The Unified Modeling Language UML is well-suited for the design of real-time systems. In particular, the design of dynamic system behaviors is supported by interaction diagrams and statecharts. Real-time aspects of behaviors can be described by time constraints. The semantics of the UML, however, is non-formal. In order to enable formal design verification, we therefore propose to complement the UML based design by additional formal models which refine UML diagrams to precise formal models. We apply the formal specification technique cTLA which is based on L. Lamport's Temporal Logic of Actions TLA. In particular cTLA supports modular definitions of process types and the composition of systems from coupled process instances. Since process composition has superposition character, each process system has all of the relevant properties of its constituting processes. Therefore mostly small subsystems are sufficient for the verification of system properties and it is not necessary to use complete and complex formal system models. We present this approach by means of an example and also exemplify the formal verification of its hard real-time properties. 1.

Package universes is a component-distribution architecture based on explicitly managing the set of components visible at assembly time. The architecture is usable as is for a number of common organizations and software-engineering processes. Also, by providing a context of use for components, it allows several simplifications in the underlying component system. Experience is reported about two prototype implementations and user groups. 1

In addition to static structures, the Unified Modelling Language (UML) supports the specification of dynamic properties of objects by means of statechart and sequence diagrams. Moreover, the upcoming UML 2.0 standard defines several kinds of actions to specify invocations, computations and the access of structural features. The formal specification technique compositional Temporal Logic of Actions (cTLA) provides for modular descriptions of behavior constraints and its process composition operation corresponds to superposition. Furthermore, cTLA facilitates the selection of an arbitrary subsystem of a complex specification which is composed of processes. We introduce an approach for formal-based refinement verifications of detailed UML models which fulfill more abstract ones. In a first step of the verification, the abstract and the detailed model are transformed to cTLA specifications. Thereafter, we can prove that the cTLA specification of the more detailed model implies the cTLA description of the more abstract one by application of the model checker TLC (Temporal Logic Checker).