Design of reactive systems and their distributed implementation with statecharts

In this thesis, a design process for reactive systems using -Charts, a visual formalism that is similar to the speci cation language Statecharts, is developed. The design process presented here, comprises abstract description of reactive systems, systematic transformation of abstract speci cations into detailed speci cations, formal veri cation through model checking, and centralized as well as distributed implementation. All design steps are formally described. For the state-based description of reactive systems, we rst de ne the language -Charts. -Charts are a variant of Harel's Statecharts, which, however, avoid the semantic problems and inconsistencies of the latter and are therefore better suited as a basis for distributed implementation of a speci cation. A formal semantics for -Charts is developed. While the core language of -Charts merely consists of three di erent syntactic constructs, namely sequential automata, a composition operator, and an operator for signal hiding, further syntactic concepts are expressed as syntactic abbreviations. One such example is hierarchical decomposition. The lean core syntax of -Charts eases the formal de nition of all design steps and is a prerequisite for e cient implementation. In order to support a systematic design process, we de ne a re nement calculus for Charts, which builds the basis for transforming abstract behavioral speci cations into detailed ones. The soundness of this calculus with respect to the formal semantics is proved. For formal veri cation of reactive systems, a translation scheme for -Charts to the formalisms of two well-known model checking tools is given. How to check safety critical properties of a speci cation is demonstrated exemplarily by means of a running example. A technique that is based on using nite state machines to generate centralized implementations is described. The thesis concludes with an approach for distributed implementation of -Chart speci cations. Problems that may occur while constructing a distributed implementation are discussed and appropriate restrictions to avoid non-feasible implementations are made. The semantic equivalence between distributed implementation and original speci cation is veri ed.