Composition and refinement of discrete real-time systems

Reactive systems exhibit ongoing, possibly nonterminating, interaction with the environment. Real-time systems are reactive systems that must satisfy quantitative timing constraints. This paper presents a structured compositional design method for discrete real-time systems that can be used to combat the combinatorial explosion of states in the verification of large systems. A composition rule describes how the correctness of the system can be determined from the correctness of its modules, without knowledge of their internal structure. The advantage of compositional verification is clear. Each module is both simpler and smaller than the system itself. Composition requires the use of both model-checking and deductive techniques. A refinement ruleguarantees that specifications of high-level modules are preserved by their implementations. The StateTime toolset is used to automate parts of compositional designs using a combination of model-checking and simulation. The design method is illustrated using a reactor shutdown system that cannot be verified using the StateTime toolset (due to the combinatorial explosion of states) without compositional reasoning. The reactor example also illustrates the use of the refinement rule.

[1]  Jonathan S. Ostroff,et al.  Model Reduction of Modules for State-Even Temporal Logics , 1996, FORTE.

[2]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[3]  Fred B. Schneider,et al.  A Logical Approach to Discrete Math , 1993, Texts and Monographs in Computer Science.

[4]  Wang Yi,et al.  CCS + Time = An Interleaving Model for Real Time Systems , 1991, ICALP.

[5]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[6]  Rajeev Alur,et al.  Timing Analysis in COSPAN , 1996, Hybrid Systems.

[7]  Zohar Manna,et al.  Verifying Clocked Transition Systems , 1995, Hybrid Systems.

[8]  Bran Selic,et al.  ROOM: an object-oriented methodology for developing real-time systems , 1992, [1992] Proceedings of the Fifth International Workshop on Computer-Aided Software Engineering.

[9]  A. K. Mok,et al.  Simulation vs. verification: getting the best of both worlds , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[10]  Willem P. de Roever,et al.  Compositionality and Modularity in Process Specification and Design: A Trace-State Based Approach , 1987, Temporal Logic in Specification.

[11]  Thomas A. Henzinger,et al.  Automatic symbolic verification of embedded systems , 1993, 1993 Proceedings Real-Time Systems Symposium.

[12]  Dominique Méry,et al.  On Using Temporal Logic for Refinement and Compositional Verification of Concurrent Systems , 1995, Theor. Comput. Sci..

[13]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[14]  Jozef Hooman,et al.  Correctness of Real Time Systems by Construction , 1994, FTRTFT.

[15]  Nancy A. Lynch,et al.  Forward and Backward Simulations, II: Timing-Based Systems , 1991, Inf. Comput..

[16]  Orna Kupferman,et al.  Module Checking , 1996, Inf. Comput..

[17]  Aloysius K. Mok,et al.  Modechart: A Specification Language for Real-Time Systems , 1994, IEEE Trans. Software Eng..

[18]  E. Clarke,et al.  Real-time symbolic model checking for discrete time models , 1994 .

[19]  Richard A. Kemmerer,et al.  A Formal Framework for ASTRAL Intralevel Proof Obligations , 1994, IEEE Trans. Software Eng..

[20]  W. M. Wonham,et al.  A framework for real-time discrete event control , 1990 .

[21]  Matthew K. Franklin,et al.  Multilevel specification of real time systems , 1991, CACM.

[22]  David Lorge Parnas,et al.  Assessment of safety-critical software in nuclear power plants , 1991 .

[23]  Thomas A. Henzinger,et al.  Hybrid Systems III , 1995, Lecture Notes in Computer Science.

[24]  Mark Lawford,et al.  Equivalence preserving transformations for timed transition models , 1995 .

[25]  Jonathan S. Ostroff,et al.  A visual toolset for the design of real-time discrete-event systems , 1997, IEEE Trans. Control. Syst. Technol..

[26]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[27]  Karl E. Wiegers,et al.  Software Requirements , 1999 .

[28]  Teodor Rus,et al.  AMAST series in computing , 1993 .

[29]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[30]  Edward Y. Chang Compositional Verification of Reactive and Real-time Systems , 1993 .

[31]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[32]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[33]  Edward Y. Chang,et al.  STeP: The Stanford Temporal Prover , 1995, TAPSOFT.

[34]  Michael A. Jackson,et al.  Software requirements and specifications - a lexicon of practice, principles and prejudices , 1995 .

[35]  Jim Davies,et al.  Timed CSP: Theory and Practice , 1991, REX Workshop.

[36]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[37]  W. T. Farris,et al.  Software requirements specifications , 1993 .

[38]  Dino Mandrioli,et al.  Proving Properties of Real-Time Systems Through Logical Specifications and Petri Net Models , 1994, IEEE Trans. Software Eng..

[39]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[40]  Insup Lee,et al.  A Layered Approach to Automating the Verification of Real-Time Systems , 1992, IEEE Trans. Software Eng..

[41]  Jean-Pierre Banâtre,et al.  Parallel Program Design , 1991, Research Directions in High-Level Parallel Programming Languages.

[42]  Jonathan S. Ostroff,et al.  Deciding Properties of Timed Transition Models , 1990, IEEE Trans. Parallel Distributed Syst..

[43]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[44]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[45]  Jonathan S. Ostroff,et al.  Temporal logic for real-time systems , 1989 .