SCJ-Circus: a refinement-oriented formal notation for Safety-Critical Java
This work addresses the need for formal verification tools in safety-critical software development, specifically for SCJ, but it is incremental as it builds on existing Circus and SCJ modelling approaches.
The paper tackles the problem of specifying and verifying low-level programming models for Safety-Critical Java (SCJ) by introducing SCJ-Circus, a refinement-oriented formal notation based on Circus, and presents its syntax, semantics, and an extended refinement strategy for generating models close to SCJ implementations.
Safety-Critical Java (SCJ) is a version of Java whose goal is to support the development of real-time, embedded, safety-critical software. In particular, SCJ supports certification of such software by introducing abstractions that enforce a simpler architecture, and simpler concurrency and memory models. In this paper, we present SCJ-Circus, a refinement-oriented formal notation that supports the specification and verification of low-level programming models that include the new abstractions introduced by SCJ. SCJ-Circus is part of the family of state-rich process algebra Circus, as such, SCJ-Circus includes the Circus constructs for modelling sequential and concurrent behaviour, real-time and object orientation. We present here the syntax and semantics of SCJ-Circus, which is defined by mapping SCJ-Circus constructs to those of standard Circus. This is based on an existing approach for modelling SCJ programs. We also extend an existing Circus-based refinement strategy that targets SCJ programs to account for the generation of SCJ-Circus models close to implementations in SCJ.