Temporal analysis of a microkernel

Temporal logic techniques have been proposed as a way of achieving a very natural transition from informal requirements to a formal specification of the requirements. The paper presents a case study of a real-life system developed using such techniques. Both a top-level specification and implementation semantics are given in temporal logic. In particular, the progression from statements in English to temporal logic is highlighted. A correctness proof that the implemented system satisfies the specification has been produced

Disjoint Hamilton cycles in transposition graphs

Most network topologies that have been studied have been subgraphs of transposition graphs. Edge-disjoint Hamilton cycles are important in network topologies for improving fault-tolerance and distribution of messaging traffic over the network. Not much was known about edge-disjoint Hamilton cycles in general transposition graphs until recently Hung produced a construction of 4 edge-disjoint Hamilton cycles in the 5-dimensional transposition graph and showed how edge-disjoint Hamilton cycles in (n + 1)-dimensional transposition graphs can be constructed inductively from edge-disjoint Hamilton cycles in n-dimensional transposition graphs. In the same work it was conjectured that n-dimensional transposition graphs have n − 1 edge-disjoint Hamilton cycles for all n greater than or equal to 5. In this paper we provide an edge-labelling for transposition graphs and, by considering known Hamilton cycles in labelled star subgraphs of transposition graphs, are able to provide an extra edge-disjoint Hamilton cycle at the inductive step from dimension n to n + 1, and thereby prove the conjecture

Monodic temporal logic with quantified propositional variables

We extend the monodic fragment of first-order linear temporal logic to include right-linear grammar operators and quantification of propositional variables. Unlike propositional temporal logic, the use of grammar operators in first-order temporal logic is not equivalent to general propositional quantification, as the latter admit satisfiable formulae without countable models. We consider the decision problem for fragments where propositional quantification occurs outside of quantification of individual variables and temporal (grammar) operators. We show that if externally quantified propositions inside temporal operators occur within positive occurrences of universal quantifiers for individual variables, then validity for all propositional prefix classes is recursively enumerable and decidable in the two-variable case. Without this condition we show that, even with very severe restrictions on the first-order part of the logic, no non-trivial prefix class is recursively enumerable

Multi-step transactions specification and verification in a mobile database community

Executions of concurrent multi-step transactions interleave steps in ways that improve the throughput of the particular transactions processing system. In this paper, we use temporal logic to specify and verify formally the correctness of local and mobile transactions executing concurrently on a mobile database. The correctness condition is that of serializability which we specify in CTL (Computational Tree Logic). The reason for using a temporal logic such as CTL, is that the method can be extended to verifying infinite schedules modelling mobile environments such as MDBCs (mobile database communities). The verification is carried out using the symbolic model checking NuSMV. We verify that a local scheduler based on timestamps serializes local and mobile multi-step transactions

Symmetry and optimality of disjoint Hamilton cycles in star graphs

Multiple edge-disjoint Hamilton cycles have been obtained in labelled star graphs Stn of degree n-1, using number-theoretic means, as images of a known base 2-labelled Hamilton cycle under label-mapping auto- morphisms of Stn. However, no optimum bounds for producing such edge-disjoint Hamilton cycles have been given, and no positive or nega- tive results exist on whether Hamilton decompositions can be produced by such constructions other than a positive result for St5. We show that for all even n there exist such collections, here called symmetric collec- tions, of φ(n)/2 edge-disjoint Hamilton cycles, where φ is Euler's totient function, and that this bound cannot be improved for any even or odd n. Thus, Stn is not symmetrically Hamilton decomposable if n is not prime. Our method improves on the known bounds for numbers of any kind of edge-disjoint Hamilton cycles in star graphs

The use of formal methods in parallel operating systems

The authors report on the use of formal methods for the development of parallel operating systems for two experimental declarative systems over a five-year period. A common specification approach has evolved as part of the development of these two very different systems: one being for a parallel graph reduction machine and written in a functional language enhanced with state-based objects, the other was written in C++. A brief overview of each system is given before concentrating on the use of formal methods. A description is given of how both a technique for formally specifying sequential systems (VDM) and a technique for specifying concurrent systems (temporal logic) have been used together. In both cases, the issue of verification is addresse

Formal development of remote interfaces for large- scale real-time systems

The design of web-based user interfaces is of primary importance for achieving successful operation of Internet-based monitoring and control systems. Operators need to be able IO act promptly on changing situations requiring remote actions to process plants. A formal development process is proposed to determine the minimum amount of information that needs to be presented at interfaces. The first stage of the process is a specifcation of states of components that require operator actions. The main stage of the process uses model checking to generate interfaces with a minimal amount of information sufticient for the operator to perform all required actions. As well as improving the efficiency of operators, simpler interfaces allow for greater concurrency in the implementation of the remote operation of the process plant

Optimal bounds for disjoint Hamilton cycles in star graphs

In interconnection network topologies, the n-dimensional star graph Stn has n! vertices corresponding to permutations a (1) : : : a (n) of n symbols a1; : : : ; an and edges which exchange the positions of the rst symbol a (1) with any one of the other symbols. The star graph compares favorably with the familiar n-cube on degree, diameter and a number of other parameters. A desirable property which has not been fully evaluated in star graphs is the presence of multiple edge-disjoint Hamilton cycles which are important for fault-tolerance. The only known method for producing multiple edge-disjoint Hamilton cycles in Stn has been to label the edges in a certain way and then take images of a known base 2-labelled Hamilton cycle under di erent automorphisms that map labels consistently. However, optimal bounds for producing edge-disjoint Hamilton cycles in this way, and whether Hamilton decompositions can be produced, are not known for any Stn other than for the case of St5 which does provide a Hamilton decomposition. In this paper we show that, for all n, not more than '(n)=2, where ' is Euler's totient function, edge-disjoint Hamilton cycles can be produced by such automorphisms. Thus, for non-prime n, a Hamilton decomposition cannot be produced. We show that the '(n)=2 upper bound can be achieved for all even n. In particular, if n is a power of 2, Stn has a Hamilton decomposable spanning subgraph comprising more than half of the edges of Stn. Our results produce a better than twofold improvement on the known bounds for any kind of edge-disjoint Hamilton cycles in n-dimensional star graphs for general n

Representation of coherency classes for parallel systems

Some parallel applications do not require a precise imitation of the behaviour of the physically shared memory programming model. Consequently, certain parallel machine architectures have elected to emphasise different required coherency properties because of possible efficiency gains. This has led to various definitions of models of store coherency. These definitions have not been amenable to detailed analysis and, consequently, inconsistencies have resulted. In this paper a unified framework is proposed in which different models of store coherency are developed systematically by progressively relaxing the constraints that they have to satisfy. A demonstration is given of how formal reasoning can be cam’ed out to compare different models. Some real-life systems are considered and a definition of a version of weak coherency is found to be incomplete

A method of verification in design: an operating system case study

This paper reports a study of verification in the high-level design phase of operating system development in which both a rigorous and formal verification are used, where the rigorous argument is used to determine a manageable formal proof to be carried out. A 2-sorted first order temporal language is used to express several possible high-level designs and the required properties of an operating system store manager. The case of large system limits is reduced to a case of small system limits by use of a rigorous argument. Corresponding proportional temporal logic (PTL) formulae are then verified using a PTL theorem prover