Composing specifications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Composing specifications

Full text

Pdf (4.03 MB)

Source

ACM Transactions on Programming Languages and Systems (TOPLAS) archive
Volume 15 , Issue 1 (January 1993) table of contents

Pages: 73 - 132

Year of Publication: 1993

ISSN:0164-0925

Authors

Martín Abadi	Digital Equipment Corp., Palo Alto, CA
Leslie Lamport	Digital Equipment Corp., Palo Alto, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 95, Citation Count: 44

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/151646.151649 What is a DOI?

ABSTRACT

A rigorous modular specification method requires a proof rule asserting that if each component behaves correctly in isolation, then it behaves correctly in concert with other components. Such a rule is subtle because a component need behave correctly only when its environment does, and each component is part of the others' environments. We examine the precise distinction between a system and its environment, and provide the requisite proof rule when modules are specified with safety and liveness properties.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Leslie Lamport, The existence of refinement mappings, Theoretical Computer Science, v.82 n.2, p.253-284, May 31, 1991 [doi>10.1016/0304-3975(91)90224-P]
	2	Martín Abadi , Leslie Lamport , Pierre Wolper, Realizable and Unrealizable Specifications of Reactive Systems, Proceedings of the 16th International Colloquium on Automata, Languages and Programming, p.1-17, July 11-15, 1989
	3	ALPERN, B., AND SCHNEIDER, F B. Defining likeness, Inf. Process. Lett 21, 4 (Oct. 1985), 181-185.
	4	APT, K R, FRANCEZ, N., AND KATZ, S. Appraising fairness in languages for distributed programming. Dtstrtbuted Comput 2 (1988), 226-241.
	5	Howard Barringer , Ruurd Kuiper , Amir Pnueli, A really abstract concurrent model and its temporal logic, Proceedings of the 13th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.173-183, January 01, 1986, St. Petersburg Beach, Florida [doi>10.1145/512644.512660]
	6	BROY, M , DEDERICHS, F , DENDORFER, C , AND WEBER, R. Characterizing the behaviour of reactive systems by trace sets. In 3rd workshop on Concurrency and Compositionality (Saint Augustin, Germany, 1991), E, Best and G Rozenberg, Eds., vol. 191 of GMD-Studien, GMD, pp. 47-56 Extended abstract.
	7	Davis, M. Infinite games of perfect reformation. In Advances in Game Theory, M. Dresher, L, S. Shapley, and A. W. Tucker, Eds,, vol. 52 of Annals of Mathematics Studtes. Princeton University Press, Princeton, N. J., 1964, pp. 85-101,
	8	David L. Dill, Trace theory for automatic hierarchical verification of speed-independent circuits, 1987
	9	D. Harel , A. Pnueli, On the development of reactive systems, Logics and models of concurrent systems, Springer-Verlag New York, Inc., New York, NY, 1989
	10	HOARE, C A. R. Proof of correctness of data representations. Acts Inf. 1 (1972), 271-281.
	11	C. A. R. Hoare, Communicating sequential processes, Prentice-Hall, Inc., Upper Saddle River, NJ, 1985
	12	LANI, S S , AND SHANKAR, A U Protocol verification via projections. AEE A Trans on Softw. Eng SE-10, 4 (July 1984), 325-342.
	13	Leslie Lamport, Specifying Concurrent Program Modules, ACM Transactions on Programming Languages and Systems (TOPLAS), v.5 n.2, p.190-222, April 1983 [doi>10.1145/69624.357207]
	14	LAMPORT, L What good is temporal logic? In Information Processing 83; Proceedings of the IFIP 9th World Congress (Paris, Sept. 1983), R. E A. Mason, Ed., IFIP, North Holland, pp. 657-668.
	15	Leslie Lamport, 1983 Invited address solved problems, unsolved problems and non-problems in concurrency, Proceedings of the third annual ACM symposium on Principles of distributed computing, p.1-11, August 27-29, 1984, Vancouver, British Columbia, Canada [doi>10.1145/800222.806731]
	16	Leslie Lamport, A simple approach to specifying concurrent systems, Communications of the ACM, v.32 n.1, p.32-45, Jan. 1989 [doi>10.1145/63238.63240]
	17	LAMPORT, L The temporal logic of ac'uons. Research report 79, Digital Equipment Corporation, Systems Research Center, Dec. 1991.
	18	Leslie Lamport , Fred B. Schneider, The ``Hoare Logic'' of CSP, and All That, ACM Transactions on Programming Languages and Systems (TOPLAS), v.6 n.2, p.281-296, April 1984 [doi>10.1145/2993.357247]
	19	Nancy A. Lynch , Mark R. Tuttle, Hierarchical correctness proofs for distributed algorithms, Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, p.137-151, August 10-12, 1987, Vancouver, British Columbia, Canada [doi>10.1145/41840.41852]
	20	Z Manna , Amir Pnueli, A Hierarchy of Temporal Properties, Stanford University, Stanford, CA, 1987
	21	R. Milner, A Calculus of Communicating Systems, Springer-Verlag New York, Inc., Secaucus, NJ, 1982
	22	MISRA, J , AND CHANDY, K. M. Proofs of networks of processes. IEEE Trans. on Softw. Eng. SE-7, 4 (July 1981), 417-426.
	23	Susan Owicki , David Gries, Verifying properties of parallel programs: an axiomatic approach, Communications of the ACM, v.19 n.5, p.279-285, May 1976 [doi>10.1145/360051.360224]
	24	Susan Owicki , Leslie Lamport, Proving Liveness Properties of Concurrent Programs, ACM Transactions on Programming Languages and Systems (TOPLAS), v.4 n.3, p.455-495, July 1982 [doi>10.1145/357172.357178]
	25	A. Pnueli, In transition from global to modular temporal reasoning about programs, Logics and models of concurrent systems, Springer-Verlag New York, Inc., New York, NY, 1989
	26	STARK, E W Foundations of a Theory of Specification for Distributed Systems Ph D, thesis, M I T , Aug. 1984
	27	Eugene W. Stark, A Proof Technique for Rely/Guarantee Properties, Proceedings of the Fifth Conference on Foundations of Software Technology and Theoretical Computer Science, p.369-391, December 16-18, 1985

CITED BY 44

	Michael Jackson , Pamela Zave, Deriving specifications from requirements: an example, Proceedings of the 17th international conference on Software engineering, p.15-24, April 24-28, 1995, Seattle, Washington, United States
	José Luiz Fiadeiro , Tom Maibaum, Interconnecting formalisms: supporting modularity, reuse and incrementality, ACM SIGSOFT Software Engineering Notes, v.20 n.4, p.72-80, Oct. 1995
	Manfred Broy, Compositional refinement of interactive systems, Journal of the ACM (JACM), v.44 n.6, p.850-891, Nov. 1997
	Orna Kupferman , Moshe Y. Vardi, An automata-theoretic approach to modular model checking, ACM Transactions on Programming Languages and Systems (TOPLAS), v.22 n.1, p.87-128, Jan. 2000
	Gleb Naumovich , Lori A. Clarke, Classifying properties: an alternative to the safety-liveness classification, ACM SIGSOFT Software Engineering Notes, v.25 n.6, p.159-168, Nov. 2000
	Paul C. Attie, Liveness-preserving simulation relations, Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing, p.63-72, May 04-06, 1999, Atlanta, Georgia, United States
	Prakash Krishnamurthy , Paolo A. G. Sivilotti, The specification and testing of quantified progress properties in distributed systems, Proceedings of the 23rd International Conference on Software Engineering, p.201-210, May 12-19, 2001, Toronto, Ontario, Canada
	Yuh-Jzer Joung, On strong-feasibilities of equivalence-completions, Proceedings of the fifteenth annual ACM symposium on Principles of distributed computing, p.156-165, May 23-26, 1996, Philadelphia, Pennsylvania, United States
	Jing Dong, A logical framework for design composition, Proceedings of the 22nd international conference on Software engineering, p.698-700, June 04-11, 2000, Limerick, Ireland
	Martín Abadi , Leslie Lamport, Conjoining specifications, ACM Transactions on Programming Languages and Systems (TOPLAS), v.17 n.3, p.507-535, May 1995
	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002
	Sagar Chaki , Sriram K. Rajamani , Jakob Rehof, Types as models: model checking message-passing programs, ACM SIGPLAN Notices, v.37 n.1, p.45-57, Jan. 2002
	Duane Olawsky , Todd Fine , Edward Schneider , Ray Spencer, Developing and using a “policy neutral” access control policy, Proceedings of the 1996 workshop on New security paradigms, p.60-67, September 17-20, 1996, Lake Arrowhead, California, United States
	Martín Abadi , Leslie Lamport, An old-fashioned recipe for real time, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.5, p.1543-1571, Sept. 1994
	A. Udaya Shankar, An introduction to assertional reasoning for concurrent systems, ACM Computing Surveys (CSUR), v.25 n.3, p.225-262, Sept. 1993
	Christoph Kern , Mark R. Greenstreet, Formal verification in hardware design: a survey, ACM Transactions on Design Automation of Electronic Systems (TODAES), v.4 n.2, p.123-193, April 1999
	Pamela Zave, An experiment in feature engineering, Programming methodology, Springer-Verlag New York, Inc., New York, NY, 2003
	Karthikeyan Bhargavan , Carl A. Gunter , Davor Obradovic, Fault origin adjudication, Proceedings of the third workshop on Formal methods in software practice, p.61-71, August 2000, Portland, Oregon, United States
	Mark Moriconi , Xiaolei Qian, Correctness and composition of software architectures, ACM SIGSOFT Software Engineering Notes, v.19 n.5, p.164-174, Dec. 1994
	Frances M. T. Brazier , Catholijn M. Jonker , Jan Treur, Principles of component-based design of intelligent agents, Data & Knowledge Engineering, v.41 n.1, p.1-27, April 2002
	Thomas A. Henzinger , Shaz Qadeer , Sriram K. Rajamani, Decomposing refinement proofs using assume-guarantee reasoning, Proceedings of the 2000 IEEE/ACM international conference on Computer-aided design, November 05-09, 2000, San Jose, California
	Paolo A. G. Sivilotti , Charles P. Giles, The specification of distributed objects: liveness and locality, Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research, p.11, November 08-11, 1999, Mississauga, Ontario, Canada
	Nancy Lynch , Roberto Segala , Frits Vaandrager, Hybrid I/O automata, Information and Computation, v.185 n.1, p.105-157, August 25, 2003
	Frank Cornelissen , Catholijn M. Jonker , Jan Treur, Compositional verification of knowledge-based task models and problem-solving methods, Knowledge and Information Systems, v.5 n.3, p.337-367, September 2003
	Leslie Lamport, Fairness and hyperfairness, Distributed Computing, v.13 n.4, p.239-245, November 2000
	Pamela Zave , Michael Jackson, Four dark corners of requirements engineering, ACM Transactions on Software Engineering and Methodology (TOSEM), v.6 n.1, p.1-30, Jan. 1997
	Xudong He , Huiqun Yu , Tianjun Shi , Junhua Ding , Yi Deng, Formally analyzing software architectural specifications using SAM, Journal of Systems and Software, v.71 n.1-2, p.11-29, April 2004
	Dachuan Yu , Zhong Shao, Verification of safety properties for concurrent assembly code, ACM SIGPLAN Notices, v.39 n.9, September 2004
	I. S. W. B. Prasetya , S. D. Swierstra, Factorizing fault tolerance, Theoretical Computer Science, v.290 n.2, p.1201-1222, 2 January 2003
	Mark Moriconi , Xiaolei Qian , R. A. Riemenschneider, Correct Architecture Refinement, IEEE Transactions on Software Engineering, v.21 n.4, p.356-3, April 1995
	Hakan Erdogmus, Architecture-driven verification of concurrent systems, Nordic Journal of Computing, v.4 n.4, p.380-413, Winter 1997
	Michel Charpentier, Composing invariants, Science of Computer Programming, v.60 n.3, p.221-243, May 2006
	Ludger Fiege , Gero Mühl , Felix C. Gärtner, Modular event-based systems, The Knowledge Engineering Review, v.17 n.4, p.359-388, December 2002
	Frances M. T. Brazier , Frank Cornelissen , Rune Gustavsson , Catholijn M. Jonker , Olle Lindeberg , Bianca Polak , Jan Treur, Compositional Verification of a Multi-Agent System for One-to-Many Negotiation, Applied Intelligence, v.20 n.2, p.95-117, March-April 2004
	Martín Abadi , Leslie Lamport, Open systems in TLA, Proceedings of the thirteenth annual ACM symposium on Principles of distributed computing, p.81-90, August 14-17, 1994, Los Angeles, California, United States
	Gary T. Leavens , Jean-Raymond Abrial , Don Batory , Michael Butler , Alessandro Coglio , Kathi Fisler , Eric Hehner , Cliff Jones , Dale Miller , Simon Peyton-Jones , Murali Sitaraman , Douglas R. Smith , Aaron Stump, Roadmap for enhanced languages and methods to aid verification, Proceedings of the 5th international conference on Generative programming and component engineering, October 22-26, 2006, Portland, Oregon, USA
	Gheorghe Stefanescu, Interactive Systems with Registers and Voices, Fundamenta Informaticae, v.73 n.1,2, p.285-305, April 2006
	Yves Bontemps , Pierre-Yves Schobbens , Christof Löding, Synthesis of Open Reactive Systems from Scenario-Based Specifications, Fundamenta Informaticae, v.62 n.2, p.139-169, April 2004
	J. L. Fiadeiro , T. Maibaum, A Mathematical Toolbox for the Software Architec, Proceedings of the 8th International Workshop on Software Specification and Design, p.46, March 22-23, 1996
	Joeri Engelfriet , Catholijn M. Jonker , Jan Treur, Compositional Verification of Multi-Agent Systems in Temporal Multi-Epistemic Logic, Journal of Logic, Language and Information, v.11 n.2, p.195-225, Spring 2002
	Amir Herzberg , Igal Yoffe, The layered games framework for specifications and analysis of security protocols, International Journal of Applied Cryptography, v.1 n.2, p.144-159, November 2008
	Jing Dong , Paulo S. C. Alencar , Donald D. Cowan , Sheng Yang, Composing pattern-based components and verifying correctness, Journal of Systems and Software, v.80 n.11, p.1755-1769, November, 2007
	Murali Talupur , Mark R. Tuttle, Going with the flow: parameterized verification using message flows, Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design, p.1-8, November 17-20, 2008, Portland, Oregon
	Jay Ligatti , Lujo Bauer , David Walker, Run-Time Enforcement of Nonsafety Policies, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-41, January 2009

INDEX TERMS

Primary Classification:
F. Theory of Computation
F.3 LOGICS AND MEANINGS OF PROGRAMS
F.3.1 Specifying and Verifying and Reasoning about Programs
Subjects: Specification techniques

Additional Classification:
D. Software
D.1 PROGRAMMING TECHNIQUES
D.2 SOFTWARE ENGINEERING
D.2.4 Software/Program Verification
Subjects: Correctness proofs

General Terms:
Theory, Verification

Keywords:
compositionality, concurrent programming, liveness properties, modular specification, safety properties

REVIEW

"D. John Cooke : Reviewer"

One of the most frequent criticisms of formal methods is that they do not scale up to handle large systems. Few large systems have been formally specified and then either synthesized with the use of formal methods or constructed and then forma more...

Collaborative Colleagues:

Martín Abadi: colleagues

Leslie Lamport: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player