Abstract
A system is one in which the timing of the output is significant [195]. Such a system accepts inputs from the ‘real world’ and must respond with outputs in a timely manner (typically within milliseconds — a response time of the same order of magnitude as the time of computation — otherwise, for example, a payroll system could be considered ‘real-time’ since employees expect to be paid at the end of each month). Many real-time systems are embedded systems, where the fact that a computer is involved may not be immediately obvious (e.g., a washing machine). Real-time software often needs to be of high integrity [10].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
B. Alpern and F.B. Schneider. Verifying temporal properties without temporal logic. ACM Transactions on Programming Language Systems, 11(1), 1989.
R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD Thesis, Dept. of Computer Science, Stanford University, CA 94305, 1991.
R. Alur, C. Courcoubetis, and D.L. Dill. Model checking for real-time systems. In Proceedings 5th Conference on Logic in Computer Science. IEEE, 1990.
R. Alur and D.L. Dill. Automata for modeling real-time systems. In M.S. Paterson, editor, ICALP 90: Automata, Languages and Programming, LNCS 443, pages 322–335. Springer-Verlag, 1990.
R. Alur, T. Feder, and T.A. Henzinger. The benefits of relaxing punctuality. In Proceedings of the 10th Annual ACM Symposium on Principles of Distributed Computing, 1991.
R. Alur and T.A. Henzinger. Logics and models of real-time: A survey. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
Rajeev Alur and Thomas Henzinger. Real-time logics: Complexity and expressiveness. In Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science, pages 390–401, June 1990.
J.C.M. Baeten and J.A. Bergstra. Real Time Process Algebra. Technical Report CS-R9053, Center for Mathematics and Computer Science, Amsterdam, 1990.
A. Benveniste and P. LeGuernic. Hybrid dynamical systems theory and the SIGNAL language. IEEE Trans. on Automatic Control, 35(5):535–546, May 1990.
A. Bernstein and PK. Harter. Proving real-time properties of programs with temporal logic. In Proceedings of ACM SIGOPS 8th Annual ACM Symposium on Operating Systems Principles, pages 1–11, December 1981.
G. Berry and G. Gonthier, The Esterel Synchronous Programming Language: Design, semantics, implementation. Technical Report, Ecole Nationale Superieure des Mines de Paris, 1988.
B. Berthomieu and Michael Diaz. Modeling and verification of time dependent systems using time petri nets. IEEE Transactions on Software Engineering, 17(3):259–273, March 1991.
J. Billington, G.R. Wheeler, and M.C. Wilbur-Ham. PROTEAN: a high-level Petri net tool for the specification and verification of communication protocols. IEEE Transactions on Software Engineering, 14(3):301–316, March 1988.
T. Bolognesi and F. Lucidi. LOTOS- like process algebra with urgent or timed interactions. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
K.P. Brand and J. Kopainsky. Principles and engineering of process control with Petri nets. IEEE Transactions on Automatic Control, 33(2): 138–149, February 1988.
P. Caspi, D. Pilaud, N. Halbwachs, and J. Plaice. LUSTRE: a declarative language for programming synchronous systems. In Proc. 14th ACM Symposium on Programming Languages, Jan. 1987.
J.F. Cassidy, T.Z. Chu, M. Kutcher, S.B. Gershwin, and Y. Ho. Research needs in manufacturing systems. IEEE Control Systems Magazine, 5(3): 11–13, August 1985.
CCIT CCIT High Level Language CHILL Recommendation z.200, CCIT, Geneva, 1980.
K.M. Chandy and J. Misra. Parallel Program Design. Addison-Wesley, Reading Massachusetts, 1988.
E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic verification of finite state concurrent systems using temporal logic. ACM Transactions on Programming Languages and Systems, 8(2):244–263, April 1986.
J. Davis. Specification and Proof in Real-Time Systems. PhD Thesis, Oxford University Computing Laboratory, Oxford, UK, 1991.
W.-P. de Roever. Foundations of computer science: Leaving the ivory tower. In EATCS Bulletin. EATCS, June 1991.
E.W. Dijkstra. A Discipline of Programming. Prentice-Hall, Englewood Cliffs, New Jersey, 1976.
E.A. Emerson and E.C. Clarke. Using branching time temporal logic to synthesize synchronization skeletons. Science of Computer Programming, 2:241–266, 1982.
E.A. Emerson and J.Y. Halpern. ‘Sometimes’ and ‘not never’ revisited: on branching versus linear time temporal logic. Journal of the Association for Computing Machinery, 33(1):151–178, January 1986.
E.A. Emerson, A.K. Mok, A.P. Sistla, and J. Srinisvan. Quantitative temporal reasoning. In E.M. Clarke, A. Pnueli, and J. Sifakis, editors, Proceedings of the Workshop on Automatic Verification Methods for Finite State Systems. Springer-Verlag, Lecture Notes in Computer Science, 1989.
F.S. Etessami and G.S. Hura. Rule based design methodology for solving control problems.IEEE Transactions on Software Engineering,17(3):274–282, March 1991
N. Francez. Fairness. Springer-Verlag, 1986.
A. Gabrielian and M.K. Franklin. State-based specification of complex real-time systems. In Proceedings of the 9th Real-Time Systems Symposium, pages 2–11, December 1988.
A. Galton, editor. Temporal Logics and their Applications. Academic Press, 1987.
J.R. Garman. The bug heard round the world. ACM SIGSOFT Software Engineering Notes, 6(5), 1981.
R. Gerber and I. Lee. Ccsr: A calculus for communicating shared resources. In CONCUR’90, LNCS 458, pages 263–277. Springer-Verlag, August 1990.
R. Gerber and I. Lee. A proof system for communicating shared resources. In Proceedings of the Real-Time Systems Symposium, 1990.
C. Ghezzi, D. Mandrioli, and A. Morzenti. TRIO, a logic language for executable specifications of real-time systems. Journal of Systems and Software, 12(2): 107–123, May 1990.
D. Gries. The Science of Programming. Springer-Verlag, 1985.
R.W.S. Hale. Using temporal logic for prototyping: The design of a lift controller. In B. Banieqbal, H. Barringer, and A. Pnueli, editors, Temporal Logic in Specification, LNCS 398. Springer-Verlag, 1989.
H.A. Hansson. Time and Probability in Formal Design and Distributed Systems. PhD Thesis, Dept. of Computer Science, Uppsala University, S-751 20 Uppsala, Sweden, 1991.
D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231–274, 1987.
D. Harel. Biting the silver bullet: Towards a brighter future for systems development. Technical Report CS90–08, Weizmann Institute, 1990.
D. Harel. Biting the silver bullet: Towards a brighter future for system development. Computer, 25(1):8–20, January 1992.
D. Harel, H. Lachover, A. Naamad, A. Pnueli, M. Politi, R. Sherman, and M. Trachtenbrot. Statemate: a working environment for the development of complex reactive systems. IEEE Transactions on Software Engineering, 16:403–414, 1990.
D. Harel and A. Pnueli. On the development of reactive systems. In K.R Apt, editor, Logics and Models of Concurrent Systems, volume 13 of NATO ASI, pages 477–498. Springer-Verlag, 1985.
E. Harel, O. Lichtenstein, and A. Pnueli. Explicit clock temporal logic. In Proceedings of the 5th Annual Symposium on Logic in Computer Science, pages 402–413, June 1990.
Derek J. Hatley and Imitai A. Pirbhai. Strategies for Real-Time System Specification. Dorset House Publishing Co., New York, 1988.
M. Hennessy and T. Regan. A process algebra for timed systems. Technical Report 5/91, Dept. of Computer Science, University of Sussex, UK, 1991.
T.A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. PhD Thesis, Dept. of Computer Science, Stanford University, CA, 1991.
T.A. Henzinger, Z. Manna, and A. Pnueli. Temporal proof methodologies for real-time systems. In Proceedings of the 18th ACM Symposium on Principles of Programming Languages, pages 353–366, January 1991.
C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1985.
C.A.R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 12(10), October 1969.
J. Hooman. Specification and Compositional Verification of Real-Time Systems. PhD Thesis, Eindhoven University of Technology, Dep. of Maths and Comp. Sc, Eindhoven, The Netherlands, 1991.
J. Hooman and W.-P. de Roever. Design and verification in real-time distributed computing: an introduction to compositional methods. In Proceedings of of the 9th International Symposium on Protocol Specification, Testing and Verification. North-Holland, 1989.
J. Hooman and J. Widom. A temporal logic based compositional proof system for realtime message passing. In Proceedings of PARLE89 vol. II, LNCS 366. Springer-Verlag, 1989.
C. Huizing. Semantics of Reactive Systems: Comparison and Full Abstraction. PhD Thesis, Technische Universiteit Eindhoven, March 1991.
K. Inan and P.P Varaiya. Finitely recursive process models for discrete event systems. IEEE Transactions on Automatic Control, 33(7):626–639, July 1988.
M.S. Jaffe, N.G. Leveson, M.P.E. Heimdahl, and B.E. Melhart. Software requirements analysis for real-time process control systems. IEEE Transactions on Software Engineering, 17(3):241–258, 241 1991.
F. Jahanian and A.K. Mok. Safety analysis of timing properties in real-time systems. IEEE Transactions on Software Engineering, SE-12(9):890–904, September 1986.
F. Jahanian and A.K. Mok. A graph-theoretic approach for timing analysis and its implementation. IEEE Transactions on Computers, C36(8), 1987.
F. Jahanian and D. Stuart. A method for verifying properties of modechart specifications. In Proceedings 9th Real-time Systems Symposium, pages 12–21. IEEE Computer Society, December 1988.
C.B. Jones. Systematic Software Development using VDM. International Series in Computer Science. Prentice-Hall, 1986.
M. Joseph and A. Goswami. Formal Description of Real-Time Systems: A Review. Technical Report RR129, Dep. of Computer Science, University of Warwick, UK,August 1988.
R. Koymans. (Real) time: A philosophical perspective. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
R. Koymans, R.K. Shyamasundar, W.-P. de Roever, R. Gerth, and S. Arun-Kumar. Compositional semantics for real-time distributed computing. In Proceedings of Logics of Programs (Brooklyn), LNCS 193, pages 167–190. Springer-Verlag, 1985.
R. Koymans, J. Vytopil, and W.-P. de Roever. Real-time programming and asynchronous message passing. In Proc. 2nd Annual Symposium on Principles of Distributed Computing, pages 187–197, Montreal, August 1983. (An extended version appeared in Information and Computation, Volume 79, Number3, December 1988).
Ron Koymans. Specifying real-time properties with metric temporal logic. Real-Time Systems, 2(4):255–299, November 1990.
J. Kramer and J. Magee. Dynamic configuration for distributed systems. IEEE Transactions on Software Engineering, SE-11(4):424–436, April 1985.
F. Kroger. Temporal Logics of Programs, volume 8 of EATCS Monographs on Theoretical Computer Science. Springer-Verlag, 1987.
L. Lamport. What good is temporal logic? In R.E. Mason, editor, Information Processing 83, pages 657–668. Elsevier Science Publishers, North Holland, 1983.
L. Lamport. The temporal logic of actions. Technical Report, DEC Systems Research Center, Palo Alto, CA, 1991.
L. Lamport. Specifying concurrent program modules. ACM Transactions on Programming Languages and Systems, 5(2): 190–222, April 1983.
L. Lamport. ‘Sometime’ is sometimes ‘not never’. Proceedings of the 7th Annual ACM Symposium on Principles of Programming Languages, pages 174–185, Jan 1980.
M.S. Lawford. Transformational Equivalence of Timed Transition Models. Master’s Thesis, Dept. of Electrical Engineering, University of Toronto, Toronoto, Canada, 1992. (Available as Systems Control Group Report No. 9202, January 1992.)
N.G. Leveson and J.L Stolzy. Safety analysis using Petri nets. IEEE Transactions on Software Engineering, SE-13(3):386–397, March 1987.
S.-T Levi and A.K. Agrawala. Real Time System Design. McGraw-Hill Publishing Company, 1990.
A.H. Levis. Challenges to control: a collective view. IEEE Transactions on Automatic Control, AC-32(4), April 1987.
Y. Li. Control of Vector Discrete-Event Systems. PhD Thesis, Dept. of Electrical Engineering, University of Toronto, Toronto, Canada, 1991. (available as Systems Control Group Report No 9106, July 1991).
INMOS Limited. Occam Programming Manual. International Series in Computer Science. Prentice-Hall, Englewood Cliffs, New Jersey, 1984.
N. Lynch and F. Vaandrager. Forward and backward simulations for timing-based systems. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
G.H. MacEwen and D.B. Skillicorn. Using higher-order logic for modular specification of real-time distributed systems. In M. Joseph, editor, Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, LNCS 331, pages 36–66. Springer-Verlag, 1988.
J. Magee, J. Kramer, and M. Sloman. Constructing distributed systems in Conic. IEEE Transactions on Software Engineering, 15(6):663–675, June 1989.
Z. Manna and A. Pnueli. Specification and verification of concurrent programs by ∀-automata. In Proceedings of the 14th ACM Symposium of Principles of Programming Languages, pages 1–12, 1987.
Z. Manna and A. Pnueli. The anchored version of the temporal framework. In J.W. de Bakker, W.-P. de Roever, and G. Rozenburg, editors, Models of Concurrency: Linear, Branching and Partial Orders, LNCS. Springer-Verlag, 1989.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, 1992.
Z. Manna and A. Pnueli. Verification of Concurrent Programs: A Temporal Proof System. Technical Report, Dept. of Computer Science, Stanford University, CA, June 1983. See also Foundations of Computer Science IV, Amsterdam, Mathematical Center Tracts, pages 163–225, 1983.
Z. Manna and P. Wolper. Synthesis of communicating processes from temporal logic specifications. ACM Transactions on Programming Languages and Systems, 6(1):68–93, January 1984.
K. Marzullo, F.B. Schneider, and N. Budhiraja. Derivation of Sequential, Real-Time, Process-Control Programs. Technical Report 91–1217, Dept. of Computer Science, Cornell University, Ithaca, New York 14853, 1991.
B.E. Melhart, N.G. Leveson, and M.S. Jaffe. Analysis Capabilities for Requirements Specified in Statecharts. Technical Report, Dept. of Information and Computer Science, University of California, Irvine, California, September 1988.
M. Menasche. PAREDE: An automated tool for the analysis of time(d) Petri nets. In International Workshop on Timed Petri Nets, pages 162–169. IEEE Computer Society, June 1985.
P.M. Merlin and A. Segall. Recoverability of communication protocols — implications of a theoretical study. IEEE Transactions on Communications, pages 1036–1043, September 1976.
G.J. Milne. CIRCAL and the representation of communication, concurrency and time. ACM Transactions on Programming Languages and Systems, 7(2):270–298, April 1985.
R. Milner. A Calculus of Communicating Systems. LNCS 92. Springer-Verlag, 1980.
R. Milner. Some directions in concurrency theory (panel statement). In Proceedings of the International Conference on Fifth Generation Computer Systems. ICOT, 1988.
A.K. Mok. Towards mechanization of real-time system design. In Foundations of Real-Time Computing: Formal Specifications and Methods. Kluwer Press, 1991.
F. Moller and C. Tofts. A temporal calculus of communicating systems. In CONCUR 90, LNCS 458, pages 401–415. Springer-Verlag, 1990.
E.T. Morgan and R.R. Razouk. Interactive state-space analysis of concurrent systems. IEEE Transactions on Software Engineering, SE-13(10): 1080–1091, October 1987.
B. Moszkowski. A temporal logic for multilevel reasoning about hardware. Computer, 18(2): 10–19, February 1985.
K.T Narayana and A.A. Aaby. Specification of real-time systems in real-time temporal interval logic. In Proceedings Real-time Systems Symposium, pages 86–95. IEEE Computer Society, December 1988.
X. Nicollin, J.L. Richier, J. Sifakis, and J. Voiron. ATP: an algebra for timed processes. In Proceedings IFIP Working Group Conference on Programming Concepts and Methods, pages 402–429, 1990.
X. Nicollin and J. Sifakis. An overview and synthesis of timed process algebras. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
X. Nicollin, J. Sifakis, and S. Yovine. From ATP to timed graphs and hybrid semantics. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
E.R. Olderog and C.A.R. Hoare. Specification oriented semantics. ACTA Informatica, 23:9–66, 1986.
O. Maler, Z. Manna, and A. Pnuelli. From timed to hybrid systems. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
J.S. Ostroff. Real-Time Computer Control of Discrete Event Systems Modelled by Extended State Machines: A Temporal Logic Approach. Technical Report 8618, Systems Control Group, Dept. of Electrical Engineering, University of Toronto, Toronto, Canada, September 1986. Revised January 1987.
J.S. Ostroff. Synthesis of controllers for real-time discrete event systems. In Proceedings of the 28th IEEE Conference on Decision and Control, December 1989.
J.S. Ostroff. Temporal Logic for Real-Time Systems. Advanced Software Development Series. Research Studies Press Limited (distributed by John Wiley and Sons), England, 1989.
J.S. Ostroff. Deciding properties of timed transition models. IEEE Transactions on Parallel and Distributed Systems, 1(2):170–183, April 1990.
J.S. Ostroff. Constraint logic programming for reasoning about discrete event processes. The Journal of Logic Programming, 11(3&4):243–270, October/November 1991.
J.S. Ostroff. Systematic development of real-time discrete event systems. In Proceedings of the ECC91 European Control Conference, pages 522–533, Paris, France, July 1991. Hermes Press.
J.S. Ostroff. Verification of safety critical systems using TTM/RTTL. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
J.S. Ostroff. A verifier for real-time properties. Real-Time Journal, 4:5–35, 1992. (In press).
J.S. Ostroff and W.M. Wonham. A framework for real-time discrete event control. IEEE Transactions on Automatic Control, April 1990.
J.S. Ostroff and W.M. Wonham. A temporal logic approach to real time control. In Proceedings of the 24th IEEE Conference on Decision and Control, pages 656–657, Florida, December 1985.
S. Owicki and L. Lamport. Proving liveness properties of concurrent programs. ACM Transactions on Programming Languages and Systems, 4(3):455–495, Jul 1982.
S.S. Owicki and D. Gries. Verifying properties of parallel programs: an axiomatic approach. Communications of the ACM, 19(5), May 1976.
D.L. Parnas and J. Madey. Functional Documentation for Computer Systems Engineering. Technical Report TR 90–287, TRIO, Queen’s University, Kingston, Ontario, Canada K7L3N6, 1990.
D.L. Parnas, A.J. van Schouwen, and S.P. Kwan. Evaluation standards for safety-critical software. Technical Report TR 88–220, Department of Computer Science, Queen’s University, Kingston, Ontario, Canada, May 1988.
J.L. Peterson. Petri Net Theory and the Modelling of Systems. Prentice-Hall, Englewood Cliffs, N.J., 1981.
A. Pnueli. The temporal logic of programs. In Proceedings of the 18th IEEE Annual Symposium on the Foundations of Computer Science, pages 46–57, Providence, R.I., November 1977.
A. Pnueli and E. Harel. Applications of temporal logic to the specification of real-time systems. In Formal Techniques in Real-Time and Fault Tolerant Systems, LNCS 331. Springer-Verlag, 1988.
A. Pnueli and M. Shalev. What is in a step? In T. Ito and A.R. Meyer, editors, Theoretical Aspects of Computer Software, LNCS 298, pages 244–264. Springer-Verlag, 1991.
Amir Pnueli. Applications of temporal logic to the specification and verification of reactive systems: a survey of current trends. In J. de Bakker, W.-P. de Roever, and G. Rozenburg, editors, Current Trends in Concurrency, LNCS 244. Springer-Verlag, 1986.
W.J. Quirk. Verification and Validation of Real-Time Software. Springer-Verlag, Berlin, 1985.
P.J. Ramadge and W.M. Wonham. Modular feedback logic for discrete event systems. SIAM Journal of Control and Optimization, 25(5): 1202–1218, September 1987.
P.J. Ramadge and W.M. Wonham. Supervisory control of a class of discrete-event processes. SIAM Journal of Control and Optimization, 25(1):206–230, January 1987.
C. Ramchandani. Analysis of asynchronous concurrent systems by timed Petri nets. Technical Report MAC TR 120, MIT, February 1974.
R.R. Razouk and C.V. Phelps. Performance analysis of timed Petri nets. In Proceedings of 4th International Workshop on Protocol Verification and Testing, June 1984.
G.M. Reed and A.W. Roscoe. A timed model for communicating sequential processes. In Proceedings ICALP 86, LNCS 226. Springer-Verlag, 1986.
G.M Reed and A.W. Roscoe. A timed model for communicating sequential processes. Theoretical Computer Science, 58:249–261, June 1988.
G.M. Reed, A.W. Roscoe, et al. Timed CSP: Theory and practice. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
W. Reisig. Petri Nets: An Introduction. Springer-Verlag, Berlin, 1985.
N. Rescher and A. Urquhart. Temporal Logic. Springer-Verlag, Library of Exact Philosophy, 1971.
F.B. Schneider, B. Bloom, and K. Marzullo. Putting time into proof outlines. In J.W. de Bakker, C. Huizing, W.-P. de Roever, and G. Rozenberg, editors, Proceedings of the REX Workshop — Real-Time: Theory in Practice, LNCS 600. Springer-Verlag, 1991.
S. Schneider. Correctness and Communication in Real-Time Systems. PhD Thesis, Oxford University Computing Laboratory, Oxford, UK, 1990.
D.J. Scholefield. The Formal Development of Real-Time Systems. Technical Report, Dept. of Computer Science, University of York, UK, 1990.
R.L. Schwartz and P.M. Melliar-Smith. From state machines to temporal logic: Specification methods for protocol standards. IEEE Transactions on Communications, Com-30(12), Dec 1982.
A. Shaw. Reasoning about time in higher-level language software. IEEE Transactions on Software Engineering, SE-15(7):875–899, July 1989.
J.M. Spivey. The Z Notation: A Reference Manual. Prentice-Hall, Englewood Cillfs, N.J., 1989.
J.A. Stankovic. Misconceptions about real-time computing: a serious problem for next generation systems. Computer, 21(10): 10–19, October 1988.
WM. Turski. Time considered irrelevant for real-time systems. BIT, 28:473–486, 1988.
USDOD. Reference Manual for the Ada Programming Language. Springer-Verlag, New York, 1983.
W.M.P van der Aalst. Timed Coloured Petri Nets and their Application to Logistics. PhD Thesis, Eindhoven University of Technology, Eindhoven, The Netherlands, 1992.
P. Ward and S. Mellor. Structural Development for Real-Time Systems. Yourdon Press, New York, 1985.
N. Wirth. Towards a discipline of real-time programming. Communications of the ACM, 20(8), August 1977.
W.M. Wonham. Linear Multivariable Control: A Geometric Approach. Springer-Verlag, 3rd edition, 1985.
Wang Yi. CCS + time = an interleaving model for real time systems. In Proceedings of ICALP’91, Madrid, Spain, 1991.
W.M. Zubrek. Timed Petri nets and preliminary performance evaluation. In Proceedings 7th Annual Symposium on Computer Architecture, La Baule, France, 1980.
Formal Methods for Trustworthy Computer Systems, D. Craigen and K. Summerskill, eds., Springer-Verlag, London, 1990.
D. Craigen, S. Gerhart, and T. Ralston, “An International Survey of Industrial Applications of Formal Methods, Volume 1 Study Methodology,” Tech. Report PB93–178556/AS, National Technical Information Service, Springfield, Va.; Tech. Report 5546–93–9581, US Naval Research Laboratory, Washington, DC; Tech. Report Info-0474–1, Atomic Energy Control Board of Canada, Ontario, 1993.
D. Craigen, S. Gerhart, and T. Ralston, “An International Survey of Industrial Applications of Formal Methods, Volume 2 Case Studies,” Tech. Report PB93–178564/AS, National Technical Information Service, Springfield, Va.; Tech. Report 5546–93–9582, US Naval Research Laboratory, Washington, DC; Tech. Report Info-0474–2, Atomic Energy Control Board of Canada, Ontario, 1993.
S. Gerhart, D. Craigen, and T. Ralston, “Observations on Industrial Applications of Formal Methods,” Proc 15th Intl. Conference on Software Engineering, IEEE CS Press, Los Alamitos, Calif., 1993, pp. 24–33.
D. Craigen, S. Gerhart, and T. Ralston, “Formal Methods Reality Check: Industrial Usage,” Proc. Formal Methods Europe, Springer-Verlag, Berlin, 1993, pp. 250–268.
The Procurement of Safety Critical Software in Defence Equipment (Part 1: Requirements, Part 2: Guidance), Interim Defence Standard 00–55, Issue 1, Ministry of Defence, Glasgow, Scotland, 1991.
C. Potts, “Software-Engineering Research Revisited,” IEEE Software, Sept. 1993, pp. 19–28.
Formal Methods for Trustworthy Computer Systems, D. Craigen and K. Summerskill, eds., Springer-Verlag, London, 1990.
S. Gerhart et al., Formal Methods Transition Study Final Report and Videotape, Tech. Report TR STP-FT-322/323–91, MCC Software Technology Program, Austin, Tex., 1991; available from RICIS, University of Houston at Clear Lake.
D. Brownbridge. “Using Z to Develop a CASE Toolset,” Proc. Z User Workshop, Springer-Verlag, London, 1989, pp. 142–149.
I. Houston and S. King, “CICS Project Report: Experiences and Results from the use of Z,” Proc. VDM 91, Volume 551, Springer-Verlag, Berlin, 1991, pp. 588–596.
R. Linger and H. Mills. “A Case Study in Cleanroom Software Engineering: the IBM COBOL Structuring Facility,” Proc. Compsac, IEEE CS Press, Los Alamitos, Calif., 1988, pp. 10–17.
D. Garlan and N. Delisle. “Formal Specifications as Reusable Frameworks,” Proc. VDM 92, Springer-Verlag, Berlin, 1990, pp. 150–163.
G. Barrett, “Formal Methods Applied to a Floating Point Number System,” IEEE Trans. Software Eng., 1989, pp. 611–621.
D.R. Kuhn and J.F. Dray. “Formal Specification and Verification of Control Software for Cryptographic Equipment,” Proc. Computer-Security Applications Conf., IEEE CS Press, Los Alamitos, Calif., 1990, pp. 32–43.
Hewlett-Packard Journal special issue on HP-SL, Dec. 1991, pp. 24–65.
G. Archinoff et al., “Verification of the Shutdown System Software at the Darlington Nuclear Generating Station,” Proc. Int’l Conf. Control and Instrumentation in Nuclear Installations, Inst. Nuclear Eng., London, 1990.
T. Alspough et al., “Software Requirements for the A-7E Aircraft,” Tech. Report NRL/FR/5530–92–9194, US Naval Research Laboratories, Washington, DC, 1992.
C.A.R. Hoare, “An Axiomatic Basis for Computer Programming,” Comm. ACM, Oct. 1969, pp. 576–580, 583.
J.-R. Abrial et al., “The B Method”, Proc. VDM ’91, Springer Verlag, Berlin, 1991, pp. 398–405.
M. Carnot et al., “Error-Free Software Development for Critical Systems using the B-methodology,” Proc. Int’l Symp. On Software Reliability Engineering, IEEE Press, New York, 1992.
G. Guiho and C. Hennebert, “SACEM Software Validation,” Proc. Int’l Conf. Software Eng., IEEE CS Press, Los Alamitos, Calif., 1990, pp. 186–191.
Introduction to TCAS II, Federal Aviation Administration, US Dept. of Transportation, Washington DC, 1990.
N. Leveson et al. “Requirements Specification for Process-Control Systems,” IEEE Trans. Software Eng., to appear.
D. Harel, “Statecharts: A Visual Formalism for Complex Systems”, Science of Computer Programming, Volume 8, M. Sintzoff, ed., North Holland, Amsterdam, 1987, pp. 231–274.
“Trusted Computer System Evaluation Criteria,” Tech. Report DoD 5200.28.-STD, US Department of Defense, Washington DC, 1985.
“Mechanical Proofs about Computer Programs,” in Mathematical Logic and Programming Languages, C.A.R. Hoare and J.C. Shepherdson, eds., Prentice-Hall, Englewood Cliffs, N.J., 1985.
D. Good, “Mechanical Proofs about Computer Programs,” in Mathematical Logic and Programming Languages, C.A.R. Hoare and J.C. Sheperdson, eds., Prentice-Hall, Englewood Cliffs, N.J., 1985.
C.A. Bowsher. Medical device recalls: Examination of selected cases. Technical Report GAO Report GAO/PEMD-90–6, U.S. Government Accounting Organization, October 1990.
C.A. Bowsher. Medical devices: The public health at risk. Technical Report GAO Report GAO/T-PEMD-90–2, U.S. Government Accounting Organization, 1990.
M. Kival, editor. Radiological Health Bulletin, volume XX:8. Center for Devices and Radiological Health, Food and Drug Administration, Rockville, Maryland, December 1986.
Nancy G. Leveson and Clark S. Turner. An investigation of the Therac-25 accidents, IEEE Computer, 26(7): 18–41, July 1993.
Ed Miller. The Therac-25 experience. In Conference of State Radiation Control Program Directors, 1987.
J.A. Rawlinson. Report on the Therac-25. In OCTRF/OCI Physicists Meeting, Kingston, Ontario, May 1987.
R. Saltos. Man killed by accident with medical radiation. Boston Globe, June 20, 1986.
Standards, draft standards and guidelines
‘Proposed Standard for Software for Computers in the Safety Systems of Nuclear Power Stations’. Final Report for contract 2.117.1 for the Atomic Energy Control Board, Canada, March 1991 (By David L. Parnas, TRIO, Computing and Information Science, Queen’s University, Kingston, Ontario K7L 3N6, Canada. Based on IEC Standard 880 [S9].)
‘VDM Specification Proto-Standard’. Draft, ISO/IEC JTC1/SC22/WG19 IN9, 1991
‘Military Standard: System Safety Program Requirements’. MIL-STD-882B, Department of Defense, Washington DC 20301, USA, 30 March 1984
‘ESA Software Engineering Standards’. ESA PSS-05–0 Issue 2, European Space Agency, 8–10 rue Mario-Nikis, 75738 Paris Codex, France, ESA PSS-05–0 Issue 2, February 1991
Redmill, F. (Ed.): ‘Dependability of Critical Computer Systems 1 & 2’. European Workshop on Industrial Computer Systems Technical Committee 7 (EWICS TC7), Elsevier Applied Science, London, 1988/1989
‘System Design Analysis’. US Department of Transportation, Federal Aviation Administration, Washington DC, USA, Advisory Circular 25.1309–2, September 1982
‘Programmable Electronic Systems in Safety Related Applications: 1. An Introductory Guide’. Health and Safety Executive, HMSO, Publications Centre, PO Box 276, London SW8 5DT, UK, 1987
‘Programmable Electronic Systems in Safety Related Applications: 2. General Technical Guidelines’. Health and Safety Executive, HMSO, Publications Centre, PO Box 276, London SW8 5DT, UK, 1987
‘Software for Computers in the Safety Systems of Nuclear Power Stations’. International Electrotechnical Commission, IEC 880, 1986
‘Software for Computers in the Application of Industrial Safety Related Systems’. International Electrotechnical Commission, Technical Committee no. 65, Working Group 9 (WG9), IEC 65A (Secretariat) 122, Version 1.0, 1 August 1991
‘Functional Safety of Programmable Electronic Systems: Generic Aspects’. International Electrotechnical Commission, Technical Committee no. 65, Working Group 10 (WG10), IEC 65A (Secretariat) 123, February 1992
‘Standard for Software Safety Plans’. Draft P1228, Software Safety Plans Working Group, Software Engineering Standards Subcommittee, IEEE Computer Society, USA, Draft J, 11 February 1991
‘JTC1 Statement of Policy on Formal Description Techniques’. ISO/IEC JTC1 N145 and ISO/IEC JTC1/SC18 N13333, International Standards Organization, Geneva, Switzerland, 1987
‘ISO 8807: Information Processing Systems — Open Systems Interconnection — LOTOS — A Formal Description Technique Based on the Temporal Ordering of Observational Behaviour’. First edition, International Organization for Standardization, Geneva, Switzerland, 15 February 1989
‘The Procurement of Safety Critical Software in Defence Equipment’ (Part 1: Requirements, Part 2: Guidance). Interim Defence Standard 00–55, Issue 1, Ministry of Defence, Directorate of Standardization, Kentigern House, 65 Brown Street, Glasgow G2 8EX, UK, 5 April 1991
‘Hazard Analysis and Safety Classification of the Computer and Programmable Electronic System Elements of Defence Equipment’. Interim Defence Standard 00–56, Issue 1, Ministry of Defence, Directorate of Standardization, Kentigern House, 65 Brown Street, Glasgow G2 8EX, UK, 5 April 1991
‘Standard for Software Engineering of Safety Critical Software’. 982 C-H 69002–0001, Ontario Hydro, 700 University Avenue, Toronto, Ontario M5G 1X6, Canada, 21 December 1990
‘Safety Related Software for Railway Signalling’. BRB/LU Ltd/RIA technical specification no. 23, Consultative Document, Railway Industry Association, 6 Buckingham Gate, London SW1E 6JP, UK, 1991
‘Software Considerations in Airborne Systems and Equipment Certification’. DO-178A, Radio Technical Commission for Aeronautics, One McPherson Square, 1425 K Street N.W., Suite 500, Washington DC 20005, USA, March 1985
‘Minimum Operational Performance Standards for Traffic Alert and Collision Avoidance System (TCAS) Airborne Equipment — Consolidated Edition’. DO-185, Radio Technical Commission for Aeronautics, One McPher-son Square, 1425 K Street N.W., Suite 500, Washington DC 20005, USA, 6 September 1990
Bloomfield, R.E. (Ed.): ‘SafelTl — The Safety of Programmable Electronic Systems’. Safety-Related Working Group (SRS-WG), Interdepartmental Committee on Software Engineering (ICSE), Department of Trade and Industry, ITD7a — Room 840, Kingsgate House, 66–74 Victoria Street, London SW1E 6SW, UK, June 1990
Bloomfield, R.E., and Brazendale, J. (Eds.): ‘SafeIT2 — A Framework for Safety Standards’. Safety-Related Working Group (SRS-WG), Interdepartmental Committee on Software Engineering (ICSE), Department of Trade and Industry, ITD7a — Room 840, Kingsgate House, 66–74 Victoria Street, London SW1E 6SW, UK, June 1990
UN Committee for the Transport of Dangerous Goods, Technical Report, 1964
‘Z Base Standard’. Draft ISO/IEC JTC1/SC22, 1993
Other references
ABRIAL, J.R.: ‘The B reference manual’, Edinburgh Portable Compilers, 17 Alva Street, Edinburgh EH2 4PH, UK, 1991
ABRIAL, J.R., LEE, M.K.O., NEILSON, D.S., SCHARBACH, P.N., and SØRENSEN, I.H.: ‘The B-method’, in PREHN, S., and TOETENEL, W.J. (Eds.): ‘VDM ’91, Formal Software Development Methods’, Volume 2: Tutorials (Springer-Verlag, Lecture Notes in Computer Science, 1991) 552, pp. 398–405
ANDERSON, S., and CLELAND, G.: ‘Adopting mathematically-based methods for safety-critical systems production’, in REDMILL, F. (Ed.): ‘Safety Systems: The Safety-Critical Systems Club Newsletter’, Centre for Software Reliability, University of Newcastle upon Tyne, UK, January 1992, 1, (2), p. 6
ARCHINOFF, G.H., HOHENDORF, R.J., WASSYNG, A., QUIGLEY, B. and BORSCH, M.R.: ‘Verification of the shutdown system software at the Darlington nuclear generating station’. International Conference on Control and Instrumentation in Nuclear Installations, The Institution of Nuclear Engineers, Glasgow, UK, May 1990
AUGARTEN, S.: The Whirlwind project’ in ‘Bit by Bit: An Illustrated History of Computers’, chapter 7 (Ticknor & Fields, New York, 1984) pp. 195–223
BABEL, P.S.: ‘Software integrity program’. Aeronautical Systems Division, Airforce, U.S., April 1987
BARROCA, L., and MCDERMID, J.: ‘Formal methods: use and relevance for the development of safety critical systems’, The Computer Journal, 35, (6), December 1992
BARDEN, R., STEPNEY, S., and COOPER, D.: ‘The use of Z’, in NICHOLLS, J.E. (Ed.): ‘Z User Workshop, York 1991’ (Springer-Verlag, Workshops in Computing, 1992) pp. 99–124
BEAR, S.: ‘An overview of HP-SL’, in PREHN, S., and TOETENEL, W.J. (Eds.): ‘VDM ’91, Formal Software Development Methods’ (Springer-Verlag, Lecture Notes in Computer Science, 1991) 551, pp. 571–587
BENNETT, P.A.: ‘Safety’, in MCDERMID, J.A. (Ed.): ‘Software Engineer’s Reference Book’, chapter 60 (Butterworth-Heinemann Ltd., Oxford, 1991)
BJØRNER, D. et al. ‘A ProCoS project description: ESPRIT BRA 3104’, Bulletin of the EATCS, 1989, 39, pp. 60–73
BLOOMFIELD, R.E., FROOME, P.K.D., and MONAHAN, B.Q.: ‘Formal methods in the production and assessment of safety critical software’, Reliability Engineering & System Safety, 32, (1), 1989, pp. 51–66 (Also in [89].)
BLYTH, D., BOLDDYREFF, C., RUGGLES, C., and TETTEH-LARTEY, N.: ‘The case for formal methods in standards’, IEEE Software, September 1990, 7, (5), pp. 65–67
BOEBERT, W.E.: ‘Formal verification of embedded software’, ACM SIG-SOFT Software Engineering Notes, July 1980, 5, (3), pp. 41–42
BOEHM, B.: ‘Software risk management tutorial’. TRW-ACM Seminar, April 1988
BOWEN, J.P., and BREUER, P.T.: ‘Decompilation’, in van ZUYLEN, H. (Ed.): ‘The REDO Compendium of Reverse Engineering for Software Maintenance’, chapter 10 (John Wiley, 1992) pp. 131–138
BOWEN, J.P., and STAVRIDOU, V.: ‘Formal methods and software safety’, in [47], 1992, pp. 93–98
BOWEN, J.P., and STAVRIDOU, V.: ‘The industrial take-up of formal methods in safety-critical and other areas: a perspective’, in WOODCOCK, J.C.P., and LARSEN, P.G. (Eds.): ‘FME’93: Industrial Strength Formal Methods’, 1st International Symposium of Formal Methods Europe, Odense, Denmark, 19–23 April 1993 (Springer-Verlag, Lecture Notes in Computer Science, 1993) 670, pp. 183–195
BOYER, R.S., and MOORE, J.S.: ‘A computational logic handbook’ (Academic Press, Boston, 1988)
BROCK, B., and HUNT, W.A.: ‘Report on the formal specification and partial verification of the VIPER microprocessor’. Technical Report No. 46, Computational Logic Inc., Austin, Texas, USA, January 1990
BROWN, M.J.D.: ‘Rationale for the development of the UK defence standards for safety-critical computer software’. Proc. COMPASS ’90, Washington DC, USA, June 1990
BURNS, A.: ‘The HCI component of dependable real-time systems’, Software Engineering Journal, July 1991, 6, (4), pp. 168–174
BUTLER, R.W., and FINELLI, G.B.: ‘The infeasibility of experimental quantification of life-critical software reliability’. Proc. ACM SIGSOFT ’91 Conference on Software for Critical Systems, Software Engineering Notes, ACM Press, December 1991, 16, (5), pp. 66–76
BUTH, B., BUTH, K-H., FRÄNZLE, M., VON KARGER, B., LAKH-NECHE, Y., LANGMAACK, H., AND MÜLLER-OLM, M.: ‘Provably correct compiler development and implementation’, in ‘Compiler Construction ’92’, 4th International Conference, Paderborn, Germany (Springer-Verlag, Lecture Notes in Computer Science, 1992) 641
BUXTON, J.N., and MALCOLM, R.: ‘Software technology transfer’, Software Engineering Journal, January 1991, 6, (1), pp. 17–23
CANNING, A.: ‘Assessment at the requirements stage of a project’. Presented at ‘2nd Safety Critical Systems Club Meeting’, Beaconsfield, UK, October 1991 (Available from Advanced Software Department, ERA Technology Ltd, Cleeve Rd, Leatherhead KT22 7SA, UK.)
CHAPRONT, P.: ‘Vital coded processor and safety related software design’, in [47], 1992, pp. 141–145
CHARETTE, R.N.: ‘Applications strategies for risk analysis’ (McGraw Hill, Software Engineering Series, 1990)
CLUTTERBUCK, D.L., and CARRÉ, B.A.: ‘The verification of low-level code’, Software Engineering Journal, May 1988, 3, (3), pp. 97–111
COHEN, B., AND PITT, D.H.: ‘The identification and discharge of proof obligations’ in ‘Testing Large Software Systems’, Wolverhampton Polytechnic, UK, 1990
COHN, A.J.: ‘A proof of correctness of the Viper microprocessor: the first level’ in ‘VLSI Specification, Verification and Synthesis’ (Kluwer Academic Publishers, 1988)
COHN, A.J.: ‘Correctness properties of the Viper block model: the second level’. Proc. 2nd Banff Workshop on Hardware Verification (Springer-Verlag, 1988)
COHN, A.J.: ‘The notion of proof in hardware verification’, Journal of Automated Reasoning, May 1989, 5, (2), pp. 127–139
COLEMAN, D.: ‘The technology transfer of formal methods: what’s going wrong?’. Proc. 12th ICSE Workshop on Industrial Use of Formal Methods, Nice, France, March 1990
CRAIG, I.: ‘The formal specification of advanced AI architectures’ (Ellis Horwood, AI Series, 1991)
CRAIGEN, D. (Ed.): ‘Formal methods for trustworthy computer systems (FM89)’ (Springer-Verlag, Workshops in Computing, 1990)
CULLYER, W.J.: ‘Hardware integrity’, Aeronautical Journal of the Royal Aeronautical Society, September 1985, 89, pp. 263–268
CULLYER, W.J.: ‘High integrity computing’, in JOSEPH, M. (Ed.): ‘Formal Techniques in Real-time and Fault-tolerant Systems’ (Springer-Verlag, Lecture Notes in Computer Science, 1988) 331, pp. 1–35
CULLYER, W.J., and PYGOTT, C.H.: ‘Application of formal methods to the VIPER microprocessor’ in TEE Proceedings, Part E, Computers and Digital Techniques’ May 1987, 134, (3), pp. 133–141
CURZON, P.: ‘Of what use is a verified compiler specification?’, Technical Report No. 274, Computer Laboratory, University of Cambridge, UK, 1992
CYRUS, J.L., BLEDSOE, J.D., and HARRY, P.D.: ‘Formal specification and structured design in software development’, Hewlett-Packard Journal, December 1991, (6), pp. 51–58
DAVIES, J.: ‘Specification and proof in real-time systems’. Technical Monograph PRG-93, Programming Research Group, Oxford University Computing Laboratory, April 1991
DE CHAMPEAUX, D. et al. ‘Formal techniques for 00 software development’. OOPSLA’91 Conference in Object-Oriented Programming Systems, Languages, and Applications, SIGPLAN Notices, ACM Press, November 1991, 26, (11), pp. 166–170
‘Safety related computer controlled systems market study’, Review for the Department of Trade and Industry by Coopers & Lybrand (HMSO, London, 1992)
DYER, M.: ‘The Cleanroom approach to quality software development’ (Wiley Series in Software Engineering Practice, 1992)
FENTON, N., and LITTLEWOOD, B.: ‘Evaluating software engineering standards and methods’. Proc. 2èmes Rencontres Qualiteé Logiciel & Eu-rometrics ’91, March 1991, pp. 333–340
FREY, H.H. (Ed.).: ‘Safety of computer control systems 1992 (SAFE-COMP’92)’, Computer Systems in Safety-critical Applications, Proc. IFAC Symposium, Zürich, Switzerland, 28–30 October 1992 (Pergamon Press, 1992)
GLASS, R.L.: ‘Software vs. hardware errors’, IEEE Computer, December 1980, 23, (12)
GOGUEN, J., and WINKLER, T.: ‘Introducing OBJ3’. Technical Report SRI-CSL-88–9, SRI International, Menlo Park, California, USA, August 1988
GOLDSACK, S.J., and FINKELSTEIN, A.C.W.: ‘Requirements engineering for real-time systems’, Software Engineering Journal, May 1991, 6, (3), pp. 101–115
GOOD, D.I., and YOUNG, W.D.: ‘Mathematical methods for digital system development’, in PREHN, S., and TOETENEL, W.J. (Eds.): ‘VDM ’91, Formal Software Development Methods’, Volume 2: Tutorials (Springer-Verlag, Lecture Notes in Computer Science, 1991) 552, pp. 406–430
GORDON, M.J.C.: ‘HOL: A proof generating system for Higher-Order Logic’, in BIRTWISTLE, G., and SUBRAMANYAM, P.A. (Eds.): ‘VLSI Specification, Verification and Synthesis’ (Kluwer, 1988) pp. 73–128
GRIES, D.: ‘Influences (or lack thereof) of formalism in teaching programming and software engineering’, in DIJKSTRA, E.W. (Ed.): ‘Formal Development of Programs and Proofs’, chapter 18 (Addison Wesley, University of Texas at Austin Year of Programming Series, 1990) pp. 229–236
GUIHO, G., and HENNEBERT, C.: ‘SACEM software validation’. Proc. 12th International Conference on Software Engineering (IEEE Computer Society Press, March 1990) pp. 186–191
HALANG, W.A., and KRÄMER, B.: ‘Achieving high integrity of process control software by graphical design and formal verification’, Software Engineering Journal, January 1992, 7, (1), pp. 53–64
HALL, J.A.: ‘Seven myths of formal methods’, IEEE Software, September 1990, 7, (5), pp. 11–19
HALL, P.A.V.: ‘Software development standards’, Software Engineering Journal, May 1989, 4, (3), pp. 143–147
HAMMER, W.: ‘Handbook of system and product safety’ (Prentice-Hall Inc., Englewood Cliffs, New Jersey, USA, 1972)
HANSEN, K.M., RAVN, A.P., and RISCHEL, H.: ‘Specifying and verifying requirements of real-time systems’. Proc. ACM SIGSOFT ’91 Conference on Software for Critical Systems, Software Engineering Notes, ACM Press, December 1991, 16, (5), pp. 44–54
HARRISON, M.D.: ‘Engineering human error tolerant software’, in NICHOLLS, J.E. (Ed.): ‘Z User Workshop, York 1991’ (Springer-Verlag, Workshops in Computing, 1992) pp. 191–204
HELPS, K.A.: ‘Some verification tools and methods for airborne safety-critical software’, Software Engineering Journal, November 1986, 1, (6), pp. 248–253
HILL, J.V.: ‘The development of high reliability software — RR&A’s experience for safety critical systems’. Second IEE/BCS Conference, Software Engineering 88, Conference Publication No. 290, July 1988, pp. 169–172
HILL, J.V.: ‘Software development methods in practice’, in CHURCHLEY, A. (Ed.): Proc. 6th Annual Conference on Computer Assurance (COMPASS), ‘Microprocessor Based Protection Systems’ (Kluwer Academic Publishers B.V., 1991)
HOARE, C.A.R.: ‘Algebra and models’, in BJØRNER, D., LANGMAACK, H., and HOARE, C.A.R. (Eds.): ‘Provably Correct Systems’, ProCoS Project Report, January 1993, chapter 1, pp. 1–13 (Available from Department of Computer Science, Technical University of Denmark, Building 3440, DK-2800, Lyngby, Denmark.)
HOARE, C.A.R., and GORDON, M.J.C. (Eds.): ‘Mechanized reasoning and hardware design’ (Prentice Hall International Series in Computer Science, UK, 1992)
HOARE, C.A.R., HE JIFENG, BOWEN, J.P., and PANDYA, P.K.: ‘An algebraic approach to verifiable compiling specification and prototyping of the ProCoS level 0 programming language’, in DIRECTORATE-GENERAL OF THE COMMISSION OF THE EUROPEAN COMMUNITIES (Ed.): ‘ESPRIT ’90 Conference Proceedings’, Brussels (Kluwer Academic Publishers B.V., 1990) pp. 804–818
HOUSTON, I., and KING, S.: ‘CICS project report: experiences and results from the use of Z in IBM’, in PREHN, S., and TOETENEL, W.J. (Eds.): ‘VDM ’91, Formal Software Development Methods’ (Springer-Verlag, Lecture Notes in Computer Science, 1991) 551, pp. 588–603
HUMPHREY, W.S., KITSON, D.H., and CASSE, T.C.: ‘The state of software engineering practice: a preliminary report’. Proc. 11th International Conference on Software Engineering, Pittsburgh, USA, May 1989, pp. 277–288
‘Safety-related systems: A professional brief for the engineer’. The Institution of Electrical Engineers, Savoy Place, London WB2R OBR, UK, January 1992
IYER, R.K., and VERLARDI, P.: ‘Hardware-related software errors: measurement and analysis’, IEEE Transactions on Software Engineering, February 1985, SE-11, (2)
JACKY, J.: ‘Formal specifications for a clinical cyclotron control system’, in MORICONI, M. (Ed.): ‘Proc. ACM SIGSOFT International Workshop on Formal Methods in Software Development’, Software Engineering Notes, ACM Press, September 1990, 15, (4), pp. 45–54
JACKY, J.: ‘Safety-critical computing: hazards, practices, standards and regulation’, in DUNLOP, C., and KLING, R. (Eds.): ‘Computerization and controversy’, chapter 5 (Academic Press, 1991) pp. 612–631
JACKY, J.: ‘Verification, analysis and synthesis of safety interlocks’. Technical Report 91–04–01, Department of Radiation Oncology RC-08, University of Washington, Seattle, WA 98195, USA, April 1991
JAFFE, M.S., LEVESON, N.G., HEIMDAHL, M.P., and MELHART, B.E.: ‘Software requirements analysis for real-time process-control systems’, IEEE Transactions on Software Engineering, March 1991, SE-17, (3), pp. 241–258
JOANNOU, P.K., HARAUZ, J., TREMAINE, D.R., ICHIYEN, N. and CLARK, A.B.: ‘The Canadian nuclear industry’s initiative in real-time software engineering’. Ontario Hydro, 700 University Avenue, Toronto, Ontario M5G 1X6, Canada, 1991
JONES, C.B.: ‘Systematic software development using VDM’, 2nd edition (Prentice Hall International Series in Computer Science, 1990)
KANDEL, A., and AVNI, E.: ‘Engineering risk and hazard assessment’, Volume I (CRC Press, Boca Raton, Florida, USA, 1988)
KNIGHT, J.C., and LEVESON, N.G.: ‘A reply to the criticisms of the Knight & Leveson experiment’, ACM SIGSOFT Software Engineering Notes, January 1990, 15, (1), pp. 25–35
KNIGHT, J.C., and KIENZLE, D.M.: ‘Preliminary experience using Z to specify a safety-critical system’, in BOWEN, J.P. and NICHOLLS, J.E. (Eds.): in ‘Z User Workshop, London 1992’ (Springer-Verlag, Workshops in Computing, 1993) pp. 109–118
KOPETZ, H., ZAINLINGER, R., FOHLER, G., KANTZ, H., and PUSCHNER, P.: ‘The design of real-time systems: from specification to impiementation and verification’, Software Engineering Journal, May 1991, 6, (3), pp. 73–82
LADEAU, B.R., and FREEMAN, C.: ‘Using formal specification for product development’, Hewlett-Packard Journal, December 1991, (6), pp. 62–66
LAPRIE, J.C.: ‘Dependability: a unifying concept for reliable computing and fault tolerance’, in ANDERSON, T. (Ed.): ‘Dependability of Resilient Computers’, chapter 1 (Blackwell Scientific Publications, Oxford, 1989) pp. 1–28
LAPRIE, J.C. (Ed.): ‘Dependability: basic concepts and terminology’ (Springer-Verlag, 1991)
LEVESON, N.G.: ‘Software safety: why, what and how’, ACM Computing Surveys, June 1986, 18, (2), pp. 125–163
LEVESON, N.G.: ‘Software safety in embedded computer systems’, Communications of the ACM, February 1991, 34, (2), pp. 34–46
LEVESON, N.G., and TURNER, C.T.: ‘An investigation of the Therac-25 accidents’, UCI Technical Report #92–108 (& University of Washington TR #92–11–05), Information and Computer Science Dept., University of California, Irvine, CA 92717, USA, 1992
LINDSAY, P.A.: ‘A survey of mechanical support for formal reasoning’, Software Engineering Journal, 1988, 3, (1), pp. 3–27
LITTLEWOOD, B.: ‘The need for evidence from disparate sources to evaluate software safety’, in REDMILL, F. and ANDERSON, T. (Eds.): ‘Directions in Safety-Critical Systems’, Proc. Safety-critical Systems Symposium, Bristol, UK, February 1993 (Springer-Verlag, 1993)
LITTLEWOOD, B., and MILLER, D. (Eds.): ‘Software reliability and safety’ (Elsevier Applied Science, London and New York, 1991) (Reprinted from Reliability Engineering & System Safety, 32, (1)-2, 1989.)
LITTLEWOOD, B., and STRIGINI, L.: ‘The risks of software’, Scientific American, November 1992, 267, (5), pp. 38–43
MACKENZIE, D.: ‘The fangs of the VIPER’, Nature, 8 August 1991, 352, pp. 467–468
MACKENZIE, D.: ‘Negotiating arithmetic, constructing proof: the sociology of mathematics and information technology’, Programme on Information & Communication Technologies, Working Paper Series, No. 38, Research Centre for Social Sciences, University of Edinburgh, 56 George Square, Edinburgh EH8 9JU, UK, November 1991
MAHONY, B., and HAYES, I.J.: ‘A case-study in timed refinement: a mine pump’, IEEE Transactions on Software Engineering, September 1992, 18, (9), pp. 817–826
MALCOLM, R.: ‘Safety critical systems research programme: technical workplan for the second phase’, in REDMILL, F. (Ed.): ‘Safety Systems: The Safety-Critical Systems Club Newsletter’, Centre for Software Reliability, University of Newcastle upon Tyne, UK, January 1992, 1, (2), pp. 1–3
MALER, O, MANNA, Z., and PNUELI, A.: ‘From timed to hybrid systems’, in DE BAKKER, J.W., HUIZING, C., de ROEVER, W.-P., and ROZENBERG, W. (Eds.): ‘Real-Time: Theory in Practice, REX Workshop’ (Springer-Verlag, Lecture Notes in Computer Science, 1992) 600, pp. 447–484
MANNA, Z., and PNUELI, A.: ‘The temporal logic of reactive and concurrent systems: specification’ (Springer-Verlag, 1992)
MAY, D.: ‘Use of formal methods by a silicon manufacturer’, in HOARE, C.A.R. (Ed.): ‘Developments in Concurrency and Communication’, chapter 4 (Addison-Wesley, University of Texas at Austin Year of Programming Series, 1990) pp. 107–129
MAYGER, E.M., and FOURMAN, M.P.: ‘Integration of formal methods with system design’. Proc. Conference on Very Large Scale Integration (VLSI ’91), Edinburgh, UK, 1991, pp. 3a.2.1–3a.2.11
MCDERMID, J.A.: ‘Formal methods: use and relevance for the development of safety critical systems’, in BENNETT, P.A.: ‘Safety Aspects of Computer Control’ (Butterworth-Heinemann, 1991)
MOORE, J.S. et al., ‘Special issue on system verification’, Journal of Automated Reasoning, 1989, 5, (4), pp. 409–530
MOSER, L.E., and MELLIAR-SMITH, P.M.: ‘Formal verification of safetycritical systems’, Software — Practice and Experience, August 1990, 20, (8), pp. 799–821
MUKHERJEE, P., and STAVRIDOU, V: ‘The formal specification of safety requirements for the storage of explosives’. Technical Report No. DITC 185/91, National Physical Laboratory, Teddington, Middlesex TW11 0LW, UK, August 1991
MYERS, W.: ‘Can software for the strategic defense initiative ever be error-free?’, IEEE Computer, November 1986, 19, (11)
‘Peer review of a formal verification/design proof methodology’. NASA Conference Publication 2377, July 1983
NATSUME, T., and HASEGAWA, Y.: ‘A view on computer systems and their safety in Japan’, in [47], 1992, pp. 45–49
NEESHAM, C.: ‘Safe conduct’, Computing, 12 November 1992, pp. 18–20
NEUMANN, P.G. (Ed.): ‘Subsection on certification of professionals’, ACM SIGSOFT Software Engineering Notes, January 1991, 16, (1), pp. 24–32
NEUMANN, P.G.: ‘Illustrative risks to the public in the use of computer systems and related technology’, ACM SIGSOFT Software Engineering Notes, January 1992, 16, (1), pp. 23–32
NORMINGTON, G.: ‘Cleanroom and Z’, in BOWEN, J.R and NICHOLLS, J.E. (Eds.): ‘Z User Workshop, London 1992’ (Springer-Verlag, Workshops in Computing, 1993) pp. 281–293
OSTROFF, J.S.: ‘Formal methods for the specification and design of realtime safety critical systems’, Journal of Systems and Software, 1992, 18, (1), pp. 33–60
PAGE, I., and LUK, W.: ‘Compiling Occam into field-programmable gate arrays’, in MOORE, W., and LUK, W. (Eds.): ‘FPGAs’, Oxford Workshop on Field Programmable Logic and Applications (Abingdon EE&CS Books, 15 Harcourt Way, Abingdon 0X14 1NV, UK, 1991) pp. 271–283
PALFREMAN, J., and SWADE, D.: The dream machine’ (BBC Books, London, 1991)
PARNAS, D.L., VON SCHOUWEN, A.J., and SHU PO KWAN ‘Evaluation of safety-critical software’, Communications of the ACM, June 1990, 33, (6), pp. 636–648
PARNAS, D.L., ASMIS, G.J.K., and MADEY, J.: ‘Assessment of safety-critical software in nuclear power plants’, Nuclear Safety, April-June 1991, 32, (2), pp. 189–198
PARNAS, D.L., and MADEY, J.: ‘Functional documentation for computer systems engineering’. Version 2, CRL Report No. 237, TRIO, Communications Research Laboratory, Faculty of Engineering, McMaster University, Hamilton, Ontario, Canada L8S 4K1, September 1991
PASQUINE, A., and RIZZO, A.: ‘Risk perceptions and acceptance of computers in critical applications’, in [47], 1992, pp. 293–298
PELAEZ, E.: ‘A gift from Pandora’s box: the software crisis’. PhD Thesis, Edinburgh University, UK, 1988
PROBERT, P.J., DJIAN, D., and Huosheng Hu: ‘Transputer architectures for sensing in a robot controller: formal methods for design’, Concurrency: Practice and Experience, August 1991, 3, (4), pp. 283–292
PYLE, I.: ‘Software engineers and the IEE’, Software Engineering Journal, March 1986, 1, (2), pp. 66–68
RALSTON, T.J.: ‘Preliminary report on the international study on industrial experience with formal methods’, in ‘COMPASS ’92: 7th Annual Conference on Computer Assurance’, Gaithersburg, Maryland, USA, 15–18 June 1992.
RAVN, A.P., and RISCHEL, H.: ‘Requirements capture for embedded realtime systems’. Proc. IMACS-MCTS Symposium, Lille, France, Volume 2, May 1991, pp. 147–152
RAVN, A.P., and STAVRIDOU, V.: ‘Project organisation’, in BJØRNER, D., LANGMAACK, H., and HOARE, C.A.R. (Eds.): ‘Provably Correct Systems’, ProCoS Project Report, January 1993, chapter 9, pp. 109–112 (Available from Department of Computer Science, Technical University of Denmark, Building 3440, DK-2800, Lyngby, Denmark.)
READE, C., and FROOME, P.: ‘Formal methods for reliability’, in ROOK, P. (Ed.): ‘Software Reliability Handbook’, chapter 3 (Elsevier Applied Science, 1990) pp. 51–81
REASON, J.: ‘Human error’ (Cambridge University Press, UK, 1990)
‘Risk: analysis, perception and management’. The Royal Society, 6 Carlton House Terrace, London SW1Y 5AG, UK, 1992
RUSHBY, J., and WHITEHURST, R.A.: ‘Formal verification of AI software’. Contractor Report 181827, NASA Langley Research Center, Hampton, Virginia, USA, February 1989
RUSHBY, J.: ‘Formal specification and verification of a fault-masking and transient-recovery model for digital flight control systems’. Technical Report SRI-CSL-91-3, SRI International, Menlo Park, California, USA, January 1991 (Also available as NASA Contractor Report 4384.)
RUSHBY, J., VON HENKE, F., and OWRE, S.: ‘An introduction to formal specification and verification using EHDM’. Technical Report SRJ-CSL-91–02, SRI International, Menlo Park, California, USA, February 1991
RUSHBY, J., and VON HENKE, F.: ‘Formal verification of algorithms for critical systems’. Proc. ACM SIGSOFT 91 Conference on Software for Critical Systems, Software Engineering Notes, ACM Press, December 1991, 16, (5), pp. 1–15
SCHOLEFIELD, D.J.: ‘The formal development of real-time systems: a review’. Technical Report YCS 145, Dept. of Computer Science, University of York, UK, 1990
SELBY, R.W., BASILI, V.R., and BAKER, F.T.: ‘Cleanroom software development: an empirical evaluation’, IEEE Transactions on Software Engineering, September 1987, SE-13, (9), pp. 1027–1037
SENNETT, C.T.: ‘High-integrity software’ (Pitman Computer Systems Series, 1989)
SHOSTAK, R.E., SCHWARTZ, R., MELLIAR-SMITH, P.M.: ‘STP: a mechanized logic for specification and verification’ in ‘6th International Conference on Automated Deduction (CADE-6)’ (Springer-Verlag, Lecture Notes in Computer Science, 1982) 138
SMITH, C.L.: ‘Digital control of industrial processes’, ACM Computing Surveys, 1970, 2, (3), pp. 211–241
SMITH, D.J., and WOOD, K.B.: ‘Engineering Quality Software: a review of current practices, standards and guidelines including new methods and development tools’, 2nd edition (Elsevier Applied Science, 1989)
SOMMERVILLE, L.: ‘Software engineering’, 3rd edition (Addison Wesley, 1989)
‘Special issue on reliability’, IEEE Spectrum, October 1981, 18, (10)
SPIVEY, J.M.: ‘Specifying a real-time kernel’, IEEE Software, September 1990, 7, (5), pp. 21–28
SPIVEY, J.M.: ‘The Z notation: a reference manual’, 2nd edition (Prentice Hall International Series in Computer Science, 1992)
SRIVAS, M., and BICKFORD, M.: ‘Verification of the FtCayuga fault-tolerant microprocessor system, vol 1: a case study in theorem prover-based verification’. Contractor Report 4381, NASA Langley Research Centre, Hampton, Virginia, USA, July 1991 (Work performed by ORA corporation.)
STEIN, R.M.: ‘Safety by formal design’, BYTE, August 1992, (8), p. 157
STEIN, R.M.: ‘Software safety’ in ‘Real-time Multicomputer Software Systems’, chapter 5 (Ellis-Horwood, 1992) pp. 109–133
STEPNEY, S., BARDEN, R., and COOPER, D. (Eds.): ‘Object orientation in Z’ (Springer-Verlag, Workshops in Computing, 1992)
SWADE, D.: ‘Charles Babbage and his calculating engines’ (Science Museum, London, UK, 1991)
THOMAS, M.C.: ‘The future of formal methods’, in BOWEN, J.P. (Ed.): ‘Proc. 3rd Annual Z Users Meeting’, Oxford University Computing Laboratory, UK, December 1988, pp. 1–3
THOMAS, M.C.: ‘Development methods for trusted computer systems’, Formal Aspects of Computing, 1989, 1, pp. 5–18
TIERNEY, M.: ‘The evolution of Def Stan 00–55 and 00–56: an intensification of the “formal methods debate” in the UK’. Proc. Workshop on Policy Issues in Systems and Software Development, Science Policy Research Unit, Brighton, UK, July 1991
TIERNEY, M.: ‘Some implications of Def Stan 00–55 on the software engineering labour process in safety critical developments’. Research Centre for Social Sciences, Edinburgh University, 1991
VON NEUMANN, J.: ‘Probabilistic logics and synthesis of reliable organisms from unreliable components’ in ‘Collected Works’, Volume 5 (Pergamon Press, 1961)
WALDINGER, R.J., and STICKEL, M.E.: ‘Proving properties of rule-based systems’. Proc. 7th Conference on Artificial Intelligence Applications, IEEE Computer Society, February 1991, pp. 81–88
WALLACE, D.R., KUHN, D.R., and CHERNIAVSKY, J.C.: ‘Report of the NIST workshop of standards for the assurance of high integrity software’. NIST Special Publication 500–190, Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA, August 1991 (Available from the Superintendent of Documents, Government, U.S. Printing Office, Washington, DC 20402, USA.)
WALLACE, D.R., KUHN, D.R., and IPPOLITO, L.M.: ‘An analysis of selected software safety standards’, IEEE AES Magazine, August 1992, (8), pp. 3–14
WARD, W.T.: ‘Calculating the real cost of software defects’, Hewlett-Packard Journal, October 1991, pp. 55–58
WEBB, J.T.: ‘The role of verification and validation tools in the production of critical software’, in INCE, D. (Ed.): ‘Software Quality and Reliability: Tools and Methods’, Unicorn Applied Info Technology Report 6, chapter 4 (Chapman & Hall, London, 1991) pp. 33–41.
WENSLEY, J. et al. ‘SIFT: design and analysis of a fault-tolerant computer for aircraft control’, Proc. IEEE, 1978, 60, (10), pp. 1240–1254
WIRTH, N.: ‘Towards a discipline of real-time programming’, Communications of the ACM, August 1977, 20, (8), pp. 577–583
WICHMANN, B.A. (Ed.): ‘Software in safety-related systems’ (Wiley, 1992) Also published by BCS
WRIGHT, C.L., and ZAWILSKI, A.J.: ‘Existing and emerging standards for software safety’. The MITRE Corporation, Center for Advanced Aviation System Development, 7525 Colshire Drive, McLean, Virginia 22102–3481, USA, MP-91W00028, June 1991 (Presented at the IEEE Fourth Software Engineering Standards Application Workshop, San Diego, California, USA, 20–24 May 1991.)
XILINX, Inc.: ‘The programmable gate array data book’. San Jose, California, USA, 1991
YOULL, D.P.: ‘Study of the training and education needed in support of Def Stan 00–55’. Cranfield IT Institute Ltd, UK, September 1988 (Can also be found as an appendix of the April 1989 00–55 draft.)
ZHOU CHAOCHEN, HOARE, C.A.R., and RAVN, A.P.: ‘A calculus of durations’, Information Processing Letters, 1991, 40, (5), pp. 269–276
Rights and permissions
Copyright information
© 1999 Springer-Verlag London Limited
About this chapter
Cite this chapter
Ostroff, J. et al. (1999). Real-Time and Safety-Critical Systems. In: High-Integrity System Specification and Design. Formal Approaches to Computing and Information Technology (FACIT). Springer, London. https://doi.org/10.1007/978-1-4471-3431-2_6
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3431-2_6
Publisher Name: Springer, London
Print ISBN: 978-3-540-76226-3
Online ISBN: 978-1-4471-3431-2
eBook Packages: Springer Book Archive