We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discrete-event systems, such as multi-computer real-time systems, communication protocols and digital control units. Our diagrams, which we call statecharts, extend conventional state-transition diagrams with essentially three olements, dealing, respectively, with the notions of hierarchy, concurrency and communication. These transform the language of state diagrams into a highly structured' and economical description language. Statecharts are thus compact and expressive--small diagrams can express complex behavior--as well as compositional and modular. When coupled with the capabilities of computerized graphics, statecharts enable viewing the description at different levels of detail, and make even very large specifications manageable and comprehensible. In fact, we intend to demonstrate here that statecharts counter many of the objections raised against conventional state diagrams, and thus appear to render specification by diagrams an attractive and plausible approach. Statecharts can be used either as a stand-alone behavioral description or as part of a more general design methodology that deals also with the system's other aspects, such as functional decomposition and data-flow specification. We also discuss some practical experience that was gained over the last three years in applying the statechart formalism to the specification of a particularly complex system.

A rely/guarantee specification for a program P is a specification of the form R oe G (R implies G), where R is a rely condition and G is a guarantee condition. A rely condition expresses the conditions that P relies on its environment to provide, and a guarantee condition expresses what P guarantees to provide in return. This paper presents a proof technique that permits us to infer that a program P satisfies a rely/guarantee specification R oe G, given that we know P satisfies a finite collection of rely/guarantee specifications R i oe G i ; (i 2 I). The utility of the proof technique is illustrated by using it to derive global liveness properties of a system of concurrent processes from a collection of local liveness properties satisfied by the component processes. The use of the proof rule as a design principle, and the possibility of its incorporation into a formal logic of rely/guarantee assertions, is also discussed. 1 Introduction A rely/guarantee specification for a program P...

) Eugene W. Stark y Abstract The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, high-level temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal specification language is by introducing conceptual state variables, which are auxiliary (unimplemented) variables whose values serve as an abstract representation of the internal state of the process being specified. The kind of specifications resulting from the latter approach are called conceptual state specifications. This paper considers a central problem in reasoning about conceptual state specifications: the problem of proving entailment between specifications. A technique, based on the notion of simulation between machines, is shown to be sound for proving entailment. A kind of completeness result can also be shown, if specifications are assumed to satisf...

The formal correspondence between an implementation and its specification is examined. It is shown that existing specifications that claim to describe priority are either vacuous or else too restrictive to be implemented in some reasonable situations. This is illustrated with a precisely formulated problem of specifying a first-come-first-served mutual exclusion algorithm, which it is claimed cannot be solved by existing methods. prior # ity (pror # t), n.; pl. -ties(-tz). 3. Order of preference based on urgency, importance, or merit. [1] 1 Introduction Specification and Implementation A formal specification method should reduce the question of whether a program satisfies its specification to a precisely formulated mathematical prob- # This work was supported in part by the National Science Foundation under grant number MCS-8104459, and the Army Research O#ce under grant number DAAG29-83K -0119. 1 lem. This reduction is what distinguishes a formal method from an informal o...

This paper presents ASSERT, a methodology for developing specifications, mainly for reactive systems. It is based on the prototyping concept and combines two existing approaches for developing system specification -- the operational model approach and the rule-based approach. ASSERT uses as an operational model the OBSERV prototyping language. In it, the behavior of a system is expressed as a collection of objects, with well defined interfaces between them. The behavior of individual objects is modeled by finite state machines, and activities that occur within objects are described with the logic programming paradigm. ASSERT extends the system model representation provided by OBSERV by adding a set of dynamic behavior rules called assertions. The ASSERT language is based on Interval Temporal Logic, but its syntax is tailored to the expressive abstractions that are naturally used by designers. The process of specification is iterative, and moves back and forth between the system mode...