Formal Methods and System Specifications

Abstract

With the increasing recognition that inadequate specifications can have disastrous consequences resulting in vast increases in project development cost or, more seriously in the case of safety-critical systems in terms of human life, industry is now becoming interested in trying to avoid these potential pitfalls. This Chapter introduces the concepts behind producing clear, unambiguous specifications and pays particular attention to the use of formal methods. Formal methods are being increasingly used during the design and development of large systems and safety-critical systems such as those used in aircraft. The reasons for this are explored. Of particular interest is how formal methods have already been used on transputers and how they can be applied in the future to parallel processing. The problems of using formal methods for parallel systems are highlighted. These include a discussion of the problems of asynchronous processors and their intercommunication. Currently, there is no agreed solution to these problems. The consideration of formal methods is extremely important as it has been introduced as policy by the UK Ministry of Defence in the development of new systems. There is, thus, much activity in the area at present. The latter part of the Chapter introduces the principles to be observed when designing gas turbine controller software and the Chapter ends with a review of guidelines which have been proposed within Rolls-Royce (Bristol, U.K.) for the development of fault tolerant gas turbine engine controllers. This originates from the draft guidelines document CSAN 1454 [1] provided by Rolls-Royce for evaluation with respect to applications on transputers.