Stephen J. Goldsack

Integrating VDM++ and Real-Time System Design

This paper presents work performed in the EPSRC “Object-oriented Specification of Reactive and Real-time Systems” project. It aims to provide formal design methods for real-time systems, using a combination of the VDM++ formal method and the HRT-HOOD method.

Specification of an operating system kernel forest and VDM compared

The FOREST project, supported under the Alvey initiative, addressed the problem of capture and specification of requirements of software systems. The specification technique is based on the use of a formal system built around a form of modal logic, which has come to be referred to as MAL, which permits both the effects of actions and the circumstances in which they are to be invoked to be defined. This paper uses the example of a real time operating system kernel to compare the specifications in VDM with those in MAL.

DRAGOON: a tool for the Ada programmer

The DRAGON projectl was established to develop methods and tools to support the goals of distribution and reuse in Ada. Analysis of these apparently diverse goals suggested that a unifying approach lay in the recognition of the object as a unit of reuse and distribution, and in the adoption of powerful object-oriented mechanisms such as inheritance, polymorphislri and dynamic binding, However, it was also apparent that no existing object-oriented language adequately combined inheritance with the needs of concurrent and distributed systems. The project therefore developed an Ada-based objectoriented language called DRAGOON, which provides all the main features customarily associated with objectoriented languages, including inheritance and polymorphism, but also enhances these mechanisms to support concurrency and distribution [Di Maio et al, 89]. The current version of the language is implemented by translation into standard Ada83 through the use of a preprocessor. Ada code of surprisingly high quality and readability is produced given its incompatibility with certain aspects of object-oriented programming. An important goal in the design of DRAGOON was to retain as much of the style and “feel” of Ada as possible. Therefore, none of the features of Ada we have come to know and appreciate were to be wantonly rejected or changed, The only major feature of Ada which is not available to the DRAGOON programmer is tasking, for reasons which will become evident later. However, the code produced by the pre-processor implements concurrency with tasks in the usual Ada way. In this paper we concentrate on the concurrency model of DRAGOON, but first provide a brief overview

Discrete event process controller synthesis using VDM/sup ++/

The paper describes approaches to the specification and design of a controller for a gas burner system using VDM/sup ++/. It defines a systematic method for interpreting declarative requirements statements in real-time temporal logic, and for the construction of abstract and concrete VDM/sup ++/ specifications which implement the formalised requirements. Timing analysis is also addressed. The central contribution of the paper is a primarily mechanical process of refinement from abstract declarative specifications of a control problem to implemented controllers in Ada95.

Design patterns and their role in formal object-oriented development

This paper describes how object-oriented design patterns can be used within a formal development process, and how the structure of formal requirements specifications, as expressed in their invariant properties, may serve to suggest suitable patterns to be used in their design and implementation.

Specification of a Chemical Process Controller in B

This chapter shows the combined use of formal methods with techniques developed in control engineering for the design and development of automation systems for discrete-event processes. On the one hand, formal methods guarantee the correct implementation of a given specification. On the other, control engineering techniques are used to develop a specification which is guaranteed to satisfy operational and safety requirements.

Hybrid object-oriented real-time software development with VDM ++

VDM/sup ++/ is a formal object oriented specification language, which extends VDM by providing object-orientation as well as real-time and parallel features. The use of the language is supported by an extensive toolset and design guidelines. The former offers graphical representations, syntactic and semantic checking, pretty printing and code generation. The latter aim at presenting guidelines for modelling and subsequent development. We argue that, despite its formal character, VDM/sup ++/ is a practically applicable vehicle for software development for real-time control systems. An outline specification case study is included.

Formalizing Real-Time System Design

This paper identifies ways in which formal real-time notations (VDM++) real-time design methods (HRT-HOOD) and simulation tools (gPROMS) can be combined in practical developments. The benefits of such a combination include that a precise semantics can be attached to specifications in HRT-HOOD using the VDM++ notation and that HRT-HOOD guidelines on structuring and decomposition can be used for VDM++ specifications and designs. Abstract real-time specifications can also be animated at an early development stage to validate them against requirements.

Specification and Refinement of Continuous Real-Time Systems

This paper describes techniques for the specification and refinement of control and simulation software for systems involving continuous and discrete data. We give a formal concept of refinement suitable for this domain, which generalises conventional refinement in VDM-SL.

Real time formal specification using VDM/sup ++/

VDM/sup ++/ is a formal Object Oriented Specification language, derived from VDM. It extends VDM by providing object-orientation and concurrency features. The use of the language is supported by design guidelines and a toolset. The latter offers graphical representations, syntactic and semantic checking, pretty printing and code generation. In this paper we address real-time extensions as being developed for the language.