Formal methods for the specification and design of real-time safety critical systems

Abstract Safety-critical computers increasingly affect nearly every aspect of our lives. Computers control the planes we fly on, monitor our health in hospitals and do our work in hazardous environments. Computers with software deficiencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This article surveys formal methods for specifying, designing, and verifying real-time systems so as to improve their safety and reliability.

[1]  J.A. Stankovic,et al.  Misconceptions about real-time computing: a serious problem for next-generation systems , 1988, Computer.

[2]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[3]  M. Joseph,et al.  Formal Description of Real-Time Systems: A Review , 1988 .

[4]  A. W. Roscoe,et al.  A Timed Model for Communicating Sequential Processes , 1986, Theor. Comput. Sci..

[5]  M. S. Jaffe,et al.  Analysis capabilities for requirements specified in statecharts , 1989, IWSSD '89.

[6]  Leslie Lamport,et al.  Proving Liveness Properties of Concurrent Programs , 1982, TOPL.

[7]  William J. Quirk Verification and Validation of Real-Time Software , 1985, Springer Berlin Heidelberg.

[8]  Jozef Hooman,et al.  Specification and Compositional Verification of Real-Time Systems , 1991, Lecture Notes in Computer Science.

[9]  Matthew K. Franklin,et al.  State-based specification of complex real-time systems , 1988, Proceedings. Real-Time Systems Symposium.

[10]  Derek J. Hatley,et al.  Strategies for Real-Time System Specification , 1987 .

[11]  Aloysius K. Mok,et al.  Safety analysis of timing properties in real-time systems , 1986, IEEE Transactions on Software Engineering.

[12]  Jean-Pierre Banâtre,et al.  Parallel Program Design , 1991, Research Directions in High-Level Parallel Programming Languages.

[13]  Amir Pnueli,et al.  Applications of Temporal Logic to the Specification of Real-time Systems , 1988, FTRTFT.

[14]  Thomas A. Henzinger,et al.  Logics and Models of Real Time: A Survey , 1991, REX Workshop.

[15]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[16]  George J. Milne,et al.  CIRCAL and the representation of communication, concurrency, and time , 1985, TOPL.

[17]  Leslie Lamport,et al.  Specifying Concurrent Program Modules , 1983, TOPL.

[18]  Jonathan S. Ostroff,et al.  Synthesis of controllers for real-time discrete event systems , 1989, Proceedings of the 28th IEEE Conference on Decision and Control,.

[19]  Jonathan S. Ostroff,et al.  Deciding Properties of Timed Transition Models , 1990, IEEE Trans. Parallel Distributed Syst..

[20]  Roger Hale,et al.  Using Temporal Logic for Prototyping: The Design of a Lift Controller , 1987, Temporal Logic in Specification.

[21]  Jim Davies,et al.  Timed CSP: Theory and Practice , 1991, REX Workshop.

[22]  John R. Garman,et al.  The "BUG" heard 'round the world: discussion of the software problem which delayed the first shuttle orbital flight , 1981, SOEN.

[23]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[24]  A. Levis,et al.  Editorial: Research directions: A first step , 1987 .

[25]  Willem P. de Roever,et al.  Compositional Semantics for Real-time Distributed Computing , 1985, Logic of Programs.

[26]  Leslie Lamport,et al.  What Good is Temporal Logic? , 1983, IFIP Congress.

[27]  KoymansRon Specifying real-time properties with metric temporal logic , 1990 .

[28]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[29]  Jonathan Billington,et al.  PROTEAN: A High-Level Petri Net Tool for the Specification and Verification of Communication Protocols , 1988, IEEE Trans. Software Eng..

[30]  Willem P. de Roever,et al.  Real-time programming and asynchronous message passing , 1983, PODC '83.

[31]  Jonathan S. Ostroff,et al.  Temporal logic for real-time systems , 1989 .

[32]  Farnam Jahanian,et al.  A Method for Verifying Properties of Modechart Specifications , 1988, RTSS.

[33]  Derivation of Sequential, Real-Time, . . . , 1991 .

[34]  Pravin Varaiya,et al.  Finitely recursive process models for discrete event systems , 1988 .

[35]  R. Alur Techniques for automatic verification of real-time systems , 1991 .

[36]  B. Gaujal,et al.  Performance analysis of timed Petri nets , 1993, Proceedings of IEEE Systems Man and Cybernetics Conference - SMC.

[37]  P. Ramadge,et al.  Modular feedback logic for discrete event systems , 1987 .

[38]  Joseph Sifakis,et al.  An Overview and Synthesis on Timed Process Algebras , 1991, CAV.

[39]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[40]  Z. Manna,et al.  Verification of concurrent programs: a temporal proof system , 1983 .

[41]  Ben C. Moszkowski,et al.  A Temporal Logic for Multilevel Reasoning about Hardware , 1985, Computer.

[42]  P. Le Guernic,et al.  Hybrid dynamical systems theory and the Signal language , 1990 .

[43]  W. M. Wonham,et al.  A framework for real-time discrete event control , 1990 .

[44]  Amir Pnueli,et al.  What is in a step , 1989 .

[45]  Niklaus Wirth,et al.  Toward a discipline of real-time programming , 1977, CACM.

[46]  Yong Li,et al.  Control of Vector Discrete-Event Systems , 1993 .

[47]  Carlo Ghezzi,et al.  TRIO: A logic language for executable specifications of real-time systems , 1990, J. Syst. Softw..

[48]  Ashok K. Agrawala,et al.  Real-time system design , 1990, McGraw-Hill Computer Science series.

[49]  J. Kopainsky,et al.  Principles and engineering of process control with Petri nets , 1988 .

[50]  A. Prasad Sistla,et al.  Quantitative Temporal Reasoning , 1990, CAV.

[51]  Steven A. Schneider,et al.  Correctness and communication in real-time systems (tcsp) , 1989 .

[52]  F. S. Etessami,et al.  Rule-Based Design Methodology for Solving Control Problems , 1991, IEEE Trans. Software Eng..

[53]  Nancy G. Leveson,et al.  Safety Analysis Using Petri Nets , 1987, IEEE Transactions on Software Engineering.

[54]  Robin Milner,et al.  A Calculus of Communicating Systems , 1980, Lecture Notes in Computer Science.

[55]  Aloysius K. Mok,et al.  A Graph-Theoretic Approach for Timing Analysis and its Implementation , 1987, IEEE Transactions on Computers.

[56]  Faron Moller,et al.  A Temporal Calculus of Communicating Systems , 1990, CONCUR.

[57]  Alasdair Urquhart,et al.  Temporal Logic , 1971 .

[58]  S. Gershwin,et al.  Research needs in manufacturing systems , 1985, IEEE Control Systems Magazine.

[59]  Nicolas Halbwachs,et al.  LUSTRE: A declarative language for programming synchronous systems* , 1987 .

[60]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[61]  Amir Pnueli,et al.  Explicit clock temporal logic , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[62]  Arthur J. Bernstein,et al.  Proving real-time properties of programs with temporal logic , 1981, SOSP.

[63]  Zohar Manna,et al.  The anchored version of the temporal framework , 1988, REX Workshop.

[64]  Thomas A. Henzinger,et al.  The temporal specification and verification of real-time systems , 1991 .

[65]  P. M. Melliar-Smith,et al.  From State Machines to Temporal Logic: Specification Methods for Protocol Standards , 1982, The Analysis of Concurrent Systems.

[66]  Joseph Y. Halpern,et al.  “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[67]  Morris Sloman,et al.  Constructing Distributed Systems in Conic , 1989, IEEE Trans. Software Eng..

[68]  Tommaso Bolognesi,et al.  LOTOS-like Process Algebras with Urgent or Timed Interactions , 1991, FORTE.

[69]  Joseph Sifakis,et al.  ATP: an Algebra for Timed Processes , 1990, Programming Concepts and Methods.

[70]  W. Wonham Linear Multivariable Control: A Geometric Approach , 1974 .

[71]  Zohar Manna,et al.  From Timed to Hybrid Systems , 1991, REX Workshop.

[72]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, TOPL.

[73]  Fred B. Schneider,et al.  Derivation of sequential, real-time, process-control programs , 1991 .

[74]  Wang Yi,et al.  CCS + Time = An Interleaving Model for Real Time Systems , 1991, ICALP.

[75]  Wlodzimierz M. Zuberek,et al.  Timed Petri nets and preliminary performance evaluation , 1980, ISCA '80.

[76]  M. Diaz,et al.  Modeling and Verification of Time Dependent Systems Using Time Petri Nets , 1991, IEEE Trans. Software Eng..

[77]  Miguel Menasche,et al.  PAREDE: An Automated Tool for the Analysis of Time(d) Petri Nets , 1985, Petri Nets and Performance Models.

[78]  Jim Davies,et al.  Specification and proof in real-time systems , 1991 .

[79]  Jonathan S. Ostroff,et al.  Constraint Logic Programming for Reasoning About Discrete Event Processes , 1991, J. Log. Program..

[80]  Aloysius K. Mok,et al.  Towards Mechanization of Real-Time System Design , 1991 .

[81]  Dennis Shasha,et al.  The many faces of consensus in distributed systems , 1992, Computer.

[82]  I. Lee,et al.  A proof system for communicating shared resources , 1990, [1990] Proceedings 11th Real-Time Systems Symposium.

[83]  Wladyslaw M. Turski Time considered irrelevant for real-time systems , 1988, BIT Comput. Sci. Sect..

[84]  David B. Skillicorn,et al.  Using Higher-order Logic for Modular Specification of Real-time Distributed Systems , 1988, FTRTFT.

[85]  A. A. Aaby,et al.  Specification of real-time systems in real-time temporal interval logic , 1988, Proceedings. Real-Time Systems Symposium.

[86]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[87]  Jennifer Widom,et al.  A Temporal-Logic Based Compositional Proof System for Real-Time Message Passing , 1989, PARLE.

[88]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[89]  W.M.P. van der Aalst,et al.  Timed coloured Petri nets and their application to logistics , 1992 .

[90]  Cornelis Huizing,et al.  Semantics of reactive systems : comparison and full abstraction , 1991 .

[91]  Hans A. Hansson Time and probability in formal design of distributed systems , 1991, DoCS.

[92]  R GarmanJohn The "BUG" heard 'round the world , 1981 .

[93]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[94]  Thomas A. Henzinger,et al.  Temporal proof methodologies for real-time systems , 1991, POPL '91.

[95]  Insup Lee,et al.  CCSR: A Calculus for Communicating Shared Resources , 1990, CONCUR.

[96]  Jeff Magee,et al.  Dynamic Configuration for Distributed Systems , 1985, IEEE Transactions on Software Engineering.

[97]  Rami R. Razouk,et al.  Interactive State-Space Analysis of Concurrent Systems , 1987, IEEE Transactions on Software Engineering.

[98]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[99]  J. Ostroff,et al.  A temporal logic approach to real time control , 1985, 1985 24th IEEE Conference on Decision and Control.

[100]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[101]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[102]  Nancy G. Leveson,et al.  Software Requirements Analysis for Real-Time Process-Control Systems , 1991, IEEE Trans. Software Eng..

[103]  Jonathan S. Ostroff Verification of Safety Critical Systems Using TTM/RTTL , 1991, REX Workshop.

[104]  Edmund M. Clarke,et al.  Using Branching Time Temporal Logic to Synthesize Synchronization Skeletons , 1982, Sci. Comput. Program..

[105]  Jozef Hooman,et al.  Design and verification in real-time distributed computing: an introduction to compositional methods , 1989, PSTV.

[106]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[107]  P. Merlin,et al.  Recoverability of Communication Protocols - Implications of a Theoretical Study , 1976, IEEE Transactions on Communications.

[108]  Alan C. Shaw,et al.  Reasoning About Time in Higher-Level Language Software , 1989, IEEE Trans. Software Eng..

[109]  Fred B. Schneider,et al.  Putting Time into Proof Outlines , 1991, REX Workshop.

[110]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[111]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[112]  Amir Pnueli,et al.  Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends , 1986, Current Trends in Concurrency.

[113]  C. Ramchandani,et al.  Analysis of asynchronous concurrent systems by timed petri nets , 1974 .

[114]  Nancy A. Lynch,et al.  Forward and Backward Simulations, II: Timing-Based Systems , 1991, Inf. Comput..

[115]  Bowen Alpern,et al.  Verifying temporal properties without temporal logic , 1989, TOPL.

[116]  Thomas A. Henzinger,et al.  The benefits of relaxing punctuality , 1991, PODC '91.