We extend Duration Calculus to a logic which allows description of Discrete Processes where several steps of computation can occur at the same time point. The resulting logic is called Duration Calculus of Weakly Monotonic Time (W DC). It allows effects such as true synchrony and digitisation to be modelled. As an example of this, we formulate a novel semantics of Timed CSP assuming that the communication and computation take no time.

The UniForM Workbench supports combination of Formal Methods (on a solid logical foundation), provides tools for the development of hybrid, real-time or reactive systems, transformation, verification, validation and testing. Moreover, it...

Timed Communicating Object Z (TCOZ) combines Object-Z's strengths in modeling complex data and algorithms with Timed CSP's strengths in modeling real-time concurrency. TCOZ inherits CSP's channel-based communication mechanism, in which messages represent discrete synchronisations between processes. The purpose of most control systems is to observe and control analog components. In such cases, the interface between the control system and the controlled systems cannot be satisfactorily described using the channel mechanism. In order to address this problem, TCOZ is extended with continuous-function interface mechanisms inspired by process control theory, the sensor and the actuator. The utility of these new mechanisms is demonstrated through their application to the design of an automobile cruise control system.

We present a new combination CSP-OZ-DC of three well researched formal techniques for the specification of processes, data and time: CSP [17], Object-Z [36], and Duration Calculus [40]. The emphasis is on a smooth integration of the underlying semantic models and its use for verifying properties of CSP-OZ-DC specifications by a combined application of the model-checkers FDR [29] for CSP and UPPAAL [1] for Timed Automata. This approach is applied to part of a case study on radio controlled railway crossings.

The principal objective of this paper is to lift basic concepts of the classical automata theory from discrete to continuous (real) time. It is argued that the set of nite memory retrospective functions is the set of functions realized by nite state devices. We show that the nite memory retrospective functions are speed-independent, i.e., they are invariant under `stretchings' of the time axis. Therefore, such functions cannot deal with metrical aspects of the reals.

Abstract. We present a new model-checking technique for CSP-OZ-DC, a combination of CSP, Object-Z and Duration Calculus, that allows reasoning about systems exhibiting communication, data and real-time aspects. As intermediate layer we will use a new kind of timed automata that preserve events and data variables of the specification. These automata have a simple operational semantics that is amenable to verification by a constraint-based abstraction-refinement model checker. By means of a case study, a simple elevator parameterised by the number of floors, we show that this approach admits model-checking parameterised and infinite state real-time systems. 1

This paper presents an algebraic calculus like the relational calculus for reasoning about sequential phenomena. It provides a common foundation for several proposed models of concurrent or reactive systems. It is clearly differentiated from the relational calculus by absence of a general converse operation. This permits the treatment of temporal logic within the sequential calculus. 1 Introduction and general axioms.

We investigate a variant of dense-time Duration Calculus which permits model checking using timed/hybrid automata. We define a variant of the Duration Calculus, called Interval Duration Logic, (IDL), whose models are timed state sequences [1]. A subset LIDL of IDL consisting only of located time constraints is presented. As our main result, we show that the models of an LIDL formula can be captured as timed state sequences accepted by an event-recording integrator automaton. A tool called IDLVALID for reducing LIDL formulae to integrator automata is briefly described. Finally, it is shown that LIDL has precisely the expressive power of event-recording integrator automata, and that a further subset LIDL- corresponds exactly to event-recording timed automata [2]. This gives us an automata-theoretic decision procedure for the satisfiability of LIDL- formulae. 1

Most hardware verification techniques tend to fall under one of two broad, yet separate caps: simulation or formal verification. This paper briefly presents a framework in which formal verification plays a crucial role within the standard approach currently used by the hardware industry. As a basis for this, the formal semantics of Verilog HDL are defined, and properties about synchronization and mutual exclusion algorithms are proved.

Abstract. This paper deals with dependability of imperfect implementations concerning given requirements. The requirements are assumed to be written as formulas in Duration Calculus. Implementations are modelled by continuous semi-Markov processes with finite state space, which are expressed in the paper as finite automata with stochastic delays of state transitions. A probabilistic model for Duration Calculus formulas is introduced, so that the satisfaction probabilities of Duration Calculus formulas with respect to semi-Markov processes can be defined, reasoned about and calculated through a set of axioms and rules of the model. 1.