Automated high integrity reactive systems required in the control of defence, automotive, rapid mass transport, manufacturing and healthcare systems, among many others, accentuate the need for formal specification and design tools. Reconfigurability by design is an added requirement given the costly development processes. Many of these systems are hybrids of discrete event and continuous-time subsystems. Statecharts (implemented as stateflow in Matlab) are increasingly being proposed as the language of choice for the discrete-event part. However, the complex semantics of statecharts make automated formal verification difficult and hence largely an unresolved problem. Formal verification, in preference to simulation/testing, is necessary to specify these systems at the required level of integrity and to maintain traceability along the different phases of design and operation. Drawing from a number of different approaches by others to develop formal semantics at requirement and implementation levels, a first attempt was made by the author to develop a modular formal verification strategy applicable to statechart based controller specifications for complex reactive systems and an early version of the original approach, which was completely based on regular languages (hence, finite state automata) and different compositions thereof, was published in 2005.The key idea was the implementation of these composition operations through suitably interpreted port structures between pairs of automata resulting from a decomposition of the statechart. Application development based on this model has been done with collaborators on an elevator test rig built for the purpose and still continuing. While many of the under lying concepts are still valid and there is much to be learnt from their practical implementation and extension, there are fundamental limitations in this model stemming from the rather basic computational and expressive power of regular languages. In the current paper the author attempts to extend the method to context free language based models (hence, pushdown automata, PDA) to include real-time semantics for internal (fast) events and general correctness properties expressed in temporal logic, posed as supervisory specifications of Ramage-Wonham type interpreted on the port structures between pairs of PDA whenever possible. It is shown that decidability problems limit this choice to restricted forms of context-free languages, and the development is done with Event-dock Visibly Pushdown Automata (ECVPA), which are dosed under Boolean operations and determinisable. The ECVPA based verification model is presented with high-speed railway signalling as a target environment.
Read full abstract