Using Temporal Logic in the Specification of Reactive and Interactive Systems

Translation Strategies for Translating Postmodifiers in Scientific Text from the Perspective of Logic Translation Theory: A Case Study of the Translation of Climate Changeand Air PollutionByZhang XiaojieUnder the Supervision ofAssociate Professor Zheng YouqiSubmitted in Partial Fulfillment of the RequirementsFor the Degree of Master of Translation and InterpretingDepartment of EnglishCollege of Liberal ArtsNanjing University of Information Science & TechnologyJune, 2019AcknowledgementsI would like to express my sincere appreciation to those who have given me invaluable help during the writing of this report.First and foremost, my heartfelt gratitude goes to my supervisor, Associate Professor Zheng Youqi, for his constant encouragement during these two years and instructive advice on this report. Associate Professor Zheng has offered a lot of valuable suggestions during the preparation for the report. He has also revised my draft carefully and offered clear instruction. Without his patient instruction and insightful criticism, it would not have been possible for me to complete this report.In addition, I wish to take this opportunity to express my deep gratitude to all the teachers who have taught me for their patient instructions in many courses and their precious suggestions. What I learned from their classes has helped me lay the foundation for this report.Last but not least, my gratitude extends to my beloved parents for providing support and care for me in my whole life. They have given me strong support when I was confronted with difficulties in writing the report.ContentsAbstract ........................................................................................................................ I II 摘要 (V)Chapter One Introduction (1)1.1 Research Background (1)1.2 Motivation and Significance of the Research (2)1.3 Layout of the Report (3)Chapter Two Task Description (5)2.1 Project Profile (5)2.2 Process of the Project (5)2.2.1 Preparation for Translation (5)2.2.2 Process of Translation (6)2.2.3 Revision after Translation (7)Chapter Three Literature Review (8)3.1 Differences of Attribute between Chinese and English (8)3.2 Translation Strategies for Postmodifier in English. (9)Chapter Four Theoretical Framework (11)4.1 Development of the Logic Translation Theory (11)4.2 Application of the Logic Translation Theory in the Translation of thePostmodifier (12)Chapter Five A Case Study (14)5.1 Translation of the Adjective Phrase as Postmodifier (14)5.1.1 Inversion (14)5.1.2 Division (15)5.2 Translation of the Non-Finite Verb as Postmodifier (16)5.2.1 Inversion (17)5.2.2 Division (18)5.2.3 Amplification (19)5.3 Translation of the Attributive Clause as Postmodifier (20)5.3.1 Inversion (20)5.3.2 Amplification (21)5.3.3 Division (23)5.4 Translation of the Prepositional Phrase as Postmodifier. (24)5.4.1 Inversion (24)5.4.2 Conversion (25)5.4.3 Amplification (25)5.4.4 Division (26)Chapter Six Conclusion (28)References (30)Appendix 1 Source Text and Target Text (32)Appendix II Technical Terms (94)攻读学位期间的研究成果 (95)AbstractThere are many postmodifiers in English for Science and Technology (EST), which imply the logic in the original text. EST is characterized by strong professionalism, compact structure, strict logic, concise writing, objective expression, exact content, a large amount of information and emphasis on the existence of facts. Therefore, translators must restore its logical rigor with accurate and standardized expressions. In this translation task, Chapter One, Chapter Two and Chapter Three are selected as the source text from the book Climate Change and Air Pollution. Today, climate change and air pollution are major concerns around the world. These chapters describe the history and the impact of climate change and air pollution, and the international conferences held to address the problems caused by climate change. This report lists four forms of English postmodifiers from the three chapters, namely, adjective phrases as postmodifiers, non-predicate verb phrases as postmodifiers, attributive clauses as postmodifiers, and prepositional phrases as postmodifiers. Under the guidance of logic translation theory, four common translation strategies are used in the translation of these four kinds of postmodifiers, namely conversion, amplification, inversion and division. Logic plays an important role in the process of interlingual transformation, which runs through the process of translation. From words, sentences, paragraphs to the whole text, the more accurately the translator grasps the semantic logic of the source language, the easier it is to understand the meaning of the original text. When a translation is organized, it is the key to express the original meaning accurately and smoothly. Only in this way can the translator successfully transfer source language thinking to target language thinking, and skillfully use the logic of the target language to organize the translation.The report is divided into six chapters. The first chapter demonstrates the research background, the motivation and significance of the research and the layout of the report. The second chapter mainly describes the process of the project. Theliterature review is mentioned in the third chapter, including the differences of attribute between Chinese and English and the translation strategies of postmodifiers in English. The fourth chapter depicts the development and application of the logic translation theory. The fifth chapter, as the main body of the report, poses some proper translation strategies to solve different kinds of problems. The last chapter is a summary of the study.Key Words: Logic translation theory; Postmodifier; Translation strategy; Climate Change and Air Pollution摘要科技英语中后置定语出现频繁，体现原文的逻辑思维。

altera官⽅推荐时钟使⽤⽅法Register Combinational Logic OutputsIf you use the output from combinational logic as a clock signal or as an asynchronous reset signal, you can expect to see glitches in your design. In a synchronous design, glitches on data inputs of registers are normal events that have no consequences. However, a glitch or a spike on the clock input (or an asynchronous input) to a register can have significant consequences.Narrow glitches can violate the register’s minimum pulse width requirements. Setup and hold requirements might also be violated if the data input of the register changes when a glitch reaches the clock input. Even if the design does not violate timing requirements, the register output can change value unexpectedly and cause functional hazards elsewhere in the design.To avoid these problems, you should always register the output of combinational logic before you use it as a clock signal.Figure 1. Recommended Clock-Generation TechniqueRegistering the output of combinational logic ensures that glitches generated by the combinational logic are blocked at the data input of the register.Use Synchronous Clock EnablesTo turn off a clock domain in a synchronous manner, use a synchronous clock enable signal. FPGAs efficiently support clock enable signals because there is a dedicated clock enable signal available on all device registers.This scheme does not reduce power consumption as much as gating the clock at the source because the clock network keeps toggling, and performs the same function as a gated clock by disabling a set of registers. Insert a multiplexer in front of the data input of every register to either load new data, or copy the output of the register.Recommended Clock-Gating MethodsUse gated clocks only when your target application requires power reduction and when gated clocks are able to provide the required reduction in your device architecture.If you must use clocks gated by logic, implement these clocks using the robust clock-gating technique and ensure that the gated clock signal uses dedicated global clock routing.You can gate a clock signal at the source of the clock network, at each register, or somewhere in between. Because the clock network contributes to switching power consumption, gate the clock at the source whenever possible, so that you can shut down the entire clock network instead of gating it further along the clock network at the registers.Figure 1. Recommended Clock-Gating TechniqueA register generates the enable signal to ensure that the signal is free of glitches and spikes. The register that generates the enable signal is triggered on the inactive edge of the clock to be gated. Use the falling edge when gating a clock that is active on the rising edge. Using this technique, only one input of the gate that turns the clock on and off changes at a time. This prevents glitches or spikes on the output. Use an AND gate to gate a clock that is active on the rising edge. For a clock that is active on the falling edge, use an OR gate to gate the clock and register the enable command with a positive edge-triggered register.When using this technique, pay close attention to the duty cycle of the clock and the delay through the logic that generates the enablesignal because you must generate the enable command in one-half the clock cycle. This situation might cause problems if the logic that generates the enable command is particularly complex, or if the duty cycle of the clock is severely unbalanced. However, careful management of the duty cycle and logic delay may be an acceptable solution when compared with problems created by other methods of gating clocks.Ensure that you apply a clock setting to the gated clock in the TimeQuest analyzer. Apply a clock setting to the output of the AND gate. Otherwise, the timing analyzer might analyze the circuit using the clock path through the register as the longest clock path and the path that skips the register as the shortest clock path, resulting in artificial clock skew.In certain cases, converting the gated clocks to clock enables may help reduce glitch and clock skew, and eventually produce a more accurate timing analysis. You can set the Quartus® Prime software to automatically convert gated clocks to clock enables by turning on the Auto Gated Clock Conversion option. The conversion applies to two types of gated clocking schemes: single-gated clock and cascaded-gated clock.。

基于ＣＴＬ的循环优化变换描述方法这篇基于ＣＴＬ的循环优化变换描述方法的关键词是循环优化变换,分支时序逻辑,依赖分析,摘要：TRANS是基于CTL的优化变换描述语言，对TRANS语言作了宏扩展，给出了循环嵌套、循环归纳变量、循环依赖及方向向量的时序逻辑描述。

从依赖分析的角度对重排序循环优化变换加以考查，并以循环逆转和循环交换为例阐述了其形式化描述方法。

关键词：循环优化变换; 分支时序逻辑; 依赖分析0引言优化变换是程序的等价性变换，其目的是提高目标程序的执行性能，或缩短目标程序的代码规模、降低程序的运行功耗等。

通常，程序大多数的执行时间都耗费在循环上，旨在发掘和提高循环并发度的优化是现代高性能体系结构下的主要编译优化方法之一。

如果变换后的程序与变换前的程序语义等价，则程序变换是正确的。

软件测试是保证程序变换正确性的方法之一。

JTT是一种编译优化自动化测试工具，用于嵌入式环境下的C++优化编译器的系统测试和回归测试[1]。

JTT工具的使用能较大地提高被测编译器系统中优化功能模块的语句覆盖率，使得系统的可靠性得到较大改善。

然而JTT工具并没有对优化变换作出精确刻画，难以生成有针对性的测试用例，从而导致测试冗余。

文献[2]提出了一种基于CTL的程序变换语义等价性的证明方法。

它通过归纳法证明程序π和变换后的程序π′的计算序列之间存在互模拟关系R，从而证明程序π与程序π′之间的语义等价。

证明程序变换的正确性需要对变换作出准确的形式化描述。

文献[2]给出了优化变换描述语言TRANS，采用带条件的重写规则I→I if conditions描述变换，变换条件用CTL公式表示。

文献[2]对A.V.Aho等人[3]概括的古典优化变换从数据流和控制流的角度加以考查，并应用TRANS语言进行描述，但对文献[4]中概括的循环分布、循环逆转、循环交换等基于依赖分析的循环优化变换难以适用。

1基于CTL的优化变换描述语言TRANSTRANS是一种基于CTL的优化变换描述语言[2]，其描述变换的通用形式依赖于某些条件的一系列动作：3基于依赖分析的循环优化形式化描述在现代编译器中，循环优化变换通常被用来增强并行性和存储访问局部性。

逻辑学的重要性英语作文英文回答：Importance of Logic.Logic, the science of reasoning, plays a pivotal role in our daily lives and intellectual pursuits. It provides the foundation for sound thinking, critical analysis, and clear communication. The ability to reason logically empowers us to navigate complex situations, make informed decisions, and understand the world around us.1. Critical Thinking and Problem-Solving.Logic provides a framework for evaluating arguments, identifying fallacies, and constructing valid conclusions. By applying logical principles, we can separate truth from falsehood, uncover hidden assumptions, and resolve contradictions. This critical thinking ability is essential for problem-solving, scientific inquiry, and decision-making in various fields.2. Communication and Understanding.Clear and precise language is crucial for effective communication. Logic helps us organize our thoughts, structure our arguments, and communicate our ideas with clarity. By understanding logical principles, we can avoid misunderstandings, ensure that our messages are received as intended, and foster productive discussions.3. Scientific Progress.Science relies heavily on logical reasoning to advance knowledge. Scientists use deductive and inductive logic to formulate hypotheses, test theories, and draw conclusions. Logical rigor ensures that scientific findings are based on sound evidence and reproducible experiments. Without logic, scientific progress would be hampered by flawed reasoning and unreliable data.4. Ethical Decision-Making.Ethics involves making sound judgments about right and wrong. Logic provides a framework for analyzing ethical dilemmas, identifying ethical principles, and weighing different options. By applying logical reasoning to ethical decision-making, we can ensure that our choices are morally sound and grounded in reason.5. Educational Value.Logic is an invaluable discipline for students and lifelong learners. It develops analytical skills, critical thinking abilities, and the ability to articulate ideas clearly. Students who receive education in logic perform better in other areas of study, such as mathematics, science, and philosophy.Conclusion.Logic is an indispensable tool for navigating the complexities of life and pursuing intellectual endeavors. It empowers us with the ability to reason soundly,communicate effectively, make informed decisions, and contribute meaningfully to society. By embracing logic, we can cultivate a more informed, rational, and enlightened world.中文回答：逻辑学的重要性。

Logic is a fundamental aspect of human thought and communication.It is the study of the principles of correct reasoning and the principles that govern valid inference.In English,the word logic can be used as a noun or an adjective,and it is derived from the Greek word logos,which means word,speech,or reason.Understanding the Concept of LogicAt its core,logic is about discerning the truth from falsehood.It involves the systematic use of reasoning to understand the relationships between ideas and to draw conclusions based on evidence.Logic is not just about deductive reasoning,where conclusions are drawn from premises that are assumed to be true.It also encompasses inductive reasoning, where conclusions are based on patterns found in observations.The Importance of Logic in LanguageIn the context of language,logic plays a crucial role in ensuring that our arguments are sound and our statements are coherent.When we communicate,we often rely on logical structures to convey our thoughts effectively.For instance,when writing an essay or giving a speech,the use of logical arguments helps to persuade the audience and make our points clear.Types of Logical FallaciesIts important to be aware of logical fallacies,which are errors in reasoning that undermine the validity of arguments.Some common types of logical fallacies include:Ad Hominem:Attacking the person making the argument rather than the argument itself. Straw Man:Misrepresenting someones argument to make it easier to attack.False Cause:Assuming that correlation implies causation.Slippery Slope:Arguing that a relatively small first step leads to something disastrous. Appeal to Authority:Claiming that an idea must be true because an authority figure believes it.The Role of Logic in Critical ThinkingCritical thinking is the ability to think clearly and rationally,understanding the logical connection between ideas.It involves being able to identify,analyze,and evaluate arguments.Logic is essential in critical thinking as it provides the framework for evaluating the strength of arguments and the soundness of conclusions.Applications of Logic in Various FieldsLogic is not confined to philosophy or language studies.It is a tool used across various disciplines,including:Mathematics:Logical principles are the foundation of mathematical proofs. Computer Science:Algorithms and programming rely heavily on logical structures. Law:Legal reasoning often involves the application of logical principles to legal cases. Science:The scientific method relies on logical reasoning to form hypotheses and draw conclusions from experiments.ConclusionIn conclusion,logic is an indispensable tool in our intellectual toolkit.It helps us to think clearly,communicate effectively,and make informed decisions.Whether we are engaging in a philosophical debate,writing a persuasive essay,or simply trying to understand the world around us,logic is the key to unlocking the door to truth and understanding.。

Formal derivation of concurrent non-blocking algorithms for real-time systemsConfirmation reportBrijesh Dongol1Contents1Introduction3 2Related Work42.1Foundations (5)Hoare logic and predicate transformers (5)Temporal logic (5)Dynamic logic (5)2.2Non-compositional methods (6)Owicki-Gries (6)UNITY (6)Action systems (7)Modular approach (7)TLA (7)I/O automata (7)2.3Compositional methods (7)2.4Program construction (9)2.5Non-blocking algorithms (9)3Results to date10 Progress for Owicki-Gries (10)Java monitors (10)Refinement rules (11)Latest achievements (11)4Research plan11 Research goals (12)Timeline (12)References1321IntroductionConcurrent programs are difficult to get right and onefinds it hard to trust their validity without a formal proof.There have certainly been examples of errors being uncovered in published algorithms that were previously assumed correct.A variety of formalisms for the verification of concurrent programs have been developed and proof tools that allow verification to be automated are available. However,for complex problems,when the verification does not work,it becomes difficult to judge whether the proof technique or the program itself is at fault. Automated model checking techniques are available where all possible states are scanned for errors.With complex programs however,model checking becomes intractable and suffers from the state-explosion problem.Techniques such as abstraction are required to approximate the program so that we operate on a smaller state space.The success of the model checking then depends on the accuracy of the abstraction.With issues such as these,one might look at the development of correct pro-grams instead,so that verification may be avoided.One such method is that of stepwise refinement where a high level specification that satisfies the require-ments isfirst developed.Via a series of small steps,using correctness preserving refinement rules,the specification is eventually refined to an implementation. The idea here is that at an abstract level programs are less detailed and hence easier to verify.As each refinement is correctness preserving,verifying the va-lidity of the refinement and correctness of the abstract level program is enough to establish correctness of the implementation.Here,the high level specifica-tion must be an abstraction of the implementation,hence,they must satisfy the same requirements.This means that the implementation may not introduce any new behaviour.If for some reason the requirements change,the new behaviour must be introduced at the abstract level and the refinement performed again. Also,these methods are more about proving the validity of refinements rather than providing a calculational method for program construction.Compositional methods of program construction are also available.Here,a program is thought of as consisting of a number of components,each of which implements some part of the given requirements.The idea is that components are smaller and hence easier to verify than an entire system.Each component is described by some specification which allows us to reason about its behaviour without referring to its internal structure.One might even like to maintain a library of components,so that components may be reused whenever necessary. Rules for composing specifications are available,which allow us to compose components without affecting their correctness.A problem with this approach is that when there is a high degree of interaction between processes,compo-nent specifications can become very detailed,but with detailed specifications reusability of components becomes difficult.Also,as leads-to(the main relation used to prove progress)is not compositional,progress properties of individual components can be lost during composition.Another method of constructing correct concurrent programs is that of Fei-jen and van Gasteren which is based on the theory of Owicki and Gries.Here,3we start with an approximation to the solution.Then,requirements are for-malised and added as annotation to this approximation.Code is introduced and modified until the annotation is satisfied.As the annotation represents a program’s proof,a program is in fact built to satisfy its proof.Modifications are motivated by the proof rules of Owicki and Gries and wlp calculations of Di-jkstra.A number of lemmas have also been provided which allows much of the work to be avoided.The method has already been used to derive a number of programs across a wide range of problems.However,the lack of a formal notion of progress in Owicki-Gries has meant that Feijen and van Gasteren have been unable to reason about progress in their derivations.A more detailed discussion is presented in Section3.The problems we would like to consider are non-blocking algorithms oper-ating over a real-time environment.Non-blocking algorithms achieve synchro-nisation by manipulating variables in complex ways,as opposed to using locks. As no process ever waits,non-blocking versions tend to achieve much better efficiency than equivalent lock-based counterparts.Problems such as priority inversion where a high-priority process is waiting for a lock held by low-priority process can be avoided.This is a serious problem in real-time systems where the high-priority process might miss some deadline due to it being unable to acquire a necessary lock.It is worth noting that Owicki-Gries formalism does not currently have a way of reasoning about real-time,but Hooman-van Roosmalen have described the notion of timing annotation which provides clues on how possible exten-sions might be performed.Timing annotation could also allow us to abandon interleaving semantics and examine true concurrency.Ideas such as conflict composition could be applied here which would force transitions to interleave only when they share the same state space.Within the Java2platform,atomic variable classes are available in Java which allows us to implement non-blocking algorithms.As there are already ex-amples of successful derivations of Java programs using the Feijen-van Gasteren approach,one would think that Java implementation of non-blocking algorithms would be the next logical step.One also hopes that life can be made simpler with tool support.The“Improving the Quality of Protocol Standards”project (http://www.win.tue.nl/oas/iqps/two distinct but equally challenging thought processes of coming up with the appropriate set of formal assertions,then using them to establish a set of proof obligations which can be verified.The two key requirements that concurrent programs need to satisfy are safety and liveness[Lam77].This distinction has developed extensively over time,expressed via a number of different viewpoints [Kin94].For instance,[AS85,AS87]shows us how,from a topological viewpoint, safety properties are closed sets and liveness properties dense sets.When think-ing about progress,one must invariably address assumptions about fairness as well.This topic is carefully studied in[Fra86].Correctness conditions like lin-earisability that focus on data(rather than control)have also been deveoped [HW90],which is the main condition used to verify non-blocking algorithms(eg. [DGLM04]).2.1FoundationsHoare logic and predicate transformers One of thefirst coherent meth-ods of proving properties of programs using program text was via Hoare logic [Hoa69].Later,[Dij76]introduced us to predicate transformers with which, one could prove program properties purely by syntactic manipulation.As the method is calculational,predicate transformers proved to be a useful tool not only in verification,but also in program derivation.Hoare logic and predicate transformers were initially developed to prove properties of sequential programs, hence suitable extensions are necessary in the context of concurrency. Temporal logic Temporal logic[Pnu77,MP95],is an extension to classical first order logic,which allowed reasoning about properties that change with time.Temporal logic drives the machinery for proving progress in the same way that Hoare-logic does for safety.Two forms of temporal logic exist-linear time temporal logic(LTL)and concurrent(or branching time)temporal logic (CTL),whose merits are described in[Lam80,EH86].The view taken by LTL is that for each moment,there is exactly one possible future,whereas CTL says that time may split into multiple paths representing the different possible futures.Proofs of temporal formulas without using temporal logic are explained in[AS89],where temporal formulas are translated to Buchi automata. Dynamic logic Dynamic logic(DL)[Har84]is another formalism for reason-ing about programs.DL is expressive enough to be able to give us insights into various program properties like correctness,the expressive power of program-ming constructs,program equality etc.The logic is a mix offirst order and predicate logic,modal logic and process algebras.A concurrent extension can be made[Pel87a,Pel87b,Pel84]where computations are modelled by branching paths.52.2Non-compositional methodsThese methods are classified as those that require complete knowledge of the other components.Owicki-Gries A popular and much referenced method for verification of con-current programs is the theory of Owicki-Gries[OG76]which builds on Hoare’s logic for sequential programs.The method supercedes the previously existing global invariant method of Ashcroft[Ash75]which itself is a concurrent ex-tension to the global invariant method of[Flo67]for sequential systems.The state-explosion problem suffered by the global invariant method is avoided via the interference freedom condition which allows us to decompose invariants so that a number of smaller proof obligations are proved instead.[Lam88]points out that annotations provide a pleasant manner in which verification of large invariants are decomposed into smaller and more localised proofs.The Owicki-Gries method is thought of as being more applicable to shared-memory systems, however,[AO91,FvG99]have shown how communication channels may be mod-elled by shared variables to reason about distributed systems.It is sometimes referred to as the modular method of proving invariants[JHW96].Owicki-Gries does,however,have a crucial deficiency:there does not exist a logic for reasoning about progress.This fact remained true for the derivations in[FvG99]where progress is given an informal operational treatment.Progress for the Owicki-Gries theory is addressed in[DG05]by incorporating the rules of progress of UNITY into the logic.In[GD05]the extended theory is used to derive Dekker’s algorithm in the style of Feijen and van Gasteren,where safety as well as progress are given equal consideration.UNITY UNITY[CM88]takes into account the commonalities in program de-velopment without targeting a specific application or architecture.The theory in UNITY has produced the greatest strides with the axiomatisation of the pre-viously temporal notion of leads-to.However,leads-to is limited as we cannot directly reason about temporal properties such as‘next’and complex manipu-lation of auxiliary variables are necessary to achieve this[Sha93,CK97].Also, there is an absence of control in UNITY,hence existing theories for program development and verification are not applicable[dRdBH+01].It is not easy to introduce operators such as sequential composition[SdR94].[CM88,Kna90a, Kna90b]give us examples of development of programs,ultimately represented in the UNITY framework.The development process consists of stating the requirements as a number of invariants,then refining these invariants until a level of detail is reached where the UNITY program becomes obvious.[GP89] describes the relationship between UNITY and linear temporal logic by show-ing how UNITY might have been obtained as a specialisation of temporal logic and the transition logic of[Ger84].[JKR89]shows that the leads-to operator in UNITY and that of temporal logic are in fact the same.[CK97]extends UNITY to a compositional framework which also explores strongest invariants[Lam90].6Action systems Another important formalism is that of action systems[Bac89, BS89,Bac92a,Bac92b].The model itself very similar to UNITY,however,the theoretical background is radically different.The idea is that when interleaving semantics is employed,the semantics of a concurrent system is no different from a non-deterministic sequential program.Hence,one can use a sequential pro-gram to model a concurrent system.Semantics of action systems are described in a lattice theoretical framework.Action systems have been extended tofit many contexts such as reactive[Bac92b],component based[Ruk03],distributed and shared memory[BS89].Refinements based on transition traces using ac-tion systems is described in[BvW94].[Qiw96]investigates three different types of refinement in the action system framework–global,modular,and composi-tional.Only safety and forward simulation is addressed,however,the author claims that generalisations that allow backwards simulation and progress to be addressed are possible.Modular approach[Sha93,LS92],presents another state transition model with syntactic constructs similar to that of IOAs,but with semantics that follow UNITY.Systems are represented as sets of state variables,initial conditions, fairness requirements and events.The main difference between UNITY and this method is that we are able to specify different fairness assumptions for different actions.This formalism was developed to reason about distributed protocols.TLA TLA or temporal logic of actions is a body of work developed by Lamport [Lam94].[Aba90]provides an axiomatisation of TLA,and[AL93,AL95]shows us how programs can be constructed in a compositional manner.However, it turns out,that the proofs using TLA are not much different to a proof in the other mport himself claims that any proof in TLA can be translated to a proof in any other method,and vice versa.It seems that for verification at least,the difference might just be presentational.The notion of refinement mappings appears in[AL91]which allows us to prove that a lower-level specification implements a higher level one.In contrast to[FvG99,CM88], the TLA approach is to validate refinements rather than incremental derivation.A very good tutorial on TLA appears in[Lad97].I/O automata[LT89]introduces us to the input/output automata(IOA) formalism,which wasfirst developed as a tool for modelling concurrent and distributed discrete event systems.This work has now been extended to model continuous systems[NLV03].Refinement in the context of IOAs is described in [LV95].2.3Compositional methodsComposition consists of building a system out of several smaller components so that the combined effect of the components satisfies the requirements of the7system.This idea wasfirst advocated in[FP78],and has now become a much establishedfield by itself.Such methods are undeniably necessary in order to verify or construct large scale systems.We prefer to treat a component as a ‘black box’so their composition need not refer to program text.Properties of the component are described by its specification.A variety of terms like rely-guarantee[Jon83],assumption-commitment[MC81],and assumption-guarantee [JT96]are used to describe compositional reasoning.We distinguish between the construction of compositional programs and compositional positional programs are programs that are com-positional by nature whereas compositional reasoning involves arbitrary parallel programs and attempts to construct a compositional proof of the program as a whole by considering the individual parts separately.[Lam98]describes why compositional proof techniques in the context of concurrency are to be avoided.[AL93]pins down the conditions under which specifications can be com-posed.As descriptions are entirely at a semantic level and transition traces are observed,no specific language is referred to,which makes the work appli-cable to a number of other approaches.A description of how specifications can be composed is given,followed by a discussion on how an implementation of a specification by another can be proved.This allows the non-cyclical composition principle to be stated which can be used to prove whether the composition of two specifications implements a program.[XdRH97]provides an overview of compositional methods using the rely-guarantee approach and its relation to the Owicki-Gries and assumption-com-mitment approaches,including proofs of soundness and completeness of the sys-tem.Following[Stø90],the paper also outlines how additional information can be added to the specification so that one may reason about deadlock freedom.From[MS00]we learn that leads-to relations are generally not compositional, yet,specific instances of when they are can be ing a notion called progress sets generalised versions of known compositional theorems for leads-to are produced.[CS95,CS96a]explores how a weakest guarantees(wg)property transformer can be defined,which forms a relationship with the guarantees property similar to that of wp to Hoare-triples.This is used in[CC02]to show us how compositional approaches can be used in specification,development and verification of concurrent programs.[DS96]explores compositionality of the ‘to-always’class of progress properties with which limited results are obtained. [Sha98]introduces us to lazy composition,an alternative paradigm to rely-guarantee where proofs of components meeting their expectations are delayed till sufficient detail has been provided to their design.[dRdBH+01,JPZ91,SdR94]shows how we can use transformational design techniques to develop distributed programs.An attempt is made to produce a layered version of the algorithm where each layer is a smaller concurrent program than the original.The layers themselves are conflict composed which means the ordering of statements only matter when the statements are in conflict.From this,using the communication closed layers(CCLs)theorem,an equivalent dis-tributed version is produced.The motivation behind this approach is that layered versions are easier to verify than distributed ones.Decomposition of the8global invariant takes place as proofs focus only on each layer of the program. [JPZ91]presents a framework that combines action systems with CCLs in a way that supports composition.[JZ92]presents a derivation of a complicated algo-rithm for determining minimum weight spanning trees of graphs using CCLs, and provides a good example of how CCLs are useful in derivation of complex systems.2.4Program constructionA survey of popular data refinement techniques and the relationships between a number of different formalisms is given in[dRE96].Traditionally,two types of simulation relations exist–forwards(or downwards)and backwards(or up-wards).Neither relation by itself is complete and to achieve completeness,one mustfind an intermediate system such that there is a forwards simulation from the concrete to the intermediate and a backwards simulation from the interme-diate to the abstract.[LV95]describes how a single relation that captures both forwards and backwards simulation can be constructed.This is done by con-structing a relation that relates concrete states to sets of abstract states.[Bro93] describes a refinement calculus using transition trace semantics which[Din98] advocates as a good basis for the stepwise refinement of parallel programs.The method in[Din98]supports compositional reasoning,local variables,fairness and reasoning about liveness properties.Another way of constructing concurrent programs is by starting out with a coarse-grained solution,where large chunks of the operation is performed atomically,then reducing granularity of code until we can guarantee atomicity of the statements in our implementation machine.This is the approach taken in[FvG99,GD05].People have also looked at ways to algorithmically construct concurrent pro-grams,however,most of these methods are deficient in some way.For example, the algorithm of[MW84]produces programs with a highly centralised archi-tecture and[EC82]produces concurrent programs in a shared memory model, however,a large number of shared variables may need to be accessed atomically, making many programs infeasible.More recently[EH93,AE96]have developed synthesis algorithms to tackle the problems listed above.However,the method in[AE96]is incomplete(solutions are not always found)and although[EH93] always produces a solution adding a new process requires the whole algorithm to be repeated from scratch.[YKB02]describes a method of synthesising Java monitors using an airport ground traffic control system as an example,but this too has problems regarding the complexity of the solution.2.5Non-blocking algorithmsThe idea of non-blocking algorithms was introduced by Lamport[Lam87],and [HW90]defined linearisability,which is the main correctness condition used in non-blocking algorithms.It is generally accepted that non-blocking versions outperform their blocking counterparts(eg.[MS96,FH]).However,the lock9free property alone is not enough to avoid problems such as infinite overtak-ing,for which reason the notion of wait-free algorithms was developed[Her91]. Derivations of non-blocking algorithms in the style of[FvG99]are presented in[Moo02],and[AC05]describes a development of a concurrent non-blocking queue using Event-B.3Results to dateAs the name suggests,this section outlines the work done so far.Progress for Owicki-Gries An early achievement in this project has been the development of a progress logic for the previously incomplete Owicki-Gries theory[DG05].One of the aims here is to make the change as small as possible, so that familiarity with the Owicki-Gries formalism is maintained.Thefirst realisation is that it is impossible to reason about progress without referring to a program’s control state.Hence,we need to introduce a systematic method of labelling the various control points.This is done by labelling each atomic statement with a unique initial label.Thefinal atomic statement of each process is also given a uniquefinal label so that we may reason about termination.We introduce control variables(program counters),modelled on auxiliary variables,which capture control information without influencing a program’s controlflow.Prior to execution of any statement the program counter must be equal to the statement’s initial label,which indicates that control is currently at the statement.Once the statement is executed,the value of the program counter is updated to the initial label of the statement that follows sequentially.To capture the change in a program’s control state,modified wlp rules for labelled statements are introduced.Finally,progress rules from UNITY are modified tofit the Owicki-Gries formalism,so that temporal‘eventuality’properties could be proved[DG05].This work has been submitted to‘Logical Methods in Computer Science’and is currently under review.The main advantage provided by the extension was that it allowed progress considerations to drive program development in the style of[FvG99].[GD05] presents a significant example of this where the extended theory is used to derive Dekker’s mutual exclusion algorithm.Java monitors Another achievement has been the formalisation of Java syn-chronisation commands in the extended Owicki-Gries model.This not only allowed safety and progress properties of multi-threaded Java programs to be verified,but also provided a basis for the development of Java monitors.The derivation procedure consists of two distinct stages.Thefirst is the development of the model using the standard Feijen-van Gasteren approach.As the model would most likely make atomicity assumptions Java is unable to guarantee,a transformation procedure is necessary to translate the program to the model for the Java monitor.This work has been submitted to QSIC05,and serves as10an example of how the Feijen-van Gasteren development method together with the extended Owicki-Gries theory,can be used to develop Java programs.There are many future directions for this work.For example,exception han-dling has not yet been formalised.When an exception does occur,the behaviour of the program changes significantly.Although exception handling does not af-fect our goal of designing correct Java programs,formalising exception handling, would allow us to design programs that catch exceptions correctly.It might also be possible streamline the two stage process in favour of an approach in which Java programs are generated more directly.Here,one would have to derive the algorithm itself with a Java implementation in mind,rather than a derivation followed by a translation.A difficulty would be reasoning about Java’s wait statement which blocks halfway through its execution.Refinement rules Although this derivation style is successful,we might still like to apply traditional refinement techniques such as simulation,a technique that has been used effectively to prove correctness of non-blocking algorithms [DGLM04].With the idea in mind that translation should be avoided when-ever possible,another achievement has been the development of rules to prove simulation.These rules were adapted from other formalisms and hence do not contain anything theoretically new,but has been a useful learning exercise and demonstrates that the Owicki-Gries formalism can be extended with simulation rules.Latest achievements Some advances have been made towards derivations of non-blocking algorithms for concurrent data structures,and reasoning about concurrent real-time systems using timing annotation.Safety and progress proofs in PVS have also been looked at.4Research planAs mention in Section1,the goal for the next two years is to focus on derivations of non-blocking algorithms,in particular,non-blocking algorithms in the context of real-time.To avoid problems such as priority inversion,it looks likely that we will need to focus on wait-free algorithms.[HvR00]describes a refinement model for real time systems where the idea of timing annotation has been introduced.Each atomic transition is associated with an‘execution moment’that records when the effect of the transition was realised.Timing annotation allows us to reason about timing requirements for each statement,i.e.,to check when in time each statement may execute.Failure of programs to satisfy timing requirements may help us introduce new code in the same manner as[FvG99].We might also see the need to extend the progress logic further by providing a basis for the‘next’temporal operator.As it is not part of the UNITY logic,‘next’is also missing from Owicki-Gries extension.With leads-to,one can only show that a property eventually becomes true but not that it becomes true in11the immediate next state.Yet,for wait-free algorithms,identifying the sorts of conditions that are required for‘next’to be true may be useful.Research goals1.Extensions to the Owicki-Gries system:(a)Support for real-time(b)Support for‘next’(c)Complete refinement rules2.Derivations in the style of Feijen and van Gasteren that consider safetyand progress:(a)Real-time algorithms(b)Programs that incorporate‘next’(c)Non-blocking concurrent data structures(d)Wait-free algorithms(e)Implementation in Java3.Tool support for the extensions and derivation process.Non-blocking queueTimeline for2006Timeline for2007This year will be spent tying up any loose ends and writing up the thesis.12References[Aba90]M.Abadi.An axiomatization of Lamport’s temporal logic of ac-tions,1990.[AC05]J.R.Abrial and D.Cansell.Formal construction of a non-blocking concurrent queue algorithm(a case study in atomicity).Journalof Universal Computer Science,2005.[AE96]P.C.Attie and E.A.Emerson.Synthesis of concurrent systems for an atomic read/atomic write model of computation.In Proceed-ings of the5th Annual ACM Symposium on Principles of Dis-tributed Computing,pages111–120,Philadelphia,Pennsylvania,United States,1996.[AL91]M.Abadi and mport.The existence of refinement mappings.Theoretical Computer Science,82(2):253–284,1991.[AL93]M.Abadi and posing specifications.ACM Trans.ng.Syst.,15(1):73–132,1993.[AL95]M.Abadi and mport.Conjoining specifications.ACM Trans.ng.Syst.,17(3):507–535,1995.[AO91]K.R.Apt and E.R.Olderog.Verification of sequential and con-current programs.Springer-Verlag New York,Inc.,1991.[AS85] B.Alpern and F.B.Schneider.Defining liveness.21:181–185, 1985.[AS87] B.Alpern and F.B.Schneider.Recognizing safety and liveness.Distributed Computing,2(3):117–126,1987.[AS89] B.Alpern and F. B.Schneider.Verifying temporal proper-ties without temporal logic.ACM ng.Syst.,11(1):147–167,1989.[Ash75] E.A.Ashcroft.Proving assertions about parallel programs.JCSS, 10:110–135,February1975.[Bac89]R.J.R.Back.Refinement calculus,part II:Parallel and reactive programs.In REX Workshop for Refinement of Distributed Sys-tems,LNCS430.Springer-Verlag,Nijmegen,The Netherlands,1989.[Bac92a]R.J.R.Back.Refinement calculus,lattices and higher order logic.Technical Report CaltechCSTR:1992.cs-tr-92-22,California Insti-tute of Technology,1992.13。

temporal logic formula时序逻辑式Temporal logic formulas, also known as temporal logic expressions, are formal expressions used in temporal logic to describe the behavior of a system over time. They provide a way to reason about the occurrence and ordering of events in a system. In this article, we will explore the concept of temporal logic formulas andstep-by-step answer questions related to them.Before we dive into the details, let's understand the basics of temporal logic. Temporal logic is a branch of mathematical logic that deals with the representation and reasoning about time and temporal aspects of systems. It provides a framework to reason about the behavior of systems that evolve over time.A temporal logic formula is expressed using temporal logic operators and variables. Temporal logic operators are used to combine variables, propositions, or other temporal logic formulas. These operators allow us to reason about the temporal ordering of events or states in a system.There are several types of temporal logic operators, including:1. "X" or "next" operator: The "X" operator is used to express that a proposition holds in the next time step. For example, X p represents that proposition p will hold in the next time step.2. "F" or "eventually" operator: The "F" operator is used to express that a proposition holds at some point in the future. For example, F p represents that proposition p will hold at some point in the future.3. "G" or "globally" operator: The "G" operator is used to express that a proposition holds continuously over time. For example, G p represents that proposition p holds at all time steps.4. "U" or "until" operator: The "U" operator is used to express that a proposition holds until another proposition becomes true. For example, p U q represents that proposition p holds until proposition q becomes true.Now let's address some common questions related to temporal logic formulas:1. How can temporal logic formulas be used in practice?Temporal logic formulas can be used in various applications, including formal verification of software and hardware systems, model checking, and specification and verification of concurrent systems. They provide a mathematical formalism to reason about the dynamic behavior of systems.2. Can temporal logic formulas handle real-time systems?Yes, temporal logic formulas can handle real-time systems.Real-time temporal logic (RTTL) extends temporal logic with additional operators to reason about timing constraints and deadlines in real-time systems. It allows us to express properties such as "a task should complete within a certain time frame" or "the response time of a system should be less than a specified value."3. Can temporal logic formulas handle parallel or concurrent systems?Yes, temporal logic formulas can handle parallel or concurrent systems. Concurrent temporal logic (CTL) extends temporal logic by introducing operators to reason about the behavior ofconcurrent systems. It allows us to express properties like "process A and process B can execute simultaneously" or "two processes can communicate with each other."4. Are temporal logic formulas only applicable to computer science?No, temporal logic formulas are not limited to computer science applications. They can be applied in various fields like robotics, control systems, and linguistics. In robotics, temporal logic formulas can be used to specify and verify robot behaviors. In control systems, they can be used to reason about the stability and safety of systems. In linguistics, they can be used to describe the temporal relationships between events in natural language.In conclusion, temporal logic formulas provide a powerful framework to reason about the temporal behavior of systems. They allow us to specify properties and verify the correctness of systems that evolve over time. By using temporal logic operators and variables, we can express complex temporal relationships and reason about the ordering and occurrence of events. Whether incomputer science or other fields, temporal logic formulas find application in various domains for specification, verification, and reasoning about time-related properties.。

普适计算应用时空性质的运行时验证李晅松;陶先平;宋巍【期刊名称】《软件学报》【年(卷),期】2018(29)6【摘要】运行时验证是提升普适计算应用可靠性的重要手段.这类应用的很多性质同时涉及时间关系和空间位置关系,这样的时空性质给运行时的验证带来了特有挑战:一方面,传统的时态逻辑难以描述空间性质;另一方面,适合描述空间性质的Ambient Logic在真值不确定等情况下不能很好地支持有限轨迹中时间性质的描述.为支持普适计算应用时空性质的运行时验证,引入三值逻辑语义,提出了AL3(3-valued ambient logic);并在此基础上设计实现了基于AL3的性质检验算法和运行时监控器.最后,通过案例分析和运行效率实验阐明了所提方法的有效性和可行性.%Runtime verification is an important method for improving software reliability of pervasive computing applications.Some properties of these applications consider both temporal and spatial relationships.Such spatio-temporal properties bring some specific challenges for runtime verification.On one hand,traditional temporal logic cannot describe spatial properties.On the other hand,while ambient logic is suitable for spatial properties,it does not properly support the description of temporal properties in finite traces,especially when the truth values cannot be decided.In order to support the runtime verification of spatio-temporal properties for pervasive computing applications,this paper firstly imports 3-valued semantics and proposes AL3 (3-valued ambient logic).On thebasis of AL3,it designs and implements an algorithm for properties checking and a runtime monitor.Moreover,the paper uses a case study and a performance measurement to clarify the usability and feasibility of the proposed approach.【总页数】13页(P1622-1634)【作者】李晅松;陶先平;宋巍【作者单位】南京理工大学计算机科学与工程学院,江苏南京210094;计算机软件新技术国家重点实验室(南京大学),江苏南京210023;计算机软件新技术国家重点实验室(南京大学),江苏南京210023;南京理工大学计算机科学与工程学院,江苏南京210094;计算机软件新技术国家重点实验室(南京大学),江苏南京210023【正文语种】中文【中图分类】TP301【相关文献】1.运行时验证及其在列车运行控制系统中的应用 [J], 赵林;唐涛;徐田华;柴铭;李宪2.时空代数的若干性质及应用 [J], 李武明3.运行时验证及其应用 [J], 徐蛟4.面向动作的上下文感知应用的规约与运行时验证 [J], 李晅松;陶先平;吕建;宋巍5.面向CPS时空性质验证的混成AADL建模与模型转换方法 [J], 陈小颖;祝义;赵宇;王金永因版权原因，仅展示原文概要，查看原文内容请购买。

中英文对照外文翻译Support software for the development ofprogrammable logic1、IntroductionProgrammable Logic Controllers (PLC) class of real-time computers used extensively in industrial control applications. The development of a PLC application requires the configuration of the inputs and outputs of the PLC architecture, that is the selection of the number, type and addresses of the inputs and outputs of the PLC, and the writing and debugging of the application program. Programming these computers is usually done in specific graphical structured text languages [Bekkum93,Hughes 89,Jones 83] and the program debugging is carried out in a development environment. Most of the available environments [Square D 90, Taylor 90] allow program writing in more than one language, running it by step or in segments on the actual PLC and checking whether the assumed logical relationships between the inputs and the outputs at each program step or segment are satisfied. I addition, these environments offer engineering support, such as the preparation of input/output wiring diagrams and the generation of the executable code of the program. Recent versions of commercially available environments are supplied with a software emulator of one or more PLC units. This allows to perform program debugging without having access to the programmable controller itself. Also, the use of emulators makes easier and economically affordable the simulation of a large number of program operating conditions. By making sure that the program operates correcty under all the critical operating conditions, the risk of implementing aPLC-based system that does not meet the desired requirements is reduced. However, the ultimate goal of a development environment should be to verify the functional properties and behavior of the programs in all the possible states that thes programs and the plants they may enter.In the literature, various languages and graphical or mathematical formalisms are proposed for writing or specifying real-time programs .The timing and/or functional performance of these programs can be verified at compile time or mathematically. ADA[Ada83],RT-ASLAN[Auemheimer86], EUCLID[Kligerman86], PEARL [Halang 91], FLEX[Lin88] are some of the proposed and most widely known languages. Their graphical or mathematical formalisms are based on the use of finite state automata [Alford 77],Petri-Nets[Fedler 93], dataflow diagrams [Zave 82] and metric temporal logic [Koymans 90]. Although all these formal methods and languages represent significant advances to the problem of real-time program verification, still they have not reached the maturity required to deal with the complexities of large software systems . Until these methods reach a certain level of maturity we must rely on less formal methods, tuned to the needs of specific classes of real-time systems.In the case of PLC, we may continue to use simulation as a method to reveal logical errors in our programs and assess their behavior under an incomplete set of possible program states. In addition, we may include new facilities in the program development environments, the use of which will reduce the programming and engineering effort of an application. They may be editing and compilation facilities which support application programming in all the languages defined in the IEC 1131-3 standard. By using these languages our programming efficiency will be improved significantly, because each one of them can be used to program the part of the application for which it is appropriate, and yet the whole application can be linked into a single executable program. Other facilities which can reduce engineering effort are those whichcan make easier and more meaningful the declaration of the program input conditions. These facilities will allow us to study in a given timing period, a larger number of simulation cases than the ones we might have studied without these facilities. Furthermore, we may expand the scope of the simulation by including a simulator of the plant which interacts with the computer. Also, facilities can be added to assist in the better interpretation of the generated simulation results. Such facilities may allow us to configure the displays of the generated data the way we think appropriate, and animate the simulated operation of the application program.In this paper an architecture and language constructs are proposed for a software aid which ~an be used to declare input conditions to a PLC program, emulate the PLC operation and configure the display of the emulation results. The core of the architecture is the virtual machine, which is a software module which emulates the operation of a program written for a specific PLC in any application programming language. The virtual machine is linked with executable code generated from two other software modules which interpret instructions defining the input conditions to the application program and the configuration of the output display. Of course, the proposed facilities do not solve the problem of the complete verification of the timing behavior of an application program. However, when they are compared with the facilities offered by various commercially available aids, to our opinion they do significantly reduce the time taken to test the execution of a PLC program under a large number of possible input conditions, on different architectures and interpret the results. A scaled down experimental implementation of facilities for a specific PLC model is used to demonstrate the feasibility of the proposed concepts. The operation of the experimental set-up has been validated with data taken from the execution of sample program on a specific PLC.1、Principles of PLC Operation.The Programmable Logic Controller is a special purpose digital computer designed to control machine or process operations by means of a stored program and feedback from input/output field devices. It is composed primarily of two basic sections: the Central Processing Unit (PLC) and an Input/Output(I/O) interface. The CPU encompasses all the necessary elements that form the intelligence of the system. It is further subdivided to the Processor, Memory and Power supply. The CPU accepts input data from various input field devices, executes the stored program from the memory, and sends appropriate commands to output field devices. The Input/Output system forms the interface by which the field devices are connected to the controller. Its purpose is to condition the various signals received from or sent to field devices. Through this system the CPU can sense and measure physical quantities regarding a machine or process, such as proximity, position, motion, level temperature, pressure, current and voltage. Based on the status sensed or values measured, the CPU, through this interface system, issues commands that control various devices such as valves, motors, pumps and alarms. The most common type of I/O interface is the discrete one. This interface connects field input or output devices, which provide input signals or receive command signals of the Boolean type.Pushbuttons, limit switches and selector switches are some of the devices that provide incoming signals of this type,, whereas typical field devices that can be and position valves .The numerical I/O interface is another type of interface, provided in a PLC system. It can allow reading or writing a multi-bit digital or analog device. Multi-bit devices either generate or receive a group of bits which is the digital representation of a decimal number or an analogue quantity. This group of bits is handled as a unit by the CPU and can be in parallel form (BCD inputs or outputs) or in serial form (pulse inputs or outputs). Typical field devices providing multi-bit input to a PLC are thumbwheel switches, bar code readers and encoders ,whereas typical output devices are seven-segment and intelligent displays. The analogue field devices are the various sensors, motordrives, and process instruments used to monitor arid control physical variables such as temperature, pressure, humidity, flow, etc. The devices which monitor physical variables send to the I/O interface analogue voltages and currents which are converted by the A/D converter of the interface to a multi-bit digital code. On the other hand, an analogue device used to control the value of a physical variable, receives from the interface an analogue voltage or current as a result of the digital to analogue conversion of data produced by the CPU.The processor of the CPU performs all the mathematical operations, data handling and diagnostic routines by executing a collection , stored in the memory .This collection consists of supervisory programs ,that are permanently stored in the memory, and application programs . The supervisory programs, known as the executive, allow communication with the processor via a programming device or other peripheral memory management, monitoring of field devices, hardware fault diagnosis and execution of the application program written by the user. The memory organization and the way the application program is executed under the control of the executive are two features which distinguish a PLC from any other general purpose computer. In general, all PLC have memory allocated for executive programs, processor work area, data table and application program. The programmed instructions and any data that will be utilized by the processor to perform its control functions are stored in the Application Program Memory Area and Data Table Memory Area respectively. These two areas can be grouped into what is called application memory. Each controller has a maximum amount of application memory which is part of the total memory specified for the controller. The Data Table is functionally divided Into the Input Table, Internal Storage Area and Storage Registers Area. The Input Table is an array of bits that stores the status of the digital inputs which are connected to the I/O interface system.. The Output Table is an array of bits that control the status of the digital output devices, which are also connected. To the I/O system. The Internal Storage Bits Area is the memory area allocated for thestorage of the logic status of flags used by the application program. The Storage Registers Area is allocated for the storage of input registers, holding registers and output registers. The input registers are used to store numerical data received via digital of analogue input interfaces. The holding registers are used to store variable values that are generated by math, timer and counter instructions of a program. The output registers are used to provide storage for numerical or analogue values that control various output devices .Each virtual machine program is built according to a general computer model applicable to any PLC architecture. This model maps the usual functions performed by a PLC to machine language functions of a simple hypothetical computer. This computer consists of:(a) a Central Processing Unit (CPU)(b) a Memory unit(MU) where the application program is stored and(c) a number of Input and Output modules(I/O)At system start up, the execution of the executive program is initiated. During this program execution, the processor reads all the inputs, stores their values in the Input Storage Area and runs the application program. The results which are generated during the execution of the application program are saved in the Output Storage Area. The process of reading the inputs, executing the program, and updating the outdate all the outputs of the PLC by suing the data of the Output Storage Area. The process of reading the inputs, executing the program, and updating the outputs is known as scan. The time required to make a single scan is called scan time. A figure for the worst case time is usually provided by the manufacturers. Generally, they specify the maximum scan-time that corresponds to every 1K of programmed memory, i.e. 10msecs/1k. However, since the common method of monitoring the inputs at the end of each scan is inadequate for reading certain extremely fast inputs, some PLC provide software instructions that allow the interruption of the continuous program scan in order to receive an input or update an output immediately. Also, a newer approach inPLC design, which results to a significant reduction of the total processing time, is to divide the total system load to a number of tasks and assign their execution to several processors.The stack register is so designed that the execution of an instruction which reads discrete inputs shifts right by one bit the contents of the stack register and pushes the current state of the O.R flip flop into stack register. When this operation is completed, the O.R flip flop is loaded with the state of a discrete input. Instructions which perform logic operations shift left the contents of the stack register. Then, the leftmost bit of the stack register is loaded into the O.R flip flop. Then, the arithmetic, calculations and numerical handling are using the data registers DROO and DRO1 for byte and word operations respectively.可编程控制器应用的发展支持软件1、序可编程控制器（PLC）构成了工业的控制应用中被广泛地应用的即时计算器的一个类别。

Matlab Stateflow教程Stateflow是一个simulink中的工具，可以用来表示一个动态控制。

控制对象可以是汽车，泵，或者其他可以变化行为方式来操作的模型。

在Stateflow图表中，你可以将控制对象在物理事件中的反映用图形化的方式表示。

以下图形藐视了一个Stateflow模块sf_boiler。

Stateflow是一个实现有限状态机的工具。

有限状态机是一种表示事件驱动系统的方法。

在事件驱动系统中，系统对事件的反映是从一个状态过渡到另一个状态。

This action occurs in response to an event, as long as the condition defining the change is true.A Stateflow chart is a graphical representation of a finite state machine, where states and transitions form the basic building blocks of the system. You can also represent stateless flow graphs. To add your control logic to a Simulink model, use a Stateflow block.You can use Stateflow charts to control a physical plant in response to events such as a temperature or pressure sensor, or clock or user-driven events. For example, you can use a state machine to represent the automatic transmission of a car. The transmission has these operating states: park, reverse, neutral, drive, and low. As the driver shifts from one position to another, the system makes a transition from one state to another, for example, from park to reverse.下图显示了一个Simulink模型，其中有一个名为Chart的Stateflow模块，用来响应手工输入的开关事件。

英语专业八级考试TEM-8阅读理解练习册（1）(英语专业2012级)UNIT 1Text AEvery minute of every day, what ecologist生态学家James Carlton calls a global ―conveyor belt‖, redistributes ocean organisms生物.It’s planetwide biological disruption生物的破坏that scientists have barely begun to understand.Dr. Carlton —an oceanographer at Williams College in Williamstown,Mass.—explains that, at any given moment, ―There are several thousand marine species traveling… in the ballast water of ships.‖ These creatures move from coastal waters where they fit into the local web of life to places where some of them could tear that web apart. This is the larger dimension of the infamous无耻的，邪恶的invasion of fish-destroying, pipe-clogging zebra mussels有斑马纹的贻贝.Such voracious贪婪的invaders at least make their presence known. What concerns Carlton and his fellow marine ecologists is the lack of knowledge about the hundreds of alien invaders that quietly enter coastal waters around the world every day. Many of them probably just die out. Some benignly亲切地，仁慈地—or even beneficially — join the local scene. But some will make trouble.In one sense, this is an old story. Organisms have ridden ships for centuries. They have clung to hulls and come along with cargo. What’s new is the scale and speed of the migrations made possible by the massive volume of ship-ballast water压载水— taken in to provide ship stability—continuously moving around the world…Ships load up with ballast water and its inhabitants in coastal waters of one port and dump the ballast in another port that may be thousands of kilometers away. A single load can run to hundreds of gallons. Some larger ships take on as much as 40 million gallons. The creatures that come along tend to be in their larva free-floating stage. When discharged排出in alien waters they can mature into crabs, jellyfish水母, slugs鼻涕虫，蛞蝓, and many other forms.Since the problem involves coastal species, simply banning ballast dumps in coastal waters would, in theory, solve it. Coastal organisms in ballast water that is flushed into midocean would not survive. Such a ban has worked for North American Inland Waterway. But it would be hard to enforce it worldwide. Heating ballast water or straining it should also halt the species spread. But before any such worldwide regulations were imposed, scientists would need a clearer view of what is going on.The continuous shuffling洗牌of marine organisms has changed the biology of the sea on a global scale. It can have devastating effects as in the case of the American comb jellyfish that recently invaded the Black Sea. It has destroyed that sea’s anchovy鳀鱼fishery by eating anchovy eggs. It may soon spread to western and northern European waters.The maritime nations that created the biological ―conveyor belt‖ should support a coordinated international effort to find out what is going on and what should be done about it. (456 words)1.According to Dr. Carlton, ocean organism‟s are_______.A.being moved to new environmentsB.destroying the planetC.succumbing to the zebra musselD.developing alien characteristics2.Oceanographers海洋学家are concerned because_________.A.their knowledge of this phenomenon is limitedB.they believe the oceans are dyingC.they fear an invasion from outer-spaceD.they have identified thousands of alien webs3.According to marine ecologists, transplanted marinespecies____________.A.may upset the ecosystems of coastal watersB.are all compatible with one anotherC.can only survive in their home watersD.sometimes disrupt shipping lanes4.The identified cause of the problem is_______.A.the rapidity with which larvae matureB. a common practice of the shipping industryC. a centuries old speciesD.the world wide movement of ocean currents5.The article suggests that a solution to the problem__________.A.is unlikely to be identifiedB.must precede further researchC.is hypothetically假设地，假想地easyD.will limit global shippingText BNew …Endangered‟ List Targets Many US RiversIt is hard to think of a major natural resource or pollution issue in North America today that does not affect rivers.Farm chemical runoff残渣, industrial waste, urban storm sewers, sewage treatment, mining, logging, grazing放牧,military bases, residential and business development, hydropower水力发电,loss of wetlands. The list goes on.Legislation like the Clean Water Act and Wild and Scenic Rivers Act have provided some protection, but threats continue.The Environmental Protection Agency (EPA) reported yesterday that an assessment of 642,000 miles of rivers and streams showed 34 percent in less than good condition. In a major study of the Clean Water Act, the Natural Resources Defense Council last fall reported that poison runoff impairs损害more than 125,000 miles of rivers.More recently, the NRDC and Izaak Walton League warned that pollution and loss of wetlands—made worse by last year’s flooding—is degrading恶化the Mississippi River ecosystem.On Tuesday, the conservation group保护组织American Rivers issued its annual list of 10 ―endangered‖ and 20 ―threatened‖ rivers in 32 states, the District of Colombia, and Canada.At the top of the list is the Clarks Fork of the Yellowstone River, whereCanadian mining firms plan to build a 74-acre英亩reservoir水库，蓄水池as part of a gold mine less than three miles from Yellowstone National Park. The reservoir would hold the runoff from the sulfuric acid 硫酸used to extract gold from crushed rock.―In the event this tailings pond failed, the impact to th e greater Yellowstone ecosystem would be cataclysmic大变动的，灾难性的and the damage irreversible不可逆转的.‖ Sen. Max Baucus of Montana, chairman of the Environment and Public Works Committee, wrote to Noranda Minerals Inc., an owner of the ― New World Mine‖.Last fall, an EPA official expressed concern about the mine and its potential impact, especially the plastic-lined storage reservoir. ― I am unaware of any studies evaluating how a tailings pond尾矿池，残渣池could be maintained to ensure its structural integrity forev er,‖ said Stephen Hoffman, chief of the EPA’s Mining Waste Section. ―It is my opinion that underwater disposal of tailings at New World may present a potentially significant threat to human health and the environment.‖The results of an environmental-impact statement, now being drafted by the Forest Service and Montana Department of State Lands, could determine the mine’s future…In its recent proposal to reauthorize the Clean Water Act, the Clinton administration noted ―dramatically improved water quality since 1972,‖ when the act was passed. But it also reported that 30 percent of riverscontinue to be degraded, mainly by silt泥沙and nutrients from farm and urban runoff, combined sewer overflows, and municipal sewage城市污水. Bottom sediments沉积物are contaminated污染in more than 1,000 waterways, the administration reported in releasing its proposal in January. Between 60 and 80 percent of riparian corridors (riverbank lands) have been degraded.As with endangered species and their habitats in forests and deserts, the complexity of ecosystems is seen in rivers and the effects of development----beyond the obvious threats of industrial pollution, municipal waste, and in-stream diversions改道to slake消除the thirst of new communities in dry regions like the Southwes t…While there are many political hurdles障碍ahead, reauthorization of the Clean Water Act this year holds promise for US rivers. Rep. Norm Mineta of California, who chairs the House Committee overseeing the bill, calls it ―probably the most important env ironmental legislation this Congress will enact.‖ (553 words)6.According to the passage, the Clean Water Act______.A.has been ineffectiveB.will definitely be renewedC.has never been evaluatedD.was enacted some 30 years ago7.“Endangered” rivers are _________.A.catalogued annuallyB.less polluted than ―threatened rivers‖C.caused by floodingD.adjacent to large cities8.The “cataclysmic” event referred to in paragraph eight would be__________.A. fortuitous偶然的，意外的B. adventitious外加的，偶然的C. catastrophicD. precarious不稳定的，危险的9. The owners of the New World Mine appear to be______.A. ecologically aware of the impact of miningB. determined to construct a safe tailings pondC. indifferent to the concerns voiced by the EPAD. willing to relocate operations10. The passage conveys the impression that_______.A. Canadians are disinterested in natural resourcesB. private and public environmental groups aboundC. river banks are erodingD. the majority of US rivers are in poor conditionText CA classic series of experiments to determine the effects ofoverpopulation on communities of rats was reported in February of 1962 in an article in Scientific American. The experiments were conducted by a psychologist, John B. Calhoun and his associates. In each of these experiments, an equal number of male and female adult rats were placed in an enclosure and given an adequate supply of food, water, and other necessities. The rat populations were allowed to increase. Calhoun knew from experience approximately how many rats could live in the enclosures without experiencing stress due to overcrowding. He allowed the population to increase to approximately twice this number. Then he stabilized the population by removing offspring that were not dependent on their mothers. He and his associates then carefully observed and recorded behavior in these overpopulated communities. At the end of their experiments, Calhoun and his associates were able to conclude that overcrowding causes a breakdown in the normal social relationships among rats, a kind of social disease. The rats in the experiments did not follow the same patterns of behavior as rats would in a community without overcrowding.The females in the rat population were the most seriously affected by the high population density: They showed deviant异常的maternal behavior; they did not behave as mother rats normally do. In fact, many of the pups幼兽，幼崽, as rat babies are called, died as a result of poor maternal care. For example, mothers sometimes abandoned their pups,and, without their mothers' care, the pups died. Under normal conditions, a mother rat would not leave her pups alone to die. However, the experiments verified that in overpopulated communities, mother rats do not behave normally. Their behavior may be considered pathologically 病理上，病理学地diseased.The dominant males in the rat population were the least affected by overpopulation. Each of these strong males claimed an area of the enclosure as his own. Therefore, these individuals did not experience the overcrowding in the same way as the other rats did. The fact that the dominant males had adequate space in which to live may explain why they were not as seriously affected by overpopulation as the other rats. However, dominant males did behave pathologically at times. Their antisocial behavior consisted of attacks on weaker male,female, and immature rats. This deviant behavior showed that even though the dominant males had enough living space, they too were affected by the general overcrowding in the enclosure.Non-dominant males in the experimental rat communities also exhibited deviant social behavior. Some withdrew completely; they moved very little and ate and drank at times when the other rats were sleeping in order to avoid contact with them. Other non-dominant males were hyperactive; they were much more active than is normal, chasing other rats and fighting each other. This segment of the rat population, likeall the other parts, was affected by the overpopulation.The behavior of the non-dominant males and of the other components of the rat population has parallels in human behavior. People in densely populated areas exhibit deviant behavior similar to that of the rats in Calhoun's experiments. In large urban areas such as New York City, London, Mexican City, and Cairo, there are abandoned children. There are cruel, powerful individuals, both men and women. There are also people who withdraw and people who become hyperactive. The quantity of other forms of social pathology such as murder, rape, and robbery also frequently occur in densely populated human communities. Is the principal cause of these disorders overpopulation? Calhoun’s experiments suggest that it might be. In any case, social scientists and city planners have been influenced by the results of this series of experiments.11. Paragraph l is organized according to__________.A. reasonsB. descriptionC. examplesD. definition12．Calhoun stabilized the rat population_________.A. when it was double the number that could live in the enclosure without stressB. by removing young ratsC. at a constant number of adult rats in the enclosureD. all of the above are correct13.W hich of the following inferences CANNOT be made from theinformation inPara. 1?A. Calhoun's experiment is still considered important today.B. Overpopulation causes pathological behavior in rat populations.C. Stress does not occur in rat communities unless there is overcrowding.D. Calhoun had experimented with rats before.14. Which of the following behavior didn‟t happen in this experiment?A. All the male rats exhibited pathological behavior.B. Mother rats abandoned their pups.C. Female rats showed deviant maternal behavior.D. Mother rats left their rat babies alone.15. The main idea of the paragraph three is that __________.A. dominant males had adequate living spaceB. dominant males were not as seriously affected by overcrowding as the otherratsC. dominant males attacked weaker ratsD. the strongest males are always able to adapt to bad conditionsText DThe first mention of slavery in the statutes法令，法规of the English colonies of North America does not occur until after 1660—some forty years after the importation of the first Black people. Lest we think that existed in fact before it did in law, Oscar and Mary Handlin assure us, that the status of B lack people down to the 1660’s was that of servants. A critique批判of the Handlins’ interpretation of why legal slavery did not appear until the 1660’s suggests that assumptions about the relation between slavery and racial prejudice should be reexamined, and that explanation for the different treatment of Black slaves in North and South America should be expanded.The Handlins explain the appearance of legal slavery by arguing that, during the 1660’s, the position of white servants was improving relative to that of black servants. Thus, the Handlins contend, Black and White servants, heretofore treated alike, each attained a different status. There are, however, important objections to this argument. First, the Handlins cannot adequately demonstrate that t he White servant’s position was improving, during and after the 1660’s; several acts of the Maryland and Virginia legislatures indicate otherwise. Another flaw in the Handlins’ interpretation is their assumption that prior to the establishment of legal slavery there was no discrimination against Black people. It is true that before the 1660’s Black people were rarely called slaves. But this shouldnot overshadow evidence from the 1630’s on that points to racial discrimination without using the term slavery. Such discrimination sometimes stopped short of lifetime servitude or inherited status—the two attributes of true slavery—yet in other cases it included both. The Handlins’ argument excludes the real possibility that Black people in the English colonies were never treated as the equals of White people.The possibility has important ramifications后果，影响.If from the outset Black people were discriminated against, then legal slavery should be viewed as a reflection and an extension of racial prejudice rather than, as many historians including the Handlins have argued, the cause of prejudice. In addition, the existence of discrimination before the advent of legal slavery offers a further explanation for the harsher treatment of Black slaves in North than in South America. Freyre and Tannenbaum have rightly argued that the lack of certain traditions in North America—such as a Roman conception of slavery and a Roman Catholic emphasis on equality— explains why the treatment of Black slaves was more severe there than in the Spanish and Portuguese colonies of South America. But this cannot be the whole explanation since it is merely negative, based only on a lack of something. A more compelling令人信服的explanation is that the early and sometimes extreme racial discrimination in the English colonies helped determine the particular nature of the slavery that followed. (462 words)16. Which of the following is the most logical inference to be drawn from the passage about the effects of “several acts of the Maryland and Virginia legislatures” (Para.2) passed during and after the 1660‟s?A. The acts negatively affected the pre-1660’s position of Black as wellas of White servants.B. The acts had the effect of impairing rather than improving theposition of White servants relative to what it had been before the 1660’s.C. The acts had a different effect on the position of white servants thandid many of the acts passed during this time by the legislatures of other colonies.D. The acts, at the very least, caused the position of White servants toremain no better than it had been before the 1660’s.17. With which of the following statements regarding the status ofBlack people in the English colonies of North America before the 1660‟s would the author be LEAST likely to agree?A. Although black people were not legally considered to be slaves,they were often called slaves.B. Although subject to some discrimination, black people had a higherlegal status than they did after the 1660’s.C. Although sometimes subject to lifetime servitude, black peoplewere not legally considered to be slaves.D. Although often not treated the same as White people, black people,like many white people, possessed the legal status of servants.18. According to the passage, the Handlins have argued which of thefollowing about the relationship between racial prejudice and the institution of legal slavery in the English colonies of North America?A. Racial prejudice and the institution of slavery arose simultaneously.B. Racial prejudice most often the form of the imposition of inheritedstatus, one of the attributes of slavery.C. The source of racial prejudice was the institution of slavery.D. Because of the influence of the Roman Catholic Church, racialprejudice sometimes did not result in slavery.19. The passage suggests that the existence of a Roman conception ofslavery in Spanish and Portuguese colonies had the effect of _________.A. extending rather than causing racial prejudice in these coloniesB. hastening the legalization of slavery in these colonies.C. mitigating some of the conditions of slavery for black people in these coloniesD. delaying the introduction of slavery into the English colonies20. The author considers the explanation put forward by Freyre andTannenbaum for the treatment accorded B lack slaves in the English colonies of North America to be _____________.A. ambitious but misguidedB. valid有根据的but limitedC. popular but suspectD. anachronistic过时的，时代错误的and controversialUNIT 2Text AThe sea lay like an unbroken mirror all around the pine-girt, lonely shores of Orr’s Island. Tall, kingly spruce s wore their regal王室的crowns of cones high in air, sparkling with diamonds of clear exuded gum流出的树胶; vast old hemlocks铁杉of primeval原始的growth stood darkling in their forest shadows, their branches hung with long hoary moss久远的青苔;while feathery larches羽毛般的落叶松,turned to brilliant gold by autumn frosts, lighted up the darker shadows of the evergreens. It was one of those hazy朦胧的, calm, dissolving days of Indian summer, when everything is so quiet that the fainest kiss of the wave on the beach can be heard, and white clouds seem to faint into the blue of the sky, and soft swathing一长条bands of violet vapor make all earth look dreamy, and give to the sharp, clear-cut outlines of the northern landscape all those mysteries of light and shade which impart such tenderness to Italian scenery.The funeral was over,--- the tread鞋底的花纹/ 踏of many feet, bearing the heavy burden of two broken lives, had been to the lonely graveyard, and had come back again,--- each footstep lighter and more unconstrained不受拘束的as each one went his way from the great old tragedy of Death to the common cheerful of Life.The solemn black clock stood swaying with its eternal ―tick-tock, tick-tock,‖ in the kitchen of the brown house on Orr’s Island. There was there that sense of a stillness that can be felt,---such as settles down on a dwelling住处when any of its inmates have passed through its doors for the last time, to go whence they shall not return. The best room was shut up and darkened, with only so much light as could fall through a little heart-shaped hole in the window-shutter,---for except on solemn visits, or prayer-meetings or weddings, or funerals, that room formed no part of the daily family scenery.The kitchen was clean and ample, hearth灶台, and oven on one side, and rows of old-fashioned splint-bottomed chairs against the wall. A table scoured to snowy whiteness, and a little work-stand whereon lay the Bible, the Missionary Herald, and the Weekly Christian Mirror, before named, formed the principal furniture. One feature, however, must not be forgotten, ---a great sea-chest水手用的储物箱,which had been the companion of Zephaniah through all the countries of the earth. Old, and battered破旧的，磨损的, and unsightly难看的it looked, yet report said that there was good store within which men for the most part respect more than anything else; and, indeed it proved often when a deed of grace was to be done--- when a woman was suddenly made a widow in a coast gale大风，狂风, or a fishing-smack小渔船was run down in the fogs off the banks, leaving in some neighboring cottage a family of orphans,---in all such cases, the opening of this sea-chest was an event of good omen 预兆to the bereaved丧亲者;for Zephaniah had a large heart and a large hand, and was apt有…的倾向to take it out full of silver dollars when once it went in. So the ark of the covenant约柜could not have been looked on with more reverence崇敬than the neighbours usually showed to Captain Pennel’s sea-chest.1. The author describes Orr‟s Island in a(n)______way.A.emotionally appealing, imaginativeB.rational, logically preciseC.factually detailed, objectiveD.vague, uncertain2.According to the passage, the “best room”_____.A.has its many windows boarded upB.has had the furniture removedC.is used only on formal and ceremonious occasionsD.is the busiest room in the house3.From the description of the kitchen we can infer that thehouse belongs to people who_____.A.never have guestsB.like modern appliancesC.are probably religiousD.dislike housework4.The passage implies that_______.A.few people attended the funeralB.fishing is a secure vocationC.the island is densely populatedD.the house belonged to the deceased5.From the description of Zephaniah we can see thathe_________.A.was physically a very big manB.preferred the lonely life of a sailorC.always stayed at homeD.was frugal and saved a lotText BBasic to any understanding of Canada in the 20 years after the Second World War is the country' s impressive population growth. For every three Canadians in 1945, there were over five in 1966. In September 1966 Canada's population passed the 20 million mark. Most of this surging growth came from natural increase. The depression of the 1930s and the war had held back marriages, and the catching-up process began after 1945. The baby boom continued through the decade of the 1950s, producing a population increase of nearly fifteen percent in the five years from 1951 to 1956. This rate of increase had been exceeded only once before in Canada's history, in the decade before 1911 when the prairies were being settled. Undoubtedly, the good economic conditions of the 1950s supported a growth in the population, but the expansion also derived from a trend toward earlier marriages and an increase in the average size of families; In 1957 the Canadian birth rate stood at 28 per thousand, one of the highest in the world. After the peak year of 1957, thebirth rate in Canada began to decline. It continued falling until in 1966 it stood at the lowest level in 25 years. Partly this decline reflected the low level of births during the depression and the war, but it was also caused by changes in Canadian society. Young people were staying at school longer, more women were working; young married couples were buying automobiles or houses before starting families; rising living standards were cutting down the size of families. It appeared that Canada was once more falling in step with the trend toward smaller families that had occurred all through theWestern world since the time of the Industrial Revolution. Although the growth in Canada’s population had slowed down by 1966 (the cent), another increase in the first half of the 1960s was only nine percent), another large population wave was coming over the horizon. It would be composed of the children of the children who were born during the period of the high birth rate prior to 1957.6. What does the passage mainly discuss?A. Educational changes in Canadian society.B. Canada during the Second World War.C. Population trends in postwar Canada.D. Standards of living in Canada.7. According to the passage, when did Canada's baby boom begin?A. In the decade after 1911.B. After 1945.C. During the depression of the 1930s.D. In 1966.8. The author suggests that in Canada during the 1950s____________.A. the urban population decreased rapidlyB. fewer people marriedC. economic conditions were poorD. the birth rate was very high9. When was the birth rate in Canada at its lowest postwar level?A. 1966.B. 1957.C. 1956.D. 1951.10. The author mentions all of the following as causes of declines inpopulation growth after 1957 EXCEPT_________________.A. people being better educatedB. people getting married earlierC. better standards of livingD. couples buying houses11.I t can be inferred from the passage that before the IndustrialRevolution_______________.A. families were largerB. population statistics were unreliableC. the population grew steadilyD. economic conditions were badText CI was just a boy when my father brought me to Harlem for the first time, almost 50 years ago. We stayed at the hotel Theresa, a grand brick structure at 125th Street and Seventh avenue. Once, in the hotel restaurant, my father pointed out Joe Louis. He even got Mr. Brown, the hotel manager, to introduce me to him, a bit punchy强力的but still champ焦急as fast as I was concerned.Much has changed since then. Business and real estate are booming. Some say a new renaissance is under way. Others decry责难what they see as outside forces running roughshod肆意践踏over the old Harlem. New York meant Harlem to me, and as a young man I visited it whenever I could. But many of my old haunts are gone. The Theresa shut down in 1966. National chains that once ignored Harlem now anticipate yuppie money and want pieces of this prime Manhattan real estate. So here I am on a hot August afternoon, sitting in a Starbucks that two years ago opened a block away from the Theresa, snatching抓取，攫取at memories between sips of high-priced coffee. I am about to open up a piece of the old Harlem---the New York Amsterdam News---when a tourist。

TEMPORAL LOGICHeiko KrummUniversity of Dortmund, Department of Computer ScienceSymbolic logic generally supports the reasoning with propositions, i.e., with statements to be evaluated to true or false. Temporal logic is a special branch of symbolic logic focussing on propositions whose truth values depend on time. That contrasts with the classical logic point of view where the truth value of a repeatedly uttered proposition must always be the same and must neither depend on the modalities of the repetition nor on additional information. Temporal propositions typically contain some (explicit or implicit) reference to time conditions, while classical logic deals with timeless propositions. For instance consider the following examples:A: “The moon is a satellite of the earth”B: “The moon is rising”C: “The moon is setting”Proposition A can be viewed as timeless, since it is true in past, present, and future. In contrast, the propositions B and C have a temporalized aspect and refer to the implicit time condition “now”. Consequently temporal logic applies to time-related universes of discourse where behaviors and courses of events are of interest. As classical logic formulas can characterize static states and properties, temporal logic formulas can describe sequences of state changes and properties of behaviors.Classical logic comprises different logics; several variants of propositional logic, first order predicate logic, etc., exist with different sets of logical operators and inference rules. Likewise some temporal logics were proposed which differ with respect to their formula syntax, semantics, and expressiveness. A temporal logic, however, basically results from an extension of a classical propositional or predicate logic by temporal quantifiers introducing temporalized modalities. Usually, there are at least the two quantifiers s (denoting “always”) and x (denoting “eventually”) and typical formulas are similar to following examples:D:x B “The moon will be rising eventually”E:s x B “The moon will be rising again and again”F:s (B⇒x C) “Moon rise leads to moon setting”The example formula D is true, if the moon is rising now or will be rising in some future point of time. Formula E exemplifies that combinations of temporal quantifiers can denote more complex time conditions, e.g., “always eventually” can correspond to the natural language term “again and again”. Finally, formula F is an example of a “leads-to” pattern describing that always a precondition B will eventually result in a postcondition C.Due to its temporal quantifiers temporal logic is a convenient and appropriate means to reason with time-related propositions. Indeed, classical logic can also handle temporal properties, but the formulas tend to be complicated since points of time have to be explicitly represented in the underlying universe. The formula E may serve as example and underpin the usefulness of temporal logics. The easy-to-read temporal logic formula E corresponds to following predicate logic formula: “For all subjects x a subject y exists such, that – if x is a point of time – y is a point of time equal or later to x and the moon is rising at y”.HistoryTemporal logic is rooted in the field of exact philosophy and is a variant of modal logic. Modal logic deals with propositions which are interpreted with respect to a set of possible worlds. The truth value of propositions depends on the respective world and basically two operators “necessarily” and “possibly” exist which denote that a proposition is true in all possible worlds res. in some possible worlds. Even the ancient Greek philosophy schools of the Megarians, Stoics, and Peripatetics as well as Aristotle used some temporalized form of these modal operators. During the Middle Ages Arabian and European logicians resumed and refined the ancient approaches in order to discern different types of necessity and possibility. In modern times, the interest in symbolic logic grew during the first half of the 20th century, and – with some delay – new modal and temporal logic approaches occurred. First publications date back to the 1940's. In particular, the logicians Prior, Rescher, Kripke, and Scott contributed to the development of modern temporal logic. Kripke presented a formal possible world semantics for modal logics. Prior proposed a temporal interpretation. An ordered set of possible worlds can correspond to a temporal sequence of states. In result, the two basic modal operators “necessarily” and “possibly” become the temporal quantifiers “always” and “eventually”. Based on the linearity of time additional operators like “next” and “until” as well as past operators were introduced. Rescher and Urquhart outlined the history and introduced several major systems of temporal logic in [5]. In 1974, Burstall proposed the application oftemporal logic in computer science for the first time. Pnueli improved this approach in [4], which is regarded as the classic source of temporal logic based program specification and verification.Computer Science ApplicationIn several fields of computer science there is a needs for the formal description of event-discrete processes and the corresponding reasoning. In the main, we have to mention the formal specification and verification of so-called reactive systems, the formalization of real-life processes as well as the semantics of natural language commands to be modeled in artificial intelligence, and finally the handling of dynamic consistency conditions in data base systems.We focus on reactive systems. In particular, Manna and Pnueli recognized in [3] that reactive systems are of growing interest and that temporal logic is well-suited for their formal specification and verification. In contrast to those programs which transform starting states into final results and which may be specified by pre- and postconditions, reactive systems interact with their environment during runtime and the course of interactions and system events is essential. The range of reactive systems is wide and growing. It comprises embedded systems, process control systems, and all types of interactive, concurrent or distributed hard- and software systems. Due to their inherent concurrency, their elaborated fault-tolerance, coordination, and interaction mechanisms distributed systems are rather complex reactive systems and usually need particular design and development tools which support the formal handling of dynamic aspects. Here, temporal logic is profitably applied with respect to following topics:1. Formal specification: Temporal logic formulas serve as precise, concise and binding descriptions of systems andcomponents (e.g., as proposed by Lamport, Manna, and Pnueli in [2] res. [3]).2. Formal verification: The rules of a temporal logic proof calculus are applied to show the correctness of a temporallogic specification with respect to more abstract system specifications (e.g., in [2] and [3]).3. Requirements description: During the early system design the results of the requirements constraining thefunctional system behavior are represented by a set of temporal logic formulas.4. Specification checks: Even if the design specifications use other means than temporal logic (e.g., other formaldescription techniques, see SDL, Estelle, and LOTOS, see also UNITY), temporal logic may be applied additionally in order to describe requirements and plausibility conditions. Meanwhile several approaches exist which support the tool-based checking of formal system specifications with respect to temporal logic conditions (see Model Checking).Linear and Branching TimeUsually, a temporal logic can be classified as so-called linear-time logic which considers behaviors modeled as linear sequences of states. Within one behavior, each state has exactly one future. Additionally, so-called branching-time logics are known. Here, the formulas refer to tree-structured behaviors where a state can have several futures. The behavior-trees can directly correspond to tree models of non-deterministic systems (e.g., synchronization and communication trees, see Calculus of Communicating Systems). A corresponding prominent branching-time logic is CTL (computation tree logic, proposed by Clarke, Emerson, and Sistla in [1]). Its temporal quantifiers directly support the navigation in behavior trees.Non-deterministic systems, however, have not necessarily to be modeled by behavior trees. Likewise, a set of linear state sequences can form a model of a non-deterministic system where each state sequence corresponds to one possible evolution of the system. In comparison with this linear-time approach, branching-time logics additionally provide for notions of potential behaviors since branching-time formulas can describe properties of branches which correspond to subsets of the possible execution sequences while linear-time formulas generally state properties of all possible sequences.VariantsBesides of the mentioned distinctions between temporal propositional and predicate logics and between linear-time and branching-time logics, there exist further variants. Some introduce additional temporal quantifiers like “always in the past”, “sometimes in the past”, “next”, “precedes”, “until”, and “leads-to”. Others extend the time model, e.g., in order to describe time-intervals or real-time quantifications. Furthermore, partial-order temporal logics were proposed which directly refer to partial-order representations of concurrency (see Concurrency Model).ExampleTo exemplify the application of temporal logic for the specification and verification of systems we outline some formula and proof patterns proposed by Lamport in [2] with respect to the Temporal Logic of Actions TLA which is a compact linear-time logic for the reasoning on state-transition systems. He considers the two commonly known classes of properties, invariance and eventuality. Moreover, the correctness of design refinements can be proven with respect to the preservation of properties.An invariance property P is expressed by a formula “s P” where P is a predicate logic formula describing a set of execution states. Inter alia P may specify following typical correctness conditions of a system:1. Partial correctness: P is an implication of the form “system terminated ⇒ correct results computed”.2. Deadlock freedom: P applies to a set of states, the system is not deadlocked.3. Mutual exclusion: P asserts that at most one process is in a critical section.By means of auxiliary history variables all interesting safety properties of a system can be expressed as invariance properties (see Safety Property).The formal proof of invariance properties is supported by a proof rule applying induction on the course of system execution steps. At first, one proves that each initial state implies P. Furthermore, each transition class of the system has to be considered. Each transition has to transform states where P is true into successor states where P is true again. Eventuality properties assert that some events will eventually happen during each execution of a system. The following typical properties can be easily expressed in temporal logic:1. Termination: A formula of the form “x terminated” can assert that each execution leads to a state where the systemis terminated.2. Live service: Each state representing that a service request is pending will be followed by a state the request isserved: “s (requested ⇒x served)”.3. Fair message transfer: If a message is sent often enough over a loose channel, then it is eventually delivered:“(s x sent) ⇒ (x delivered)”.Eventuality properties can express the typical liveness requirements of systems (see Liveness Property).The proof of eventuality properties can be reduced to the proof of a series of transitive leads-to properties of the form “s (P⇒x Q)”. The proof of a single leads-to property is supported by the so-called lattice rule which is based on the existence of a well-founded order. The order asserts that a finite number of execution steps is sufficient to reach a state where Q is true.Systems can be described by formulas on abstract levels as well as on more implementation-near ones. Thus, specifications, refinement steps of a design, and implementations can be represented. That is of great interest, since valid implications correspond to system refinements which are correct in the usual understanding of system developers. Let the formula Spec describe a system S on a more abstract level. A formula Impl describes a correct refinement of S, if the implication formula “Impl ⇒Spec” is provable.References[1] E.M. Clarke, E.A. Emerson, and A.P. Sistla, Automatic Verification of Finite State Concurrent Systems UsingTemporal Logic Specifications, ACM Transactions on Programming Languages and Systems, 8(2): 244-263, 1986 [2] L. Lamport, The Temporal Logic of Actions, ACM Transactions on Programming Languages and Systems,16(3):872-923, 1994[3] Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems, Springer-Verlag, 1992[4] A. Pnueli, The Temporal Logic of Programs, Proceedings of the 18th IEEE Symposium on Foundations ofComputer Science, pp. 46-57, 1977[5] N. Rescher and A. Urquhart, Temporal Logic, Springer-Verlag, 1971Cross Reference:CTL see Temporal LogicFormal Specification see Temporal LogicFormal Verification see Temporal LogicTLA see Temporal LogicDictionary Terms:Concurrency ModelModel representing the global dynamics of a system which consists of concurrently acting components. Mainly, there are two types of concurrency models. Interleaving models induce a total temporal ordering of all component actions. Thus, the system is assumed to perform a global sequence of actions and the model reduces concurrency to non-determinism. In contrast, partial-order models represent the temporal independence of concurrent events directly. Concurrent events are not comparable with respect to the order of events.Liveness PropertyProperty of a system concerning its dynamics and expressing that the system will eventually show a particular behavior within a finite period of time. Together with safety properties (see Safety Property) liveness properties can be used to characterize the principal functionality of distributed systems.Safety PropertyProperty of a system concerning its dynamics and expressing that the system behavior never injures particular conditions, e.g., never enters forbidden states. Together with liveness properties (see Liveness Property) safety properties can be used to characterize the principal functionality of distributed systems.。