1,528 research outputs found
A bibliography on formal methods for system specification, design and validation
Literature on the specification, design, verification, testing, and evaluation of avionics systems was surveyed, providing 655 citations. Journal papers, conference papers, and technical reports are included. Manual and computer-based methods were employed. Keywords used in the online search are listed
The automated translation of integrated formal specifications into concurrent programs
The PROB model checker [LB03] provides tool support for an integrated formal specification approach, which combines the state-based B specification language [Abr96] with the event-based process algebra CSP [Hoa78]. The JCSP package [WM00b] presents a concurrent Java implementation for CSP/occam. In this thesis, we present a developing strategy for implementing such a combined specification as a concurrent Java program. The combined semantics in PROB is flexible and ideal for model checking, but is too abstract to be implemented in programming languages. Also, although the JCSP package gave us significant inspiration for implementing formal specifications in Java, we argue that it is not suitable for directly implementing the combined semantics in PROB. Therefore, we started with defining a restricted semantics from the original one in PROB. Then we developed a new Java package, JCSProB, for implementing the restricted semantics in Java. The JCSProB package implements multi-way synchronization with choice for the combined B and CSP event, as well as a new multi-threading mechanism at process level. Also, a GUI sub-package is designed for constructing GUI programs for JCSProB to allow user interaction and runtime assertion checking. A set of translation rules relates the integrated formal models to Java and JCSProB, and we also implement these rules in an automated translation tool for automatically generating Java programs from these models. To demonstrate and exercise the tool, several B/CSP models, varying both in syntactic structure and behavioural properties, are translated by the tool. The models manifest the presence and absence of various safety, deadlock, and fairness properties; the generated Java code is shown to faithfully reproduce them. Run-time safety and fairness assertion checking is also demonstrated. We also experimented with composition and decomposition on several combined models, as well as the Java programs generated from them. Composition techniques can help the user to develop large distributed systems, and can significantly improve the scalability of the development of the combined models of PROB.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Scheduling of guarded command based models
Formal methods provide a means of reasoning about computer programs
in order to prove correctness criteria. One subtype of formal methods is
based on the weakest precondition predicate transformer semantics and uses
guarded commands as the basic modelling construct. Examples of such
formalisms are Action Systems and Event-B. Guarded commands can intuitively
be understood as actions that may be triggered when an associated
guard condition holds. Guarded commands whose guards hold are nondeterministically
chosen for execution, but no further control flow is present
by default. Such a modelling approach is convenient for proving correctness,
and the Refinement Calculus allows for a stepwise development method. It
also has a parallel interpretation facilitating development of concurrent software,
and it is suitable for describing event-driven scenarios. However, for
many application areas, the execution paradigm traditionally used comprises
more explicit control flow, which constitutes an obstacle for using the above
mentioned formal methods. In this thesis, we study how guarded command
based modelling approaches can be conveniently and efficiently scheduled in
different scenarios. We first focus on the modelling of trust for transactions
in a social networking setting. Due to the event-based nature of the scenario,
the use of guarded commands turns out to be relatively straightforward. We
continue by studying modelling of concurrent software, with particular focus
on compute-intensive scenarios. We go from theoretical considerations to the
feasibility of implementation by evaluating the performance and scalability
of executing a case study model in parallel using automatic scheduling performed
by a dedicated scheduler. Finally, we propose a more explicit and
non-centralised approach in which the flow of each task is controlled by a
schedule of its own. The schedules are expressed in a dedicated scheduling
language, and patterns assist the developer in proving correctness of the
scheduled model with respect to the original one
A programming-language extension for distributed real-time systems
In this paper we propose a method for extending programming languages that enables the specification of timing properties of systems. The way time is treated is not language specific and the extension can therefore be included in many existing programming languages. The presented method includes a view on the system development process. An essential feature is that it enables the construction of (hard) real-time programs that may be proven correct independently of the properties of the machines that are used for their execution. It therefore provides a similar abstraction from the execution platform as is normal for non-real-time languages. The aim of this paper is to illustrate the method and demonstrate its applicability to actual real-time problems. To this end we define a simple programming language that includes the timing extension. We present a formal semantics for a characteristic part of the language constructs and apply formal methods to prove the correctness of a small example program. We consider in detail a larger example, namely the mine-pump problem known from the literature. We construct a real-time program for this problem and describe various ways to map the program to an implementation for different platforms
- …