Refining SCJ Mission Specifications into Parallel Handler Designs

TL;DR

This paper introduces formal laws and patterns for refining Safety-Critical Java mission specifications into parallel handler designs, supporting correct-by-construction development of real-time safety-critical applications.

Contribution

It presents a novel set of refinement laws and patterns using Circus-based notation for SCJ, aiding systematic development of parallel handlers.

Findings

Developed a set of refinement laws for SCJ

Supported formal specification and design of parallel handlers

Facilitated correct-by-construction SCJ program development

Abstract

Safety-Critical Java (SCJ) is a recent technology that restricts the execution and memory model of Java in such a way that applications can be statically analysed and certified for their real-time properties and safe use of memory. Our interest is in the development of comprehensive and sound techniques for the formal specification, refinement, design, and implementation of SCJ programs, using a correct-by-construction approach. As part of this work, we present here an account of laws and patterns that are of general use for the refinement of SCJ mission specifications into designs of parallel handlers used in the SCJ programming paradigm. Our notation is a combination of languages from the Circus family, supporting state-rich reactive models with the addition of class objects and real-time properties. Our work is a first step to elicit laws of programming for SCJ and fits into a refinement strategy that we have developed previously to derive SCJ programs.