Formal Methods in the Specification of Real-Time, Safety-Critical Control Systems

  • Alastair R. Ruddle
Conference paper
Part of the Workshops in Computing book series (WORKSHOPS COMP.)


An assessment of the relative merits of two formal methods in the specification of real-time, safety-critical control systems is presented. This case study was based on a simplified pollution monitoring and control sub-system for road tunnels, and the requirements were specified using TEMPURA and Z. It is concluded that TEMPURA currently offers greater potential for use in real-time systems development since it provides a means of describing dynamic, parallel processes and utilises a notation which is more accessible to the non-specialist than Z. However, further developments of Z to meet these shortcomings, or requirements for greater formality in real-time systems development, could alter the balance if the existing weaknesses of TEMPURA in areas such as structuring, proof and refinement are not addressed.


Formal Method Ventilation System Parallel Process Concurrent Process Road Tunnel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Lam K. The Specification of a Real-Time System in Z. REDO Report 2487TN-PRG-1015, Oxford University Computing Laboratory, Programming Research Group, 11 Keble Road, Oxford, OX1 3QD, UK, 1989Google Scholar
  2. [2]
    Spivey M. The Z Notation: A Reference Manual. Prentice-Hall International Series in Computer Science, 1989Google Scholar
  3. [3]
    Pearson DW. An Investigation of Formal Methods Techniques Applied to Industrial Software Development. REDO Report 2487-TN-MA-1037, Marconi Radar & Control Systems Ltd, Scudamore Road, New Parks, Leicester, LE3 1UF, UK, 1991Google Scholar
  4. [4]
    Conte SD, de Beer C. Elementary Numerical Analysis. McGraw-Hill, 1980Google Scholar
  5. [5]
    Woodcock J, Loomes M. Software Engineering Mathematics. Pitman, 1988Google Scholar
  6. [6]
    Moszkowski B. Executing Temporal Logic Programs. Cambridge University Press, 1986Google Scholar
  7. [7]
    Valentine S. Z-, an Executable Subset of Z. Z User Workshop, York, UK, 1991Google Scholar
  8. [8]
    Goguen JA, Winkler T. Introducing OBJ3. Technical Report SRI-CSL-88–9, Computer Science Laboratory, SRI International, 333 Ravenswood Ave, Menlow Park, CA 94025, USA, August 1988Google Scholar
  9. [9]
    Ruddle AR. An Assessment of Two Formal Methods in the Specification of a Real-Time, Safety-Critical Control System. REDO Report 2487-TN-MA1038, Marconi Radar & Control Systems Ltd, Scudamore Road, New Parks, Leicester, LE3 1 UF, UK, 1991Google Scholar
  10. [10]
    Fensome DA. The Transputer–A Prototyping Tool for Systems. Comp. & Cont. Eng. J., Vol. 1 No. 1, January 1990, pp. 41–45CrossRefGoogle Scholar
  11. [11]
    Manna Z, Pneuli A. How to Cook a Temporal Proof System for Your Pet Language. Proc. Symp. Principles of Programming Languages, Austin, Texas, January 1983, pp. 141–154Google Scholar
  12. [12]
    Hoare CAR. Communicating Sequential Processes. Prentice-Hall International Series in Computer Science, 1985Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Alastair R. Ruddle
    • 1
  1. 1.Future Systems GroupMarconi Radar and Control Systems LtdLeicesterUK

Personalised recommendations