Rigorous development process of a safety-critical system: from ASM models to Java code (original) (raw)
Related papers
Safety critical systems based on formal models
ACM SIGAda Ada Letters, 2000
The Ravenscar profile for high integrity systems using Ada 95 is well defined in all real-time aspects. The complexity of the run-time system has been reduced to allow full utilization of formal methods for applications using the Ravenscar profile. In the Mana project a tool set is being developed including a formal model of a Ravenscar compliant run-time system, a gnat compatible run-time system, and an ASIS based tool to allow for the verification of a system including both COTS and code that is reused.
Proceedings First International Workshop on Formal Techniques for Safety-Critical Systems
Electronic Proceedings in Theoretical Computer Science, 2012
as a satellite event of the ICFEM conference. The aim of this workshop is to bring together researchers and engineers who are interested in the application of formal and semi-formal methods to improve the quality of safety-critical computer systems. FTSCS strives strives to promote research and development of formal methods and tools for industrial applications, and is particularly interested in industrial applications of formal methods. Specific topics include, but are not limited to:
First International Workshop on Formal Techniques for Safety-Critical Systems (FTSCS 2012
as a satellite event of the ICFEM conference. The aim of this workshop is to bring together researchers and engineers who are interested in the application of formal and semi-formal methods to improve the quality of safety-critical computer systems. FTSCS strives strives to promote research and development of formal methods and tools for industrial applications, and is particularly interested in industrial applications of formal methods. Specific topics include, but are not limited to:
Safety-Critical Systems, Formal Methods and Standards
Software Engineering Journal, 1993
Standards concerned with the development of safety-critical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computer-based systems. The use of formal methods is often advocated as a way of increasing confidence in such systems. This paper examines the industrial use of these techniques, the recommendations concerning formal methods in a number of current and draft standards, and comments on the applicability and problems of using formal methods for the development of safety-critical systems of an industrial scale. Some possible future directions are suggested. Winner of the IEE Charles Babbage Premium award, 1994. Other versions issued as a Oxford University Computing Laboratory Technical Report PRG-TR-5-92, and Chapter 1 in Towards Verified Systems.
2013
: This thesis researches the role of software architectural patterns and lightweight formal methods in safety-critical software development. We present a framework that relates the different activities and products from system engineering, safety engineering, system and software requirements, and software architecture explicitly, and demonstrate the proposed framework with a case study involving the architectural design of the software to control the arming device of a fictitious Surface-to-Air Missile. We describe the safety engineering steps for the identification of the system hazards and the critical functions that the software has to provide to avoid premature detonation, resulting in four safety requirements for the software that controls the missile's Electronic Safe Arm Device (ESAD). We formalize the software safety requirements as statechart assertions and validate their correctness via JUnit test. We develop a software architecture for the control software using the S...
A case study in software safety assurance using formal methods
1999
This report describes a formal approach to verification and validation of safety requirements for embedded software, by application to a simple control-logic case study. The logic is formally specified in Z. System safety properties are formalised by defining an abstract model of the system’s physical behaviour in Z, including its hazardous states and dominant sensor failures. The Possum specification-animation tool is then used to check that the logic meets its safety requirements. Finally, the logic is implemented in SPARK Ada and SPARK Examiner is used to formally verify the implementation meets its specification. Design safety validation and source code verification are completely automated, removing the need for
The practice of formal methods in safety-critical systems
Journal of Systems and Software, 1995
By describing several industrial-scale applications of formal methods, this paper intends to demonstrate that formal methods for software development and safety analysis are increasingly adopted in the safety critical systems sector. The benets and limitations of using formal methods are described, and the problems of developing software for safety critical systems are analysed.
Incremental Development of a Safety Critical System Combining formal Methods and DSMLs
Formal Methods for Industrial Critical Systems, 2019
In order to assist domain experts, several tools exist for the definition of graphical or textual domain specific modeling languages (DSMLs). The resulting models are useful, but not sufficient, for an overall understanding of the system, especially when formal methods are being applied. Indeed, formal methods failures often result from misunderstandings of the requirements, even if the system is entirely proved. This is confirmed by several industrial experiments which showed that the poor readability of the formal notations is not convenient for communication with domain experts and hence the validation activity is often tedious, time consuming and complex. In order to circumvent this shortcoming, we propose to make domain specific models provable and also executable thanks to the animation of their expected behaviour directly in a dedicated DSML tool. Our approach starts from an intuitive description of the system's operational semantics thanks to high-level Petri-nets which abstract away structural constraints and focus on safety-critical behaviours. Then we take benefit of the B method in order to refine and prove these operational semantics on the one hand, and to merge them with the static semantics of a given DSML, on the other hand. This work is applied to the design of ERTMS/ETCS 3 which is an emergent solution for railway system management.