UNITY and Büchi automata

UNITY is a model for concurrent specifications with a complete logic for proving progress properties of the form ``$P$ leads to $Q$''. UNITY is generalized to U-specifications by giving more freedom to specify the steps that are to be taken infinitely often. In particular, these steps can correspond to non-total relations. The generalization keeps the logic sound and complete. The paper exploits the generalization in two ways. Firstly, the logic remains sound when the specification is extended with hypotheses of the form ``$F$ leads to $G$''. As the paper shows, this can make the logic incomplete. The generalization is used to show that the logic remains complete, if the added hypotheses ``$F$ leads to $G$'' satisfy ``$F$ unless $G$''. The main result extends the applicability and completeness of UNITY logic to proofs that a given concurrent program satisfies any given formula of LTL, linear temporal logic, without the next-operator which is omitted because it is sensitive to stuttering. For this purpose, the program, written as a UNITY program, is extended with a number of boolean variables. The proof method relies on implementing the LTL formula, i.e., restricting the specification in such a way that only those runs remain that satisfy the formula. This result is a variation of the classical construction of a B\"uchi automaton for a given LTL formula that accepts precisely those runs that satisfy the formula

A precise semantics for ultraloose specifications

All formal specifiers face the danger of overspecification: accidentally writing an overly restrictive specification. This problem is particularly acute for axiomatic specifications because it is so easy to write axioms which hold for some of the intended implementations but not for all of them (or, rather, it is so hard not to write overly strong axioms). One of the best developed ways of recovering some of those implementations which do not literally satisfy the specification is to apply a "behavioural abstraction operator" to a specification: adding in those implementations which have the same "behaviour" as an implementation which does satisfy the specification. In two recent papers Wirsing and Broy propose an alternative (and apparently simpler) approach which they call "ultraloose specification." This approach is based on a particular style of writing axioms which avoids certain forms of overspecification. An important, unanswered question is "How does the ultraloose approach re-late to the other solutions?" The major achievement of this thesis is a proof that the ultraloose approach is semantically equivalent to the use of the "behavioural abstraction operator." This result is rather surprising in the light of a result by Schoett which seems to say that such a result is impossible