Browse Theses

This thesis develops a new method for proving properties of concurrent programs and gives formal definitions for safety and liveness. A property is specified by a property recognizer--a finite-state machine that accepts the sequences of program states in the property it specifies. A property recognizer can be constructed for any temporal logic formula.

To prove that a program satisfies a property specified by a deterministic property recognizer, one must show that any history of the program will be accepted by the recognizer. This is done by demonstrating that proof obligations derived from the recognizer are met. These obligations require the program prover to exhibit certain invariant assertions and variant functions and to prove the validity of certain predicates and Hoare triples. Thus, the same techniques used to prove total correctness of a while loop can be used to prove temporal properties of concurrent programs. No temporal inference is required.

The invariant assertions required by the proof obligations establish a correspondence between the states of the program and those of the recognizer. Such correspondences can be denoted by property outlines, a generalization of proof outlines.

Some non-deterministic property recognizers have no deterministic equivalents. To prove that a program satisfies a non-deterministic property, a deterministic sub-property that the program satisfies must be found. This is shown possible, provided the program state space is finite.

Finally, safety properties are formalized as the closed sets of a topological space and liveness properties as its dense sets. Every property is shown to be the intersection of a safety property and a liveness property. A technique for separating a property specified by a deterministic property recognizer into its safety and liveness aspects is also presented.