Ben C. Moszkowski

A complete axiomatization of interval temporal logic with infinite time

Interval temporal logic (ITL) is a formalism for reasoning about time periods. To date no one has proved completeness of a relatively simple ITL deductive system supporting infinite time and permitting infinite sequential iteration comparable to /spl omega/-regular expressions. We give a complete axiomatization for such a version of quantified ITL over finite domains and can show completeness by representing finite-state automata in ITL and then translating ITL formulas into them. The axiom system (and completeness) is extended to infinite time.

Compositional Reasoning Using Interval Temporal Logic and Tempura

We present a compositional methodology for specification and proof using Interval Temporal Logic (ITL). After given an introduction to ITL, we show how fixpoints of various ITL operators provide a flexible way to modularly reason about safety and liveness. In addition, some new techniques are described for compositionally transforming and refining ITL specifications. We also consider the use of ITLs programming language subset Tempura as a tool for testing the kinds of specifications dealt with here.

A hierarchical completeness proof for propositional Interval Temporal Logic with finite time

We present a completeness proof for Propositional Interval Temporal Logic (PITL) with finite time which avoids certain difficulties of conventional methods. It is more gradated than previous efforts since we progressively reduce reasoning within the original logic to simpler reasoning in sublogics. Furthermore, our approach benefits from being less constructive since it is able to invoke certain theorems about regular languages over finite words without the need to explicitly describe the associated intricate proofs. A modified version of regular expressions called Fusion Expressions is used as part of an intermediate logic called Fusion Logic. Both have the same expressiveness as PITL but are lower-level notations which play an important role in the hierarchical structure of the overall completeness proof. In particular, showing completeness for PITL is reduced to showing completeness for Fusion Logic. This in turn is shown to hold relative to completeness for conventional linear-time temporal logic with finite time. Logics based on regular languages over finite words and !-words offer a promising but elusive framework for formal specification and verification. A number of such logics and decision procedures have been proposed. In addition, various researchers have obtained complete axiom systems by embedding and expressing the decision procedures directly within the logics. The work described here contributes to this topic by showing how to exploit some interesting links between regular languages and interval-based temporal logics.

An Automata-Theoretic Completeness Proof for Interval Temporal Logic

Interval Temporal Logic (ITL) is a formalism for reasoning about time periods. To date no one has proved completeness of a relatively simple ITL deductive system supporting infinite time and permitting infinite sequential iteration comparable to ω-regular expressions. We have developed a complete axiomatization for such a version of quantified ITL over finite domains and can show completeness by representing finite-state automata in ITL and then translating ITL formulas into them. Here we limit ourselves to finite time. The full paper (and another conference paper [15]) extends the approach to infinite time.

Using ITL and Tempura for large-scale specification and simulation

ITL and Tempura are used for respectively the formal specification and simulation of a large scale system, namely the general purpose multi threaded dataflow processor EP/3. The paper shows that this processor can be specified concisely within ITL and simulated with Tempura. But it also discusses some problems encountered during the specification and simulation, and indicates what should be added to solve those problems.

Verification and enforcement of access control policies

Access control mechanisms protect critical resources of systems from unauthorized access. In a policy-based management approach, administrators define user privileges as rules that determine the conditions and the extent of users’ access rights. As rules become more complex, analytical skills are required to identify conflicts and interactions within the rules that comprise a system policy—especially when rules are stateful and depend on event histories. Without adequate tool support such an analysis is error-prone and expensive. In consequence, many policy specifications are inconsistent or conflicting that render the system insecure. The security of the system, however, does not only depend on the correct specification of the security policy, but in a large part also on the correct interpretation of those rules by the system’s enforcement mechanism.In this paper, we show how policy rules can be formalized in Fusion Logic, a temporal logic for the specification of behavior of systems. A symbolic decision procedure for Fusion Logic based on Binary Decision Diagrams (BDDs) is provided and we introduce a novel technique for the construction of enforcement mechanisms of access control policy rules that uses a BDD encoded enforcement automaton based on input traces which reflect state changes in the system. We provide examples of verification of policy rules, such as absence of conflicts, and dynamic separation of duty and of the enforcement of policies using our prototype implementation (FLCheck) for which we detail the underlying theory.

A complete axiom system for propositional interval temporal logic with infinite time

Interval Temporal Logic (ITL) is an established temporal formalism for reasoning about time periods. For over 25 years, it has been applied in a number of ways and several ITL variants, axiom systems and tools have been investigated. We solve the longstanding open problem of finding a complete axiom system for basic quantifier-free propositional ITL (PITL) with infinite time for analysing nonterminating computational systems. Our completeness proof uses a reduction to completeness for PITL with finite time and conventional propositional linear-time temporal logic. Unlike completeness proofs of equally expressive logics with nonelementary computational complexity, our semantic approach does not use tableaux, subformula closures or explicit deductions involving encodings of omega automata and nontrivial techniques for complementing them. We believe that our result also provides evidence of the naturalness of interval-based reasoning.

Using Temporal Logic to Analyse Temporal Logic: A Hierarchical Approach Based on Intervals

This work further develops and perfects the hierarchical interval-oriented methods for analysing conventional propositional linear-time temporal logic (PTL) contained in earlier Outputs 1 and 3. It includes numerous simplified examples, algorithms and proofs. In addition, extensive material on decision procedures for PTL with infinite time has been added, including natural reductions to a normal form in PTL closely resembling Buechi automata. Consequently, some existing practical algorithms for analysing Buechi automata should be adaptable. Following invitations, we presented the work as a BCS-FACS seminar in London and also as a Belgian national seminar on verification in Brussels.

Compositional reasoning using intervals and time reversal

Interval Temporal Logic (ITL) is an established formalism for reasoning about time periods. We investigate some simple kinds of ITL formulas which have application to compositional reasoning and furthermore are closed under conjunction and the conventional temporal operator known both as “box” and “always”. Such closures help us modularly construct formulas from simple building blocks in a way which preserves useful compositional properties. The most important class considered here is called the 2-to-1 formulas. They offer an attractive framework for analysing sequential composition in ITL and provide the formal basis for most of the subsequent presentation. A key contribution of this work concerns a useful and apparently new and quite elementary mathematical theorem that 2-to-1 formulas are closed under “box”. We also use a natural form of time symmetry with 2-to-1 formulas. This extends known facts about such formulas by looking at them in reverse. An important example involves showing that 2-to-1 formulas are also closed under a variant of “box” for prefix subintervals rather than suffix ones. We then apply the compositional formulas obtained with time symmetry to analyse concurrent behaviour involving mutual exclusion in both Peterson’s algorithm and a new and more abstract one. At present, our study of mutual exclusion mainly serves as a kind of experimental “proof of concept” and research tool to develop and illustrate some of the logical framework’s promising features. We also discuss how time symmetry sometimes assists in reducing reasoning in ITL to conventional linear-time temporal logic.

Compositional Reasoning Using Intervals and Time Reversal

We apply Interval Temporal Logic (ITL), an established temporal formalism for reasoning about time periods, to extending known facts by looking at them in reverse and then reducing reasoning about infinite time to finite time. Time reversal then helps to compositionally analyse some aspects of concurrent behaviour involving mutual exclusion.