Abstract
The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, real-time, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and control design; Transformation to a systems architecture with program designs and their transformation to programs; Compilation of real-time programs to conventional processors, and Compilation of programs to hardware.
This work is partially funded by the Commission of the European Communities (CEC) under the ESPRIT programme in the field of Basic Research Project No. 7071: “ProCoS II: Provably Correct Systems”. The hardware compilation work is partially funded by the UK Science and Engineering Research Council (SERC) under the Information Engineering Directorate SAFEMOS project (IED3/1/1036).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of LNCS, pages 67–93, 1990.
J. C. M. Baeten and P. Weijland. Process Algebra. Cambridge University Press, 1980.
F. L. Bauer et al. The Munich Project CIP, Volume II: The Transformation System CIP-S, volume 292 of LNCS. Springer-Verlag, 1987.
W. R. Bevier, W. A. Hunt, Jr., and W. D. Young. Towards verified execution environments. Technical Report 5, Computational Logic, Inc., Austin, Texas, USA, February 1987.
D. BjØrner, H. Langmaack, and C. A. R. Hoare. ProCoS I final deliverable. ProCoS Technical Report [ID/DTH DB 13/1], Department of Computer Science, Technical University of Denmark, DK-2800 Lyngby, Denmark, January 1993.
Egon Börger, Igor Durdanovic, and Dean Rosenzweig. Occam: Specification and compiler correctness — Part I: The primary model. unpublished note.
A. Bouajjani, R. Echahed, and R. Robbana. Verifying invariance properties of timed systems with duration variables. In these proceedings, 1994.
J. P. Bowen, editor. Towards Verified Systems. Real-Time Safety Critical Systems Series. Elsevier, in press.
J. P. Bowen, M. FrÄnzle, E.-R. Olderog, and A. P. Ravn. Developing correct systems. In Proc. 5th Euromicro Workshop on Real-Time Systems, pages 176–189. IEEE Computer Society Press, June 1993.
J. P. Bowen, He Jifeng, and I. Page. Hardware compilation. In Bowen [8], chapter 10, pages 193–207.
J. P. Bowen and V. Stavridou. Safety-critical systems, formal methods and standards. IEE/BCS Software Engineering Journal, 8(4):189–209, July 1993.
S. Brien, M. Engel, He Jifeng, A. P. Ravn, and H. Rischel. Z model for Duration Calculus. ProCoS Technical Report [OU HJF 12/2], Oxford University Computing Laboratory, UK, September 1993.
G. M. Brown. Towards truly delay-insensitive circuit realizations of process algebras. In G. Jones and M. Sheeran, editors, Designing Correct Circuits, Workshops in Computing, pages 120–131. Springer-Verlag, 1991.
M. Broy. Specification and top-down design of distributed systems. J. Comput. System Sci., 34:236–265, 1987.
R. H. Campbell and A. N. Habermann. The specification of process synchronisation by path expressions. In E. Gelenbe and C. Kaiser, editors, Operating Systems, International Symposium, Rocquencourt 1974, volume 16 of LNCS. Springer-Verlag, 1974.
K. M. Chandy and J. Misra. Parallel Program Design: A Foundation. Addison-Wesley, 1988.
M. Engel et al. A formal approach to computer systems requirements documentation. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 452–474, 1993.
M. FrÄnzle and M. Müller-Olm. Towards provably correct code generation for a hard real-time programming language. In P. A. Fritzson, editor, Compiler Construction '94, 5th International Conference, Edinburgh, UK, volume 786 of LNCS, pages 294–308, 1994.
M. FrÄnzle and B. von Karger. Proposal for a programming language core for ProCoS II. ProCoS Technical Report [Kiel MF 11/3], Christian-Albrechts-UniversitÄt Kiel, Germany, August 1993.
C. Ghezzi, D. Mandrioli, and A. Morzenti. TRIO: A logic language for executable specifications of real-time systems. Journal of Systems and Software, May 1990.
D. I. Good and W. D. Young. Mathematical methods for digital system development. In S. Prehn and W. J. Toetenel, editors, VDM '91, Formal Software Development Methods: Volume 2, volume 552 of LNCS, pages 406–430, 1991.
M. R. Hansen and Zhou Chaochen. Semantics and completeness of the Duration Calculus. In J. W. de Bakker, K. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Real-Time: Theory in Practice, volume 600 of LNCS, pages 209–225, 1992.
D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231–274, 1987.
He Jifeng and J. P. Bowen. Time interval semantics and implementation of a real-time programming language. In Proc. 4th Euromicro Workshop on Real-Time Systems, pages 110–115. IEEE Computer Society Press, 1992.
He Jifeng, I. Page, and J. P. Bowen. Towards a provably correct hardware implementation of Occam. In G. J. Milne and L. Pierre, editors, Correct Hardware Design and Verification Methods, volume 683 of LNCS, pages 214–225. Springer-Verlag, 1993.
C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall International Series in Computer Science, 1985.
C. A. R. Hoare. Refinement algebra proves correctness of compiling specifications. In C. C. Morgan and J. C. P. Woodcock, editors, 3rd Refinement Workshop, Workshops in Computer Science, pages 33–48. Springer-Verlag, 1991.
C. A. R. Hoare, I. J. Hayes, He Jifeng, C. C. Morgan, A. W. Roscoe, J. W. Sanders, I. H. SØrensen, J. M. Spivey, and B. A. Sufrin. Laws of programming. Communications of the ACM, 30(8):672–687, 1987.
C. A. R. Hoare, He Jifeng, and A. Sampaio. Normal form approach to compiler design. Acta Informatica, 30:701–739, 1993.
J. Hooman and J. Widom. A temporal-logic based compositional proof system for real-time message passing. In PARLE '89, Parallel Architectures and Languages Europe: Volume II, volume 366 of LNCS, pages 424–441. Springer, 1989.
R. Inal. Modular specification of real-time systems. In Proc. 6th Euromicro Workshop on Real-Time Systems, pages 16–21. IEEE Computer Society Press, 1994.
INMOS Limited. Occam 2 Reference Manual. Prentice Hall, 1988.
INMOS limited. Transputer Instruction Set: A Compiler Writer's Guide. Prentice Hall, first edition, 1988.
M. S. Jaffe, N. G. Leveson, M. P. Heimdahl, and B. E. Melhart. Software requirements analysis for real-time process-control systems. IEEE Trans. Software Engineering, 17(3):241–258, March 1991.
J. J. Joyce. Totally verified systems: Linking verified software to verified hardware. In M. Leeser and G. Brown, editors, Hardware Specification, Verification and Synthesis: Mathematical Aspects, volume 408 of LNCS, pages 277–201, 1990.
R. Koymans. Specifying real-time properties with metric temporal logic. Real-Time Systems, 2(4):255–299, November 1990.
B. Krieg-Brückner. Algebraic specification and functionals for transformational program and meta program development. In J. Diaz and F. Orejas, editors, Proc. TAPSOFT '89: Volume 2, volume 352 of LNCS, 1989.
L. Lamport. The temporal logic of actions. Technical report, Digital Systems Research Center, 130 Lytton Avenue, Palo Alto, California 94301, USA, 25 December 1991.
L. Lamport. Hybrid systems in TLA+. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 77–102, 1993.
N. Leveson. Software safety in embedded computer systems. Communications of the ACM, 34(2):34–46, February 1991.
N. A. Lynch and M. R. Tuttle. Hierarchical correctness proofs for distributed algorithms. In Proc. 6th PODC, pages 137–151, 1987.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, 1992.
A. J. Martin. The design of a delay-insensitive microprocessor: An example of circuit synthesis by program transformation. In M. Leeser and G. Brown, editors, Hardware Specification, Verification and Synthesis: Mathematical Aspects, volume 408 of LNCS, pages 244–259, 1990.
A. J. Martin. Programming in VLSI: From communicating processes into delay-insensitive circuits. In C. A. R. Hoare, editor, Developments in Concurrency and Communication, University of Texas at Austin Year of Programming Series, chapter 1. Addison-Wesley, 1990.
P. C. Masiero, A. P. Ravn, and H. Rischel. Refinement of real-time specifications. ProCoS Technical Report [ID/DTH PCM 1/1], Department of Computer Science, Technical University of Denmark, DK-2800 Lyngby, Denmark, July 1993.
D. May. Occam and the Transputer. In C. A. R. Hoare, editor, Developments in Concurrency and Communication, University of Texas at Austin Year of Programming Series, chapter 2. Addison-Wesley, 1990.
J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. In J. Schwarz, editor, Proc. Symp. Applied Mathematics, pages 33–41. American Mathematical Society, 1967.
R. Milner. Communication and Concurrency. Prentice Hall International Series in Computer Science, 1989.
Robin Milner, Mads Tofte, and Robert Harper. The Definition of Standard ML. The MIT Press, 1990.
C. C. Morgan. Data refinement by miracles. Information Processing Letters, 26:243–246, 1988.
C. C. Morgan. Programming From Specifications. Prentice Hall International Series in Computer Science, 1990.
F. Lockwood Morris. Advice on structuring compilers and proving them correct. In Proc. ACM Symp. Principles of Programming Languages, Boston, Mass., pages 144–152, 1973.
B. Moszkowski. A temporal logic for multi-level reasoning about hardware. IEEE Computer, 18(2):10–19, 1985.
B. Moszkowski. Executing Temporal Logic Programs. Cambridge University Press, 1986.
M. Müller-Olm. On translation of TimedPL and capture of machine instruction timing. ProCoS Technical Report [Kiel MMO 6/2], Christian-Albrechts-UniversitÄt Kiel, Germany, August 1993.
Markus Müller-Olm. A new proposal for TimedPL's semantics. ProCoS Technical Report Kiel MMO 10/1, Christian-Albrechts-UniversitÄt Kiel, Germany, May 1994.
E.-R. Olderog. Nets, Terms and Formulas. Cambridge University Press, 1991.
E.-R. Olderog. Towards a design calculus for communicating programs. In J. C. M. Baeten and J. F. Groote, editors, Proc. CONCUR '91, volume 527 of LNCS, pages 61–72, 1991.
E.-R. Olderog. Interfaces between languages for communicating systems. In W. Kuich, editor, Automata, Languages and Programming, volume 623 of LNCS, 1992.
E.-R. Olderog and S. Rössig. A case study in transformational design of concurrent systems. In M.-C. Gaudel and J.-P. Jouannaud, editors, TAPSOFT '93: Theory and Practice of Software Development, volume 668 of LNCS, pages 90–104, 1993.
E.-R. Olderog, S. Rössig, J. Sander, and M. Schenke. ProCoS at Oldenburg: The interface between specification language and Occam-like programming language. Technical Report Bericht 3/92, Univ. Oldenburg, Fachbereich Informatik, Germany, 1992.
I. Page and W. Luk. Compiling Occam into field programmable gate arrays. In FPGAs, Oxford Workshop on Field Programmable Logic and Applications, pages 271–284, 15 Harcourt Way, Abingdon OX14 1NV, UK, 1991. Abingdon EE&CS Books.
D. L. Parnas and P. C. Clements. A rational design process: How and why to fake it. IEEE Trans. Software Engineering, 12(2):251–257, February 1986.
D. L. Parnas and J. Madey. Functional documentation for computer systems engineering (version 2). Technical Report CRL 237, TRIO, McMaster University, Hamilton, Canada, September 1991.
A. Pnueli and E. Harel. Applications of temporal logic to the specification of real-time systems (extended abstract). In M. Joseph, editor, Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 331 of LNCS, pages 84–98. Springer, 1988.
A. P. Ravn and H. Rischel. Requirements capture for embedded real-time systems. In Proc. IMACS-MCTS'91 Symp. on Modelling and Control of Technological Systems, volume 2, pages 147–152. IMACS, May 1991.
A. P. Ravn, H. Rischel, and K. M. Hansen. Specifying and verifying requirements of real-time systems. IEEE Trans. Software Engineering, 19(1):41–55, January 1993.
A. W. Roscoe and C. A. R. Hoare. Laws of Occam programming. Theoretical Computer Science, 60:177–229, 1988.
S. Rössig and M. Schenke. Specification and stepwise development of communicating systems. In S. Prehn and W. J. Toetenel, editors, VDM '91, Formal Software Development Methods: Volume 1, volume 551 of LNCS, pages 149–163, 1991.
M. Schenke. Specification and transformation of reactive systems with time restrictions and concurrency. In these proceedings, 1994.
J. U. SkakkebÆk, A. P. Ravn, H. Rischel, and Zhou Chaochen. Specification of embedded, real-time systems. In Proc. 4th Euromicro Workshop on Real-Time Systems, pages 116–121. IEEE Computer Society Press, 1992.
J. U. SkakkebÆk and N. Shankar. Towards a Duration Calculus proof assistant in PVS. In these proceedings, 1994.
J. M. Spivey. The Z Notation: A Reference Manual. Prentice Hall International Series in Computer Science, 2nd edition, 1992.
J. W. Thatcher, E. G. Wagner, and J. B. Wright. More on advice on structuring compilers and proving them correct. Theoretical Computer Science, 15:223–245, 1981.
Y. Venema. A modal logic for chopping intervals. J. Logic of Computation, 1(4):453–476, 1991.
A. Wikström. Functional Programming using Standard ML. Prentice Hall International Series in Computer Science, first edition, 1987.
M. W. Wilkes and J. B. Stringer. Micro-programming and the design of the control circuits in an electronic digital computer. Proc. Cambridge Phil. Soc., 49:230–238, 1953. also Annals of Hist. Comp. 8, 2 (1986) 121–126.
Xilinx Inc. The programmable gate array data book. Technical report, Xilinx Inc., San Jose, California, USA, 1991.
Zhiming Liu, A. P. Ravn, E. V. SØrensen, and Zhou Chaochen. Towards a calculus of systems dependability. High Integrity Systems, 1(1):49–75, January 1994.
Zhou Chaochen. Duration Calculi: An overview. In D. BjØrner, M. Broy, and I. V. Pottosin, editors, Formal Methods in Programming and their Application, volume 735 of LNCS, pages 256–266, 1993.
Zhou Chaochen, M. R. Hansen, and P. Sestoft. Decidability results for Duration Calculus. In P. Enjalbert, A. Finkel, and K. W. Wagner, editors, Proc. STACS 93, volume 665 of LNCS, pages 58–68, 1993.
Zhou Chaochen, C. A. R. Hoare, and A. P. Ravn. A calculus of durations. Information Processing Letters, 40(5), December 1991.
Zhou Chaochen, A. P. Ravn, and M. R. Hansen. An extended Duration Calculus for hybrid real-time systems. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 36–59, 1993.
J. Zwiers. Compositionality, Concurrency, and Partial Correctness: Proof Theories for Networks of Processes and their Relationship, volume 321 of LNCS. Springer-Verlag, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, J. et al. (1994). Provably Correct Systems. In: Langmaack, H., de Roever, WP., Vytopil, J. (eds) Formal Techniques in Real-Time and Fault-Tolerant Systems. FTRTFT ProCoS 1994 1994. Lecture Notes in Computer Science, vol 863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58468-4_171
Download citation
DOI: https://doi.org/10.1007/3-540-58468-4_171
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58468-1
Online ISBN: 978-3-540-48984-9
eBook Packages: Springer Book Archive