Safety critical systems are complex systems that interact with a dangerous environment (e.g. nuclear reactors or radiation therapy machines for treating patients with cancer). The specification and design of software and hardware for such systems is challenging because these systems may result in death or serious injury to people, loss or severe damage to equipment or environmental harm. So ordinary testing methods are insufficient to ensure that they work reliably and safely.

In this course, we use industrial strength methods and tools such as Event-B, Alloy and Spin for the design of safety critical systems. These methods and tools are all in use in actual practice in industry.

As explained by J.R. Abrial in his new book on Event-B, these methods and tools will provide insights on modelling and formal reasoning for such systems. These activities are supposed to be performed before undertaking the effective coding of a computer system, so that the system in question will be correct by construction. The methods will include the ability to develop sequential programs, concurrent programs, distributed programs, electronic circuits, reactive systems, etc. We will construct a mathematical model of a program that is quite different from the program itself. And we will learn that it is far easier to reason about the model than about the program. We will study important notions such as abstraction and refinement: the idea being that an executable program is only obtained at the final stage of a sometimes long sequence consisting of gradually building more and more accurate models of the future program (think of the various blue-prints made by an architect).

Winter 2009:

Mondays and Wednesdays: 11:30am-1pm R N836