This report describes preliminary experience writing formal specifications for the control system for a cyclotron and neutron radiation therapy apparatus. This effort is motivated by high reliability and safety requirements, and a need for concise, authoritative documentation to support coding, user instruction, and testing. Software development practices for therapy machines and physics reserach acclerators are reviewed. The operation of our machine from the point of view of the cyclotron operator is described. Many of the cyclotron operator's controls are well-matched to model-based notations such as Z and VDM. Sample specifications in Z are presented for representative operations of the cyclotron control programs. These notations provide no built-in way to represent the passage of time, and they cannot express some features of concurrent systems and event-driven systems. Alternative notations are discussed, including Petri Nets and Software Cost Reduction project (SCR) notation. We conclude that it is practical to attempt a comprehensive formal specification of our application, and anticipate that this will be a valuable supplement to traditional development practices.

Download