On the logic of UNITY

Abstract

The UNITY approach to specification, design, and verification of parallel programs expounded by Chandy and Misra (1988) contains a programming notation, and a programming logic to express and prove properties of UNITY programs. For progress properties there is a basic notion leads-to, which comes in two versions. One version — here called leads-to — explicitly expresses progress of fair execution sequences of a UNITY program. Another prima facie stronger version — here called ↦ — is defined by infinitary closure conditions from the more elementary notion ensures. This version is used in the actual proofs of program properties given in (Chandy and Misra, 1988). In this paper these notions are investigated from a foundational point of view. A principle of transfinite induction for ↦ is introduced, and it is proved that every true leads-to proposition can be obtained by application of one single instance of this principle. Semantic completeness of ↦ w.r.t. its intended semantics leads-to is a corollary. Aspects of the complexity and computational power of UNITY are analyzed. The halting problem for fair executions of UNITY programs is shown to be Π 1 1-complete, and it is proved that a nondeterministic numerical function is computable by a UNITY program if and only if its graph is ∑ 1 1 and its halting set is a Π 1 1-subset of its domain. In order to retain completeness of the principle of transfinite induction for ↦, arbitrarily large recursive ordinals are needed as heights of well-founded relations. A formalized finitary proof system for ↦ is introduced and proved syntactically correct and complete relative to the set of true Π 1 1-sentences of a second-order assertion language. More precisely, the well-founded relation itself and the auxiliary assertions used can be expressed in a first-order language. It is only the hypothesis of well-foundedness, which has to be expressed by a Π 1 1 formula. In view of the Π 1 1-completeness phenomenon, this result is best possible.