Timed Modal Specification - Theory and Tools

In this paper we present the theory of Timed Modal Specifications (TMS) together with its implementation, the tool Epsilon. TMS and Epsilon are timed extensions of respectively Modal Specifications [Lar90, LT88] and the Tav system [GLZ89, BLS92]. The theory of TMS is an extension of real–timed process calculi with the specific aim of allowing loose or partial specifications. Looseness of specifications allows implementation details to be left out, thus allowing several and varying implementations. We achieve looseness of specifications by introducing two modalities to transitions of specifications: a may and a must modality. This allows us to define a notion of refinement, generalizing in a natural way the classical notion of bisimulation. Intuitively, the more must–transitions and the fewer may–transitions a specification has, the finer it is. Also, we introduce notions of refinements abstracting from time and/or internal computation. TMS specifications may be combined with respect to the constructs of the real–time calculus [Wan90]. “Time–sensitive” notions of refinements that are preserved by these constructs are defined , thus enabling compositional verification. Epsilon provides automatic tools for verifying refinements. We apply Epsilon to a compositional verification of a train crossing example.