A mechanized verification environment for real-time process algebras and low-level programming languages

Abstract

Nowadays, embedded and reactive real-time systems are often also distributed and operate in dynamically changing environments. Furthermore, these systems handle safety-critical tasks and therefore have to satisfy critical functional and non-functional requirements like, for example, real-time requirements. During development, such systems are often modeled on different levels of abstraction using different formalisms or languages in order to facilitate the verification of crucial properties. Timed process-algebraic formalisms like Timed CSP are well-suited for reasoning about properties of distributed systems on different levels of abstraction. However, it is still a challenging task to establish that implementations given in an unstructured low-level programming language correctly implement the respective processalgebraic specifications. The main challenge is to find a way of overcoming the semantic gap introduced by the different levels of abstraction that ensures that properties established on the higher levels of abstraction are preserved. In this thesis, we address this problem by developing a mechanized framework that enables the compositional verification of formal relations between timed process-algebraic specifications given in Timed CSP and their implementations given in a low-level programming language. On the level of processalgebraic specifications, we build on an existing mechanization of the operational semantics of Timed CSP in the theorem prover Isabelle/HOL. On the level of programming languages, our framework provides a mechanization and extension of an existing compositional big-step semantics and a Hoare-logic for a basic low-level language. We extend the semantics and the Hoare-logic to support non-determinism and real-time properties and provide mechanized soundness and completeness proofs for the partial and total correctness cases. For proofs about conformance between abstract specifications in Timed CSP and their implementations in the extended low-level language, we use the notion of weak timed bisimulation. As a basis for this relation, we formally derive a labeled transition system from the unlabeled transition system induced by the operational semantics of the extended low-level language. We show how our framework supports the transfer of verification results established using our proof calculus in order to discharge verification conditions resulting from conformance proofs. Furthermore, we provide a CSP-based approach for the specification and verification of distributed reactive systems, which adapt their behavior to changes in their environment. In this modeling approach, the notion of refinement in CSP is exploited to realize a layered specification approach separating the functional behavior of a system from its internal reconfiguration processes. We have formalized the underlying theory of our approach using the Isabelle/HOL theorem prover. This enables us to mechanically verify all results of this thesis and ensures that critical corner cases are not overlooked. At the same time, we thereby provide a machine-assisted verification environment that enables the mechanized compositional verification of conformance relations between low-level code and timed process-algebraic specifications in dynamically changing environments.