The Temporal Language of Transitions (TLT) is a framework for the design and verification of distributed systems being developed at Siemens. Similar to UNITY and TLA, it is a formalism to model systems and specify their properties. It further includes methods for refinement and composition, used repeatedly in this case study. We were able to specify, verify and simulate a distributed controller that can handle up to eight plates. The correctness proofs for both safety and liveness properties were done automatically using a model checking tool based on BDDs.
KeywordsReachable State Program Variable Execution Sequence Proof Obligation Liveness Property
Unable to display preview. Download preview PDF.
- R. Allen, D. Garlan, Formal Connectors, technical report CMU-CS-94-115, Carnegie-Mellon-University, 1994Google Scholar
- K.M. Chandy, J. Misra, Parallel Program Design — A Foundation, Addison-Wesley Publishing Company, 1988Google Scholar
- D. Barnard, J. Cuellar, A Tutorial Introduction to TLT — Part I: The Design of Distributed Systems, Siemens ZFE BT SE 11, 19941 Google Scholar
- D. Barnard, J. Cuellar, M. Huber, A Tutorial Introduction to TLT — Part II: The Verification of Distributed Systems, Siemens ZFE BT SE 11, 1994Google Scholar
- J. Cuellar, I. Wildgruber, D. Barnard, Combining the Design of Industrial Systems with Effective Verification Techniques, FME '94, Formal Methods Europe 1994, to appear1 Google Scholar
- T. Filkorn, H.-A. Schneider, A. Scholz, A. Strasser, P. Warkentin, SVE System Verification Environment, Siemens ZFE BT SE 11, to appearGoogle Scholar
- L. Lamport, The Temporal Logic of Actions, digital systems Research Center, 1991Google Scholar
- K. Nökel, K. Winkelmann, Controller Synthesis and Verification with CSL, Siemens ZFE BT SE 15, in this volumeGoogle Scholar