Abstract
This paper presents a new two-step verification method for control software. The novelty of the method is that it reduces the verification of the temporal properties of a control program to the deductive verification of an imperative program in the Hoare style, which explicitly models the time and history of the control program. The method is applied to programs written in the Reflex language, a domain-specific extension of C developed as an alternative to the languages of the IEC 61131-3 standard. Reflex is a process-oriented language that describes control programs in terms of communicating processes controlled by operator events, including the events generated by operations on discrete time intervals. At the first step, an annotated Reflex program is translated into an equivalent annotated imperative program on a bounded subset of C, which is extended with the logical type bool, supertype value (which combines the values that can return Reflex functions and operators), and statement havoc x (which assigns an arbitrary value to the variable x). At the second step, the resulting imperative program undergoes deductive verification. The proposed method is illustrated by the example of deductive verification of a Reflex program that controls a hand dryer. The example includes the original Reflex program, a set of requirements, the resulting annotated program, the correctness conditions generated, and results of verifying these conditions in Z3py, an interface to the Z3 SMT solver implemented in Python.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
