Eternity variables to prove simulation of specifications

TL;DR

This paper introduces eternity variables as a powerful extension to simulation techniques for specifications, enabling more comprehensive proofs of implementation relationships without certain restrictive assumptions.

Contribution

It presents eternity variables as a novel, more powerful alternative to prophecy variables and backward simulations, with a semantically complete framework for specification simulation.

Findings

Eternity variables extend simulation capabilities beyond prophecy variables.

The formalism is semantically complete without finite nondeterminism.

Preservation of quiescence suffices for completeness.

Abstract

Simulations of specifications are introduced as a unification and generalization of refinement mappings, history variables, forward simulations, prophecy variables, and backward simulations. A specification implements another specification if and only if there is a simulation from the first one to the second one that satisfies a certain condition. By adding stutterings, the formalism allows that the concrete behaviours take more (or possibly less) steps than the abstract ones. Eternity variables are introduced as a more powerful alternative for prophecy variables and backward simulations. This formalism is semantically complete: every simulation that preserves quiescence is a composition of a forward simulation, an extension with eternity variables, and a refinement mapping. This result does not need finite invisible nondeterminism and machine closure as in the Abadi-Lamport Theorem. Internal continuity is weakened to preservation of quiescence.