Specification and Verification of Multi-Clock Systems Using a Temporal Logic with Clock Constraints

Abstract

The polychronous or multi-clock paradigm is adequate to model large distributed systems where achieving a full timed synchronization is not only very costly but also often not necessary. It concerns systems made of a set of components with loose synchronization constraints. We study an approach where those components are orchestrated using logical clocks , made popular by L. Lamport and synchronous languages. The temporal and causal specification of those systems is built by defining a set of clock relations that would constrain the instant when clocks can tick or must not tick, thus defining families of valid schedules . In this article, we propose a specification language, called \(\mathit {LTL}_c/\mathit {CCSL}\) , for specifying temporal properties of multi-clock systems. While traditional temporal logics (LTL, MTL, CTL*), whether linear or branching, rely on a global step, our language, \(\mathit {LTL}_c/\mathit {CCSL}\) , builds a partial order on logical clocks, thus allowing both a hierarchical approach based on refinement of clock hierarchies and compositionality, as what happens in one clock domain may remain largely independent of what may happen in other domains. This good property helps preserve the properties without requiring to perform the proofs again. An \(\mathit {LTL}_c/\mathit {CCSL}\) specification consists of a clock temporal logic \(\mathit {LTL}_c\) , accompanied by a clock calculus called CCSL for specifying clock relations. We build the syntax and semantics of \(\mathit {LTL}_c\) and link its semantics with CCSL. After that, we mainly focus on the verification aspect of \(\mathit {LTL}_c/\mathit {CCSL}\) specifications using a model checking technique. We show how \(\mathit {LTL}_c/\mathit {CCSL}\) can be used for specifying multi-clock systems with an example.