| | |
Summary: Open Systems in TLA
Mart'in Abadi and Leslie Lamport
Digital Equipment Corporation
Systems Research Center
Abstract
We describe a method for writing assumption/guar
antee specifications of concurrent systems. We also
provide a proof rule for reasoning about the compo
sition of these systems. Specifications are written in
TLA (the Temporal Logic of Actions), and all rea
soning is performed within the logic. Our proof rule
handles internal variables and both safety and live
ness properties.
1 Introduction
An open system is one that interacts with an en
vironment that neither it nor its implementor con
trols. To deduce useful properties of a system, we
must specify its environment. No system will exhibit
its intended behavior in the presence of a sufficiently
hostile environment. For example, a combinational
|
