A compositional proof theory for real-time distributed message passing

A compositional proof system is given for an OCCAM-like real-time programming language for distributed computing with communication via synchronous message passing. This proof system is based on specifications of processes which are independent of the program text of these processes. These specifications state (1) the assumptions of a process about the behaviour of its environment, and (2) the commitments of that process towards that environment provided these assumptions are met. The proof system is sound w.r.t a denotational semantics which incorporates assumptions regarding actions of the environment, thereby closely approximating the assumption/commitment style of reasoning on which the proof system is based. Concurrency is modelled as maximal parallelism ; that is, if a process can proceed it will do so immediately. A process only waits when no local action is possible and no partner is available for communication. This maximality property is imposed on the domain of interpretation of assertions by postulating it as separate axiom. The timing behaviour of a system is expressed from the viewpoint of a global external observer, so there is a global notion of time. Time is not necessarily discrete

Formal specification and compositional verification of an atomic broadcast protocol

We apply a formal method based on assertions to specify and verify an atomic broadcast protocol. The protocol is implemented by replicating a server process on all processors in a network. We show that the verification of the protocol can be done compositionally by using specifications in which timing is expressed by local clock values. First the requirements of the protocol are formally described. Next the underlying communication mechanism, the assumptions about local clocks, and the failure assumptions are axiomatized. Also the server process is represented by a formal specification. Then we verify that parallel execution of the server processes leads to the desired properties by proving that the conjunction of all server specifications and the axioms about the system implies the requirements of the protocol

A programming-language extension for distributed real-time systems

In this paper we propose a method for extending programming languages that enables the specification of timing properties of systems. The way time is treated is not language specific and the extension can therefore be included in many existing programming languages. The presented method includes a view on the system development process. An essential feature is that it enables the construction of (hard) real-time programs that may be proven correct independently of the properties of the machines that are used for their execution. It therefore provides a similar abstraction from the execution platform as is normal for non-real-time languages. The aim of this paper is to illustrate the method and demonstrate its applicability to actual real-time problems. To this end we define a simple programming language that includes the timing extension. We present a formal semantics for a characteristic part of the language constructs and apply formal methods to prove the correctness of a small example program. We consider in detail a larger example, namely the mine-pump problem known from the literature. We construct a real-time program for this problem and describe various ways to map the program to an implementation for different platforms

Incorporating formal techniques into industrial practice

We report about experiences with component-based development supported by formal techniques at Philips Healthcare. The formal Analytical Software Design (ASD) approach of the company Verum has been incorporated into the industrial workflow. The commercial tool ASD:Suite supports both compositional verification and code generation for control components. For other components test-driven development has been used. We discuss the results of these combined techniques in a project which developed the power control service of an interventional X-ray system

Compositional Verification of Timed Components using PVS

Contains fulltext : 36015.pdf (preprint version ) (Open Access

A compositional approach to the design of hybrid systems

To specify and verify distributed real-time systems, classical Hoare triples are extended with timing primitives and the interpretation is modified to be able to specify non-terminating computations. For these modified triples a compositional proof system has been formulated. Compositionality supports top-down program derivation, and by using a dense time domain also hybrid systems with continuous components can be designed. This is illustrated by a process control example of a water level monitoring system. First we prove the correctness of a control strategy in terms of a continuous interface. Next, to obtain a discrete interface, a sensor and an actuator are introduced. Using their specifications only, a suitable specification of the control unit is derived. This reduces the design of the system to the conventional problem of deriving a program according to its specification. Finally the control unit is extended, in a modular way, with error detection features