| Preface | p. vii |
| Theoretical Aspects of Real-Time Systems | p. 1 |
| A Discrete Model for Real-Time Environments | p. 3 |
| Introduction | p. 3 |
| Time and Events | p. 4 |
| Discrete Real-Time Systems | p. 8 |
| Composition and Decomposition of iDRTS Structures | p. 9 |
| DRTS as Algebras | p. 14 |
| A Model for Sequential Processes | p. 18 |
| Conclusions | p. 24 |
| Distributed Synchronous Processes | p. 25 |
| Introduction: Real-Time and Reactive Systems | p. 25 |
| Reactive Programming: Asynchronism versus Strong Synchronism | p. 28 |
| The Weak Synchronous Paradigm | p. 31 |
| CoReA: A Weak Synchronous Process Algebra | p. 32 |
| Abstract Syntax | p. 32 |
| Weak Synchronous Operational Semantics | p. 34 |
| Transition | p. 36 |
| Inaction | p. 36 |
| Case | p. 36 |
| Concurrency | p. 37 |
| Recursion | p. 37 |
| Congruence | p. 39 |
| Equational Laws | p. 41 |
| Brief Comparison with CCS | p. 43 |
| Application to Distributed Reactive Programming | p. 43 |
| Esterel: Brief Overview | p. 44 |
| EC = Esterel + CoReA | p. 45 |
| Towards Weak Synchronous Distributed Implementations | p. 47 |
| Protocol SB (Single Bus) | p. 49 |
| Application to Embedded Systems | p. 52 |
| Conclusion | p. 54 |
| A Model of Probabilistic Processes | p. 57 |
| Introduction | p. 58 |
| Syntax of PCSP | p. 59 |
| Domain of Probabilistic Processes | p. 60 |
| Operator Semantics | p. 62 |
| Simple Operators | p. 63 |
| External Choice | p. 63 |
| Parallel Composition | p. 64 |
| Recursion | p. 65 |
| Example | p. 66 |
| Testing Semantics | p. 67 |
| Probabilistic Tests | p. 67 |
| Simple Operators | p. 69 |
| External Choice | p. 69 |
| Continuation of a Process after an Action in a State | p. 73 |
| Conclusion | p. 75 |
| Modeling and Proving Grafcets with Transition Systems | p. 77 |
| Introduction | p. 77 |
| Grafcet | p. 77 |
| Graphical Elements | p. 78 |
| Temporal Aspect | p. 78 |
| Evolution Rules and Interpretation | p. 79 |
| First Modeling | p. 80 |
| Transition System | p. 80 |
| Synchronization Constraints | p. 81 |
| Temporization | p. 83 |
| Limits | p. 85 |
| Second Modeling | p. 86 |
| Construction of Basic Transition Systems | p. 86 |
| Building of the Global Transition System | p. 88 |
| Proof | p. 89 |
| Second Modeling | p. 89 |
| First Modeling | p. 92 |
| Example and Results | p. 93 |
| Example | p. 93 |
| Results | p. 94 |
| Conclusion | p. 96 |
| Focus Points and Convergent Process Operators | p. 97 |
| Introduction | p. 97 |
| Preliminaries | p. 99 |
| A Short Description of [Mu]CRL | p. 99 |
| Linear Process Operators | p. 100 |
| Internal Actions | p. 104 |
| Sufficient Conditions for the Equality of LPOs | p. 104 |
| Abstraction and Idle Loops | p. 111 |
| Examples | p. 117 |
| The Concurrent Alternating Bit Protocol | p. 119 |
| Specification | p. 119 |
| Expansion | p. 122 |
| Invariant | p. 124 |
| Abstraction and focus points | p. 125 |
| Verification Methods for Real-Time Systems | p. 135 |
| The Automatic Verification Using Symbolic Model-Checking | p. 137 |
| Introduction | p. 137 |
| Specification Method for Real-Time Systems | p. 139 |
| Specification by Timed Buchi Automaton | p. 139 |
| Generation of Timed Kripke Structure | p. 141 |
| Real-Time Temporal Logic | p. 143 |
| Verification Algorithm for Real-Time Symbolic Model Checking | p. 144 |
| Inverse Image Computation | p. 144 |
| DBMs (Differences Bounds Matrices) | p. 145 |
| Reachability Analysis (Test Timing Constraints) | p. 145 |
| Real-Time Symbolic Model Checking | p. 147 |
| The Verification System | p. 149 |
| Configuration of the Verification System | p. 149 |
| Verification Example | p. 149 |
| Specification | p. 149 |
| Verification | p. 150 |
| Conclusion | p. 152 |
| Property Verification within a Process Algebra Framework | p. 153 |
| Introduction | p. 153 |
| The Circal Process Algebra | p. 154 |
| Informal Semantics | p. 155 |
| Formal Semantics | p. 157 |
| The Methodology | p. 158 |
| Constraint-Based Modeling | p. 159 |
| A Temporal Logic for Simultaneous Actions | p. 161 |
| The Representation of Properties | p. 164 |
| Formula-Based Characterization | p. 165 |
| Model-Based Characterization | p. 169 |
| Discussion and Future Work | p. 173 |
| Synthesis Methods for Real-Time Systems | p. 175 |
| Verifying Real-Time Systems with Standard Tools | p. 177 |
| Introduction | p. 177 |
| Timed Transition Models | p. 180 |
| TTM Semantics | p. 182 |
| Real-Time Temporal Logic | p. 184 |
| An Example of a TTM | p. 185 |
| Translating Timed into Fair Systems | p. 186 |
| The Conversion Procedure | p. 189 |
| Verifying Clocked Properties | p. 190 |
| A Real-Time Mutual Exclusion Protocol Example | p. 191 |
| Conclusion | p. 195 |
| Beyond the Verification Approach: The Synthesis Approach | p. 197 |
| Introduction | p. 197 |
| Supervisory Control Theory | p. 199 |
| Preliminaries | p. 200 |
| Synthesis Procedures | p. 203 |
| Synthesis Algorithms for Totally Observed DES | p. 204 |
| Wonham and Ramadge Synthesis Algorithm | p. 205 |
| Barbeau, Kabanza, and St-Denis Synthesis Algorithm | p. 208 |
| Barbeau, Kabanza, and St-Denis Synthesis Algorithm (Safety Properties) | p. 210 |
| Description of the Experiment | p. 211 |
| Performance Study | p. 215 |
| Conclusion | p. 217 |
| Extensions to Formal Languages | p. 219 |
| Testing Semantics for Urgent Timed Process Algebras | p. 221 |
| Introduction | p. 221 |
| Syntax | p. 222 |
| Operational Semantics | p. 223 |
| Testing Semantics | p. 224 |
| Operational Characterization | p. 226 |
| Sets of States | p. 226 |
| States of a Process | p. 227 |
| Barbs | p. 228 |
| Congruence | p. 234 |
| Conclusions and Future Work | p. 235 |
| Compositional Model for Formal Development of Real-Time Systems Design | p. 237 |
| Introduction | p. 237 |
| Graphical Temporal Representation | p. 238 |
| Interprocess Communication | p. 240 |
| Interprocess I/O Operators | p. 241 |
| Interprocess Composition Operators | p. 241 |
| Synchronous and Asynchronous Operators | p. 241 |
| Composition of Temporal and Interprocess Models | p. 244 |
| Syntax of the Compositional Model | p. 244 |
| Temporal Semantics of the Compositional Model | p. 246 |
| Operational Semantics of the Compositional Model | p. 248 |
| The Simulation of an Inspection Station | p. 249 |
| Time Extended LOTOS | p. 253 |
| Operational Semantics of Time Extended LOTOS | p. 253 |
| Conversion Rules among LOTOS Operands and Interprocess Composition Operands | p. 255 |
| The Conversion of the Inspection Station Example | p. 257 |
| Related Work | p. 261 |
| Conclusions and Further Work | p. 261 |
| Tools for Real-Time Systems | p. 263 |
| RALE: An Environment for Simulation and Transformations | p. 265 |
| Introduction | p. 265 |
| Motivation | p. 265 |
| Didactic and Industrial Objectives | p. 266 |
| Scope and Limitations of this Work | p. 267 |
| Overview of the Environment | p. 267 |
| Overview of the PADD notation | p. 267 |
| Introduction | p. 267 |
| Mathematical semantics | p. 268 |
| Explicit parallelism and communication | p. 268 |
| Parametric abstract types and monitors | p. 268 |
| DD schema embedded documentation | p. 269 |
| An example | p. 269 |
| Ramon Llull | p. 271 |
| Prior Usage | p. 271 |
| Some System Forms and Transformations | p. 271 |
| Introduction | p. 271 |
| Sequential (SQ) Form | p. 272 |
| Communicating Sequential (CS) Form | p. 272 |
| To Connections Interface Transformation (T[subscript ci]) | p. 272 |
| Simple Cyclic (SC) Form | p. 273 |
| Structural (ST) Form | p. 273 |
| To Communicating Process Transformation (T[subscript cp]) | p. 273 |
| Communication-Extended Abstract Types | p. 274 |
| Algebraic Framework | p. 275 |
| Introduction | p. 275 |
| Equivalences for Parallel Communicating Processes | p. 275 |
| Algebraic Semantics of Communications | p. 276 |
| Time Interval Algebra | p. 277 |
| Methods and Tools | p. 278 |
| Documentation | p. 278 |
| Purely Communicating System Modeling and Specification | p. 279 |
| Simulation | p. 279 |
| Allocation-Mapping Transformation | p. 279 |
| Communications Simplification | p. 280 |
| System Refinement Based on CATs | p. 281 |
| Proper Monitor Elimination Transformation (T[subscript me]) | p. 281 |
| Conclusion and Future Work | p. 283 |
| Analysis of Real-Time Systems Using OSA | p. 285 |
| Introduction | p. 285 |
| Object-Interaction Models | p. 287 |
| Object-Behavior Models | p. 292 |
| Object-Relationship Model | p. 301 |
| Tunable Formalism | p. 305 |
| State of OSA | p. 306 |
| Conclusion | p. 307 |
| Algebraic Implementation of Model Checking Algorithms | p. 309 |
| Introduction | p. 309 |
| Algebraic Specification of CTL | p. 312 |
| Algebraic Implementation of a Model Checker | p. 318 |
| Structure of an Algebraic Compiler | p. 318 |
| The Macro Processor Generating Satisfiability Sets | p. 321 |
| Generating a Model Checker Program | p. 323 |
| Implementing the Macro Processor M[subscript Asets] | p. 325 |
| Conclusions | p. 326 |
| Industrial Applications of Real-Time Systems | p. 329 |
| An Automaton Based Algebra for Specifying Robotic Agents | p. 331 |
| Introduction | p. 331 |
| Related Work | p. 332 |
| Example | p. 333 |
| Our Framework | p. 334 |
| Elementary Processes | p. 336 |
| Composition Operators | p. 337 |
| Synthesis Example | p. 342 |
| Conclusion | p. 344 |
| A Three-Level Analysis of a Simple Acceleration Maneuver, with Uncertainties | p. 345 |
| Introduction | p. 345 |
| Hybrid Input/Output Automata | p. 346 |
| Mathematical Preliminaries | p. 348 |
| Assumptions about the Constants | p. 348 |
| Some Useful Functions | p. 348 |
| Function f | p. 348 |
| Function g | p. 349 |
| Function f[subscript 1] | p. 349 |
| Function h | p. 350 |
| High Level Specification V | p. 351 |
| Overview | p. 351 |
| Formal Description | p. 352 |
| Derivative Automaton D | p. 353 |
| Formal Description | p. 353 |
| Some Properties of D | p. 355 |
| D Implements V | p. 357 |
| An Approximate Result | p. 359 |
| Modifications to V and D to Incorporate Periodic Feedback | p. 360 |
| Modified High Level Specification V[subscript 1] | p. 360 |
| Modified Derivative Automaton D[subscript 1] | p. 361 |
| Modified Correctness Proof | p. 361 |
| The Implementation Impl | p. 363 |
| Vehicle | p. 363 |
| Controller | p. 365 |
| Impl | p. 366 |
| Impl Implements D[subscript 1] | p. 368 |
| Discussion | p. 371 |
| Interface Specifications with Conjunctive Timing Constraints | p. 375 |
| Introduction | p. 375 |
| Timing Diagram Specifications | p. 376 |
| Causal Partitions over TD Specifications | p. 381 |
| Compatibility of Realizable Timing Diagrams | p. 385 |
| Extension to Cyclic Behaviors | p. 388 |
| Conclusions | p. 392 |
| Experiments on a Fault Tolerant Distributed System | p. 393 |
| Introduction | p. 393 |
| The Experiment Context | p. 394 |
| The Modulor Project | p. 394 |
| Analyzed Mechanisms and Their Properties | p. 395 |
| Targeted Experiments | p. 400 |
| Synchronization Validation with Spin | p. 401 |
| Promela | p. 401 |
| Specification of the Particular Case | p. 401 |
| Generalization | p. 402 |
| Properties | p. 404 |
| Verification | p. 405 |
| The Analysis of the Detection Mechanisms | p. 405 |
| Validation of the Communication Strategy with Spin | p. 406 |
| Specification | p. 406 |
| Properties and Verification | p. 407 |
| Validation of the Local Detection with Kronos | p. 408 |
| Timed Automata | p. 408 |
| Specification | p. 409 |
| Properties | p. 410 |
| Verification | p. 411 |
| Discussion | p. 412 |
| Specifying Multi-Level Security for an Embedded Real-Time Control System | p. 415 |
| Introduction | p. 415 |
| An Avionics Real-Time Embedded Computer System | p. 418 |
| The TCSEC Guidelines | p. 420 |
| Security Policy | p. 421 |
| Accountability | p. 423 |
| Assurance and Documentation | p. 423 |
| Multi-Level Security | p. 424 |
| LOTOS | p. 425 |
| Using LOTOS in the Assurance Cycle | p. 426 |
| LOTOS Specifications | p. 426 |
| The Formal Security Model | p. 427 |
| Separability | p. 428 |
| Restrictiveness | p. 431 |
| Specifying Security of Networked Processors | p. 431 |
| TNIU Mechanism | p. 432 |
| Resettable Processors | p. 436 |
| A Security Policy Approach | p. 438 |
| Conclusion | p. 439 |
| An Algebraic Framework for the Feature Interaction Problem | p. 441 |
| Motivation and Background | p. 441 |
| Basic Concepts and Notation | p. 442 |
| A Method for Analyzing and Detecting Feature Interactions | p. 444 |
| Specification of Features in the Context of a System (Step 1) | p. 444 |
| Integration versus Composition of Features (Steps 2 and 3) | p. 448 |
| Derivation of Test Cases to Detect Interactions (Step 4) | p. 450 |
| Executing the System and Analysing the Results (Steps 5 and 6) | p. 455 |
| Conclusions and Research Directions | p. 455 |
| Algebraic Specification | p. 457 |
| Bibliography | p. 459 |
| Index | p. 479 |
| Table of Contents provided by Ingram. All Rights Reserved. |
