Our overall objectives are to advance the state of the art of systematic design of complex heterogeneous systems [18], including both software and hardware; in particular, to reduce the risk of error in the specification, design and implementation of embedded safety-critical systems [13].
Existing guidelines for development of safety-critical systems are rightly suspicious of software. Some current guidelines suggest that software diversity might ensure adequate safety; but in guidelines from at least one certifying agency [16] the cautious approach wins: `software must not alone be responsible for safety related functions'. A recent guideline [31] accepts software, provided it is formally specified and that the design is formally or at least rigorously verified. A further requirement is that compilers, assemblers and operating systems shall be developed to the same standards - otherwise verification has to start with the absolute binary of the delivered machine code. It is therefore an important goal of the ProCoS-WG Working Group to investigate how to establish an acceptably high degree of confidence in compilers and operating systems; we thereby aim to simplify the task of safety engineers, and thus reduce the risk of error in checking large systems.
One goal in the abutted ProCoS II project is to provide a formal design methodology to cover not only program design and development, but also capture and analysis of total system requirements including reliability. It is at this early stage that some of the worst and most expensive errors have occurred in practice. The aim is that the formal specifications secure sound interfaces to process engineers, control engineers as well as safety analysts.