Contract Machines: An Engineer-friendly Specification Language for Mode-Based Systems

The first step in developing safe and functioning systems is the specification of the intended behavior. The development, validation, and verification depend on clear and unambiguous specifications. Building understandable specification tools requires adequate formalisms and representation to express the expected functional behavior. We present contract machines: a graphical specification language based on the well-known modeling concept of state machines and the intuitive semantics of assume-guarantee contracts. Contract machines (CMs) build upon the logical foundation of contract automata (CA) which are non-deterministic finite automata over alphabets of contracts, and provide the formal semantics of CMs. CAs can be processed by (semi-)automated verification and validation tools, such as model checkers or test case generators. In contrast to contract automata, contract machines offer a more high-level view of the system under scrutiny by providing more features to ease usability. We present features for effective controlling of non-determinism, using recurring specification patterns, e.g.\ for fault modes and error recovery behavior, and handling different versions and variants of systems.