Formal methods and tool support for real-time

We argue that formal methods have a much wider role to play than only offering a platform for formal verification, as many other benefits can be gained from giving a formal and unambiguous semantics to a real-time design language. Using a formal model which closely matches standard implementation models it becomes possible to offer early exercising of designs through simulation, enabling problems at a high level to be identified before too much implementation effort is expended. Similarly, automatic code generation and regeneration from a formal design allows low level changes to be made without affecting the high-level structure. However, for code generation to be successful and verifiable, the semantic model must closely match the final implementation model, which is where many timed formalisms fall short. It has been traditional to compare formal methods on the grounds of expressivity and proof techniques; we suggest that other factors, such as code generation, simulation, and other tool support are at least as important. Some might argue that there is no point in making the effort to use formal methods if a proof of correctness is not the end product, but our experience has been that the formality provided not only gives a basis for proof, but also the design and implementation of supporting tools