Provably Correct Systems

Research has been carried out in order to improve dependability, reduce timescales and cut development costs of construction for embedded systems, particularly in real time and safety critical applications. For the requirements phase, advances have been made in the application and extension of Duration Calculus by considering probabilistic aspects and the problems associated with hybrid systems. The gap between the requirements and the specification level is being filled by adding real time features to the specification language and also the programming language. A real time design calculus has been developed for the transformation of a specification into a program, using a wide spectrum language which encompasses both levels. The programming language has been designed to express assertions on the timed behaviour of programs. It features delay timing as present in occam and allows the programmer to specify upper bounds for the time spent for the execution of internal actions. A prototype compiler has been rigorously developed and partially proved correct. The compilation of occam programs directly into synchronous hardware is being investigated, using Field Programmable Gate Array technology. The proof of correctness depends on using a realistic model of the underlying hardware. An approach has been adopted in which programs are compiled into a normal form that is a very restricted subset of the high level language, but is close to the actual hardware in form. Trials have been made of HOL, the Boyer-Moore prover, Larch, Lambda, OBJ and PVS, for verification support. A ProCoS Working Group has been formed as a forum for a wider constituency of researchers in universities and in industry. Collaboration has been established with research teams in the United States, Brazil and Macao.