Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing

The problem of formally analyzing properties of real-time systems is addressed. A method is proposed that allows specifying system properties in the TRIO language (an extension of temporal logic suitable to deal explicitly with the “time ” variable and to measure it) and modeling the system as a timed Petri net. It is argued that such an approach is more general than analyzing program properties. The proof method is based on an axiomatization of timed Petri nets in terms of TRIO so that their properties can be derived as suitable theorems in much the same spirit as classical Hoare’s method allows proving properties of programs coded in a Pascal-like language. The method is then exemplified through two classical “benchmarks ” of the literature on concurrent and real-time systems, namely an elevator system and the dining philosophers problem. A thorough review of the related literature and a comparison thereof with the new method is also provided. Possible alternative methods, theoretical extensions, and practical applications are briefly discussed.

: ASTRAL is a formal specification language for realtime systems. This paper discusses the rationale of ASTRAL's design and shows how the language builds on previous language experiments. ASTRAL is intended to support formal software development; therefore, the language itself has been formally defined. ASTRAL's specification style is illustrated by discussing a case study taken from telephony. 1. Introduction Realtime computer systems are increasingly being used in critical applications such as aircraft avionics, nuclear power plant control and patient monitoring. These systems are generally characterized by complex interactions with the environments in which they operate, and strict time constraints whose violation may have catastrophic consequences. The need for these software systems to be highly reliable is evident. The best way to improve software quality is to develop it formally. Existing informal software development methods and tools [HP 88, Qui 85, Gom 86] are simply unab...

The goal of net reduction is to increase the effectiveness of Petrinet -based real-time program analysis. Petri-net-based analysis, like all reachability-based methods, suffers from the state explosion problem. Petri net reduction is one key method for combating this problem. In this paper, we extend several rules for the reduction of ordinary Petri nets to work with time Petri nets. We introduce a notion of equivalence among time Petri nets, and prove that our reduction rules yield equivalent nets. This notion of equivalence guarantees that crucial timing and concurrency properties are preserved. Partially supported by NSF grants CCR-9108753 and CCR-9314258. Email: sloan@eecs.uic.edu. y Partially supported by NSF grants CCR-9109231 and CCR-9314258. Email: buy@eecs.uic.edu. 1 Introduction Petri nets have proven to be a very useful tool for the analysis of concurrent systems. To date several approaches have been defined that use Petri nets to model a system being analyzed (e.g...

Abstract not found

We propose to extend existing Petri-net-based tools for concurrency analysis to real-time analysis. The goal is to create a fully automated system, which starts from code in a higher level language for real-time programming, and answers programmers' queries about timing properties of the code. The key difficulty with all reachability-based approaches is that the state space quickly becomes intractably large. To circumvent this state explosion problem, we propose using a combination of several heuristics for model reduction and state space reduction that have been effective for untimed concurrency analysis. In: Proceedings of the Seventh International Workshop on Software Specification and Design, pp. 56--60, December 1993, IEEE Computer Society Press. 1 Introduction The analysis of real-time software is very difficult. Indeed, the activities of design, implementation and testing are costly and complex even for traditional software, considerably more costly and complex for untimed co...

Real-time systems are becoming increasingly widespread, especially for safety-critical applications. It is therefore crucial that these systems be correct; however, there are few automated tools for analyzing concurrency and timing properties of these systems. The PARTS toolset uses a Petri-net-based reachability analysis to analyze programs written in an Ada subset. Our simple time Petri nets or STP nets are specifically aimed at facilitating real-time analysis. In order to control the state-explosion problem, PARTS employs several optimization techniques aimed at state-space reduction. In this paper we discuss our approach and we report on extensive experiments with several examples of real-time Ada programs. When this is possible, we also compare our experimental results with results obtained by other approaches to real-time analysis. 1 Introduction Real-time software systems are becoming more and more widespread. By real-time software systems, we mean systems with timing constra...

Main considerations in the design of RTOC are exposed. A layered approach is given, and protocol mechanism is heavily explained. Design of RTOC Contents 1 Introduction 2 2 General description and functionality of RTOC 2 3 Subsystems decomposition 3 4 Configuration protocol 4 4.1 Interchange of addresses : : : : : : : : : : : : : : : : : : : : : : : 4 4.2 Interchange of shared places : : : : : : : : : : : : : : : : : : : : : 6 4.3 Starting execution : : : : : : : : : : : : : : : : : : : : : : : : : : 6 5 X interface 8 5.1 X Properties : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 8 5.2 Writing mechanism : : : : : : : : : : : : : : : : : : : : : : : : : : 8 5.3 Reading mechanism : : : : : : : : : : : : : : : : : : : : : : : : : : 9 5.4 Broadcasting : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 9 5.5 Integration RTOC-HLTPNK using X : : : : : : : : : : : : : : : : 9 6 Message format 10 7 Protocol and primitives 11 7.1 WatchMarking : : : : : : : : ...

The constantly increasing complexity and risk associated with the industrial development of embedded computer systems has been approached in different ways in resent years. One of the most promising approaches to managing risks in software development projects is the Boehm's spiral principle. In ESPRIT project no. EP5570 called IPTES (IPTES is an acronym for "Incremental Prototyping Technology for Embedded real-time Systems") a methodology and a supporting environment to support the Boehm's spiral principles are being developed. The prototyping environment will enable the specification and verification of executable system models so that different parts of the system may represent different modeling levels, and yet they can be executed as a total system. Also problems in connection with distributed software development are addressed in the IPTES environment. Typically it is difficult to define the interface protocols between the processors (nodes) of a multi-processor realtime system. ...

The main problems related to real-time object communication in the IPTES environment are analysed in this document. A brief description of the role of object communication in model partition as required for heterogeneous, distributed prototyping is included. The problems related to the real-time aspects of prototyping are identified and discussed. Scheduling characteristics are also considered. As a result of the described analysis, a first approach to the functionality and structure of the real-time object communication layer in the IPTES environment is presented. Then, the informal description of the behaviour of the protocol primitives is also shown. Finally, a model of the distributed kernel execution is presented to describe a possible use of the RTOC primitives. Analysis of Real-Time Object Communication Contents 1 Model partition in the IPTES Environment 3 1.1 Model partition at the specification language level : : : : : : : : : 3 1.2 Model partition at the kernel level : : ...