Software architectures shift the focus of developers from lines-of-code to coarser-grained architectural elements and their overall interconnection structure. Architecture description languages (ADLs) have been proposed as modeling notations to support architecture-based development. There is, however, little consensus in the research community on what is an ADL, what aspects of an architecture should be modeled in an ADL, and which of several possible ADLs is best suited for a particular problem. Furthermore, the distinction is rarely made between ADLs on one hand and formal specification, module interconnection, simulation, and programming languages on the other. This paper attempts to provide an answer to these questions. It motivates and presents a definition and a classification framework for ADLs. The utility of the definition is demonstrated by using it to differentiate ADLs from other modeling notations. The framework is used to classify and compare several existing ADLs, enabling us in the process to identify key properties of ADLs. The comparison highlights areas where existing ADLs provide extensive support and those in which they are deficient, suggesting a research agenda for the future.

1.1 Background: system architecture for system development? The characteristic approach in mature engineering disciplines (e.g. civil and chemical engineering) is to build systems (e.g., buildings or chemical plants) from known solutions such as

Reactive systems involve communication, concurrency and preemption. Few models support these three concepts, even less can correctly deal with their coexistence. The synchronous

Statecharts are a very rich graphical specification formalism supported by the commercial tool Statemate. Statecharts comprises powerful concepts such as interlevel transitions, multiple-source/multiple-target transitions, priority amongst transitions and simultaneous execution of maximal non-conflicting sets of transitions. Every add-on tool which is supposed to be linked with the Statemate tool have to deal with the rather involved semantics of these concepts. We propose extended hierarchical automata as an intermediate format to facilitate the linking of new tools to the Statemate environment, whose main idea is to devise a simple formalism with a more restricted syntax than statecharts which nevertheless allows to capture the richer formalism. We define the format, give operational semantics to it, and translate statecharts to it.

As software control of time-critical functions in embedded systems becomes more common, a means for the precise specification of their behavior becomes increasingly important. Modechart is a graphical specification language introduced to meet this need. This paper presents a method for verifying properties of systems specified in Modechart. The proposed approach makes use of a computation graph which takes advantage of the structuring inherent in a Modechart specification. Two classes of properties are presented for which decision procedures are developed. 1. Introduction Modechart is a graphical specification language developed to provide a compact and structured way to represent real-time systems [Jahanian & Mok 88]. Although similar in some ways to Harel's Statecharts [Harel 86], Modechart is specifically tailored to representing time-critical systems. The semantics of Modechart is given in Real Time Logic (RTL), a logic for the specification and analysis of such systems [Jahanian ...

Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing

. In the field of reactive system programming, dataflow synchronous languages like Lustre [BCH + 85,CHPP87] or Signal [GBBG85] offer a syntax similar to block-diagrams, and can be efficiently compiled into C code, for instance. Designing a system that clearly exhibits several "independent" running modes is not difficult since the mode structure can be encoded explicitly with the available dataflow constructs. However the mode structure is no longer readable in the resulting program; modifying it is error prone, and it cannot be used to improve the quality of the generated code. We propose to introduce a special construct devoted to the expression of a mode structure in a reactive system. We call it mode-automaton, for it is basically an automaton whose states are labeled by dataflow programs. We also propose a set of operations that allow the composition of several mode-automata (parallel and hierarchic compositions taken from Argos [Mar92]), and we study the properties...

VERSA is a tool that assists in the algebraic analysis of real-time systems. It is based on ACSR, a timed process algebra designed to express resource-bound real-time distributed systems. VERSA is designed to be both a usable and useful tool for the analysis of ACSR specifications. Usability is assured by a flexible user interface that uses ACSR's traditional notation augmented with conventions from programming languages and mathematics that allow concise specification of realistic systems. Usefulness is the result of the breadth of analysis techniques planned and currently implemented, including algebraic term rewriting and state-space exploration based techniques. 1 Introduction Reliability in real-time systems can be improved through the use of formal methods for the specification and analysis of real-time systems. Formal methods treat system components as mathematical objects and provide mathematical models to describe and predict the observable properties and behaviors of...

We argue that the specification of an object's functional behavior and the timing constraints imposed on it may be separated. Specifically, we describe RTsynchronizer, a high-level programming language construct for specifying real-time constraints between objects in a distributed concurrent system. During program execution, RTsynchronizers affect the scheduling of distributed objects to enforce real-time relations between events. Objects in our system are defined in terms of the actor model extended with timing assumptions. Separation of the functional behaviors of actors and the timing constraints on patterns of actor invocation provides at least three important advantages. First, it simplifies code development by separating design concerns. Second, multiple timing constraints can be independently specified and composed. And finally, a specification of timing constraints can be reused even if the representation of the functional behavior of actors has changed, and conversely. A numbe...

Numerous formal specification methods for reactive systems have been proposed in the literature. Because the significant differences between the methods are hard to determine, choosing the best method for a particular application can be difficult. We have applied several different methods, including Modechart, VFSM, ESTEREL, Basic LOTOS, Z, SDL and C, to an application problem encountered in the design of software for AT&T's 5ESS telephone switching system. We have developed a set of criteria for evaluating and comparing the different specification methods. We argue that the evaluation of a method must take into account not only academic concerns, but also the maturity of the method, its compatibility with the existing software development process and system execution environment, and its suitability for the chosen application domain.