SCJ-Circus: a refinement-oriented formal notation for Safety-Critical Java

TL;DR

SCJ-Circus is a formal notation designed to specify and verify safety-critical Java programs, supporting refinement and low-level abstraction modeling for real-time embedded systems.

Contribution

It introduces SCJ-Circus, a refinement-oriented formal notation that models SCJ abstractions, extending Circus with semantics and a refinement strategy for safety-critical Java.

Findings

Defined syntax and semantics for SCJ-Circus

Mapped SCJ-Circus constructs to standard Circus

Extended refinement strategy for SCJ programs

Abstract

Safety-Critical Java (SCJ) is a version of Java whose goal is to support the development of real-time, embedded, safety-critical software. In particular, SCJ supports certification of such software by introducing abstractions that enforce a simpler architecture, and simpler concurrency and memory models. In this paper, we present SCJ-Circus, a refinement-oriented formal notation that supports the specification and verification of low-level programming models that include the new abstractions introduced by SCJ. SCJ-Circus is part of the family of state-rich process algebra Circus, as such, SCJ-Circus includes the Circus constructs for modelling sequential and concurrent behaviour, real-time and object orientation. We present here the syntax and semantics of SCJ-Circus, which is defined by mapping SCJ-Circus constructs to those of standard Circus. This is based on an existing approach for modelling SCJ programs. We also extend an existing Circus-based refinement strategy that targets SCJ programs to account for the generation of SCJ-Circus models close to implementations in SCJ.