System Specifications and Flow Control

We started with an approach intended for the formalization of software/hardware interactions in distributed systems and applied it to an elevator control problem. The emphasis on physical relevance, intrinsic to the approach, has resulted in a new treatment of the elevator problem, one which reflects faithfully the structural and behavioral properties of the system components and which allows the designer to work on the algorithm for elevator movement and its proof in the realistic context of the total system. In addition to presenting the model we discuss several issues important in ensuring the physical relevance of software specifications: (1) boundary validation, (2) failure analysis, and (3) design-rules formulation and enforcement.