Specification and verification of mobile real-time systems

Formal methods for the verification of safety-critical systems are an area of active research. In this thesis we investigate systems involving mobility and real-time constraints. For the description of many mobile real-time systems both spatial and temporal aspects need to be considered. There are several well-understood methods for the formal treatment of real-time aspects among them the Duration Calculus. However, spatial properties, e.g. that an autonomous robot does not leave a certain area, cannot be described directly with these methods. On the other hand, there are several methods for describing spatial aspects but neglecting real-time properties. So both approaches fall short when dealing with systems in which safety depends on spatial and temporal properties. We propose a spatio-temporal logic – called Shape Calculus – for the specification of mobile real-time systems and the formalisation of safety requirements for this class of systems. It considers time and space quantitatively. The Shape Calculus is extending the interval logic Duration Calculus developed for reasoning about real-time systems and properties. Thereby, it integrates smoothly with an established method for real-time systems. To enhance its usability in practice, we develop a set of patterns for the specification of common properties. The applicability of the Shape Calculus and the patterns is demonstrated with three case studies. The first case study “Generalised Railroad Crossing” is chosen for comparison with a benchmark example for real-time systems. We show that the treatment in Shape Calculus is a conservative extension of the treatment in the realtime formalism Duration Calculus. The second case study stems from the Berkeley PATH Project and demonstrates the modelling of distributed mobile systems exemplified by modelling manoeuvres of car platoons. A third case study puts emphasis on the spatial properties. It considers a mobile and autonomous robot. We investigate fundamental properties of the new logic and prove undecidability and non-axiomatisability in the general case and even when