Specification and Verification of Multi-clock Systems using a Temporal Logic with Clock Constraints

Abstract

The polychronous or multi-clock paradigm is adequate to model large distributed systems where achieving a full timed synchronization is not only very costly, but also often not necessary. It concerns systems made of a set of components with loose synchronization constraints. We study an approach where those components are orchestrated using logical clocks, made popular by L. Lamport and synchronous languages. The temporal and causal specification of those systems is built by defining a set of clock relations that would constrain the instant when clocks can tick or must not tick, thus defining families of valid schedules. In this paper, we propose a specification language, called LTLc /CCSL, for specifying temporal properties of multi-clock systems. While traditional temporal logics (LTL, MTL, CTL*), whether linear or branching, rely on a global step, our language, LTLc /CCSL, builds a partial order on logical clocks, thus allowing both a hierarchical approach based on refinement of clock hierarchies, and compositionality as what happens in one clock domain may remain largely independent of what may happen in other domains. This good property helps preserve the properties without requiring to perform the proofs again. An LTLc /CCSL specification consists of a clock temporal logic LTLc, accompanied with a clock calculus called CCSL for specifying clock relations. We build the syntax and semantics of LTLc and link its semantics with CCSL. After that we mainly focus on the verification aspect of LTLc /CCSL specifications using model checking technique. We show how LTLc /CCSL can be used for specifying multi-clock systems with an example.