A rigorous modular specification method requires a proof rule asserting that if each component behaves correctly in isolation, then it behaves correctly in concert with other components. Such a rule is subtle if a component need behave correctly only when its environment does, since each component is part of the others' environments. We examine the precise distinction between a system and its environment, and provide the requisite proof rule when modules are specified with safety and liveness properties.


Temporal Logic State Component Safety Property Liveness Property Proof Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AFK88]
    Krzysztof R. Apt, Nissim Francez, and Shmuel Katz. Appraising fairness in languages for distributed programming. Distributed Computing, 2:226–241, 1988.Google Scholar
  2. [AL88]
    Martín Abadi and Leslie Lamport. The existence of refinement mappings. Research Report 29, Digital Systems Research Center, 1988. To appear in Theoretical Computer Science. A preliminary version appeared in Proceedings of the Third Annual Symposium on Logic In Computer Science, pages 165–177, Edinburgh, Scotland, July 1988, IEEE Computer Society.Google Scholar
  3. [ALW89]
    Martín Abadi, Leslie Lamport, and Pierre Wolper. Realizable and unrealizable program specifications. In G. Ausiello, M. Dezani-Ciancaglini, and S. Ronchi Della Rocca, editors, Automata, Languages and Programming, Lecture Notes in Computer Science, 372, pages 1–17. Springer-Verlag, July 1989.Google Scholar
  4. [AS85]
    Bowen Alpern and Fred B. Schneider. Defining liveness. Information Processing Letters, 21(4):181–185, October 1985.MathSciNetGoogle Scholar
  5. [BKP86]
    Howard Barringer, Ruurd Kuiper, and Amir Pnueli. A really abstract concurrent model and its temporal logic. In Thirteenth Annual ACM Symposium on Principles of Programming Languages, pages 173–183. ACM, January 1986.Google Scholar
  6. [Dav64]
    Morton Davis. Infinite games of perfect information. In M. Dresher, L. S. Shapley, and A. W. Tucker, editors, Advances in game theory, volume 52 of Annals of Mathematics Studies, pages 85–101. Princeton University Press, Princeton, New Jersey, 1964.Google Scholar
  7. [Dil88]
    David L. Dill. Trace Theory for Automatic Hierarchical Verification of Speed-Independent Circuits. PhD thesis, Carnegie Mellon University, February 1988.Google Scholar
  8. [Hoa72]
    C. A. R. Hoare. Proof of correctness of data representations. Acta Informatica, 1:271–281, 1972.CrossRefGoogle Scholar
  9. [Hoa85]
    C. A. R. Hoare. Communicating Sequential Processes. Series in Computer Science. Prentice-Hall International, London, 1985.Google Scholar
  10. [Lam83a]
    Leslie Lamport. Specifying concurrent program modules. ACM Transactions on Programming Languages and Systems, 5(2):190–222, April 1983.CrossRefGoogle Scholar
  11. [Lam83b]
    Leslie Lamport. What good is temporal logic? In R. E. A. Mason, editor, Information Processing 83: Proceedings of the IFIP 9th World Congress, pages 657–668, Paris, September 1983. IFIP, North Holland.Google Scholar
  12. [Lam89]
    Leslie Lamport. A simple approach to specifying concurrent systems. Communications of the ACM, 32(1):32–45, January 1989.Google Scholar
  13. [LS84a]
    S. S. Lam and A. U. Shankar. Protocol verification via projections. IEEE Transactions on Software Engineering, SE-10(4):325–342, July 1984.Google Scholar
  14. [LS84b]
    Leslie Lamport and Fred B. Schneider. The “Hoare logic” of CSP, and all that. ACM Transactions on Programming Languages and Systems, 6(2):281–296, April 1984.Google Scholar
  15. [LT87]
    Nancy Lynch and Mark Tuttle. Hierarchical correctness proofs for distributed algorithms. In Proceedings of the Sixth Symposium on the Principles of Distributed Computing, pages 137–151. ACM, August 1987.Google Scholar
  16. [MC81]
    Jayadev Misra and K. Mani Chandy. Proofs of networks of processes. IEEE Transactions on Software Engineering, SE-7(4):417–426, July 1981.Google Scholar
  17. [Mil80]
    R. Milner. A Calculus of Communicating Systems. Springer-Verlag, Berlin, Heidelberg, New York, 1980.Google Scholar
  18. [MP87]
    Zohar Manna and Amir Pnueli. A hierarchy of temporal properties. Technical Report STAN-CS-87-1186, Department of Computer Science, Stanford University, October 1987.Google Scholar
  19. [OG76]
    Susan Owicki and David Gries. Verifying properties of parallel programs: An axiomatic approach. Communications of the ACM, 19(5):279–284, May 1976.Google Scholar
  20. [OL82]
    Susan Owicki and Leslie Lamport. Proving liveness properties of concurrent programs. ACM Transactions on Programming Languages and Systems, 4(3):455–495, July 1982.CrossRefGoogle Scholar
  21. [Pnu84]
    Amir Pnueli. In transition from global to modular temporal reasoning about programs. In Krzysztof R. Apt, editor, Logics and Models of Concurrent Systems, NATO ASI Series, pages 123–144. Springer-Verlag, October 1984.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Martín Abadi
    • 1
  • Leslie Lamport
    • 1
  1. 1.Digital Equipment CorporationPalo AltoUSA

Personalised recommendations