A bibliography on formal methods for system specification, design and validation

Literature on the specification, design, verification, testing, and evaluation of avionics systems was surveyed, providing 655 citations. Journal papers, conference papers, and technical reports are included. Manual and computer-based methods were employed. Keywords used in the online search are listed

A methodology for programming with concurrency: An informal presentation

AbstractIn this methodology, programming problems which can be specified by an input/output assertion pair are solved in two steps: 1.(1) Refinement of a correct program that can be implemented sequentially.2.(2) Declaration of program properties, so-called semantic relations, that allow relaxations in the sequencing of the refinement's operations (e.g., concurrency).Formal properties of refinements comprise semantics (input/output characteristics) and (sequential) execution time. Declarations of semantic relations preserve the semantics but may improve the execution time of a refinement. The consequences are: 1.(a) The concurrency in a program is deduced from its formal semantics. Semantic correctness is not based on concurrency but precedes it.2.(b) Concurrency is a property not of programs but of executions. Programs do not contain concurrent commands, only suggestions (declarations) of concurrency.3.(c) The declaration of too much concurrency is impossible. Programs do not contain primitives for synchronization or mutual exclusion.4.(d) Proofs of parallel correctness are stepwise without auxiliary variables.5.(e) Freedom from deadlock and starvation is implicit without recourse to an authority outside the program, e.g., a fair scheduler

Correctness of concurrent processes

A new notion of correctness for concurrent processes is introduced and investigated. It is a relationship P sat S between process terms P built up from operators of CCS [Mi 80], CSP [Ho 85] and COSY [LTS 79] and logical formulas S specifying sets of finite communication sequences as in [Zw 89]. The definition of P sat S is based on a Petri net semantics for process terms [Ol 89]. The main point is that P sat S requires a simple liveness property of the net denoted by P. This implies that P is divergence free and externally deterministic. Process correctness P sat S determines a new semantic model for process terms and logical formulas. It is a modification ℜ* of the readiness semantics [OH 86] which is fully abstract with respect to the relation P sat S. The model ℜ* abstracts from the concurrent behaviour of process terms and certain aspects of their internal activity. In ℜ* process correctness P sat S boils down to semantic equality: ℜ*[P]=ℜ*[S]. The modified readiness equivalence is closely related to failure equivalence [BHR 84] and strong testing equivalence [DH 84]

A Resource-Based Prioritized Bisimulation for Real-Time Systems

The behavior of concurrent, real-time systems can be specified using a process algebra called CCSR. The underlying computation model of CCSR is resource-based, in which multiple resources execute synchronously, while processes assigned to the same resource are interleaved according to their priorities. CCSR allows the algebraic specification of timeouts, interrupts, periodic behaviors and exceptions. This paper develops a natural treatment of preemption, which is based not only on priority, but also on resource utilization and inter-resource synchronization. The preemption ordering leads to a term equivalence based on strong bisimulation, which is also a congruence with respect to the operators. Consequently the equivalence yields a compositional proof system, which is illustrated in the verification of resource-sharing, producer-consumer problem

Specification of Synchronizing Processes

The formalism of temporal logic has been suggested to be an appropriate tool for expressing the semantics of concurrent programs. This paper is concerned with the application of temporal logic to the specification of factors affecting the synchronization of concurrent processes. Towards this end, we first introduce a model for synchronization and axiomatize its behavior. SYSL, a very high-level language for specifying synchronization properties, is then described. It is designed using the primitives of temporal logic and features constructs to express properties that affect synchronization in a fairly natural and modular fashion. Since the statements in the language have intuitive interpretations, specifications are humanly readable. In addition, since they possess appropriate formal semantics, unambiguous specifications result

On the engineering of crucial software

The various aspects of the conventional software development cycle are examined. This cycle was the basis of the augmented approach contained in the original grant proposal. This cycle was found inadequate for crucial software development, and the justification for this opinion is presented. Several possible enhancements to the conventional software cycle are discussed. Software fault tolerance, a possible enhancement of major importance, is discussed separately. Formal verification using mathematical proof is considered. Automatic programming is a radical alternative to the conventional cycle and is discussed. Recommendations for a comprehensive approach are presented, and various experiments which could be conducted in AIRLAB are described

Synchronization of processes

The study of the synchronization of processes is a very interesting field. It-brings together concepts that have originated in the design of operating systems, and of high level programming languages. Also it is becoming clear that the design of algorithms for parallel execution is intimately connected with synchronization problems. Some specialized synchronization problems have arisen in the design of data base systems. Indeed, distributed data bases provide an example of distributed processing that has immense practical significance. To summarize, synchronization of processes is a universal activity whose importance is being felt throughout computer science. The time has therefore come for the synchronization of processes to be studied as a topic in its own right. In this course I am taking such a broad viewpoint, and am trying to integrate some aspects of operating systems, languages, and parallel algorithms. However, this being a first attempt, the integration is not as thorough as I would have wished. Also, in the short time at my disposal, I am not able to discuss several very important topics, such as reliability

Modeling and analysis of concurrent systems

A survey of modeling and analysis techniques in common use for modeling and analyzing concurrent systems. The models surveyed are CSP (Communicating Sequential Processes), Path Expressions, CCS (Calculus of Communicating Systems), CIRCAL, Petri Nets, Coloured Petri Nets, Predicate-Action Nets, Numerical Petri Nets, Contour-Transition Nets, and several varieties of Timed Petri Nets. The analysis techniques are state-space analysis, temporal logic, structural analysis, and inductive analysis