Results 1  10
of
14
A HigherOrder Duration Calculus
 Millenial Perspectives in Computer Science. Proceedings of the 1999 OxfordMicrosoft Symposium in Honour of Professor Sir Anthony Hoare, Palgrave
, 1999
"... Calculus (DC) which can specify realtime requirements of computing system. This paper investigates how realtime behaviour of programs can be described within this logical framework. In order to describe local variable declaration, quantifications over program variables are inevitable, and therefor ..."
Abstract

Cited by 33 (9 self)
 Add to MetaCart
(Show Context)
Calculus (DC) which can specify realtime requirements of computing system. This paper investigates how realtime behaviour of programs can be described within this logical framework. In order to describe local variable declaration, quantifications over program variables are inevitable, and therefore a higherorder DC is established in the paper. This higherorder DC has a complete proof system, if we assume finite variability of program variables. Zhou Chaochen is the Director of UNU/IIST, on leave of absence from the Software Institute, the Chinese Academy of Sciences, where he is a Professor. Address: UNU/IIST, P.O. Box 3158, Macau. Email: zcc@iist.unu.edu Dimitar P. Guelev is a PhD student of logic at the Department of Mathematical Logic and its Applications, Faculty of Mathematics and Informatics, Sofia University. He was a fellow of UNU/IIST from March until August 1998. His scientific interests include modal logic, temporal logic and probabilistic logic. Email: gelevdp@fmi.unisofia.bg Zhan Naijun is a Fellow of UNU/IIST (July 1998 to August 1999), on leave from Institute of Software, Chinese Academy of Sciences, where he is a PhD student. Address: Institute of Software, P.O. Box 8718, Beijing, 100080, China. Email: znj@ox.ios.ac.cn Copyright c fl 1999 by UNU/IIST, Zhou Chaochen, Dimitar P. Guelev Contents i Contents 1
Verification of RealTime Systems Using PVS
, 1993
"... We present an approach to the verification of the realtime behavior of concurrent programs and describe its mechanization using the PVS proof checker. Our approach to realtime behavior extends previous verification techniques for concurrent programs by proposing a simple model for realtime comput ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
We present an approach to the verification of the realtime behavior of concurrent programs and describe its mechanization using the PVS proof checker. Our approach to realtime behavior extends previous verification techniques for concurrent programs by proposing a simple model for realtime computation and introducing a new operator for reasoning about absolute time. This model is formalized and mechanized within the higherorder logic of PVS. The interactive proof checker of PVS is used to develop the proofs of two illustrative examples: Fischer's realtime mutual exclusion protocol and a railroad crossing controller. This work was supported by National Aeronautics and Space Administration Langley Research Center and the US Naval Research Laboratory under contract NAS118969 and by the US Naval Research Laboratory contract N0001592C2177. Connie Heitmeyer (NRL) suggested the railroad crossing example. Sam Owre (SRI) assisted with the use of PVS. The helpful comments of John Rush...
Formalising Railway Interlocking Systems
 Department of Computer Science, Technical University of Denmark
, 1998
"... This paper presents a VDM model of a railway interlocking system, and describes how this model is validated by simulation. The model development illustrates how concepts may be captured for a nontrivial system. The importance of validation by simulation is highlighted by giving two equally plausibl ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
This paper presents a VDM model of a railway interlocking system, and describes how this model is validated by simulation. The model development illustrates how concepts may be captured for a nontrivial system. The importance of validation by simulation is highlighted by giving two equally plausible safety requirements for the system and the end users reaction to the simulation. Keywords: Application of formal methods, VDM, model validation, railway interlocking. 1 Introduction The task of an interlocking system is to prevent trains from colliding, and derailing, while at the same time allowing train movements. The Danish National Rail Agency (Bane) has built and used interlocking systems for the past 150 years. The first interlocking systems were pure mechanical systems, but as electricity became common, the systems has developed through electro mechanical to relay based systems, and more recently to computer based systems. Interlocking systems are safety critical systems, so there...
Provably Correct Systems
, 1994
"... The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, realtime, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and contr ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, realtime, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and control design; Transformation to a systems architecture with program designs and their transformation to programs; Compilation of realtime programs to conventional processors, and Compilation of programs to hardware.
Iteration of Simple Formulas in Duration Calculus
, 1998
"... A special kind of smallest fixed point known as iteration is in most cases sufficient for the description of temporal computation processes in Duration Calculus[ZHR91]. In 1994 Dang and Wang introduced an extension of Duration Calculus with iteration [DW94]. They showed how to describe the behaviour ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
A special kind of smallest fixed point known as iteration is in most cases sufficient for the description of temporal computation processes in Duration Calculus[ZHR91]. In 1994 Dang and Wang introduced an extension of Duration Calculus with iteration [DW94]. They showed how to describe the behaviours of a practically significant class of timed automata in this extension, using socalled simple formulas. In this paper we present a complete system of axioms for iteration of simple formulas. We obtained our axioms by translating appropriately the schemata for iteration from the proof system of propositional dynamic logic ([Seg77], cf. e.g. [AGM92]), which is a wellknown formal system with iteration. We present this translation and the correspondence between the semantics of propositional dynamic logic and that of interval temporal logic that underlies it. The argument of completeness for the axioms for iteration in propositional dynamic logic relies on appropriate assignments to proposit...
Completeness of HigherOrder Duration Calculus
 UNU/IIST Report No.175, UNU/IIST, International Institute for Software Technology, P.O. Box 3058
, 1999
"... In order to describe the realtime behaviours of programs in terms of Duration Calculus, proposed by Zhou Chaochen, C.A.R. Hoare and A.P. Ravn in [5], which can specify realtime requirements of computing systems, quantifications over program variables are inevitable, e.g. to describe local variable ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
In order to describe the realtime behaviours of programs in terms of Duration Calculus, proposed by Zhou Chaochen, C.A.R. Hoare and A.P. Ravn in [5], which can specify realtime requirements of computing systems, quantifications over program variables are inevitable, e.g. to describe local variable declaration, to declare local channel and so on. So a higherorder duration calculus (abbreviated HDC) is established in [2]. This paper proves the completeness of HDC on abstract domains by encoding HDC to first order twosorted interval temporal logic. This idea is hinted by [13]. All results shown in this paper are done under the assumption that every program variable has finite variability. Zhan Naijun is a Fellow of UNU/IIST (July 1998 to August 1999), on leave from Institute of Software, the Chinese Academy of Sciences, where he is a PhD student. Address: Institute of Software, P.O. Box 8718, Beijing, 100080, China. Email: znj@ox.ios.ac.cn Copyright c fl 1999 by UNU/IIST, Zhan Naiju...
Domain Analysis  a Prerequisite for Requirements Capture
, 1995
"... Before an architecture for a software system (or package)  that is: a definition of concepts and facilities of the software system (resp. package) to be developed  can be given, one first establishes proper requirements expected of that software, that is: we base software development on requir ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Before an architecture for a software system (or package)  that is: a definition of concepts and facilities of the software system (resp. package) to be developed  can be given, one first establishes proper requirements expected of that software, that is: we base software development on requirements specifications. These requirements are captured from understanding first the domain in which the software is to serve and then from understanding the expectations of the new software as an operational part of the thus extended domain. Thus understanding the domain seems to be a very first order of `business' ! In this paper we present an example of the collection of (informal) procedures and (formal) techniques that are being applied in understanding the Railway System domain  as part of a large scale technology transfer project joint with various software development and computer centers of the Chinese Railways in researching and developing proper software eventually for all aspec...
Some Decidability Results for Duration Calculus under Synchronous Interpretation
 FORMAL TECHNIQUES IN REALTIME AND FAULTTOLERANT SYSTEMS (FTRTFT'98), VOLUME 1486 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1998
"... Duration Calculus (or DC in short) presents a formal notation to specify properties of realtime systems and a calculus to formally prove such properties. Decidability is the underlying foundation to automated reasoning. But, excepting some of its simple fragments, DC has been shown to be undecidab ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Duration Calculus (or DC in short) presents a formal notation to specify properties of realtime systems and a calculus to formally prove such properties. Decidability is the underlying foundation to automated reasoning. But, excepting some of its simple fragments, DC has been shown to be undecidable. DC takes the set of real numbers to represent time. The main reason of undecidability comes from the assumption that, in a realtime system, state changes can occur at any time point. But an implementation of a specification is ultimately executed on a computer, and there states change according to a system clock. Under such an assumption, it has been shown that the decidability results can be extended to cover relatively richer subsets of DC. In this paper, we extend such decidability results to still richer subsets of DC.
Specifying and Verifying Robotic Tasks
, 1997
"... This paper presents an approach to the specification of requirements, and verification of design, for a robot or other intelligent system. Formal mathematical reasoning is used to show that a design conforms to the system requirements. Typically the requirements define safety and functionality const ..."
Abstract
 Add to MetaCart
This paper presents an approach to the specification of requirements, and verification of design, for a robot or other intelligent system. Formal mathematical reasoning is used to show that a design conforms to the system requirements. Typically the requirements define safety and functionality constraints on the system and components. Formal analysis allows the system designer to evaluate the system behavior and verify the system parameters in order to guarantee safe and robust system performance. The approach is demonstrated on a typical robotic task  visual grasping. 1 Introduction The growing number of computercontrolled systems presents a major challenge: development of reliable, robust, and safe realtime intelligent systems. Robots and electromechanical systems (such as many consumer products) are capable of adjusting their behavior to a wide variety of circumstances. These systems are based on a combination of different structures ranging from lowlevel feedback loops to hi...