Douglas A. Stuart

Implementing a verifier for real-time systems

The SARTOR project has as one of its goals the development of an environment for the development of correct real-time systems. Modechart is a specification language for real-time systems developed as part of this project. Verify4 is an implementation of a verifier for certain classes of properties of systems specified using Modechart. The author describes the program Verify4 and addresses implementation issues surrounding three of the key algorithms used in the program.<<ETX>>

Simulation-verification: biting at the state explosion problem

Simulation and verification are two conventional techniques for the analysis of specifications of real-time systems. While simulation is relatively inexpensive in terms of execution time, it only validates the behavior of a system for one particular computation path. On the other hand, verification provides guarantees over the entire set of computation paths of a system, but is, in general, very expensive due to the state-space explosion problem. We introduce a new technique: simulation-verification combines the best of both worlds by synthesizing an intermediate analysis method. This method uses simulation to limit the generation of a computation graph to that set of computations consistent with the simulation. This limited computation graph, called a simulation-verification graph, can be one or more orders of magnitude smaller than the full computation graph. A tool, XSVT, is described which implements simulation-verification graphs. Three paradigms for using the new technique are proposed. The paper illustrates the application of the proposed technique via an example of a robot controller for a manufacturing assembly line.

Clairvoyance, capricious timing faults, causality, and real-time specifications

The authors examine the issues of satisfiability, clairvoyance, the demonstrable existence of timing faults, and event causality, all in the context of formal methods for real-time systems. Representative languages and logics are introduced to illustrate the points. The authors introduce SRSL, a simplified specification language used to illustrate the issues involved. They examine these issues in a particular specification language, Modechart. An action-free subset of Modechart is shown to be satisfiable and to obviate the need for clairvoyance. A technique for eliminating nonlinearizable computations from a specification language is shown. The usefulness of the ideas is illustrated by their use in a Modechart simulator.<<ETX>>

Compiling Modechart specifications

The Modechart specification language is a formalism for the specification of real-time systems. A toolset for specification, analysis and simulation for Modechart specifications exists for supporting the design and construction of real-time systems. This paper introduces a new tool in the toolset: a compiler for a class of Modechart specifications, namely, that of deterministic system specifications, extended by a subclass of the non-deterministic system specifications. The object code that the compiler generates is in ESTEREL, a member of the synchronous family of programming languages for real-time systems. We discuss a broad approach to the implementation of timing specifications, providing a range of implementation options, from the basic time step unrolling of states in ESTEREL, to the use of system timers. The compiler presented herein allows the specifier to obtain a correct implementation of a Modechart program, including timing constraints.

A METHODOLOGY AND SUPPORT TOOLS FOR ANALYSIS OF REAL-TIME SPECIFICATIONS

As software control of time-critical functions in embedded systems becomes more common, a means for the precise specification of their behavior and formal methods for analyzing system requirements become increasingly important. Modechart is a graphical specification language introduced to meet this need. The main focus of this paper is on methods and supporting tools for representing and reasoning about properties of time-critical systems specified in Modechart. The paper describes a verification methodology which takes advantage of the structuring inherent in a Modechart specification to determine whether a system specification satisfies the required properties. The paper also describes the implementation of a mechanical verifier, based on the proposed approach, which has been recently integrated as part of the Modechart Toolset prototype development environment from the Naval Research Lab [7].