Brendan P. Mahony

Blending Object-Z and Timed CSP: an introduction to TCOZ

Object-Z is an extension to the Z language designed to facilitate specification in an object-oriented style. It is an excellent tool for modeling data and algorithms, but its object semantics are single threaded and operations are atomic. Therefore, it is difficult to use Object-Z to capture the behaviour of concurrent real-time reactive systems. On the other hand, Timed CSP is good at modeling real-time concurrent behaviour, but has little support for modeling the state of a complex system. This paper introduces a blending of Object-Z and Timed CSP, known as TCOZ. The blended notation is particularly suited for specifying complex systems whose components have their own thread of control.

Timed Communicating Object Z

This paper describes a timed, multithreaded object modeling notation for specifying real-time, concurrent, and reactive systems. The notation Timed Communicating Object Z (TCOZ) builds on Object Zs strengths in modeling complex data and algorithms, and on Timed CSPs strengths in modeling process control and real-time interactions. TCOZ Is novel in that it includes timing primitives, properly separates process control and data/algorithm issues and supports the modeling of true multithreaded concurrency. TCOZ is particularly well-suited for specifying complex systems whose components have their own thread of control. The expressiveness of the notation is demonstrated by a case study in specifying a multilift system that operates in real-time.

Overview of the Semantics of TCOZ

Object-Z is an extension to the Z language designed to facilitate specification in an object-oriented style. It is an excellent tool for modelling data and operations, but its object semantics are single threaded, operations are atomic, and object control logic is defined implicitly. This makes it difficult to use Object-Z to capture the behaviour of concurrent real-time reactive systems. On the other hand, Timed CSP is good at modelling real-time concurrent behaviour, but has little support for modelling the state of a complex system. This paper describes the semantics of TCOZ, a language blended from Object-Z and Timed CSP. The semantic model adopted is the infinite timed failures model of Timed CSP, extended to include initial state and update events for modelling operations on internal state.

Sensors and Actuators in TCOZ

Timed Communicating Object Z (TCOZ) combines Object-Zs strengths in modeling complex data and algorithms with Timed CSPs strengths in modeling real-time concurrency. TCOZ inherits CSPs channel-based communication mechanism, in which messages represent discrete synchronisations between processes. The purpose of most control systems is to observe and control analog components. In such cases, the interface between the control system and the controlled systems cannot be satisfactorily described using the channel mechanism. In order to address this problem, TCOZ is extended with continuous-function interface mechanisms inspired by process control theory, the sensor and the actuator. The utility of these new mechanisms is demonstrated through their application to the design of an automobile cruise control system.

Network Topology and a Case Study in TCOZ

Object-Z is strong in modeling the data and operations of complex systems. However, it is weak in specifying real-time and concurrent systems. Timed Communicating Object-Z (TCOZ) extends the Object-Z notation with Timed CSP constructs. TCOZ is particularly well suited for specifying complex systems whose components have their own thread of control. This paper demonstrates expressiveness of the TCOZ notation through a case study on specifying a multi-lift system that operates in real-time.

Deep Semantic Links of TCSP and Object-Z: TCOZ Approach

Abstract. Formal methods can be used in effective combination only if the semantic links between individual methods are clearly established. This paper discusses the semantic design of TCOZ, a language blended from Object-Z and TCSP. The semantic model adopted is the infinite timed failures model of TCSP, extended to include initial state and update events for modelling operations on internal state. An infinite trace model has been used so as to ensure proper account is taken of the potentially unbounded non-determinism allowed by Z schemas.

The Least Conjunctive Refinement and Promotion in the Refinement Calculus

Abstract. A syntactic calculation of Morgans least conjunctive refinement operator for predicate transformers is developed. The operator is used to develop a general approach to lifting relational operators to predicate transformer operators. Predicate transformer versions of the relational conjunction and disjunction operators are considered in detail. The Z-based technique of program promotion is considered in a refinement calculus setting. A standard Z promotion example is recast in the refinement calculus.

Modeling Aircraft Mission Computer Task Rates

Recently the Royal Australian Air Force (RAAF) has been considering an upgrade to the F/A-18 aircraft in Australia. This upgrade may well involve the modification of Mission Computer (MC) systems. Maintaining correct functionality for the upgraded F/A-18 is therefore a major concern for the RAAF. This particular problem received interest from CSIRO and DSTO to support a joint Research Fellowship to investigate specification of hard real-time characteristics by formal method approaches.

Reasoning about semantic Web in Isabelle/HOL

Semantic Web is regarded as the next generation of the World Wide Web. It provides not only the structure of the Web but also meaningful semantics for the information presented. To make semantic Web services understandable for distributed agents, formal definitions of the ontologies and their consistencies are essential. However, the existing tools for reasoning about semantic Web ontologies are still primitive. We believe that mature software engineering tools, such as theorem provers, can contribute to the reasoning phase. In this paper, we present an approach of encoding the semantic Web ontology (DAML+OIL) into the generic theorem prover Isabelle/HOL for automatic reasoning. Furthermore, a translation tool was developed to transform semantic Web ontologies into their extended Isabelle theories. With additional intermediate lemmas, Isabelle can be used to perform both subsumption (class) level and instantiation (instance) level reasoning of the semantic Web ontologies.

FORMAL DESIGNS FOR EMBEDDED AND HYBRID SYSTEMS

The design of embedded and hybrid systems requires powerful mechanisms for modeling data, state, concurrency and real-time behaviour. The {first} part of this paper illustrates a powerful design notation Timed Communicating Object Z (TCOZ) that has both channel based and sensor/actuator based interfaces. We believe that TCOZ is well suited for presenting more complete and coherent design models for complex embedded and hybrid systems. However, the challenge is how to analyze and check these models with tools support. One effective approach is to project (transform) the design models into multiple domains, then to use existing specialized tools in those domains to perform the checking and analyzing tasks. The second part of this paper demonstrates one particular projection from TCOZ designs to Timed Automata (TA) models so that TA model checkers can be used to check time related properties.