Skip to main content

Provably Correct Systems

Objective

The goal of PROCOS was to contribute to methodologies for the joint hardware and software development of safety-critical, high integrity, real-time, embedded systems by defining:
-methods for problem domain requirements capture
-a specification and a programming language
-a machine architecture and language
-a compiler from the programming language to that machine
-a suitable kernel supporting the execution of compiled programs.
PROCOS also aimed to design the formal semantics of specification, programming and machine languages, contribute to principles of decomposing the development of such systems into smaller, more manageable tasks, and develop techniques for ensuring the integrity and stability of interfaces between the different components of a system.
Programming methodologies were studied for systems that must interact correctly, uncorruptedly and in real time with an environment, no matter how that environment behaves. Systems software needed to support such applications (compilers and operating system kernals, for example) was investigated, together with principles and techniques for the development of provably correct software, ranging from the design of machine languages to methods for capturing the applications requirements.

Techniques for capturing the requirements for real time, embedded, safety critical systems have been clarified, and the proper roles of equipment and component systems engineering are becoming apparent.

A novel duration calculus for real time specification has been proposed, and its mathematics studied and its applicability tested. More conventional specification, programming machine languages have been given firm semantics, and several novel transformation rules between them have been studied and applied. A novel rapid compiler protoyping technique, as well as production quality compiler development techniques, are being studied and applied. Large manual proofs of correctness of compilation have been carried through.

Throughout the work, a better understanding has emerged of overall design techniques for interfacing the various components of complex digital hardware and sofware systems.
APPROACH AND METHODS
The approach taken was based on decomposing the ultimate goal into a set of subgoals, as outlined above.
To achieve these subgoals a theoretical study has been made of what is meant by the safety criticality of embedded systems. Insights gained in this study are being evaluated through individual case-studies of particular systems, such as auto-pilots, gas burners and railway systems.
The experience gained with these case-studies have been used to define requirements specification, programming, and machine languages with formal semantics. The soundness of rules for the transformation of specifications to programs and of programs to mac hine code (compilation) have been established. A novel interval logic, the Duration Calculus, has been developed and used to specify and reason about real-time requirements. OCCAM 2 with the Inmos transputer has been adopted as the underlying machine for programs and programming languages. Refinement techniques are employed for the verification of transformation rules, and a variety of other techniques for compiler and kernel development.
PROGRESS AND RESULTS
Techniques for capturing the requirements for real-time, embedded, safety-critical systems have been clarified, and the proper roles of equipment and component systems engineering are becoming apparent.
A novel duration calculus for real-time specification has been proposed, and its mathematics studied and its applicability tested. More conventional specification, programming and machine languages have been given firm semantics, and several novel transformation rules between them have been studied and applied. A novel rapid compiler prototyping technique, as well as production quality compiler development techniques, are being studied and applied. Large manual proofs of correctness of compilation have been carried through.
Throughout the work, a better understanding has emerged of overall design techniques for interfacing the various components of complex digital hardware and software systems.
POTENTIAL
The resulting principles and techniques will find use within the industrial production of computer-controlled instruments, in process and manufacturing (robotics) control, and in defence, as well as in the larger area of computer applications, where dependable, high integrity, safety-critical systems are required.

Coordinator

DANMARKS TEKNISKE HOJSKOLE
Address
Bygning 344 & 345
2800 Lyngby
Denmark

Participants (5)

AARHUS UNIVERSITET
Denmark
Address
Nordre Ringgade, 1
8000 Aarhus
CHRISTIAN-ALBRECHTS UNIVERSITÄT KIEL
Germany
Address
Olshausenstraße 40
24118 Kiel
Royal Holloway and Bedford New College
United Kingdom
Address
Egham Hill
TW20 0EX Egham
University of Manchester
United Kingdom
Address
Oxford Road
M13 9PL Manchester
University of Oxford
United Kingdom
Address
11 Keble Road
OX1 3QD Oxford