Automata-based Software Engineering for Control System Design and Verification

Abstract

The automata composition is defined as the basic language construct of automata programming. Incorporating automata composition into an arbitrary programming language allows the development of automata programs in that language. Methods for specification and verification of reactive systems are defined in detail. All kinds of correctness formulas for a reactive system with respect to its specification are defined. In addition, correctness formulas for verification using the full invariant of the reactive system are developed. The Event-B manual begins with a brilliant illustration of the basic Event-B methods using the example of a car traffic control problem on a narrow bridge. However, the latter refinement in this illustration generates a complex cumbersome program. A simpler and shorter solution to this problem was presented in our work [7] using automata programming approach. Our solution was not easy because 4 non-trivial bugs were found by verification in Event-B. This paper describes our third attempt to construct a short simple automata program to solve this problem. Verification of the automata program in Event-B and Why3 systems was carried out. No errors were found. For verification, a reactive system model is built on Why3, which is simpler and more universal than the why3-do model.