We present a modular framework for proving temporal properties of real-time systems, based on clocked transition systems and linear-time temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of real-time systems in this framework. We also discuss global and modular proofs of the branching-time property of nonZenoness. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.

This report describes a new language for distributed programming, the IOA language, together with a high-level design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of high-quality distributed software. The language and tools are based on the I/O automaton model, which has been used to describe and verify distributed algorithms. The toolset supports a development process that begins with a high-level specification, refines that specification via successively more detailed designs, and ends by automatically generating distributed programs. The toolset encourages system decomposition, which helps make distributed programs understandable and easy to modify. It also provides a variety of validation methods (theorem proving, model checking, and simulation), which can be used to ensure that the generated programs are correct, subject to assumptions about externally-provided system services (e.g., communication services), and about the correctness of hand-coded data type implementations.

Reactive systems exhibit ongoing, possibly non-terminating, interaction with the environment. Real-time systems are reactive systems that must satisfy quantitative timing constraints. This paper presents a structured compositional design method for discrete real-time systems that can be used to combat the combinatorial explosion of states in the verification of large systems. A composition rule describes how the correctness of the system can be determined from the correctness of its modules, without knowledge of their internal structure. The advantage of compositional verification is clear. Each module is both simpler and smaller than the system itself. Composition requires the use of both model-checking and deductive techniques. A refinement rule guarantees that specifications of high-level modules are preserved by their implementations. The StateTime toolset is used to automate parts of compositional designs using a combination of model-checking and simulation. The design method is illustrated using a reactor shutdown system that cannot be verified using the StateTime toolset (due to the combinatorial explosion of states) without compositional reasoning. The reactor example also illustrates the use of the refinement rule.

Abstract: This dissertation outlines an approach to co-design of hardware and software with the goal to achieve better quality of real-time systems. This work has been done in the framework of a project covering design and development of embedded hard real-time systems as well as their verification and validation. As an example an existing prototype is taken [COL98, GUM97]. The emphasis is on the validation of this and similar systems. In examples some typical situations where it could be used are considered. The basic demand that this system and its operating system have to fulfil, is to ensure (timely) deterministic and reproducible behaviour. An existing operating system was used while building a model of this system. The syntax of a specification meta-language to describe the hardware and software configuration of the system was defined. The standard PEARL for distributed systems (DIN 66253, Part 3 [PEARL89]) is considered the basis for our research. It defines the syntax of the hardware and software configuration description language, which is meant to be used for systems that are programmed in PEARL [PEARL81, PEARL82]. The mentioned specification language was enhanced to enable the specification of asymmetrical architectures with the appropriate descriptions of the operating system kernel processors and diverse multiprocessor systems ' architectures as well as more complete and

This report addresses the issue of separation of concerns in software architecture modelling of real-time reactive systems. First, the idea of modelling functionalities and behavior with GAMMA and its coordination language is reviewed, and a method for reasoning on GAMMA and coordinated specifications is presented. Then, the new aspect for timing is added to the design method and the extended syntax, semantics, and reasoning method are proposed. Before extending the formalisms with timing, decision points are outlined and different alternatives are investigated.

We survey the most significant literature about compositional techniques for concurrent and real-time system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments.

In recent years much progress has been made towards the development of mathematical methods ("formal methods") through which it is possible, in principal, to specify and design software to conform to specifications. Although formal methods have the potential to offer a basis for software engineering akin to the calculational methods and tools of other engineering disciplines, these methods have had only a limited effect on industrial practice. One reason (amongst many) for this state of affairs is that the software engineering curriculum needs to incorporate these methods and tools if the next generation of programming professionals are to use them. In this paper, we provide an overview of how formal methods can be used throughout the software development cycle, and what methods and tools can be introduced in the computer science curriculum to support software development.

In recent years, much progress has been made towards the development of mathematical methods ("formal methods") through which it is possible, in principle, to specify and design software to conform to specifications. In this paper, we provide an overview of how formal methods -- and particularly real-time formal methods -- can be used throughout the software development cycle, and what methods and tools can be introduced in the computer science curriculum to support software development.

In this paper, we present a hierarchical structure and framework for the representation, analysis and design of controllers for a Reconfigurable Machining System (RMS). This hierarchical framework allows one to integrate controllers at various levels of coordination in the manufacturing system. Our approach is modular and "object oriented". This allows re-usability and rapid reconfigurability of the controller as the manufacturing system is reconfigured. In this paper, we utilize the concept of timed transition models (TTM) introduced by Ostroff to model a RMS. To specify the desired controlled behavior of the RMS, we use the tools of Real Time Temporal Language(RTTL) introduced by Manna and Pnueli. In this framework, the controller analysis problem can be posed as the problem of verifying that certain logical formulae are valid. Such verification can be carried out using a either theorem proving techniques or model checking. We present some analytical results on a problem of system re...

The increasing relevance of areas such as real-time and embedded systems, pervasive computing, hybrid systems control, and biological and social systems modeling is bringing a growing attention to the temporal aspects of computing, not only in the computer science domain, but also in more traditional fields of engineering. This article surveys various approaches to the formal modeling and analysis of the temporal features of computer-based systems, with a level of detail that is also suitable for nonspecialists. In doing so, it provides a unifying framework, rather than just a comprehensive list of formalisms. The article first lays out some key dimensions along which the various formalisms can be evaluated and compared. Then, a significant sample of formalisms for time modeling in computing are presented and discussed according to these dimensions. The adopted perspective is, to some extent, historical, going from “traditional" models and formalisms to more