Our aim was to fully develop (i.e. specify, program and verify) a controller for the production cell simulator. We have specified and programmed the controller in Lustre, which is a declarative language for programming synchronous reactive systems. For verification we have used a symbolic model checker, called Lesar, which allows to automatically verify those Lustre programs which use only boolean data. Since the production cell controller could be written as such a program, we were able to automatically verify all safety requirements given in the task description for this case study. Using a declarative language allowed to develop the controller in a relatively easy way, and in a relatively short time.
KeywordsModel Checker Output Channel Declarative Language Main Node Supply Input Signal
Unable to display preview. Download preview PDF.
- N. Halbwachs, Synchronous Programming of Reactive Systems, Kluwer Academic Publishers, 1993, 1–175.Google Scholar
- P. Caspi, N. Halbwachs, D. Pilaud, J. A. Plaice, Lustre: a declarative language for programming synchronous systems, Proc. of the 14th Symposium on Principle of Programming Languages, München, Sep. 1987, 178–188.Google Scholar
- N. Halbwachs, P. Caspi, P. Raymond, D. Pilaud, The Synchronous Data Flow Programming Language Lustre, IEEE Special Issue on Real Time Programming, Proceedings of the IEEE, 79(9), Sep. 1991, 1305–1320.Google Scholar
- N. Halbwachs, A Tutorial of Lustre, Lustre distribution, available by anonymous ftp from imag.imag.fr as file /ftp/pub/LUSTRE/tutorial.ps, Jan. 1993, 1–19Google Scholar
- N. Halbwachs, F. Lagnier, C. Ratel, Programming and Verifying Real-Time Systems by Means of the Synchronous Data-Flow Language Lustre, IEEE Trans. on Software Eng., 18(9), Sep. 1992, 785–793.Google Scholar