This paper presents the TLT specification of the steam-boiler control-program described in Chapter AS. The text of the TLT specification of the control program is short and easily understandable. Due to the chosen abstraction level, the proofs that it satisfies the specification of Chapter AS are very simple. TLT has the advantage that the algorithm may be directly described as performing macro-steps. A macro step is specified not as a sequence of micro-steps but rather as a set of constraints (which may be formulated in first-order logic). These constraints relate the current state of the controller (i.e. the information that the controller has about the environment), the current input and the corresponding reaction (and change of state) of the controller. (Of course, the macro-step is implemented as a sequence of micro-steps). Thus, to argue about the program we may rely more heavily on prepositional or first-order logic rather than on temporal logic.
[1]
Leslie Lamport,et al.
The temporal logic of actions
,
1994,
TOPL.
[2]
Holger Busch.
A Practical Method for Reasoning about Distributed Systems in a Theorem Prover
,
1995,
TPHOLs.
[3]
Joseph Sifakis,et al.
An Algebra of Boolean Processes
,
1991,
CAV.
[4]
Dieter Barnard,et al.
Combining the Design of Industrial Systems with Effective Verification Techniques
,
1994,
FME.
[5]
Dieter Barnard,et al.
The specification and verification of an experimental ATM signalling protocol
,
1995,
PSTV.
[6]
Dieter Barnard,et al.
Rapid Prototyping for an Assertional Specification language
,
1996,
TACAS.
[7]
Dieter Barnard,et al.
A Solution Relying on the Model Checking of Boolean Transition Systems
,
1994,
Formal Systems Specification.