| | |
Summary: An Abstract Account of Composition
Mart'in Abadi 1 and Stephan Merz 2
1 Digital Equipment Corporation, Systems Research Center,
130 Lytton Avenue, Palo Alto, CA 94301, U.S.A.
2 Institut f¨ur Informatik, Technische Universit¨at M¨unchen,
Arcisstr. 21, 80290 M¨unchen, Germany
Abstract. We present a logic of specifications of reactive systems. The
logic is independent of particular computational models, but it captures
common patterns of reasoning with assumptioncommitment specifica
tions. We use the logic for deriving proof rules for TLA and CTL \Lambda spec
ifications.
1 Assumptioncommitment specifications
Modularity is a central concern in the design of specification methods. In general
terms, modularity is the ability to reduce reasoning about a complete system to
reasoning about its components. These components are not expected to operate
in fully arbitrary environments. In the context of the complete system, each
component can assume that its environment is to some extent well behaved,
for instance that it adheres to certain communication protocols. Therefore, it is
common to specify each component by describing both the function required of
the component and the properties assumed of its environment. In the realm of
|
