Real-Time Systems

, Volume 13, Issue 3, pp 253–275 | Cite as

The ProCoS Approach to Correct Systems

  • Hans Langmaack


PorCoS is the name of the ESPRIT project “Provably Correct Systems”. A system is seen as a technological system with embedded controlling processors, sensors, actuators, connecting channels and timers in a physical environment, especially a real-time or hybrid system with digital and continuous components. The goal of PorCoS is to contribute to mathematical foundation for analysis and synthesis and to mathematical principles, techniques and tools for systematic and correct design and construction of systems, especially in safety-critical applications. The article discusses the notion of system correctness and explains its non-absolute nature. Two forerunners of ProCoS are described, the so-called stack of Computational Logic Inc., Austin, Texas, and the three views of concurrent processes – nets, terms and formulas – of E.-R. Olderog. ProCoS is going beyond the forerunners and has extended the description levels: Requirements and systems architectural language, specification language, high-level programming language, machine language, hardware description language and description language for asynchronuous circuits. A major achievement of ProCoS is to have related the semantic models of several different system development levels and to have shown up how to mathematically prove correct the transitions between these levels w.r.t. the semantic relations. The Duration Calculus gives a basis for semantics and verification and crosses the boundary between discrete and continuous models.

The lecture has been given at the Dagstuhl-Seminar “High Integrity Programmable Electronic Systems”, 27. 02. - 03. 03. 95, organized by W. J. Cullyer, W. A. Halang and B. J. Krämer.

computer-based real-time systems safety-critical applications requirements systems architecture specification high-level timed programming machine programming hardware description asynchronous circuits correctness duration calculus 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    P. Antognetti and G. Massobrio. Semiconductor Device Modelling with SPICE. McGraw-Hill, 1988.Google Scholar
  2. 2.
    F. L. Bauer, H. Ehlers, A. Horsch, B. Möller, H. Partsch, O. Paukner, and P. Pepper. The Munich Project CIP, vol. II: The Transformation System CIP-S, volume 292 of LNCS. Springer-Verlag, 1987.Google Scholar
  3. 3.
    R. D. Black. Towards a dynamical systems approach to asynchronous circuit design. Internal report, Department of Computer Science, University of Waterloo, Canada, 1994.Google Scholar
  4. 4.
    J. P. Bowen, editor. Towards Verified Systems, volume 2 of Real-Time and Safety-Critical Systems Series. Elsevier, 1994.Google Scholar
  5. 5.
    J. P. Bowen, C. A. R. Hoare, M. R. Hansen, A. P. Ravn, H. Rischel, E.-R. Olderog, M. Schenke, M. Fränzle, M. Müller-Olm, J. He, and Z. Jianping. Provably correct systems—FTRTFT'94 tutorial. ProCoS Technical Report COORD JB 7/1, Oxford University Computing Laboratory, UK, September 1994.Google Scholar
  6. 6.
    J. P. Bowen et al. A ProCoS II project description: ESPRIT Basic Research Project 7071. Bull. EATCS, 50:128–137, 1993.Google Scholar
  7. 7.
    K.-H. Buth. Automated code generator verification based on algebraic laws. ProCoS Technical Report Kiel KHB 5/1, Christian-Albrechts-Universität Kiel, Germany, September 1995.Google Scholar
  8. 8.
    M. Fränzle. A discrete model of VLSI dynamics in hybrid control applications. ProCoS Technical Report Kiel MF 17/3, Christian-Albrechts-Universität Kiel, Germany, April 1995.Google Scholar
  9. 9.
    M. Fränzle. From continuity to discreteness—five views of embedded control hardware. ProCoS Technical Report Kiel MF 18/1, Christian-Albrechts-Universität Kiel, Germany, August 1995.Google Scholar
  10. 10.
    M. Fränzle and M. Müller-Olm. Towards provably correct code generation for a hard real-time programming language. In Peter A. Fritzson, editor, Compiler Construction, volume 786 of LNCS, pages 294–308. Springer-Verlag, 1994.Google Scholar
  11. 11.
    M.-C. Gaudel. Advantages and limits of formal approaches for ultra-high dependability. In Randell et al. [37], pages 241–252.Google Scholar
  12. 12.
    G. Goos, H. Langmaack, F. W. von Henke, W. Goerigk, and W. Zimmermann. Verifizierte Übersetzer (Verifix). DFG-Projektantrag, Karlsruhe, Kiel, Ulm, 1994.Google Scholar
  13. 13.
    R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors. Hybrid Systems, volume 736 of LNCS. Springer-Verlag, 1993.Google Scholar
  14. 14.
    F. K. Hanna. Reasoning about real circuits. In T. F. Melham and J. Camilleri, editors, Higher Order Logic Theorem Proving and its Applications, volume 859 of LNCS. Springer-Verlag, September 1994.Google Scholar
  15. 15.
    F. K. Hanna and N. Daeche. Specification and verification using higher-order logic: A case study. In George Milne and P. A. Subrahmanyam, editors, Formal Aspects of VLSI Design. North-Holland, 1985.Google Scholar
  16. 16.
    J. He, C. A. R. Hoare, M. Fränzle, M. Müller-Olm, E.-R. Olderog, M. Schenke, M. R. Hansen, A. P. Ravn, and H. Rischel. Provably correct systems. In Langmaack et al. [26], pages 288–335.Google Scholar
  17. 17.
    J. He and J. Zheng. Simulation approach to provably correct hardware compilation. In Langmaack et al. [26], pages 336–350.Google Scholar
  18. 18.
    C. A. R. Hoare. Communicating Sequential Processes. Series in Computer Science. Prentice Hall, 1985.Google Scholar
  19. 19.
    C. A. R. Hoare, J. He, and A. Sampaio. Normal form approach to compiler design. Acta Inform., 30:701–739, 1994.Google Scholar
  20. 20.
    W. A. Hunt jr. FM 8501: A verified microprocessor. Technical Report 47, Univ. of Texas, Austin, 1986.Google Scholar
  21. 21.
    Inmos ltd. occam 2 Reference Manual. Series in Computer Science. Prentice-Hall International, 1988.Google Scholar
  22. 22.
    Inmos ltd. Transputer Instruction Set: A compiler writer's guide. Prentice-Hall International, 1988.Google Scholar
  23. 23.
    B. von Karger and C. A. R. Hoare. Sequential calculus. Information Processing Letters, 53(3):123–130, 1995.Google Scholar
  24. 24.
    R. P. Kurshan and K. L. McMillan. Analysis of digital circuits through symbolic reduction. IEEE Transact. Comp. Aid. Des., 10(11):1356–1371, November 1991.Google Scholar
  25. 25.
    H. Langmaack and A. P. Ravn. The ProCoS project: Provably correct systems. In Bowen [4], pages 249–265.Google Scholar
  26. 26.
    H. Langmaack, W.-P. de Roever, and J. Vytopil, editors. Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 863 of LNCS. Springer-Verlag, September 1994.Google Scholar
  27. 27.
    B. Littlewood and L. Strigini. Validation of ultra-high dependability for software-based systems. In Randell et al. [37], pages 473–494.Google Scholar
  28. 28.
    A. J. Martin. Programming in VLSI. In C. A. R. Hoare, editor, Developments in Concurrency and Communication, The University of Texas at Austin Year of Programming Series, chapter 1. Addison-Wesley, 1990.Google Scholar
  29. 29.
    J S. Moore. Piton: A verified assembly level language. Technical Report 22, Computational Logic Inc., Austin, Texas, 1988.Google Scholar
  30. 30.
    A. Möschwitzer and K. Lunze. Halbleiterelektronik. VEB Verlag Technik, eighth edition, 1988.Google Scholar
  31. 31.
    M. Müller-Olm. A new proposal for TimedPL's semantics. ProCoS Technical Report Kiel MMO 10/2, Christian-Albrechts-Universität Kiel, Germany, August 1994.Google Scholar
  32. 32.
    M. Müller-Olm. Compiling the gas burner case study. ProCoS Technical Report Kiel MMO16/1, Christian-Albrechts-Universität Kiel, Germany, August 1995.Google Scholar
  33. 33.
    M. Müller-Olm. Structuring code generator correctness proofs by stepwise abstracting the machine language's semantics. ProCoS Technical Report Kiel MMO 12/3, Christian-Albrechts-Universität Kiel, Germany, January 1995.Google Scholar
  34. 34.
    M. Müller-Olm. Modular Compiler Verification. Dissertation, Univ. Kiel, 1996. To be published as Vol. 1283 of LNCS, Springer-Verlag, 1997.Google Scholar
  35. 35.
    E.-R. Olderog. Nets, Terms and Formulas. Cambridge Tracts in Theoretical Computer Science. Cambridge University Press, 1991.Google Scholar
  36. 36.
    E.-R. Olderog and C. A. R. Hoare. Specification-oriented semantics for communicating processes. Acta Informatica, 23:9–66, 1986.Google Scholar
  37. 37.
    B. Randell, J.-C. Laprie, H. Kopetz, and B. Littlewood, editors. Predictably Dependable Computing Systems, ESPRIT Basic Research Series. Springer-Verlag, 1995.Google Scholar
  38. 38.
    A. P. Ravn. Design of embedded real-time computing systems. Lecture Notes, Danish Technical University, Lyngby, Denmark, September 1994.Google Scholar
  39. 39.
    W. Reisig. Petri Nets, An Introduction. EATCS Monographs on Theoretical Computer Science. Springer-Verlag, 1985.Google Scholar
  40. 40.
    M. Schenke. Specification and transformation of reactive systems with time restrictions and concurrency. In Langmaack et al. [26], pages 605–620.Google Scholar
  41. 41.
    M. Schenke and E.-R. Olderog. Design of real-time systems: From duration calculus to correct programs. ProCoS Technical Report OLD MS 17/1, Univ. Oldenburg, Germany, August 1995.Google Scholar
  42. 42.
    H. Shichman and D. A. Hodges. Modeling and simulation of insulated-gate field-effect transistor switching circuits. IEEE J. SSC., pages 285–289, 1968.Google Scholar
  43. 43.
    J. Singh. Semiconductor Devices. McGraw-Hill Series in Electrical and Computer Engineering. McGraw-Hill, 1994.Google Scholar
  44. 44.
    J. U. Skakkebæk. A Verification Assistant for a Real-Time Logic. PhD thesis, Dep. Comp. Sc. TUD Lyngby, 1994.Google Scholar
  45. 45.
    J. M. Spivey. The Z Notation. A Reference Manual. International Series in Computer Science. Prentice-Hall, second edition, 1992.Google Scholar
  46. 46.
    P. R. Stephan and R. K. Brayton. Physically realizable gate models. Technical Report UCB/ERL M93/33, Electronics Research Laboratory, University of California, Berkeley, May 1993.Google Scholar
  47. 47.
    W. D. Young. A verified code generator for a subset of Gypsy. Technical Report 33, Computational Logic Inc., Austin, Texas, 1988.Google Scholar
  48. 48.
    W. D. Young. System verification and the CLI stack. In Bowen [4], pages 225–248.Google Scholar
  49. 49.
    C. Zhou, C. A. R. Hoare, and A. P. Ravn. A calculus of durations. Inform. Proc. Letters, 40(5):269–276, 1991.Google Scholar
  50. 50.
    C. Zhou, A. P. Ravn, and M. R. Hansen. An extended duration calculus for hybrid real-time systems. In Grossman et al. [13], pages 36–59.Google Scholar

Copyright information

© Kluwer Academic Publishers 1997

Authors and Affiliations

  • Hans Langmaack
    • 1
  1. 1.Institut für Informatik und Praktische Mathematik, Christian-Albrechts-Universität zu KielKielGermany

Personalised recommendations