Formal Speci cations for a Clinical Cyclotron Control System

This report describes preliminary experience writing formal speciications for the control system for a cyclotron and neutron radiation therapy apparatus. This eeort is motivated by high reliability and safety requirements , and a need for concise, authoritative documentation to support coding, user instruction , and testing. Software development practices for therapy machines and physics reserach acclerators are reviewed. The operation of our machine from the point of view of the cyclotron operator is described. Many of the cyclotron operator's controls are well-matched to model-based notations such as Z and VDM. Sample speciications in Z are presented for representative operations of the cyclotron control programs. These notations provide no built-in way to represent the passage of time, and they cannot express some features of concurrent systems and event-driven systems. Alternative notations are discussed, including Petri Nets and Software Cost Reduction project (SCR) notation. We conclude that it is practical to attempt a comprehensive formal speciication of our application , and anticipate that this will be a valuable supplement to traditional development practices.