Abstract
This paper reviews the experience of introducing formal model-based design and code generation by means of the Simulink/Stateflow platform in the development process of a railway signalling manufacturer. Such company operates in a standard-regulated framework, for which the adoption of commercial, non qualified tools as part of the development activities poses hurdles from the verification and certification point of view. At this regard, three incremental intermediate goals have been defined, namely (1) identification of a safe-subset of the modelling language, (2) evidence of the behavioural conformance between the generated code and the modelled specification, and (3) integration of the modelling and code generation technologies within the process that is recommended by the regulations.
These three issues have been addressed by progressively tuning the usage of the technologies across different projects. This paper summarizes the lesson learnt from this experience. In particular, it shows that formal modelling and code generation are actually powerful means to enhance product safety and cost effectiveness. Nevertheless, their adoption is not a straightforward step, and incremental adjustments and refinements are required in order to establish a formal model-based process.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adler, R., Schaefer, I., Schuele, T., Vecchié, E.: From Model-Based Design to Formal Verification of Adaptive Embedded Systems. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 76–95. Springer, Heidelberg (2007)
Bacherini, S., Fantechi, A., Tempestini, M., Zingoni, N.: A Story About Formal Methods Adoption by a Railway Signaling Manufacturer. In: Misra, J., Nipkow, T., Karakostas, G. (eds.) FM 2006. LNCS, vol. 4085, pp. 179–189. Springer, Heidelberg (2006)
Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: A Successful Application of B in a Large Project. In: Wing, J.M., Woodcock, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)
Bochot, T., Virelizier, P., Waeselynck, H., Wiels, V.: Model checking flight control systems: The Airbus experience. In: ICSE Companion, pp. 18–27. IEEE (2009)
Bowen, J.P., Hinchey, M.G.: Ten commandments of formal methods. IEEE Computer 28(4), 56–63 (1995)
Bowen, J.P., Hinchey, M.G.: Ten commandments of formal methods...ten years later. IEEE Computer 39(1), 40–48 (2006)
CENELEC. EN 50128, Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems (2011)
Conrad, M.: Testing-based translation validation of generated code in the context of IEC 61508. Formal Methods in System Design 35(3), 389–401 (2009)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)
Deutsch, A.: Static verification of dynamic properties. Polyspace Technology, white paper (2004)
Dormoy, F.X.: Scade 6: a model based solution for safety critical software development. In: ERTS 2008, pp. 1–9 (2008)
dSPACE. Targetlink (December 2011), http://www.dspaceinc.com
El-Far, I.K., Whittaker, J.A.: Model-based software testing. Encyclopedia of Software Engineering 1, 825–837 (2002)
ETAS. Ascet (December 2011), http://www.etas.com
Ferrari, A., Fantechi, A., Bacherini, S., Zingoni, N.: Modeling guidelines for code generation in the railway signaling context. In: NFM 2009, pp. 166–170 (2009)
Ferrari, A., Grasso, D., Magnani, G., Fantechi, A., Tempestini, M.: The Metrô Rio ATP Case Study. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 1–16. Springer, Heidelberg (2010); journal special issue (to appear, 2012)
Ferrari, A., Grasso, D., Magnani, G., Fantechi, A., Tempestini, M.: The Metrô Rio ATP Case Study. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 1–16. Springer, Heidelberg (2010)
Ferrari, A., Magnani, G., Grasso, D., Fantechi, A., Tempestini, M.: Adoption of model-based testing and abstract interpretation by a railway signalling manufacturer. IJERTCS 2(2), 42–61 (2011)
Harel, D.: Statecharts: A visual formalism for complex systems. Science of Computer Programming 8(3), 231–274 (1987)
Hinchey, M.G., Bowen, J.: Applications of formal methods. Prentice-Hall (1995)
Huber, F., Schätz, B., Schmidt, A., Spies, K.: Autofocus: A Tool for Distributed Systems Specification. In: Jonsson, B., Parrow, J. (eds.) FTRTFT 1996. LNCS, vol. 1135, pp. 467–470. Springer, Heidelberg (1996)
IEC. IEC-61508, Functional safety of electrical/electronic/programmable electronic safety-related systems (April 2010)
INRIA. Scicos: Block diagram modeler/simulator (December 2011), http://www.scicos.org/
MAAB. Control algorithm modeling guidelines using Matlab, Simulink and Stateflow, version 2.0 (2007)
MathWorks. MathWorks products and services (December 2011), http://www.mathworks.com/products/
Meenakshi, B., Bhatnagar, A., Roy, S.: Tool for Translating Simulink Models into Input Language of a Model Checker. In: Liu, Z., Kleinberg, R.D. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 606–620. Springer, Heidelberg (2006)
Miller, S.P., Whalen, M.W., Cofer, D.D.: Software model checking takes off. Commun. ACM 53(2), 58–64 (2010)
MISRA. Guidelines for the use of the C language in critical systems (October 2004)
Mohagheghi, P., Dehlen, V.: Where is the Proof? - A Review of Experiences from Applying MDE in Industry. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 432–443. Springer, Heidelberg (2008)
RTCA. DO-178B, Software considerations in airborne systems and equipment certification (December 1992)
Scaife, N., Sofronis, C., Caspi, P., Tripakis, S., Maraninchi, F.: Defining and translating a “safe” subset of Simulink/Stateflow into Lustre. In: EMSOFT, pp. 259–268. ACM (2004)
Selic, B.: The pragmatics of model-driven development. IEEE Software 20(5), 19–25 (2003)
Tretmans, J., Wijbrans, K., Chaudron, M.R.V.: Software engineering with formal methods: the development of a storm surge barrier control system revisiting seven myths of formal methods. Formal Methods in System Design 19(2), 195–215 (2001)
Vouk, M.A.: Back-to-back testing. Inf. Softw. Technol. 32, 34–45 (1990)
Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.S.: Formal methods: Practice and experience. ACM Comput. Surv. 41(4) (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ferrari, A., Fantechi, A., Gnesi, S. (2012). Lessons Learnt from the Adoption of Formal Model-Based Development. In: Goodloe, A.E., Person, S. (eds) NASA Formal Methods. NFM 2012. Lecture Notes in Computer Science, vol 7226. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28891-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-28891-3_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28890-6
Online ISBN: 978-3-642-28891-3
eBook Packages: Computer ScienceComputer Science (R0)