Implementation of Formally Veriied Real Time Distributed Systems: Simpliied light control system Nahla A. El-Araby Electrical and Electronics Eng. Dept., Canadian International College, Cairo, Egypt nahla _ alaraby@cic-cairo.com WW .Clc-cmro.com Abstract-The most common procedure to ensure the reliability of a design is simulation. Unfortunately simulation cannot fully inspect all the execution states of the system. The signiicant increase in the complexity and size of digital systems together with the nature of real time systems boosted up the need for a different approach for the validation of the behavior of a system in the early design stages. Formal veriication is an approach to validate a system by formally reasoning the system behavior. In formal veriication the system implementation is checked against the requirements or the properties to be satisied. B method is one of the common paradigms used in formal veriication. But in some cases some deviations from the veriied model appears in the inal implementation phase, so some of the veriied properties are lost. This work aims to reach for a complete design low for veriication and implementation of a simpliied light control system, as an example of a system consisting of a number of distributed computing devices that are interconnected together through digital communication channels. The B method was used to formalize and verify, then the veriied B model was transformed into VHDL implementation concerning exact mapping to maintain the properties of the veriied model. The main objective is to avoid any discrepancies between the veriied model and its implementation. Keywords-Formal Verication; B method; Real time systems; Theorem proving; VHDL. I. INTRODUCTION People and goods safety are directly affected by the reliability of automated systems. Safety aspects should be considered from early design stages up to operational stages and this needs a very accurate design approach [1]. This becomes more sophisticated in real time systems as they differ from untimed systems in that the correct behavior relies on computation results plus the time on which they were produced. The resulting state-space explosion makes it infeasible to run a satisfactory number of simulation traces to achieve enough coverage of the state spaces 978-1-4577-0128-3/11/$26.00 ©2011 IEEE 25 Ayman M. Wahba, Mohamed M. Taher Computer and Systems Eng. Dept., Faculty of Engineering, Ain Shams University, Cairo, Egypt ayman.wahba@eng.asu.edu.eg, mohamed.taher@eng.asu.edu.eg http://eng.asu.edu.eg and enough conidence in the design correctness within a project schedule. Even if it were feasible to have extensive coverage of the system, missing only single untested sequence of events may cause the system failure. Formal veriication means to thoroughly investigate the correctness of system designs expressed as mathematical models. Formal veriication is a useul and powerul technique for guaranteeing the reliability of systems in design stages [2]. In recent years, several approaches to applying formal veriication techniques on automation systems dependability have been proposed. These range rom formal veriication by theorem proving [3] to formal veriication by model-checking [4, 5, 6, 7]. Many achievements in the formal veriication of real-time systems are presented in [8], [9], [10], and [11]. Most major projects are spending over 50% of their development costs in veriication and integration, so using formal veriication can substantially reduce the explosive growth of veriication and integration costs and improve the quality of system designs in industry. It is claimed that this approach has already had a remarkable effect on the SLAM project of Microsot, which plans to include model-checking capability in its Windows driver development kit (DDK) [12]. Hardware systems are usually implemented using hardware description languages like VHDL or Verilog. So ater a model is completely veriied against speciic properties using any of the formal veriication methods, it is now ready to be coded using the hardware description language. In some cases one or more of the veriied properties is lost during the design implementation. So this research is aiming to ind a method for directly transforming veriied models into the implementation maintaining all the veriied properties. A simpliied light control system was used, as an example of a system consisting of a number of