Specification and Verification of a Steam-Boiler with Signal-Coq

  • Mickaël Kerbœuf
  • David Nowak
  • Jean-Pierre Talpin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1869)

Abstract

Over the last decade, the increasing demand for the validation of safety critical systems has led to the development of domain-specific programming languages (e.g. synchronous languages) and automatic verification tools (e.g. model checkers). Conventionally, the verification of a reactive system is implemented by specifying a discrete model of the system (i.e. a finite-state machine) and then checking this model against temporal properties (e.g. using an automata-based tool). We investigate the use of a synchronous programming language, Signal, and of a proof assistant, Coq, for the specification and the verification of co-inductive properties of the well-known steam-boiler problem.

By way of this large-scale case-study, the Signal-Coq formal approach, i.e. the combined use of Signal and Coq, is demonstrated to be a well-suited and practical approach for the validation of reactive systems. Indeed, the deterministic model of concurrency of Signal, for specifying systems, together with the unparalleled expressive power of the Coq proof assistant, for verifying properties, enables to disregard any compromise incurred by any limitation of either the specification and the verification tools.

Keywords

synchronous programming theorem proving the steam-boiler problem 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    J.-R. Abrial. The B-Book. Cambridge University Press, 1995.Google Scholar
  2. 2.
    J.-R. Abrial, E. Börger, and H. Langmaack. Formal Methods for Industrial Applications: Specifying and Programming the Steam Boiler Control. Lecture Notes in Computer Science, 1165, October 1996.Google Scholar
  3. 3.
    S. Bensalem, P. Caspi, and C. Parent-Vigouroux. Handling Data-flow Programs in PVS. Research report (draft), Verimag, May 1996.Google Scholar
  4. 4.
    A. Benveniste and P. Le Guernic. Synchronous Programming with Events and Relations: the SIGNAL Language and its Semantics. Science of Computer Programming, 16(2): 103–149, 1991.MATHCrossRefGoogle Scholar
  5. 5.
    G. Berry and G. Gonthier. The Esterel Synchronous Programming Language: Design, Semantics, Implementation. Science of Computer Programming, 19:87–152, 1992.MATHCrossRefGoogle Scholar
  6. 6.
    T. Cattel and G. Duval. The Steam-Boiler Problem in Lustre. Lecture Notes in Computer Science, 1165:149–164, 1996.Google Scholar
  7. 7.
    B. Barras et al. The Coq Proof Assistant Reference Manual-Version 6.2. INRIA, Rocquencourt, May 1998.Google Scholar
  8. 8.
    E Giménez. Un Calcul de Constructions Infinies et son Application à la Vérification des Systèmes Communicants. PhD thesis, Laboratoire de l’Informatique du Parallélisme, Ecole Normale Supérieure de Lyon, December 1996.Google Scholar
  9. 9.
    N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud. The Synchronous Dataflow Programming Language Lustre. Proc. of the IEEE, 79(9): 1305–1320, September 1991.CrossRefGoogle Scholar
  10. 10.
    D. Harel. Statecharts: A Visual Formalism for Complex Systems. Science of Computer Programming, 8:231–274, 1987.MATHCrossRefGoogle Scholar
  11. 11.
    M. Kerbosuf, D. Nowak, and J.-P. Talpin. The Steam-boiler Controller Problem in Signal-Coq. Research Report 3773, INRIA, Campus universitaire de Beaulieu, 35042 RENNES Cedex (France), October 1999.Google Scholar
  12. 12.
  13. 13.
    D. Nowak. Spécification et preuve de systèmes réactifs. PhD thesis, Ifsic, Univer-sité Rennes I, October 1999.Google Scholar
  14. 14.
    D. Nowak, J.-R. Beauvais, and J.-P. Talpin. Co-inductive Axiomatization of a Synchronous Language. In Proceedings of Theorem Proving in Higher Order Logics (TPHOLs’98), number 1479 in LNCS, pages 387–399. Springer Verlag, September 1998.CrossRefGoogle Scholar
  15. 15.
    B. Werner. Une Théorie des Constructions Inductives. PhD thesis, Université Paris VII, May 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Mickaël Kerbœuf
    • 1
  • David Nowak
    • 2
  • Jean-Pierre Talpin
    • 1
  1. 1.Inria-Rennes — IrisaRennesFrance
  2. 2.Oxford University Computing LaboratoryOxfordEngland

Personalised recommendations