfeld, Principles in formal specification of object oriented design and architecture, Proceedings of the 2001 conference of the Centre for Advanced Studies on Collaborative research, p.3, November 05-07, 2001, Toronto, Ontario, Canada
	Rimvydas Rukšenas, A rigorous environment for development of concurrent systems, Nordic Journal of Computing, v.11 n.2, p.165-193, Summer 2004
	Natarajan Shankar, Automated verification using deduction, exploration, and abstraction, Programming methodology, Springer-Verlag New York, Inc., New York, NY, 2003
	Wan Fokkink , Jun Pang , Jaco De Pol, Cones and foci: A mechanical framework for protocol verification, Formal Methods in System Design, v.29 n.1, p.1-31, July 2006
	Boutheina Chetali, Formal Verification of Concurrent Programs Using the Larch Prover, IEEE Transactions on Software Engineering, v.24 n.1, p.46-62, January 1998
	Xiaojun Liu , Edward A. Lee, CPO semantics of timed interactive actor networks, Theoretical Computer Science, v.409 n.1, p.110-125, December, 2008
	Amnon H. Eden, A Theory of Object-Oriented Design, Information Systems Frontiers, v.4 n.4, p.379-391, December 2002
	Brendan Mahony , Jin Song Dong, Timed Communicating Object Z, IEEE Transactions on Software Engineering, v.26 n.2, p.150-177, February 2000
	Zhiming Liu , Mathai Joseph, Specification and verification of fault-tolerance, timing, and scheduling, ACM Transactions on Programming Languages and Systems (TOPLAS), v.21 n.1, p.46-89, Jan. 1999
	H. Gao , J. F. Groote , W. H. Hesselink, Lock-free parallel and concurrent garbage collection by mark&sweep, Science of Computer Programming, v.64 n.3, p.341-374, February, 2007
	Nikolaj S. Bjørner , Anca Browne , Michael A. Colón , Bernd Finkbeiner , Zohar Manna , Henny B. Sipma , Tomás E. Uribe, Verifying Temporal Properties of Reactive Systems: A STeP Tutorial, Formal Methods in System Design, v.16 n.3, p.227-270, June 2000
	Nancy Lynch , Roberto Segala , Frits Vaandrager, Hybrid I/O automata, Information and Computation, v.185 n.1, p.105-157, August 25, 2003
	Ann Blandford , Richard Butterworth , Paul Curzon, Models of interactive systems: a case study on programmable user modelling, International Journal of Human-Computer Studies, v.60 n.2, p.149-200, February 2004
	Lynne Blair , Gordon Blair, Specifying and analysing multimedia systems, Formal methods for distributed processing: a survey of object-oriented approaches, Cambridge University Press, New York, NY, 2001
	Susanne Graf , Andreas Prinz, Time in State Machines, Fundamenta Informaticae, v.77 n.1-2, p.143-174, January 2007
	Stéphane Demri, LTL Over integer periodicity constraints, Theoretical Computer Science, v.360 n.1, p.96-123, 21 August 2006
	Amnon H. Eden , Yoram Hirshfeld, Principles in formal specification of object oriented design and architecture, Proceedings of the 2001 conference of the Centre for Advanced Studies on Collaborative research, p.3, November 05-07, 2001, Toronto, Ontario, Canada
	Dines Bjørner , Jorge R. Cuéllar, Software engineering education: Rôles of formal specification and design calculi, Annals of Software Engineering, v.6 n.1-4, p.365-409, April 1999
	R. Kurki-Suonio, Action systems in incremental and aspect-oriented modeling, Distributed Computing, v.16 n.2-3, p.201-217, September 2003
	Axel van Lamsweerde, Formal specification: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.147-159, June 04-11, 2000, Limerick, Ireland
	Gary T. Leavens , Jean-Raymond Abrial , Don Batory , Michael Butler , Alessandro Coglio , Kathi Fisler , Eric Hehner , Cliff Jones , Dale Miller , Simon Peyton-Jones , Murali Sitaraman , Douglas R. Smith , Aaron Stump, Roadmap for enhanced languages and methods to aid verification, Proceedings of the 5th international conference on Generative programming and component engineering, October 22-26, 2006, Portland, Oregon, USA
	Edmund M. Clarke , Jeannette M. Wing, Formal methods: state of the art and future directions, ACM Computing Surveys (CSUR), v.28 n.4, p.626-643, Dec. 1996
	R. Banach , M. Poppleton , C. Jeske , S. Stepney, Engineering and theoretical underpinnings of retrenchment, Science of Computer Programming, v.67 n.2-3, p.301-329, July, 2007