Advertisement

Provably Correct Systems

  • Jifeng He
  • C. A. R. Hoare
  • Martin FrÄnzle
  • Markus Müller-Olm
  • Ernst-Rüdiger Olderog
  • Michael Schenke
  • Michael R. Hansen
  • Anders P. Ravn
  • Hans Rischel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 863)

Abstract

The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, real-time, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and control design; Transformation to a systems architecture with program designs and their transformation to programs; Compilation of real-time programs to conventional processors, and Compilation of programs to hardware.

Keywords

Temporal Logic Clock Cycle Regular Expression Source Process Delay Element 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    R. J. R. Back. Refinement calculus, part II: Parallel and reactive programs. In J. W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, volume 430 of LNCS, pages 67–93, 1990.Google Scholar
  2. 2.
    J. C. M. Baeten and P. Weijland. Process Algebra. Cambridge University Press, 1980.Google Scholar
  3. 3.
    F. L. Bauer et al. The Munich Project CIP, Volume II: The Transformation System CIP-S, volume 292 of LNCS. Springer-Verlag, 1987.Google Scholar
  4. 4.
    W. R. Bevier, W. A. Hunt, Jr., and W. D. Young. Towards verified execution environments. Technical Report 5, Computational Logic, Inc., Austin, Texas, USA, February 1987.Google Scholar
  5. 5.
    D. BjØrner, H. Langmaack, and C. A. R. Hoare. ProCoS I final deliverable. ProCoS Technical Report [ID/DTH DB 13/1], Department of Computer Science, Technical University of Denmark, DK-2800 Lyngby, Denmark, January 1993.Google Scholar
  6. 6.
    Egon Börger, Igor Durdanovic, and Dean Rosenzweig. Occam: Specification and compiler correctness — Part I: The primary model. unpublished note.Google Scholar
  7. 7.
    A. Bouajjani, R. Echahed, and R. Robbana. Verifying invariance properties of timed systems with duration variables. In these proceedings, 1994.Google Scholar
  8. 8.
    J. P. Bowen, editor. Towards Verified Systems. Real-Time Safety Critical Systems Series. Elsevier, in press.Google Scholar
  9. 9.
    J. P. Bowen, M. FrÄnzle, E.-R. Olderog, and A. P. Ravn. Developing correct systems. In Proc. 5th Euromicro Workshop on Real-Time Systems, pages 176–189. IEEE Computer Society Press, June 1993.Google Scholar
  10. 10.
    J. P. Bowen, He Jifeng, and I. Page. Hardware compilation. In Bowen [8], chapter 10, pages 193–207.Google Scholar
  11. 11.
    J. P. Bowen and V. Stavridou. Safety-critical systems, formal methods and standards. IEE/BCS Software Engineering Journal, 8(4):189–209, July 1993.Google Scholar
  12. 12.
    S. Brien, M. Engel, He Jifeng, A. P. Ravn, and H. Rischel. Z model for Duration Calculus. ProCoS Technical Report [OU HJF 12/2], Oxford University Computing Laboratory, UK, September 1993.Google Scholar
  13. 13.
    G. M. Brown. Towards truly delay-insensitive circuit realizations of process algebras. In G. Jones and M. Sheeran, editors, Designing Correct Circuits, Workshops in Computing, pages 120–131. Springer-Verlag, 1991.Google Scholar
  14. 14.
    M. Broy. Specification and top-down design of distributed systems. J. Comput. System Sci., 34:236–265, 1987.Google Scholar
  15. 15.
    R. H. Campbell and A. N. Habermann. The specification of process synchronisation by path expressions. In E. Gelenbe and C. Kaiser, editors, Operating Systems, International Symposium, Rocquencourt 1974, volume 16 of LNCS. Springer-Verlag, 1974.Google Scholar
  16. 16.
    K. M. Chandy and J. Misra. Parallel Program Design: A Foundation. Addison-Wesley, 1988.Google Scholar
  17. 17.
    M. Engel et al. A formal approach to computer systems requirements documentation. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 452–474, 1993.Google Scholar
  18. 18.
    M. FrÄnzle and M. Müller-Olm. Towards provably correct code generation for a hard real-time programming language. In P. A. Fritzson, editor, Compiler Construction '94, 5th International Conference, Edinburgh, UK, volume 786 of LNCS, pages 294–308, 1994.Google Scholar
  19. 19.
    M. FrÄnzle and B. von Karger. Proposal for a programming language core for ProCoS II. ProCoS Technical Report [Kiel MF 11/3], Christian-Albrechts-UniversitÄt Kiel, Germany, August 1993.Google Scholar
  20. 20.
    C. Ghezzi, D. Mandrioli, and A. Morzenti. TRIO: A logic language for executable specifications of real-time systems. Journal of Systems and Software, May 1990.Google Scholar
  21. 21.
    D. I. Good and W. D. Young. Mathematical methods for digital system development. In S. Prehn and W. J. Toetenel, editors, VDM '91, Formal Software Development Methods: Volume 2, volume 552 of LNCS, pages 406–430, 1991.Google Scholar
  22. 22.
    M. R. Hansen and Zhou Chaochen. Semantics and completeness of the Duration Calculus. In J. W. de Bakker, K. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Real-Time: Theory in Practice, volume 600 of LNCS, pages 209–225, 1992.Google Scholar
  23. 23.
    D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231–274, 1987.Google Scholar
  24. 24.
    He Jifeng and J. P. Bowen. Time interval semantics and implementation of a real-time programming language. In Proc. 4th Euromicro Workshop on Real-Time Systems, pages 110–115. IEEE Computer Society Press, 1992.Google Scholar
  25. 25.
    He Jifeng, I. Page, and J. P. Bowen. Towards a provably correct hardware implementation of Occam. In G. J. Milne and L. Pierre, editors, Correct Hardware Design and Verification Methods, volume 683 of LNCS, pages 214–225. Springer-Verlag, 1993.Google Scholar
  26. 26.
    C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall International Series in Computer Science, 1985.Google Scholar
  27. 27.
    C. A. R. Hoare. Refinement algebra proves correctness of compiling specifications. In C. C. Morgan and J. C. P. Woodcock, editors, 3rd Refinement Workshop, Workshops in Computer Science, pages 33–48. Springer-Verlag, 1991.Google Scholar
  28. 28.
    C. A. R. Hoare, I. J. Hayes, He Jifeng, C. C. Morgan, A. W. Roscoe, J. W. Sanders, I. H. SØrensen, J. M. Spivey, and B. A. Sufrin. Laws of programming. Communications of the ACM, 30(8):672–687, 1987.Google Scholar
  29. 29.
    C. A. R. Hoare, He Jifeng, and A. Sampaio. Normal form approach to compiler design. Acta Informatica, 30:701–739, 1993.Google Scholar
  30. 30.
    J. Hooman and J. Widom. A temporal-logic based compositional proof system for real-time message passing. In PARLE '89, Parallel Architectures and Languages Europe: Volume II, volume 366 of LNCS, pages 424–441. Springer, 1989.Google Scholar
  31. 31.
    R. Inal. Modular specification of real-time systems. In Proc. 6th Euromicro Workshop on Real-Time Systems, pages 16–21. IEEE Computer Society Press, 1994.Google Scholar
  32. 32.
    INMOS Limited. Occam 2 Reference Manual. Prentice Hall, 1988.Google Scholar
  33. 33.
    INMOS limited. Transputer Instruction Set: A Compiler Writer's Guide. Prentice Hall, first edition, 1988.Google Scholar
  34. 34.
    M. S. Jaffe, N. G. Leveson, M. P. Heimdahl, and B. E. Melhart. Software requirements analysis for real-time process-control systems. IEEE Trans. Software Engineering, 17(3):241–258, March 1991.Google Scholar
  35. 35.
    J. J. Joyce. Totally verified systems: Linking verified software to verified hardware. In M. Leeser and G. Brown, editors, Hardware Specification, Verification and Synthesis: Mathematical Aspects, volume 408 of LNCS, pages 277–201, 1990.Google Scholar
  36. 36.
    R. Koymans. Specifying real-time properties with metric temporal logic. Real-Time Systems, 2(4):255–299, November 1990.Google Scholar
  37. 37.
    B. Krieg-Brückner. Algebraic specification and functionals for transformational program and meta program development. In J. Diaz and F. Orejas, editors, Proc. TAPSOFT '89: Volume 2, volume 352 of LNCS, 1989.Google Scholar
  38. 38.
    L. Lamport. The temporal logic of actions. Technical report, Digital Systems Research Center, 130 Lytton Avenue, Palo Alto, California 94301, USA, 25 December 1991.Google Scholar
  39. 39.
    L. Lamport. Hybrid systems in TLA+. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 77–102, 1993.Google Scholar
  40. 40.
    N. Leveson. Software safety in embedded computer systems. Communications of the ACM, 34(2):34–46, February 1991.Google Scholar
  41. 41.
    N. A. Lynch and M. R. Tuttle. Hierarchical correctness proofs for distributed algorithms. In Proc. 6th PODC, pages 137–151, 1987.Google Scholar
  42. 42.
    Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, 1992.Google Scholar
  43. 43.
    A. J. Martin. The design of a delay-insensitive microprocessor: An example of circuit synthesis by program transformation. In M. Leeser and G. Brown, editors, Hardware Specification, Verification and Synthesis: Mathematical Aspects, volume 408 of LNCS, pages 244–259, 1990.Google Scholar
  44. 44.
    A. J. Martin. Programming in VLSI: From communicating processes into delay-insensitive circuits. In C. A. R. Hoare, editor, Developments in Concurrency and Communication, University of Texas at Austin Year of Programming Series, chapter 1. Addison-Wesley, 1990.Google Scholar
  45. 45.
    P. C. Masiero, A. P. Ravn, and H. Rischel. Refinement of real-time specifications. ProCoS Technical Report [ID/DTH PCM 1/1], Department of Computer Science, Technical University of Denmark, DK-2800 Lyngby, Denmark, July 1993.Google Scholar
  46. 46.
    D. May. Occam and the Transputer. In C. A. R. Hoare, editor, Developments in Concurrency and Communication, University of Texas at Austin Year of Programming Series, chapter 2. Addison-Wesley, 1990.Google Scholar
  47. 47.
    J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. In J. Schwarz, editor, Proc. Symp. Applied Mathematics, pages 33–41. American Mathematical Society, 1967.Google Scholar
  48. 48.
    R. Milner. Communication and Concurrency. Prentice Hall International Series in Computer Science, 1989.Google Scholar
  49. 49.
    Robin Milner, Mads Tofte, and Robert Harper. The Definition of Standard ML. The MIT Press, 1990.Google Scholar
  50. 50.
    C. C. Morgan. Data refinement by miracles. Information Processing Letters, 26:243–246, 1988.Google Scholar
  51. 51.
    C. C. Morgan. Programming From Specifications. Prentice Hall International Series in Computer Science, 1990.Google Scholar
  52. 52.
    F. Lockwood Morris. Advice on structuring compilers and proving them correct. In Proc. ACM Symp. Principles of Programming Languages, Boston, Mass., pages 144–152, 1973.Google Scholar
  53. 53.
    B. Moszkowski. A temporal logic for multi-level reasoning about hardware. IEEE Computer, 18(2):10–19, 1985.Google Scholar
  54. 54.
    B. Moszkowski. Executing Temporal Logic Programs. Cambridge University Press, 1986.Google Scholar
  55. 55.
    M. Müller-Olm. On translation of TimedPL and capture of machine instruction timing. ProCoS Technical Report [Kiel MMO 6/2], Christian-Albrechts-UniversitÄt Kiel, Germany, August 1993.Google Scholar
  56. 56.
    Markus Müller-Olm. A new proposal for TimedPL's semantics. ProCoS Technical Report Kiel MMO 10/1, Christian-Albrechts-UniversitÄt Kiel, Germany, May 1994.Google Scholar
  57. 57.
    E.-R. Olderog. Nets, Terms and Formulas. Cambridge University Press, 1991.Google Scholar
  58. 58.
    E.-R. Olderog. Towards a design calculus for communicating programs. In J. C. M. Baeten and J. F. Groote, editors, Proc. CONCUR '91, volume 527 of LNCS, pages 61–72, 1991.Google Scholar
  59. 59.
    E.-R. Olderog. Interfaces between languages for communicating systems. In W. Kuich, editor, Automata, Languages and Programming, volume 623 of LNCS, 1992.Google Scholar
  60. 60.
    E.-R. Olderog and S. Rössig. A case study in transformational design of concurrent systems. In M.-C. Gaudel and J.-P. Jouannaud, editors, TAPSOFT '93: Theory and Practice of Software Development, volume 668 of LNCS, pages 90–104, 1993.Google Scholar
  61. 61.
    E.-R. Olderog, S. Rössig, J. Sander, and M. Schenke. ProCoS at Oldenburg: The interface between specification language and Occam-like programming language. Technical Report Bericht 3/92, Univ. Oldenburg, Fachbereich Informatik, Germany, 1992.Google Scholar
  62. 62.
    I. Page and W. Luk. Compiling Occam into field programmable gate arrays. In FPGAs, Oxford Workshop on Field Programmable Logic and Applications, pages 271–284, 15 Harcourt Way, Abingdon OX14 1NV, UK, 1991. Abingdon EE&CS Books.Google Scholar
  63. 63.
    D. L. Parnas and P. C. Clements. A rational design process: How and why to fake it. IEEE Trans. Software Engineering, 12(2):251–257, February 1986.Google Scholar
  64. 64.
    D. L. Parnas and J. Madey. Functional documentation for computer systems engineering (version 2). Technical Report CRL 237, TRIO, McMaster University, Hamilton, Canada, September 1991.Google Scholar
  65. 65.
    A. Pnueli and E. Harel. Applications of temporal logic to the specification of real-time systems (extended abstract). In M. Joseph, editor, Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 331 of LNCS, pages 84–98. Springer, 1988.Google Scholar
  66. 66.
    A. P. Ravn and H. Rischel. Requirements capture for embedded real-time systems. In Proc. IMACS-MCTS'91 Symp. on Modelling and Control of Technological Systems, volume 2, pages 147–152. IMACS, May 1991.Google Scholar
  67. 67.
    A. P. Ravn, H. Rischel, and K. M. Hansen. Specifying and verifying requirements of real-time systems. IEEE Trans. Software Engineering, 19(1):41–55, January 1993.Google Scholar
  68. 68.
    A. W. Roscoe and C. A. R. Hoare. Laws of Occam programming. Theoretical Computer Science, 60:177–229, 1988.Google Scholar
  69. 69.
    S. Rössig and M. Schenke. Specification and stepwise development of communicating systems. In S. Prehn and W. J. Toetenel, editors, VDM '91, Formal Software Development Methods: Volume 1, volume 551 of LNCS, pages 149–163, 1991.Google Scholar
  70. 70.
    M. Schenke. Specification and transformation of reactive systems with time restrictions and concurrency. In these proceedings, 1994.Google Scholar
  71. 71.
    J. U. SkakkebÆk, A. P. Ravn, H. Rischel, and Zhou Chaochen. Specification of embedded, real-time systems. In Proc. 4th Euromicro Workshop on Real-Time Systems, pages 116–121. IEEE Computer Society Press, 1992.Google Scholar
  72. 72.
    J. U. SkakkebÆk and N. Shankar. Towards a Duration Calculus proof assistant in PVS. In these proceedings, 1994.Google Scholar
  73. 73.
    J. M. Spivey. The Z Notation: A Reference Manual. Prentice Hall International Series in Computer Science, 2nd edition, 1992.Google Scholar
  74. 74.
    J. W. Thatcher, E. G. Wagner, and J. B. Wright. More on advice on structuring compilers and proving them correct. Theoretical Computer Science, 15:223–245, 1981.Google Scholar
  75. 75.
    Y. Venema. A modal logic for chopping intervals. J. Logic of Computation, 1(4):453–476, 1991.Google Scholar
  76. 76.
    A. Wikström. Functional Programming using Standard ML. Prentice Hall International Series in Computer Science, first edition, 1987.Google Scholar
  77. 77.
    M. W. Wilkes and J. B. Stringer. Micro-programming and the design of the control circuits in an electronic digital computer. Proc. Cambridge Phil. Soc., 49:230–238, 1953. also Annals of Hist. Comp. 8, 2 (1986) 121–126.Google Scholar
  78. 78.
    Xilinx Inc. The programmable gate array data book. Technical report, Xilinx Inc., San Jose, California, USA, 1991.Google Scholar
  79. 79.
    Zhiming Liu, A. P. Ravn, E. V. SØrensen, and Zhou Chaochen. Towards a calculus of systems dependability. High Integrity Systems, 1(1):49–75, January 1994.Google Scholar
  80. 80.
    Zhou Chaochen. Duration Calculi: An overview. In D. BjØrner, M. Broy, and I. V. Pottosin, editors, Formal Methods in Programming and their Application, volume 735 of LNCS, pages 256–266, 1993.Google Scholar
  81. 81.
    Zhou Chaochen, M. R. Hansen, and P. Sestoft. Decidability results for Duration Calculus. In P. Enjalbert, A. Finkel, and K. W. Wagner, editors, Proc. STACS 93, volume 665 of LNCS, pages 58–68, 1993.Google Scholar
  82. 82.
    Zhou Chaochen, C. A. R. Hoare, and A. P. Ravn. A calculus of durations. Information Processing Letters, 40(5), December 1991.Google Scholar
  83. 83.
    Zhou Chaochen, A. P. Ravn, and M. R. Hansen. An extended Duration Calculus for hybrid real-time systems. In R. L. Grossman, A. Nerode, A. P. Ravn, and H. Rischel, editors, Hybrid Systems, volume 736 of LNCS, pages 36–59, 1993.Google Scholar
  84. 84.
    J. Zwiers. Compositionality, Concurrency, and Partial Correctness: Proof Theories for Networks of Processes and their Relationship, volume 321 of LNCS. Springer-Verlag, 1989.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Jifeng He
    • 1
  • C. A. R. Hoare
    • 1
  • Martin FrÄnzle
    • 2
  • Markus Müller-Olm
    • 2
  • Ernst-Rüdiger Olderog
    • 3
  • Michael Schenke
    • 3
  • Michael R. Hansen
    • 4
  • Anders P. Ravn
    • 4
  • Hans Rischel
    • 4
  1. 1.Oxford University Computing LaboratoryOxfordUK
  2. 2.Institut für Informatik und Praktische MathematikChristian-Albrechts-UniversitÄt zu KielKielGermany
  3. 3.FB InformatikUniversitÄt OldenburgOldenburgGermany
  4. 4.Department of Computer ScienceTechnical University of DenmarkLyngbyDenmark

Personalised recommendations