## Compositional Specification and Structured Verification of Hybrid Systems in cTLA (1998)

### Cached

### Download Links

- [ls4-www.cs.uni-dortmund.de]
- [www.item.ntnu.no]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proc. 1st IEEE International Symposium on Object-oriented Real-time distributed Computing |

Citations: | 8 - 6 self |

### BibTeX

@INPROCEEDINGS{Herrmann98compositionalspecification,

author = {Peter Herrmann and Günter Graw and Heiko Krumm},

title = {Compositional Specification and Structured Verification of Hybrid Systems in cTLA},

booktitle = {In Proc. 1st IEEE International Symposium on Object-oriented Real-time distributed Computing},

year = {1998},

pages = {335--340},

publisher = {IEEE Computer Society Press}

}

### OpenURL

### Abstract

Many modern chemical plants have to be modelled as complex hybrid systems consisting of various continuous and event-discrete components. Besides of the modular and easy-to-read specification, the formal verification of required properties (e.g., safety properties) is a major problem due to the complexity of the models. In practice, mostly informal argumentations exist which show that certain properties hold. The informal argumentation for one specific property does not deal with the complex system model as a whole but considers specific parts and aspects only. Our approach supports formal proofs which correspond to the informal argumentations even with respect to the use of subsystems only. It is based on the specification language cTLA supporting modular descriptions of hybrid systems. We outline cTLA and introduce the approach by means of a hybrid example system. 1.

### Citations

2203 | A theory of timed automata
- AND, DILL
- 1994
(Show Context)
Citation Context ...oduction Compositional specifications describe systems guided by their internal structure. They state the set of components, define their coupling, and refer to modular component specifications (cf., =-=[2, 5]-=-). Our specification technique cTLA supports not only compositionality in this usual sense. Moreover, it ensures that properties of components and subsystems are properties of the system as a whole, t... |

870 | The temporal logic of actions
- Lamport
- 1994
(Show Context)
Citation Context ...f those constraints only which are necessary to prove a property of interest. Our approach is based on cTLA. cTLA stands for compositional TLA and is an extension of the Temporal Logic of Actions TLA =-=[9]-=-. As in TLA, systems are modelled by state transition systems and a specification has the character of a linear time temporal logic formula which describes relevant properties of the system. Moreover,... |

218 | An old-fashioned recipe for real time
- Abadi, Lamport
- 1994
(Show Context)
Citation Context ...stems and a specification has the character of a linear time temporal logic formula which describes relevant properties of the system. Moreover, cTLA recognizes the TLA-extensions to realtime systems =-=[1]-=- and hybrid systems [8]. In difference to TLA, cTLA supports the explicit notion of processes. Processes act as modular specification components and can represent implementation parts as well as logic... |

61 |
Architecture and specification style in formal descriptions of distributed systems
- Vissers, Scollo, et al.
- 1988
(Show Context)
Citation Context ...tly to physical parts of the real system and interesting system properties depend on the cooperation of many parts. Therefore cTLA supports so-called constraint-oriented specification structures (cf. =-=[10]-=-). Modular components of a system specification can be used to model logical constraints of system parts. Thus, the structured verification can be supplied by small subsystems consisting of those cons... |

53 | Hybrid Systems in TLA
- Lamport
- 1993
(Show Context)
Citation Context ...on has the character of a linear time temporal logic formula which describes relevant properties of the system. Moreover, cTLA recognizes the TLA-extensions to realtime systems [1] and hybrid systems =-=[8]-=-. In difference to TLA, cTLA supports the explicit notion of processes. Processes act as modular specification components and can represent implementation parts as well as logical constraints. Compara... |

48 |
Object-Oriented Specification of Reactive Systems
- Järvinen, Kurki-Suonio, et al.
- 1990
(Show Context)
Citation Context ...cTLA supports the explicit notion of processes. Processes act as modular specification components and can represent implementation parts as well as logical constraints. Comparable to objects in DisCo =-=[6]-=-, processes encapsulate state components and interact via joint actions. In the sequel we give a short outline of cTLA first. Thereafter we introduce a hybrid example system and describe its compositi... |

14 | Compositional Specification and Verification of High-Speed Transfer Protocols
- Herrmann, Krumm
- 1994
(Show Context)
Citation Context ...ity in this usual sense. Moreover, it ensures that properties of components and subsystems are properties of the system as a whole, too [4]. Therefore so-called structured verification can be applied =-=[3]-=-. The proof that a certain property holds in a system is reduced to the proof of the existence of a subsystem where the property holds. If the system specification has a suitable structure, relatively... |

12 |
A Compositional Approach to the Design of Hybrid Systems
- Hooman
- 1993
(Show Context)
Citation Context ...oduction Compositional specifications describe systems guided by their internal structure. They state the set of components, define their coupling, and refer to modular component specifications (cf., =-=[2, 5]-=-). Our specification technique cTLA supports not only compositionality in this usual sense. Moreover, it ensures that properties of components and subsystems are properties of the system as a whole, t... |

7 | Specification of Hybrid Systems in cTLA
- Herrmann, Krumm
- 1997
(Show Context)
Citation Context ...Our specification technique cTLA supports not only compositionality in this usual sense. Moreover, it ensures that properties of components and subsystems are properties of the system as a whole, too =-=[4]-=-. Therefore so-called structured verification can be applied [3]. The proof that a certain property holds in a system is reduced to the proof of the existence of a subsystem where the property holds. ... |

3 |
Modelbased verification of batch process control software
- Kowalewski, Gesthuisen, et al.
- 1994
(Show Context)
Citation Context ...pe Vaporize in Sec. 6 shows an example of a system description. It models a part of the example system introduced in the next section. 3. Example We will explain our method with the following example =-=[7]-=-: A discontinuous process produces a sodium chloride solution of a desired concentration by means of mixing a higher concentrated sodium chloride solution with water. After its utilization the solutio... |

1 |
Modelbasedverification of batch process control software
- Kowalewski, Gesthuisen, et al.
- 1994
(Show Context)
Citation Context ...pe Vaporize in Sec. 6 shows an example of a system description. It models a part of the example system introduced in the next section. 3. Example We will explain our method with the following example =-=[7]-=-: A discontinuous process produces a sodium chloride solution of a desired concentration by means of mixing a higher concentrated sodium chloride solution with water. After its utilization the solutio... |