With the rapid growth of networking and high-computing power, the demand for large-scale and complex software systems has increased dramatically. Many of the software systems support or supplant human control of safety-critical systems such as flight control systems, space shuttle control systems, aircraft avionics control systems, robotics, patient monitoring systems, nuclear power plant control systems, and so on. Failure of safety-critical systems could result in great disasters and loss of human life. Therefore, software used for safety critical systems should preserve high assurance properties. In order to comply with high assurance properties, a safety-critical system often shares resources between multiple concurrently active computing agents and must meet rigid real-time constraints. However, concurrency and timing constraints make the development of a safety-critical system much more error prone and arduous. The correctness of software systems nowadays depends mainly on the work of testing and debugging. Testing and debugging involve the process of de tecting, locating, analyzing, isolating, and correcting suspected faults using the runtime information of a system. However, testing and debugging are not sufficient to prove the correctness of a safety-critical system. In contrast, static analysis is supported by formalisms to specify the system precisely. Formal verification methods are then applied to prove the logical correctness of the system with respect to the specification. Formal verifica tion gives us greater confidence that safety-critical systems meet the desired assurance properties in order to avoid disastrous consequences.

Abstract: "This thesis presents a collection of techniques and tools for avoiding the State Explosion Problem in verification of State/Event Systems and real time systems. The algorithms uses [sic] symbolic representations and compositional reasoning as basic means for making verification feasible for large systems. The thesis consists of six papers denoted A-F. In papers A and B we present symbolic techniques for verification of state/event systems. Both techniques uses [sic] compositional reasoning together with a dependency analysis. In paper A an implicit symbolic representation using BDDs is used to keep the state space small during verification. Paper B uses an explicit representation of the intermediate state/transition graphs which are kept small using a context dependent minimization. In paper C we present a method for automatically constructing real time systems directly from their specifications. The model-construction problem is considered for implicit specifications. First symbolic contexts transducing actions and time are introduced as transformers for properties in a timed modal logic. Next, a direct model construction of a regular timed agent from a logical specification is presented. Paper D presents the application of the model checker UPPAAL on the modelling and verification of Philips Audio Control Protocol with bus collision detection. When presented in 1996 this was the largest case study for real time systems that had ever been carried out. Paper E presents a compositional proof of a real time protocol for mutual exclusion. The proof is carried out using a quotient technique. Paper F is an early paper presenting the modelling and analysis of a steam generator using the model checker UPPAAL."

The research described in this monograph concerns the formal specification and compositional verification of real-time systems. A real-time programminglanguage is considered in which concurrent processes communicate by synchronous message passing along unidirectional channels. To specifiy functional and timing properties of programs, two formalisms are investigated: one using a real-time version of temporal logic, called Metric Temporal Logic, and another which is basedon extended Hoare triples. Metric Temporal Logic provides a concise notationto express timing properties and to axiomatize the programming language, whereas Hoare-style formulae are especially convenient for the verification of sequential constructs. For both approaches a compositional proof system has been formulated to verify that a program satisfies a specification. To deduce timing properties of programs, first maximal parallelism is assumed, modeling the situation in which each process has itsown processor. Next, this model is generalized to multiprogramming where several processes may share a processor and scheduling is based on priorities. The proof systems are shown to be sound and relatively complete with respect to a denotational semantics of the programming language. The theory is illustrated by an example of a watchdog timer.

An advanced 2001 textbook on verification of concurrent programs using a semantic approach which highlights concepts clearly.

Abstract: "This thesis presents a compositional methodology for the verification of reactive and real-time systems. The correctness of a given system is established from the correctness of the system's components, each of which may be treated as a system itself and further reduced. When no further reduction is possible or desirable, global techniques for verification may be used to verify the bottom-level components. Transition modules are introduced as a suitable compositional model of computation. Various composition operations are defined on transition modules, including parallel composition, sequential composition, and iteration. A restricted assumption-guarantee style of specification is advocated, wherein the environment assumption is stated as a restriction on the environment's next-state relation. Compositional proof rules are provided in accordance with the safety-progress hierarchy of temporal properties. The compositional framework is then extended naturally to real-time transition modules and discrete-time metric temporal logic."

The CSP approach has been widely used in the specification, analysis and verification of concurrent and real-time systems, and for understanding the particular issues that can arise when concurrency is present. It provides a language which enables specifications and designs to be clearly expressed and understood, together with a supporting theory which allows them to be analyzed and shown to be correct. This book supports advanced level courses on concurrency covering timed and untimed CSP. The first half introduces the language of CSP, the primary semantic models (traces, failures, divergences and infinite traces), and their use in the modelling, analysis and verification of concurrent systems. The second half of the book introduces time into the language, brings in the timed semantic model (timed failures) and finally presents the theory of timewise refinement which links the two halves together. Accompanying website: http://www.cs.rhbnc.ac.uk/books/concurrency Containing the following: -Exercises and solutions -Instructors resources - Example CSP programs to run on FDR and ProBe -Links to useful sites Partial Contents: Part I: The Language of CSP; Sequential Processes; Concurrency; Abstraction and Control Flow; Part II: Analyzing Processes; Traces; Specification and Verification with Traces; Stable Failures; Specification and Verification with Failures; Failures, Divergences, and Infinite Traces; Part III: Introducing Time; The Timed Language; Timed transition systems; Part IV: Timed Analysis; Semantics of Timed CSP; Timed Specification and Verification; Timewise Refinement; Appendix A: Event-based Time; A.1 Standard CSP and $tock$; A.2 Translating from Timed CSP; A.3 Notes; Appendix B: Model-checking with FDR; B.1 Interacting with FDR; B.2 How FDR Checks Refinement; B.3 Machine readable CSP; Index of Processes.