Specification and Verification of a Steam-Boiler with Signal-Coq [chapter]

Mickaël Kerbœuf, David Nowak, Jean-Pierre Talpin
2000 Lecture Notes in Computer Science  
Over the last decade, the increasing demand for the validation of safety critical systems has led to the development of domain-speci c programming languages (e.g. synchronous languages) and automatic veri cation tools (e.g. model checkers). Conventionally, the veri cation of a reactive system is implemented by specifying a discrete model of the system (i.e. a nite-state machine) and then checking this model against temporal properties (e.g. using an automata-based tool). We investigate the use
more » ... f a synchronous programming language, Signal, and of a proof assistant, Coq, for the speci cation and the veri cation of co-inductive properties of the well-known steam-boiler problem. By way of this large-scale case-study, the Signal-Coq formal approach, i.e. the combined use of Signal and Coq, is demonstrated to be a wellsuited and practical approach for the validation of reactive systems. Indeed, the deterministic model of concurrency of Signal, for specifying systems, together with the unparalleled expressive power of the Coq proof assistant, for verifying properties, enables to disregard any compromise incurred by any limitation of either the speci cation and the veri cation tools.
doi:10.1007/3-540-44659-1_22 fatcat:eb3gajnm6rd3rifpgtndqh45re