An Implementable Formal Language for Hard Real-Time Systems

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

An mplIementbae lForamlL agnagu foe rarH RdaelT-me iystSmsSteeen vrBdlaye Setempber19 59

Abs

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

rtactA rea-tliem omcpteu srsyte maymbe deamndd net onoly t prodouec corect rrselut, sbu talo tospr odce theusere ults stat e hcorrcte tme. If ihih gelelvsof a ssrancuear er quired ehtat usc requhiemrnest are mt,et hens andtar vder iacito ntcheinuesq,sch ua sestitn,g my aon bet adqeaute In. his ctae,s moerr gioruo tsecnhquiesf r oemondtrstingac rorecnessta erreq iredu, nd aforalm( i.. meathemticaal )methdso hveabe n sueggetseda sa naternlaivte otte tsnig .Terheare w el letsalibshe anadyslsi echtniuqs efo verrfiiny low legelv prporties of eeral-imt sesytems, minla yconcrned witeh hets chduelig on fprcossien agd ncomuminactonires urcoes .nforUutatneyl th,seeexi stni anaglsesy arer stericedtt o levale aiflyrc loseto t hes ytse implemenmatton, aind ahve id uclty n veirifiyg nhighl evl, eystes wime prdpoetris.e t theA toehr ne od fth ecales,m cuhwo r hak bees nonde onprovidi n agstrabtcm odlse orf relatim- syseems,t adno npoviringda htoretecai fralmewor kinwhi hc sytes miwd eervicat onica nbe a hicevd. Thise wokr,h oweev,ris often f ar rmoved feormthe mplieemnttaoi cnosidnreatios nwhic are hveyrim oprant tfro earlt-mie ystsem.sIn t his thseisI p ersen at ewn anlgauge,AORTA (A plpcaiiton rieOten dRelaTime lAebra),gw ihhca ism otbridge hte pparaent ap gebtewn heih legel absvtract eraosingn, ad nlw oelelvim plmeetatnio cnonsideartoins Th.e lnauagge s iretsritce td aollw odricet an vdrei abe imlpemenltatoin, whilst etarninig noeghuexpre sivsiy tto ige vdeign sslotiuns otor aelp orlebm. Simslatiuno nd madeolc-echink (gfomrlav eri atcin) aor descuisesda smeans to proivd aessuarce tnathAOR TA esdgni sstaisfythe r ihig lheev leqriruemnes. tmIlepenmattino etmhdo sar alseopr eentsd, bease od cndoege neariotna dnpr oescs umtiltakins, galngowit hanal yss whieh alcol wugaantrees abotut iimn togbe given Fi.nall, y faarmeowrk of rnciuldngi dta iatnot e formhl moadl eisgiv en an,di sues tdoint egrte aAOTARwi htVDM.

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

Cotnntse 1Intodrcuiot 2 Tne Hhad reaR-lime TPorlbem.2 122. .232.4 In rodutcion::::t:: :::: Re:l-atme isytsem s::::::: F roma mletohd s::::::::Pr evious adnCurr etnWo k r::2..4 Tim1edlo gisc:: ::: :24.2 T.iem dpocerssal gbersa 2..43 raphG-bsaedf romliassm 24..4Oth esr:: :::::::: 2. 5 oncCluisno:::::::::::::::: :::: ::: ::::::::::::::::::::: :::::: :::: ::::::: ::::::::: ::::: ::::::: ::::::::::::::::::::::::::::::::::: ::::::::: :::::: ::::::::::::::::::::::::::::::::: ::::::::::::::::: ::::::: :::: :::::::::: :::::::::::::::::: :::: ::::::::::::::::::::::::::1:3: 3 :4: 5 :6 9:: 1 0: 1:2 12::::::::::

3

An 3pApicatilnoOr eniet RdaleT-ime Aglber

3.1a Intrducotoin

:::::::::::::: :::: ::: ::::3 2 .iTedmPr cosse Agleras bor fDeisgn::::::::::: 3:. C3ncorte eySntax an dInorfmalS maetnic sfoA OTRA::3 3.1.A oMue sButotnD irev:: r::::: :::::: 3:4.F rmol Seaanmtis cf oOATAR:::::::::::::: 3.4:. Abstrac1 tSynax tna diTe Dmomin asAsmutpons i3..4 T2ranisiton uRel: s::::::::::: :::::: 3..43S maneits cfot he ouseM Btuton:::: :::::: 3 5 .ropPrtiees of AROA TrTasintinoSys emt s::::::::3 .6C ncousiol n:::::::::::::::::::::::::

1 4411 14621 22 222 30 5233

4 Exam5lps ine AORTA41 I.tnrductooi n:: :::::::: :::::: ::::::::::::::: 37 4:2 C.hmeica Pllnt Coanrtolle:::r::: :::::::: ::::: ::::: 3 8

37i

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

4. 3ar CCrusieCont rlleo r::: ::: ::::::: :::::::::::: 41: .4 A4ltreanitn Bgit roPocolt::::::::::::::::::::: :::: 64 45.C nolucison::: :::: :::::::::::::::::::::::: 50:5 Valiatido nna deVrica toi no fDeisnsg51.Introducti on:::: :::::::::::::: .52 aVidlaion bytS imlauiot: n:::::::::: .52. Menu1D rivn Semiultiano: :::::: .25.2 vEetn DivernS milautio:n::: :::5.3 Ver iaticn oy Mbdoleche-kinc:g:: ::::5 ..3 Tra1nlsatinot o Timed Gaprh:s::: 5. 3. Re2gio nraphG asd Mnodle-chekicgn .45 Cncoulion:s:: :::::::::: :::::

15:::::::::::::::::::: :::::::::: :::::::::::::::::::::::::::::: ::: ::::::::::: ::::::::: :::::: :::::::::::::::: ::::::::::::: ::::::::::::: ::::::::: ::::: :::::::::::::::::::::::::::: ::: ::::::: ::::::::::::::::::::::::

5 51253 565 7 8563 6 46Imp emlneatton Ticehiqnesu61. Itrnducoiton::::::::::: ::: ::::::::::::: .26I plmementng irPcesoess:Cod Geneeraionta dnA nnotaitnso6. .1 2rPocsesskel eont egerationn:::: :::: ::::: 6:..22 D ningea nntotaois:: n:::::::::::::::: .3 6ImpelmntiegnPa rlallism:eM luitastikgn:::::::: ::: 6. 4 mIlpeenmtig Cnommuicntioan: IO/ an dht eKenrle::::: .4.1 6xEernatl/IO:: :::::: ::::: :::: ::::: 65. Conculiso n::::::::: ::::: :::::: :::: ::: .7 172 .73 .74 7.5.7.6 nIrotucdton:i:::::::::::::::::: T mini gnAaysls oi Rfoudnro-ib nchSeduingl: An xaEplm eAanysli::s:::::: ::::: Tmiig Ananlyissof Proirty iBasd echSedlunigVer i actin oo Ifmpleemtnatois:n::::: ::Coclnsiuon:: ::::::::::::::::::::::::::::::::::::: :::::::: ::: ::::::::: :::::::::::::: :::::::::::::: :::::::::::::::::: :::::::::::::::: ::: ::: ::::::::::::::::

::: ::::::: :::::::::656 5666 66 87 74 279 9 87 18285 8 890 917Anaysisl adnVe i crtianoo fmIplmenettioan

8s1

Rea8soinng boAt uaDat

8. 1ntIroducitno:: ::::: :82.D aa tMoedlA suspmtois 8n3 Ex.enstio on Syfnat:x::8 3.1 C.mounimcaitno: 8.3:http://www.77cn.com.cnpu atito:n::

393 94995 9 59 6

ii

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

.8.3 3Data dpendeetn chico e:: 8:4. Enirhecd Sematnicsf o AOrTRA:: 8.5 Uins VgDM ofr ataDSpe ic atioc 8.n Co6nculsoi:n:::::::: :::::::: :::::::::::: :::::::::::::::::::

:::::: ::::::::::::::::::: :::::::: ::::

::::::::::::::::::

::::::::

::::::::::

:::::::::::::: ::::

:: :::::::::::::::::::::::::

::: ::::::

::::: ::::979 702 11069vaEulatoinof AO TAR9.1 9.2 .399 4 9.5.I nrtodctuoni:: :Eprxseivisy:t: :mIpelentamiliby traPtccilaity: : Conclus:oi::n:::::::::::::::::::::::::::: :::::::::: :::: :::::::::

10710 170 171 112 111710 ConluscoinA Proos fof heTrems B oPubilsedhW ork1191 3 115

0iii

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

Chapert 1

ItrondcuiotReal-tinme comuptres syems arte evr yucmh a par oft vereyad lifey. They cn bae oufdnin c ars,rtains,aero panel,s aswihgnma cihesn,tastoer, scemhcai plalnst, owpe rstatoins,eteplohe snytemss;a nwheyret athcom upetrsa e ureds o tocntrol ro itenrca witt hanen virnmone wterh etim ies ipomtrnt. aePple oahve bcoeemu se td ocmoputer, sna aldo st oteir fhllaibiltyi.No one hestiaet sto opin thte ngr ae ta coputemrwhic chauss a eank ebrror,ro hiwhcs ens adbil lor f.1p0,a dn etym nya eoplpear e elratveilyun oncecnerdtha t ebedmdd computeersare used inm roe an more daspetc so ofu rlies. v Aanbk eror rro illbc an b ecroecterd,btu hweera cmputoer is usde ot cnotol ar niacrratf, ro liae-suppoft racminhe, o arnu learcp owerst aiotn a,srieuos fultac na ahve nthuikablnec nsoquenecse.In s ch uasety-fcitrcali itsutianos c,roercntses sip aramonut,s o htequ stioe nsi how, ca nsysemts beb uiltto b mereor elablie E?vn iens tuitainoswh cihar enot asetfyc-riitalc,i tmayb ev reye pxnesvi toe chnae agde sign Be.acsu seoftarw eanc osea sil beyc anghe, deppoleha v egowr ancuctsmed too ma`itnneane'c ofso fwtra.e Tih may bs poessible fora p iece o fpyroll aostwfar,e f whico htherei sonl onye cpo, buy tor an febemded dystem, whsci ham yb predouecdm ililns oof imtes, hte cst oforecall is grae.tS oteh, evennf ror letaivel hyamrles embedsed dontroc lysstmse correctn,sse an csilltbe f ogreat mpoiratce.nH w, theo,nca nssytmesbe bilt tu beo ocrect?r tSanardda prpacohe, swich rehy ol netsitgna lone otd iscver eororsr,ae rawed. eTtsig cnnad emonstrae tncirorectnes,s bt notu corrcteesns .Tesitg nno tsio w isn arptciulrlaydi ucl to taplpyadequ atlye tocon torl sysetm,s hicw hamyha v milelins oofs taest .Wti hthei ntorudcton if timoni agsa ni pmoranttf acot, rerpordciubliity becoem sev

en mroedi cu lt,m aknigsu ci nte ettsngivi tuarly imlossibple. Enginees ir nome trrdai1

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

tionlaa ears,ushca srbidge biuldnig, erlyo nmahemtatialcan laysi os thf eporblme an tdhepr opsod seoultoi nt oigve sasuancrs thea tte hbrigde ilw flncuiot nrpporly.eA tlohuh tgests ouwdlals o b ecrareid ut,o no ne woold utrus a brtidg ewoheso nylguarantee fo itnegriytw sa hat tthe engneeirwho dsiened gt haiddr vie naf e cwrsaa rcoss it a,d nt siemee OKd S.uchc ndoemntaon ioft etsigna sina dqueaetfo rc onrto sylstms, ei csmmon omaon pgrpooennts f ofomar methlosd T.hyeinsi t stah tthe noyl aw yo teb srue hat t sysaemt i sorrectci st poove rhta tti is orrect, cie..pe rofrma amtheamtical naalsisy of the roblpmea d nroposepd soulton.iA fo malrd velopemnt wile lb emre oepxnseveith anan i nfomra levedolpemn,talt oughhsome ar ueg htatt ih cosst isoutw egheidby ht reeudcdecost o maintfnencae. fI xinga problem aft er he evtnte sin o statsifatocry,t he nt mia be thay ta fomrladevelopment, with is tnircaeeds assuarnce o cofrectnres, msa ye bhte olnyal ternaivtea aviabll. eD ireent leevs lf oforalmtiymay b echaeiedv:peraps ohlny th esepc catioin ilwl b deveelpoe formdaly; thledesign a dn odicgnm a yasolbe su bjetcto mahemtatcai laanysils; rope hras p aufll vyrei d eosuliotn n oevire d ahrwdaerwill eb ttematpd. eeVyr litlt exietsingwork o namtemahtcalia nalsyi os fraeltime sy-setsm eanleb sa ull vfer eidde vlepmeont, fomr pseic aciot nto mpielemnatiotn,to atekp ace,l ltahoug thhre ise mcu hwokr on hgihlev l seepcic tiao, and mnchu wrk oon ow lleel vanalsyi sfo impleentmaiotn.s hT aim ofethi s hetsis s io lintk teh two aear,sb yprviodnig praatccial fromal lagnageu hichwis am naelbe to ihh legvl efrmaolspe c iactoi nan vedr iacitno,and ey twhihcis veri a by imlpleentmble. The alaouy ot tfe htheiss fllows rooguhy the ltess pwich howul debtaken i n formaal eveldopenmt foa re a-limt eyssemt.C hatpre2 i nrtoudes thecpr bolemar ea an, dusvres ayn cdalsis see xiting swok ri nht aera oe formalfme hods tfor realt-imes ystme.sTh coneclsuois onfcha pert giv2 teeh motvaiton foir he ntw leagunga, whiechi dsen d,einf romalyla nd oframly,in lhcapte r.3 ighH evlela nayliss,th rugh oobh ftrmol avei catirn and oinofmar valldiatin oivasim lutaoi,n isd iscsueds ni chptae r5 C.ahteprs 6 ad n 7hte dnscerbiehow edigsns rwitte nni he newtla ngaue (AOgTAR) ca, neb imlpeemnetd ndaa nalsedy fro crroetcens.sT he frmalo nclusiin of odtaain toA ORA,T uing thes VDMno ttaino, i tse subjehc to chfpaer 8t an,dcha petr ev9lautesath eanlgageu,nad etss tii n arobadr ceonetx.tIn coclunsin,o hcaterp 1 b0re yir cepsa,an drpseentsar ase or fufrther orkw .roPof of sla lhtereom in tsh ehetsisa e prreentesd n aippednxi .A

2

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

Cahpte r

T2eh ardH eaRl-Tie mPrbloem.12 ItroduncionthTi shactpr esrveseas an intordutiocnt the area oofrea -time lystemss ad norfmalte chinuqe fsor rela-timesyst ms.eS ceitno .2 2gvies abr ei dfecsrpiitnoof what aerla-timesys temis,an destcon i.32 epxalis

nther levenca eof froam melhodts t othe reaa The.bu lk o fte hchatprelies i n sectoni2., 4hwihc ursevsypr vioeus ork wno suni fgoral mmethod sfro earl-itm sestymse,giv se ata onoxmy fot emh,nada sessess th esuitabliti oy fhted ie ertn aprpoahecsf rodi ernt stagees o thf eevdelopmnet ilfeccyle. Te hocclusnins draon fwom thriss uverya re ten hrpesentde ni sction e25.

..22R ae-tlmeisys emstMan yocmutep syrtesmsa e rreuirqdenot on l yt oedilvrec orertcre uslst,ut tb dolevie thors reesutlsat t he ocrrec titm e| schu systms era caeled lrela-ite myssets.mTh sees ystesm ae roms otftento be fo un dincon trol isuttaiosn,such as n an iutaomtaciwas inhg mcahien, ay -y-biwre ystse, a lmfei-uppost rmchaine,a ac rrabkni sygtsme,or a ni ndsurita pllan http://www.77cn.com.cn hardr ela-imt esyste mmust lawya seemt ti timins cgosnratntis,r aher thtanpr vodiin satgsifatcor yaevagre pefroramnc.e Mny aafets yciritca laplicptiaon, wshreec rorcte uncftionin gi sfov tai ilportmnceab caesu eo thfe hzardousa erusts lf oalfunmtion, caflli tn thoe cateogy or hafrdreal -tme sysitems;anmyof t h eapplciaiotn sarlaeydme tinonde owuldbe lacsi sdeas s faet ycitrial char read-tilm esstemy. sIt i smportint at dostiinuisg 3

h

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

ebwtener ea-ltie mystsmes and hgih erpfomancers sytme,sa lhotuhg osme eal-trie sysmtmes ma yrquieerh gh iperoframnc. eA ighhperforma ne scstyem imsplytr es to igetth oruh itgs wokras qickuylas po sibles, hweres a real-atmei ystemsm y haae tivmingr qeiruments ewhch iarenot imslypu peprbou dsnon c mpoletoin F.o ristannce, i twuodl nt oeb papoprriat for a etra lcihgtc onrolter ltoc ylcet horugh ts iilht gequesce an sqiculyk s aopssblei,or fo ra comm niucatinosp roocotl to erransmtti a ssoo an sposibsel after nau acknnowelged drts trnsmissioa. Alno highs epfrrmoancesy tems susalul yim faor ighhse ptossibel avrage perferomance, athrr etha ntrinyg otg auantee tre htme ibheviauo irna l caslse .hT use efotechn iuqe suchs a cacsheni mga imypovrea vrage eerfprmaonec bu, taymdegr de awosr tasceper fomanrc eadnmake naaylsisd iuctl. orF ahrdr ealtim-e sytesms t ii speridctailibt yo performafcn ewihc hs iimprtano. Ittis srpruiisngyl d icult t boe bale t ouagartne teath a compuerts syet wilml ive thg correec tersltus,an dt ih problsm es ciomounpdd wheen ite mebavhiorua so hal ts oe vebi er.dI tsio tefn te hacs ehat comtptureisedcon tol syrstem sar mest oasielybuil tus ingc ncourrencyt cehiquen, as di esrne tsaecpst fo onctrl hova teobe h adledn simutlaenosul.y Fr oerl-aite mysstem seningeesr,tishl aes td ohetprob lm eofveri yfni gon ontl yteh erfprmaocne in tmie f a osigle cnmputeor roprag, but meseval irtneactrig pnorrgam. Asso hert aspcets, sucha tse herilabliitya d npeformarneco cfopmuetr hrdwara,e ay mahe tv bo eocnsdireed,hetp oblem arera canbe extemrleyd untain. Fog rhtisre sona a,dn bcauee so thf einteesritgn hteroetcia lnad ethcnlooicalgc nosdireatino,sm thode sfo bruliingd era-timels stems yare curentlr yhe subtecjt ofi netnive rsseaechr. hTe mportancieof thsi rseerca hrea aisu dneiabnel a, msorea dn mre oaras oefou rilesvar e in euncedby comp tue crntroolsy semst. rAecnte investgaitioni not theT hrea-2c5m edcal iaccleretoa rsoweh tdat hiting mrletaedc mpoter ufailure s(maogno hter tinhs)gle a td optaeitsn ebnigs ujecbet do tamsisev, an idnsom casesef taal aridtiano oevrdose s6]5. iSimal errrro isn venem oret imec-ritcai lystsme,ss chua snuc ela ropwre plan ctontorlelrs,culdo lae todunth nkailb eresuls.

t23 .ormFl matehdsForoal metmhdosf or cmpoter suyset demigs nra easbde n moahtmetiacs,a lolwnigrig roous nadu nabigumosu escdirtiopn,s bet eyhs pei cations, cedignssor mo del sf iomlpeentmtaoni.s lsoA, the amhematical rigoturof poofrcan b ueesd i nhe tevirc tioano fcorertcnses .Terh are eseerav lraesons hy forwal mmehodt aser patriclaruly 4

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

usfel fuor raleti-m eysstme.s aFulstth atm ya ccuroin ush sycstms aee rnote asiy ledecttabl eby tstineg,an cadn beve yr d culi to retprouce;dfo rmal vri cetioa o ern sam roe irorogusa lertativen tot etisg.n lso,A occnrruncyeo tfe lenasd o ta nxeplsoon ini te hnmubr of etstesa o fasys te tmo poain betyno udsuali tnutiino, nd aofrmlatyi ca hnelpt eosurn ehatt n opssiolb stateeor s euqnce oefev ent is esrroenusloyi ngoer. Fdinall, iy f saytes isms fateyc-rtiiac,lt eh elev olfrel iaibilt yequirre mdya nlyo ebd elveiarbl by fermaolm etohd, sofr het erasosn aleady givren.24. Prevois una dCurenr WortkecRet intneretsi nf rmoalte hciqnue fos rrelat-ime hs agenretae dmnayway s o dfsericbin gerl-aitem sysetm,ssome of wh ci arehbas e don aelreiruntim de foramlsims .Desripcitno o fearltime systems- (nda al otler hcmouterpsys tme) sflasl intoth re eman ciatgerois:e seci catipn, doeigsn nad mdollieng T.is hcalsi satconi s iot nniversal una disla gelryc ocerned winhtth e xerpsesviiy oft angulgase,os i its worh tleboaartig on it snlghiltyb efreoo tuilinn gexitsin gmehodt sithwin hit framsewok. r Apscie caitonof a ral-temeisyst e demcribessho w ti souhd lbehae vin tme,i nd doaesn t poovidr any detail ef oowht hisbehavi ou srhuld be ochiaevde T.piycall yterh wiell be orme tha nneod esig/nmpliemntateio ntathwi ll astsfyia s epi catcion,in deedif th si i snt the casoe thn itei s iklleyt atht e hsysetm si oevrs peic e.d Asecpi ctaoinla ngaug, teehn,sohldu e bexpresivsee noghu ota llw eoonuh tg beosa ida oubta yssem to tgaurnate eis correttc ehbvaiou (rwich ihs usally uedtremiednby the nevronmeint witinh hicw the hssteym sit o oepatre,) hwilt abstsact enoruhgt oa llo somw aeras ef oebaviohu rotb elfet nupsei ec.dA desginco tnina esonghude ailt foa ystsmet indoicat heowi catnb e mpiemlnetd, enilcuing dowh ht eimplmeneattin ousmt peformri ntime.T ihsc na bedi c utla sth etiinmgde tals oi fteh mipelmntaeitnowill nt ob enkonw t taehde igs stnga. Hoeewerv, na itrative eparpochato im plmentaetion wllia lowl uger tsobe niludcd es athy beecmo avaieabll; ehe abtilti yt olavee som selcka, ucsh s aitmebou dns rthearth na eaxtc ugre si nte hdseing,maes kthsi

appraoh caesei. rA dsegni algnageush uodl b expresseiev nouge ht olaow alrea sonabler nag efo miplementtain techoniuqse y,e resttricive etonugh o(ri ncule ads uitbla reystictirv esusbet) t onsure etaht edigss cnna ineedd ebi plemenmedt.Fina lly a,modl efo are lati-em ysste smhulo dacuractleyr preesent ll aaseptc softhe be hviauoro fa sy tsm ewhch irae ofi netrets i(e. tho.s iecludednin th seecip ctaoin) .Tus, a mohed lf o asstye macnb e usdeto evifyrt e chorrectess nf otaht5

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

sstym eitw hrepsce tt iotss epi cctioa. n modAllieg nanluagg eneeds t boe expessrve inouegh t oesdricbe ht behaveiou ro fsam an dy erien kintds f sostyesmas opsisbel; htemai n easorn fo rrsteicrtng i amdeollngi algnuge ai tos allw auotmotic aevir ctaoni thta am deol asts ie itss secip acito n(mdeloche-ckin).g Som eformlisma are simedaat o e npsce ci esdripctoi anera,hilweo hers tty tropr oidev ageenar lfraemwrk ionwh ichmo r thaen noe o thefespro bems can bela proaphce (sduch noatitnso re saoetimems cllea widd-epescturml anugags).eA inmpotran cotniseradtoi fno a rormafl escdrpiito lnaguaneg s ihowv ei catroinc n aatk elapce i; otnehr worsd,wha ptroo fechtnquesi re avaalailb.eIt i sp atro fmy t hesi tsath amyn tmei dormalfissmdo ot nprovide dequateap rcaticl arpof otcenhqiesu.In prticalar,u tiem exdensitnsoto un timed orfalmiss wmihh acre usdea wsdeipsctreu lamgnugeas rey lonequ valeincs eandr enemetn fsr othir peroofte hcnquis. eTheesmethods do no atppae tro ieyl dpactricals lutionso t tohe rpolembo ffomar verilca itn ooft imin grquieemrens.tS cu ahpoin otfvi ewis abkcd eu pbyO stor 8]7, na tdh subeejc tiwll b exaemnie indm or deteilain cha tper3 . hTef ololwign ussbceions outltneit hemos tr elvaetn rceetnwo rk,n irogps uaccroind tg toeirh prsenettaoni r,thare htnath ire ues,a smayno tfeh froalisms mre anot aimde taa ny seci p care or araea. Sose mgruoipgnis base do n th naterueo fthem deol f tioe madotped,w th ito wimprtont propearits ebein gwehhet trehtim ed omin isa dscietr ore edse, nadnwh eher it utes sinlearo r brachingnti m. eA discetre tim domain esi cahrcateisredb yhe exitstenceof a` ext nitem, 'te nhturaal umnebr s0(1,,,..2 bei)ng tehusua l xamplee Dens.e imetd oaims, nn toeho het ranhd aer sch uhtt aor anyft wo gveintim e sherteex isst noaterht iem avlu eni ebwtee ntehm t;h ertiaonlanum erb asd thn erale unberm sboth ofm drenestime dmoansi .hT noeiont o lfinaer evsus brrachnnigti em omedsl si mostim poratnt of srpec catioin langagus,e whre ealin era imt modeela sumess hattf r oaechrun o f he tystse mtheer s oniy lne possiobl (temeid) esuqnce ofe event, sad n barnacinh gtim modeleall wo forsmo reth naon epo sislbe bhevaoir. usAw el ls clasasiyfin tgeh arvoiu sonatiotn sad netcnihues, somqe ocmemnsto nheta ppiclablity ioft emhto psci catieon mo,ellingdand de isngar egiev, nla lfo whic arh emyow .n nA lterantivae eriewv fo ofmra lmehtdos fo rraelti-em ysstemsi sgiev bn Osytr o8].72.4.1 imTd eloigcsAt iemd logi cealsdwit h item sdqueenc

es f eoevnst r stotae ofs as syet, mand my alaol wuaqnit aciotn verobe haviuro sfo thatsys em. A tenstnece f ao tmid logeic ac benus deas spaeci acion forta tmeids ytes:m te hpecs citaoi insmet ift he6

s

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

tteametni srte uwen hiternprteedi na m ode olft ehs ytes mimlemepntaiton .omSel gicosa lowls peic aticnos o beta uomatitclal yceckehd fr a sysoemt u,sni so-gallec moddl-cehcekni glagriohmts. he eTistenxce ofa moeldch-ekicgn lgaoitrmhf r a oolic ig as d niet poiet innt he ogil'scf voua,ra lhtuoh tghi smayimpose sme oretrsictoisn o ntehlo igac langlague. onN-atomatiu pcroofsy setmsfo tremoral lpgoic s84]mayals obe of su.ef or temopra loglics whch Tie way hni whcihsta te soreve tns ra edscribeed nd athe wya in wich hite mis handel dariev fsro lomic tgo loic,ga well ass hte mdole fo tme uied si(.e.d isrctee ro oncintouus,inlareo brrnacing)h. Mayn itmed loicsg re basade on eistingxt empora llogci,swh cih raenot i nengealrt ied, but mdaelo nyl iwht teh roedinrg foev etsnwi thnia ebahviuo. Crmpuotatoian trlee olgci25,]usaully abrebvaiedt ot CL,T si sucha t eporma lloigc which ses u aranching tibemmo del,which has giv ne ires ot itmd legois sccu hasRT CL 32] T(wthi dicsert temi),e nd TaTCL1] (wit dhesnetim e). roPosiptonail teporalm olic (PgLT) isa smilir lagio, bcasdeon a lieanrtime mod e lwhihcha sisniprde RTLT 97, TPTL]3]nda XTL C64],al l fowhi h csue adisrece ttime omde. Sloe misdusciso no tfehe logics ssigi ve nin 3, 4,67 8], na althoduhgthere a reso meim orpatntdi e encer is nte exhrepssvieenss ad conpmlxeit/ydcedibialty if oatsisa blitiya ndmo dl-ecehkcing,het yavehm ay nomcmn foaeutes.r Similra lgioc sxiet shwchi allw ouqnat caitoniover exp liitc itnrveal so fime tiwhtn aibeh viaoru, icnldiugn SIL4 2] (inelr aedne timse, a) enxension of tTC Lwthi tiemi netralsvby Lews i6] (6iscdrte erbanhcni tige)m,an da n inetrva llgoi bcy eMliar-Slmith 68]di(scree lintea timer. An)othr cemmono untimde emptorla olgci,itwh a rbncahin gtmei omdl, ies ht eodmla- cacluus l16,]a ssud ebyt h Eeidnburg hcncuroernyc wrokenbch2 7. E]txesnois nto nicudel tmi ere aigen inv 2],6w hih csue sad sicrteet im eomdl, aedn ni 2],0w ihch lloas wa ensedti me omdl. Botehof these log cis suemode ls basde n tomed eixtenionsst toehp ocrsseal egrabC S C07.]T ROI 8]3 i sabranc hig nime tetpomrallo ig cwich chn baeus e wdtihd enes,dsciret,e or nie time tomadis. nheT mot sinetrsteignp int oabuotth s lioigc s ithta i thfe imetd omai insn te itehnl oicgsp ci cateinsocan b exeeutced. iTem tdmpeoalr lgocsia r ueefsulfor psceiyfin greal-tie mystesm; they sare eprxesive sneough t soatetmost r qeiuermntse a,lhtugh osmeo of hte maerd ic ltut o eardan d rwiet A .tepomarl ogic slepic ctiaonw li noltu sualy gliv tehewh oel beahvouri of ht esystem, bt unlyoth seofe aurest hwci arh econisereddi pmrtonta .ndeIde, t isid culitt od seribc a eysstm cemolpeely tnitem orapl loicg w,ihhcm aks ehtm eunsitued t deosinga d nmdeolinl.g E(excutbale tmpeora lolgics suh asc7

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

TIR

O 3]8a e used rorfvalid atinoof sp ce icaitonsr therathan d segin orw.) Thekr ear other eimtd elogciswhich d ootnf ll ainto the acetgoy ofrt meorapll ogcis,butcan e useb in davriosuw as ty soepcifyor d esribceti em sydsemts.R T L54 i]s al oig fco expressrng itehtim s eat wichh occrruenec os efvensto cucr a,n dha seen usebdi ngviin tghe foralms eantmci ofsMo decahtr 53]s (esese tcon i2.4.4)an d orf inlucdnig tiinmg inorfamiont ntoiZ psceica iotns 43 (]asl onis ceiotn2. 44)..Te hnciqesu ahv elas obeend eevoled fporc hceing sakfet condiyiont os fRT Lpsec ictainos55].T eh urdtaio cnacluls us baied sono cucrrneec asdn englthsof intrvals, eathrr ehant evetsn a,dn hs abene ued fsr ogiivgnt e hfroalm semanits ofca la guagen ismlar toi imedt SPC 2]2.The se tw olgocsiar emanliy nitneddea ssepc iacion to mrdoellngi laguages na(si ndicaedtby htierus e n igving firomla esantimsc2,253 );] i it sd cuit tl seoehow t ehyco uldbe used s daesing lnagugea sin ther oiwnrig h. tFinlayl,th er eaert iedme xtenisos of Hnare loogic which,igvea spce ictiao nsa per and-p st-oocditnoin sncliudngiti e mniorfationm Re.n eenm rtuls ereag vien hiwc hlalo whe tedisg pnrobem tl oeb brkeo nowdni tn otsps.e Soemwor k si baes odna de signl nauageg smiialr o timetd CPS5,152,]ad n eorsa complet e cmopostionai plroof ystem.sT e hman idawbarc kitwht hs iwok rs ihta the ltangageud eosno t yeid praltccilal iypmlmeetnabe deslign. Is n5], a 9imtedHoare loicgis used nit eh evelodmepntof Al olgl-ke iproragsm whi,c hs imreo rapticcl,abut d eo sntoa llwocon cruenryc .nIg enera, litmde loics gre uaefulsfo r pecsi actin. oTiedmt eporal lmogis ccnnaot esaiyl e ubedsfo mrdeolilgn, butt eh yodo ftn ehaev uatmoatc iomeldc-heckinga gorilhtm, whish mackes th evri cateoi npoblrm eaey isnprin iplce T.meid oare logHis acr elsoa usfeu olny forl pecs ictian,oand al tohugh hety d ootnhav e moedchlcekign lgorathism, th menuaa lprof soystmeswh ic aher availbael ae raeseir o ust etanh htos foertempor allo icgs. Lgioc suchsas RLT an dte hduraton caicllus uar aimeed a tmodleing lan dspce caitoi, ns aoe rt sooemex etntw di-sepcteur lmngaugeas;th derauitnocal cuus is lsue tdos hwo he eqtuvilaece nf two ologcil expaesrsons, iwerehs RaT Li ususall onlyyus deat o nel evle o fastbactior. nNon eo tfhe tmiedl gois cdsceibred eher ae rsituabl fer oesidgn, a tshel nagages urae tooex pessirevto gua rnateeimp lmeenatiblty,iand it i sid ult ct odn retrscitoni sof het alguangest hat ra eipmelenmtbla. eTiedml gois caer mor cemoonlym sedu or fsecpfyiin grpoerptis eof ystsem gsvine n itoer lahnugges;ai nparti ularc, tmei pdroecssa glbresaar eoften us edin onjunctcon iitw hitmedt mepoal lrgoisc,ndaa redis csusdein the nxet setcoi. n82

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

.42 .imTe prodesscal gbersTah eheoty rfoun tmid peroces aslgebras s iuqitewel developeld w,ih t aargn efo poofr ethmdos adns ftwoae torolssu pportig tne thheoy.r Theth ree mia nlaebrags re aCC 70S],C SP50] and L TOSO77], acheo fhwich hs ats iwn doistintcve ihcarcaterst

iic. shTy ehaevbee n sedu for spcei ctiano,omelldni gna ddsegin,suignbis mulitaoni sa hte amn pioof techniqur ferore altig dnie rnte elvels o abftrasctoi.n Moel-dhceckingh as las boeena ppildeto pr oessc algeras 27b,]so htata mdoe lo drseign ca nb veeired wi h rtepecstto temporalalog c ispei cactio.n Tiemd ropcss aelebrgsah aevbeen nitroducdet otyrto ubil odn tehsu cces so tfher uitimnd eounterpcrast,allwiog nhte tceniquhse hat thve waorkdew el lfo rnuitmd seysems to te bpalpie td oealrt-ie mrpboles.m May tinmd proecess agelbra srea exlicpilt basedy n an outniemd alegbr,a ltaough therh aee ra fe whatt ahe bvenedev loped erofm srctach .On oef he matni clsasic aionst f oropcse slagebrasis bas d eo nhe mtode ofl item doptea,d whcihm y aethirebe isdretce rod ese (mosn ot tfhe alebrga whisc can hseu danes teimed omian ac nlso abeu sde wthia dsircte timeed moani).Tim e cna e bnitroudec idnan y f otreehwa s, ystrylb yallowignexp liictt meidelays t ob enicludde s a saeparat ceosnrtuc,ts eondcy bl atytcahingt meiin foramtio not n aatico pnerx fo r cmomuicntaion, nd ahtirlydb yint odruing act meiou-toper taro .lA of thl aegeblras metinoed nehe rus one oefth erst wtowa s,ya d nomse su eteh thri asdwe ll .iscDetre ime prtcoss alegerba fsla intoltw octaeogrise:t ohsewhi c halowl only noe(po ssbilycom psoie)ta ctiont toke plaac epredis rece utni tf oitme, an dthsoe hiwc hahv eadis tignuiheds tic akcito nto erpersnett h epssaaeg fotim, elalowng mainy aciotn to satk elpac between ticks. Ie 70]n, tehl anuagg eofSy cnrohnous CCS(S CS)Ci s nitrodced us an audenlryng aigelbra forCC Snad anm oyter hutnime algebrda, bus ittc na aslob e cnoideserdas a imetd lgebaar,w iht ll praocesse psoceedinrg i nock-lste, pwhere aec steh takpe snoe uit onf time. sA SCSC aws nt deosginde a as tiemd lagbra, ehettime c ontsrucs trae crude, sinu a pger xotr epresntea u ni ttiem delya. ach Eproess mcus ote ra acnitno at eahc stp,e witht eha tcinso of achep aallerl ropesc csntrobitinugt o theco mopsiet ctaino fo teh holewsy stem.A othnersuch a lgbera is CCS 36],R hiwh iscs rotngly n iunecd bey CSS, bCutal o hsa prsiritoes isascoiaed tiwt ahtioncs .imiTn gnifomatrioisn nitroucde idn CCS Ruisn goen moonitlhiconcstrct whucih cna ebu esd orf elaysd,ti em-utso na idnetrruts. pCSR Csiused n i aevi crtian teocnhique clladeCSR 37] w,hih cigvs eintepreratitns of hogi-levhler ale-itm proegrammngiocsnruttsc9

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

inte rmsof CSC,R hewn amde inot syatsemus ign a cno gruaion lantugaeg .Oher tdsirceteti me alebrgsau e sad stinguiiheds itkc atcoi no trerepenstt h pessaaego time,f wih tneou nt io tifm paesinsg ofre evyrt ckiac ion ttat hcours.cI 6n]3 tiaed mxtension ef oOTOS Ls giienv,w ihhc presrevesup wra docmpaibitliy wtth LiTOSO sim;lar ietexsionsn,wihh co notd etainrco mpaitiblitayr eigvn eot CCSi 6n2 a]dn in 4], 4wihhca sol niludes cpobrbilaitis icformatino.nO htr veesiron ofsti ed LmTOSO n 11i 12], w(ich ihntroucd eexlicitp tmire)s,a dn8 9](whih ctatahce stmiei fornmtaio ton actiosn) se duicrsee time,t athougl hhtye o notd su eatic kbsedas eanticms A.ll treh eof thesepa erp sesdricbe aglebas rhiwchallo intwrevals ofti met ob e spce idefor ht eaaivlabilit oy actfoisn, btu teyhdo n toall o wnyatim e nndeoertmniis mo te inbtrdouec.d TA P75,] hwci hi nots bsad oen ay narticular untpmie daglerb, awa osigiralnly d nee with da isdrcete seanmtcsi,utb wsala treada tep tdo laol wedns teie 7m4] A.glbera shiwh calow tlehuse of ad esne itm modeel afl lnti otwom in argous: thopesw hch initordcue tme iybat tchiagn nfoirmtian too aticon snadth se wohchi uese xlipit tcme dielys. anItrvels ao tifmeo ve rhwicha ticnsoare a aviablela e uresdi 2n9]and 2] wh4ile aguer or`fintrenl araeranremgnt'et ie msiu edsi n100] T.eseh hrteeal gbearsa re ll extaenionsso CCfS,s aar 71e,1 10, 104, whi]c hue time deslysa . Atmiedex etnsin oo fSC Pwihhcu essd laey sad ntmi-oeus its iveg in 9n], a3d n69] dsercbis LeTOS wiOth tim edleya, slang witohpr boabilsticiinfor maiont A. genearlti me xetneisnot oAPCis gi evn n 5i,]hich wsue ans niteragito onerapor tt inotoruce dcoicesh voer tie, mnad 9]4ou tinlse anew lgearb caalld ePATYR whci uhse stmi deelaysa dnt mi-eouts.U ntmie prodcessa glbers ahave eebn sue das wide spetcrmu algungae,s uisngbi smulaitio nsath eproof tcenhqie ufro eraltin gdie rnte lvelse ofab traction. Unsfroutanelt,yti md beisimluaitons do nota pepra o bte a susfeu,l ast eh levelo dfteai ol ftheequ ivleane csimuch h gher i78, so] itemdpr coessa lgebrs aaer otna sus fulein hti srsepect. hTs poiinthas n tobe ne dadreses db they tmed irpcosesa glbraesm entione dhree, whch iraes tlliaime dta ebing wde isecptumr lnauagegs .Timdem deolche-cinkga golritmh shaveb een edelopev wdihhc aymb em roeuseful 1], a lthoguhthe cmolpxetiyo f hetes laogriths,ma dnthe nubme ofrs atetsin a timdesys em, tma rynede rthe miprmctaiac.l

.2.4 G3rap-bahesdf roalmissThmi sroupg ofwo r ksi bseadar uon dhtem thametiaalcco cept ofn a raphg,tath sia co llctieo (nst) efo ndeo sro vrteceis,wh ich ma ye bconecnedtp aiwisre byedges .01

G

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

aprs hacn ebus ed o mtoeldth e exeuctio on fa omcptur systeem b yrpreeensitg tnh setta eo tfehs ytsm byea nodeo rste f ondoes,an alldoiwgnt ansiritosnb eteenw satts edepenindg n toe hegdse wihc honnectc ht neoed.sThe cl ssiac exmpleao fag apr-bhasedf romailms isth e ePrtin te8 2,] hewerth sette as reprisentee byd ht eidstibruion tfot konesa mong hte noed (sreerrfedt os ate hmarkng i),whi ch aymen bleao rd sibae lvarousi rantistino betswee snatest. Te(chicanlly seapkignt e thrnsitaios ofna P ert niet shuol dasolbe cons dered ai nodss oefa raphg, ubtthey c nabe onsciedredas co mponu ddgee.)s iTe mca bne nitroudce idtonPetr i nest by lpcian lgmiisto nwhe n a toek nmy eaablne a rtasiniotn o,r no hew a nrtnsitaonimay re aferth ving baeene abled, on rno owh oln gatr asniitn otaeskto reonc esatretd. nI9],upp r and leoer woubdsna repl ace ond oh lwong atra sniito maynbe e nblea bedofr rine,g whiel6 4] pus tgrues o nhow ongl atansriiontt kas to cemopetel nceoi starts. toth Bnaeling bimest adn omcpletin timeos are ued is 9n]1,whislt1 2]a dn 33]inlcue dents wihc can hpale lcmitiso n ht ege oafa otekn.A di rent eppaoachr i stkae in 72]n wher,et h rein gtmes arie modleeld s ranado marivblaes yi,ldieng probaabiiltisc naaylssib aesd o Markov cnahnsi. hTeuse of ime wttihn griahpsi s ot resntircte todt iem Petdir ents an,ds moe thoeres iahe viclnueddti emf ormth eo tseu.t wT oschutheo iesr avh beeenus e wdthia tied tmmeoralp lgoci:model-hccekign in CTL Tsesua vers on iof imtd ergahs 1], apdn RTT LsuseT MsT( imed TTransiiont oMdle)s for eprerestnngi sytsms 7e]9. Comunimcatig nealR-imTeS ttae Mchaines( RSCs)M90 9,6]us a geapr-hbaed sntoatoinf r oeca oh fhtest atem-ahicens n thi sesytm,eb tut eh rtetamen to af hwoe lssteym s mioer loscel reylted aota ropecs algesrbaa ppoacr. hafSet yhecckign o fTR Lformlueaca n becarri deout usi n a graphgthe-ortie caprpocha 5]5, ut bhte grphasuse dhre ere used tao mdolethe con srtantsi laped onc hte sytems rater hhatnth esy tesm itslfe. Gaprhs ra ei negnearlo nly usd feo syrste modmlelni, ga tshyeco tnia noo tucmh edtalid iefonrmaiotnfo ru e as saspe ci ctaoinla ngague,an dlaowl trustuces rhwci ahret o goenerl taob e imlepenmted, artpiuclalr yi a cofcnurrnte milepmenattinoi st bo efoun. drPoo tecfhnquise forg rahp are ssuaullyb aesda ounr cdechikgnthat creati unnedisrbales tate sae rotn earched (eachraility abanysils) ro hatt a mor geeenarl etmproa lofrmla is uastsie .dF r thoese ersano, stimdegraphs ofs moef orm reaoft en seu ads nain etmrdiaeet tse pwhen erivyfngia d esin. This gparopahcis aopteddin 75,]wh eer ap rcoessalg beart remi s ransltated ntioa t imdeg aph,rb eofe rsuni ghetres uls ot f1]o verity itsf ocrretcnes wishtr epsce tto atime d emtprola11

lo

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

ig spcci cation.e24.4.O hetsrtOehrt ied mfroalmims sxest whiih dco nt ofal lnaelytin oto e ofnt e abhvo eatcegrois. etatecShrta s58 4,5]ar e, sat hey uggset, sast teaba-sde garhpcai flromliam; hseirarchcal aid ncomosptie satet masy ebd nede, an d saalm lamuotn f tiomnig infroatmoi nmay eb icnludd. Medecoarthsare na xteesnoin toS ttecaarts hhiwhcal ow mlore itmngii fnoramitno o be tniluced,d an thd eesmanict sfo Modeharcsti sd en d ine temrs foRTL 5].3Wh ilt usesfu flromo elldig ann do stmo exteen sptci eaciton,thre es liitlet viedene tcat Shatectarhs ctna e ubse fordp rovdiign n aimpemenltaitn ohichw sats esi imitngr qeuierentsm S.oe womkrhas b en donee n oxetndeing Zt ionclduetime . I n2] te8moprl altaitcsear ede n edt o intodure ctmini ignfrmotiaon, hiwlst n i67 pa]rita flnctuoins fro timm eots taet aseru sd. Twoe ppera sy bFdigear ebaes do Zn, rslt y34],wich lhniks wZth RTL, ind seaconly 35d, w]ihhcde crsies how thebZ re nmenet alcuclsu an becada pedtto niculed ime. Z tha bseen uccsessufll yuedsas a pesi cctiano alnuage,gan dt esh eatemttps o talow lspec iatcio nfo timig nrqeuremietns may als provoe suefl.u Howveer t,ehi mlepenmtaitno

ofZ sepi ccaitonsha srpvoed dic utl itwhou tth ee renemt cnaclulsu w,ichhca notn ucrentrl hyndaelco cnrruneyc .DMV ha alss beeo exntened, dt oncluid boetht ime and occnurrneyc b, tye hadidtoni f sooem CCS ocsnrutts wcit himt e9]. 9lAthoguh uefuls orfs pec cation, thire aeern oaavlaibleproo f methdosf ro imtng iropertieps I. 94] TAnMi sin trduocde with, a procsse ageblarl iek anglage anu adre emenn talccluu.s Hweoerv th,ere enmentcalcul u sresentpd heerera iesssim lairpro blem tsot osehas soicaed tiwt thied bimsiulmtiaosn a, tsh teim beeahvoiruof r end sesyets mmus be tdeniicat.l

.25 oCcnulisnToehb uk olft hi shacper htasb ee natke np uwit h ausrvyeo ff omra telhcniqusef orspe c ciatoin desig, nnda modleilg of neal-timer yssemt.sA p aarlel lsurev, yn toh esujbct oe frea-ltimes hecudlniga ndc oe tdmingi etchinqesu, oucdlal o shaevb eneg vie,na s n inatodurtcio no matthematial cectniqheus of tre ahanylis sf reol-aite mmilepentamitns. Thio wsork,hweove,rg enearlyl dela wisht lo lweev conclrens, nda desono talowls stem lyevlep orpetirset oebv eir d. It ei she tomcinbtaoni of lw lovee anlaysls tiehciquen swthif roml aetcniqhue ssuhc sa havea rlaey dbee dnesrcbie,d which i sth esubjetco fhti stehis.s12

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

Gievn th maeny xiseitgnt chenquise fo rormfa devleolmpento f erl-tiame systems jus rtveiwed,eit ighm attrs apptera tath hete ris ilttl scope foreorig ialn esearrc hin th ereaa .Hweover,ma n of yteshef romliams hsvea eeb ndveloeped s exatnesonsiof ntiumdem ehtds,owith uo tocsideratnoi nof hewhert r ontot e techhiqnus etaht ra eseuul fof unrtimd sysetemscan e ubsefllu applied ty reaolti-emsyst es.m Smoel nauggas aei mfo maxrimm euxrepsivitys,itwhutoex aimingnt h iemlipcaitno shatt tishh a sof imrplemntaeilitby na dedicdabliity fov ri cetaon.i Ohtr aeprpocahes aadtp utnmedi poro ftcheiqune wsitouh examtningit he applciaibltiyo f teseht ehcniuqesb y ayw f oexmpals. eheT reults of heste wot partcilar puheonenm ai tsht taehre sia egnearl lakcof rpactialctechn qies for uevira lby imlepemnitgnt hef rmolal dy ened ystemss,due o tnaiprporiate plnguagas or preofo tchniqeesu .I its thislack of co tinuinytf rmohig hl-vel speei cacito nt oimpleemnattinothr ouh g aset f vori able stepesth t aofrmst he ofuc sfo hit sthsies M.ot osft e hork discwssude n thii shcatpr coenecntarteson high-le vlea sects, sopth eam iint eh fllooing wchaptes is to rrepent aspract ial fcrmal oframeork in whicwh to ubid vlrei alb erae-lime sytstems.

3

1

A real-time computer system may be demanded not only to produce correct results, but also to produce these results at the correct time. If high levels of assurance are required that such requirements are met, then standard verification techniques, such as

hCpater3

A ApplnciaitonO riente Redl-TameiAlgeb ar.3 1ItrndoctiuonoFllowig on fnrm tho ereivwe foex isitn gfomal rethnicueq sfr orae-ltmies ytsms,et ih scapthe devrelop a nsw elgabre,a ARTA (OpAlpiatioc OnrineetdR ea lTim eAlgeba)r, hwihctr iest o ddaessrso meo fth epr bolme siendt ei indc ahterp 2. hTeb aics ppaoach taren iksth a ofta t ime dproecss algber,a sose tico n.2 d3sciusses te hdvantaaesga d nlmitiatoni softi edm rpocse slgaerbsa a dessin lgagnuaeg. sSeciot n3. 3itnrducose the occrnet senyatxo fAROTA,and

proidevsa enplxaantin oofi ts nititiuv meeanin, inglcdinuga decsrpiitnoof a omue bstuot dnrive inr ORTAA. heTf oram lseantmci sfo ORAT Ais igvn ein scetin 3.o4 al,nogw thia nex lanapitn oo fhte esantmcsi f toe mouseh bttonudr ivre S.me proporeitseo ft e trhasniionts ysemtsw ich hamke u ptehf oral mesamtins cae prrsenetde inse tico n.5, 3nadsection .63p reenss tte cohclnsiuno sfo te chhatpre. Much o fhte wok rfose citnos 3. a3d n.43o ftihs hactpre ah seben reviouslpy pbluihed 15,s 16.]3.2T iedmP roecss lAgbrae fos DrseginTime drpocssea glerba weres erivweed n siectino2 4.2. w,ere hte hopnt iaw msda thate mayno f tehalg bres aerl yont mid ebsimilatiounas arpofo ethnciqeu, depsit a ealkcof veidenc efot e usheflunseso fhit sechtnque,i na sdom indicatioens t toehc onrary.tIn basimuiltain ao reatlio ns iame debtween ertm shwci haveh ht sameeb hevioaru, nda in taiem dbsiiulmaton rilateedt emrs usm tahv teeh ams beehavour 1i

4

本文来源：https://www.bwwdw.com/article/d3ji.html