Abstract not found

Many concurrent systems are required to maintain certain safety and liveness properties. One emerging method of achieving confidence in such systems is to statically verify them using model checking. In this approach an abstract, finite-state model of the system is constructed; then an automatic check is made to ensure that the requirements are satisfied by the model. In practice, however, this method is limited by the state space explosion problem. We have developed a compositional method that directly addresses this problem in the context of multi-tasking programs. Our solution depends on three key space-saving ingredients: (1) checking for counter-examples, which leads to simpler search algorithms; (2) automatic extraction of interfaces, which allows a refinement of the finite model -- even before its communicating partners have been compiled; and (3) using propositional "strengthening assertions" for the sole purpose of reducing state space. In this paper we present our compositio...

There is general consensus in the software literature that real-time systems are difficult to model, specify, and design. It is an important and challenging task to develop an intuitive and easyto -use, yet coherent and concise method for specifying such systems. The Object-Process Methodology (OPM) graphically specifies systems in a single unified model that describes the staticstructural and behavioral-procedural aspects of a system by a set of Object-Process Diagrams. In this research paper we present OPM/T, as an extension of OPM for specification of reactive and real-time systems. A detailed telephone call example demonstrates the power of OPM/T to express such notions as timing constraints, events, conditions, exceptions, and control flow constructs.

There have been significant advances on formal methods to verify complex systems recently. Nevertheless, these methods have not yet been accepted as a realistic alternative to the verification of industrial systems. One reason for this is that formal methods are still difficult to apply efficiently. Another reason is that current verification algorithms are still not efficient enough to handle many complex systems. This work addresses the problem by presenting a language designed especially to simplify writing timecritical programs. It is an imperative language with a syntax similar to C. Special constructs are provided to allow the straightforward expression of timing properties. The familiar syntax makes it easier for non-experts to use the tool. The special constructs make it possible to model the timing characteristics of the system naturally and accurately. A symbolic representation using BDDs, model checking and quantitative algorithms are used to check system timing properties.

As technology progresses and computers become smaller, cheaper, and more powerful, they are increasingly relied on to guarantee the safety of human life and the environment. In most cases, it is not enough to merely provide such safety mechanisms, but is also critical to assure that they will be activated in time to prevent disasters. These real-time systems are found in both large-scale projects with highly visible consequences such as nuclear reactors and air traffic control systems as well as in consumer goods such as automobiles and smoke detectors. As more and more reliance is placed on real-time computing systems to perform critical and everyday functions, the need for formal methods to guarantee the correctness of these systems becomes crucial. Given the time

Contents I The Background 1 1 Instead of an Introduction: Formal Methods in Computing Science 3 1.1 How to get Systems Correct . . . . . . . . . . . . . . . . . . . . . 4 1.2 On the Use of Formal Methods . . . . . . . . . . . . . . . . . . . 4 1.3 Essentials of Formal Methods . . . . . . . . . . . . . . . . . . . . 6 1.4 Some Classical Formal Approaches . . . . . . . . . . . . . . . . . 8 1.5 Formal Approaches to Real-time Restrictions . . . . . . . . . . . 10 1.6 The ProCoS Approach . . . . . . . . . . . . . . . . . . . . . . . . 13 1.7 The Aim of the Habilitationsschrift . . . . . . . . . . . . . . . . . 14 1.8 The Structure of the Habilitationsschrift . . . . . . . . . . . . . . 16 2 Modal Logic and the Duration Calculus 19 2.1 What is Modal Logic? . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2 The Systems T, S4 and S5 . . . . . . . . . . . . . . . . . . . . . . 21 2.3 Modal and Temporal Logic . . . . . . . . . . . . . . . . . . . .

This report discusses a framework for formal requirements and design specification, and designing of Real-Time process Control systems (RTC-systems). The framework combines axiomatic with operational specification approaches for expressing respectively requirements and design. In addition, a design method is discussed and the principles and necessary instrumentation it assumes are identified and embedded in a notation based on ASTRAL [18]. This design method enables the incremental designing of total RTC-systems by interleaved application of top-down and bottom-up designing steps. Since the goal of the report is the identification of the principles, and since it does not concern any specific subclass of RTC-systems' requirements specifications, then the principles are kept as general as possible. When necessary, these general principles can be limited to any chosen subclass of these requirements specifications. Contents 1 Introduction 2 1.1 Real-time Process-Control systems : : : : :...

Contents 1 Introduction 1 1.1 Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 What is a system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.2 Complexity in system behaviours . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.3 Modelling systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.4 Frameworks for modelling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.5 Properties of systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.6 Organisational and practical issues in modelling . . . . . . . . . . . . . . . . . . . 5 1.2 Scope of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 Process algebra frameworks 6 2.1 The basic notions of process algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.1 Describ

Existing formal methods for real-time largely deal with abstract models of real-time systems, and seldom address implementation issues; they are mainly used for modelling and specification. In this paper we propose an alternative approach, in which a new timed process algebra, AORTA, is used as a design language, which can be verifiably implemented. As well as introducing and formally defining the language, methods for implementation and verification are discussed.

. Structured analysis methods for real-time systems (SA/RT) are widely accepted by the industrial world as a mature approach to real-time systems design. These methods use highly expressive graphical specification languages to specify system requirements. Giving semantics to SA/RT specifications via selected formal models has the advantage of not only retaining their user-friendly and problem-oriented characteristics, but also making good use of the existing results of formal models for easier simulation and more powerful analysis. An automatic translation from SA/RT specification models to high-level timed Petri nets has recently been reported in [5]. But this translation suffers from some drawbacks, especially that it is not compositional, and the resulting subnets, in some cases, can be of at least exponential complexity. In this paper, we propose an improved translation, which is compositional and the resulting nets are of much lower complexity, e.g. the number of transitions is li...