Deriving Specifications of Control Programs for Cyber Physical Systems

Cyber physical systems (CPS) exist in a physical environment and comprise both physical components and a control program. Physical components are inherently liable to failure and yet an overall CPS is required to operate safely, reliably and cost effectively. This paper proposes a framework for deriving the specification of the software control component of a CPS from an understanding of the behaviour required of the overall system in its physical environment. The two key elements of this framework are (i) an extension to the use of rely/guarantee conditions to allow specifications to be obtained systematically from requirements (as expressed in terms of the required behaviour in the environment) and nested assumptions (about the physical components of the CPS); and (ii) the use of time bands to record the temporal properties required of the CPS at a number of different granularities. The key contribution is in combining these ideas; using time bands overcomes a significant drawback in earlier work. The paper also addresses the means by which the reliability of a CPS can be addressed by challenging each rely condition in the derived specification and, where appropriate, improve robustness and/or define weaker guarantees that can be delivered with respect to the corresponding weaker rely conditions.

[1]  Alan Burns,et al.  Comparing Degrees of Non-Determinism in Expression Evaluation , 2013, Comput. J..

[2]  Nils J. Nilsson,et al.  Teleo-Reactive Programs for Agent Control , 1993, J. Artif. Intell. Res..

[3]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[4]  David Lorge Parnas,et al.  Functional Documents for Computer Systems , 1995, Sci. Comput. Program..

[5]  Cliff B. Jones,et al.  Determining the Specification of a Control System from That of Its Environment , 2003, FME.

[6]  Ian J. Hayes,et al.  Generalised rely-guarantee concurrency: an algebraic foundation , 2016, Formal Aspects of Computing.

[7]  Brijesh Dongol,et al.  Rely/Guarantee Reasoning for Teleo-reactive Programs over Multiple Time Bands , 2012, IFM.

[8]  Alan Burns,et al.  A timeband framework for modelling real-time systems , 2010, Real-Time Systems.

[9]  Martyn Thomas,et al.  Industrial Deployment of System Engineering Methods , 2013, Springer Berlin Heidelberg.

[10]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[11]  Cliff B. Jones,et al.  Accommodating interference in the formal design of concurrent object-based programs , 1996, Formal Methods Syst. Des..

[12]  Cliff B. Jones,et al.  Balancing expressiveness in formal approaches to concurrency , 2015, Formal Aspects of Computing.

[13]  Angelo Montanari,et al.  Embedding Time Granularity in a Logical Specification Language for Synchronous Real-Time Systems , 1993, Sci. Comput. Program..

[14]  Ian J. Hayes,et al.  A Case-Study in Timed Refinement: A Mine Pump , 1992, IEEE Trans. Software Eng..

[15]  John Derrick,et al.  Deriving real-time action systems with multiple time bands using algebraic reasoning , 2014, Sci. Comput. Program..

[16]  Nils J. Nilsson,et al.  Teleo-Reactive Programs and the Triple-Tower Architecture , 2001, Electron. Trans. Artif. Intell..

[17]  Angelo Montanari,et al.  Dealing with different time granularities in formal specifications of real-time systems , 1991, Real-Time Systems.

[18]  Cliff B. Jones,et al.  Deriving Specifications for Systems That Are Connected to the Physical World , 2007, Formal Methods and Hybrid Real-Time Systems.