Provably Correct Systems

Objective

The goal of PROCOS was to contribute to methodologies for the joint hardware and software development of safety-critical, high integrity, real-time, embedded systems by defining:
-methods for problem domain requirements capture
-a specification and a programming language
-a machine architecture and language
-a compiler from the programming language to that machine
-a suitable kernel supporting the execution of compiled programs.
PROCOS also aimed to design the formal semantics of specification, programming and machine languages, contribute to principles of decomposing the development of such systems into smaller, more manageable tasks, and develop techniques for ensuring the integrity and stability of interfaces between the different components of a system.
Programming methodologies were studied for systems that must interact correctly, uncorruptedly and in real time with an environment, no matter how that environment behaves. Systems software needed to support such applications (compilers and operating system kernals, for example) was investigated, together with principles and techniques for the development of provably correct software, ranging from the design of machine languages to methods for capturing the applications requirements.

Techniques for capturing the requirements for real time, embedded, safety critical systems have been clarified, and the proper roles of equipment and component systems engineering are becoming apparent.

A novel duration calculus for real time specification has been proposed, and its mathematics studied and its applicability tested. More conventional specification, programming machine languages have been given firm semantics, and several novel transformation rules between them have been studied and applied. A novel rapid compiler protoyping technique, as well as production quality compiler development techniques, are being studied and applied. Large manual proofs of correctness of compilation have been carried through.

Throughout the work, a better understanding has emerged of overall design techniques for interfacing the various components of complex digital hardware and sofware systems.
APPROACH AND METHODS
The approach taken was based on decomposing the ultimate goal into a set of subgoals, as outlined above.
To achieve these subgoals a theoretical study has been made of what is meant by the safety criticality of embedded systems. Insights gained in this study are being evaluated through individual case-studies of particular systems, such as auto-pilots, gas burners and railway systems.
The experience gained with these case-studies have been used to define requirements specification, programming, and machine languages with formal semantics. The soundness of rules for the transformation of specifications to programs and of programs to mac hine code (compilation) have been established. A novel interval logic, the Duration Calculus, has been developed and used to specify and reason about real-time requirements. OCCAM 2 with the Inmos transputer has been adopted as the underlying machine for programs and programming languages. Refinement techniques are employed for the verification of transformation rules, and a variety of other techniques for compiler and kernel development.
PROGRESS AND RESULTS
Techniques for capturing the requirements for real-time, embedded, safety-critical systems have been clarified, and the proper roles of equipment and component systems engineering are becoming apparent.
A novel duration calculus for real-time specification has been proposed, and its mathematics studied and its applicability tested. More conventional specification, programming and machine languages have been given firm semantics, and several novel transformation rules between them have been studied and applied. A novel rapid compiler prototyping technique, as well as production quality compiler development techniques, are being studied and applied. Large manual proofs of correctness of compilation have been carried through.
Throughout the work, a better understanding has emerged of overall design techniques for interfacing the various components of complex digital hardware and software systems.
POTENTIAL
The resulting principles and techniques will find use within the industrial production of computer-controlled instruments, in process and manufacturing (robotics) control, and in defence, as well as in the larger area of computer applications, where dependable, high integrity, safety-critical systems are required.

Fields of science

• natural sciencescomputer and information sciencessoftwaresoftware applicationssystem softwareoperating systems
• natural sciencescomputer and information sciencessoftwaresoftware development
• engineering and technologyelectrical engineering, electronic engineering, information engineeringelectronic engineeringrobotics
• natural sciencesmathematics

Programme(s)

• FP2-ESPRIT 2 - European strategic programme (EEC) for research and development in information technologies (ESPRIT), 1987-1992

Topic(s)

Call for proposal

Funding Scheme

Coordinator

Participants (5)