%O Report 
%F marchand95b
%A Marchand, H.
%A Rutten, E.
%A Samaan, M.
%T Specifying and verifying a transformer station in Signal and Signalgti
%N 916
%I Irisa
%X We present the specification and verification of the automatic circuit-breaking behavior of an electric power transformer station using the synchronous approach to reactive real-time systems, and particularly the Signal language. The synchronous languages have a mathematical model supporting the various phases of the development of a control system: specification, verification, simulation, code generation, and implementation. Their semantics are at the base of the various tools dedicated to each phase and integrated into homogeneous design environments. The methodology associated with the data flow language Signal is demonstrated on the example of the functional description of a medium tension power transformer station and the specification of its automatic behavior upon the occurrence of an electrical default. The specification of the complex hierarchical, state-based and preemptive behavior is made in Signalgti, an extension of Signal with the notions of time intervals and preemptive tasks. For the validation of the specification, a graphical simulator is generated using the execution environment for Signal. Properties required by the application are proved to hold on the specification of the controller, using the proof method associated with Signal
%U ftp://ftp.irisa.fr/techreports/1995/PI-916.pdf
%8 March
%D 1995