Abstract
Simulink’s Stateflow is a graphical notation widely adopted in industry. Since it is frequently used to model safety-critical systems, correctness of implementations of Stateflow charts is a major concern. In previous work, we have shown how we can generate formal models for refinement of Stateflow charts automatically. Here, we define a refinement strategy that supports the automated verification of implementations with respect to these models. We consider the verification of implementations that follow architectural patterns used in the Stateflow code generator. We present a detailed procedure for application of refinement laws. If the implementation is correct, the procedure succeeds. If a law application fails, the implementation is either incorrect or does not use the expected architectural pattern. The very low proof burden associated with the refinement verification makes a high level of automation possible.
Similar content being viewed by others
References
Abrial J-R (2010) Modeling in Event-B: System and software engineering. Cambridge University Press, Cambridge
Adams MM, Clayton PB (2005) Cost-effective formal verification for control systems. In Lau K, Banach R (eds) ICFEM 2005: formal methods and software engineering, volume 3785 of Lecture Notes in Computer Science. Springer, Berlin, pp 465–479
Barnes J (2003) High integrity software: the SPARK approach to safety and security. Addison-Wesley, Reading
Banphawatthanarak C, Krogh BH (2000) Verification of stateflow diagrams using smv: sf2smv 2.0. Technical Report CMU-ECE-2000-020. Carnegie Mellon University
Cavalcanti ALC, Clayton P (2006) Verification of control systems using Circus. In: 11th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, New York, pp 269–278
Caspi P, Curic A, Maignan A, Sofronis C, Tripakis S (2003) Translating discrete-time Simulink to Lustre. In: Alur R, Lee I (eds) EMSOFT 2003, volume 2855 of Lecture Notes in Computer Science. Springer, Berlin, pp 84–99
Cavalcanti ALC, Clayton P, O’Halloran C (2005) Control law diagrams in Circus. In: Fitzgerald J, Hayes IJ, Tarlecki A (eds) FM 2005: formal methods, volume 3582 of Lecture Notes in Computer Science. Springer, Berlin, pp 253–268
Cavalcanti ALC, Clayton P, O’Halloran C (2011) From control law diagrams to Ada via Circus. Formal Aspect Comput 23(4): 465–512
Chen C, Sun J, Liu Y, Dong JS, Zheng M (2012) Formal modeling and validation of Stateflow diagrams. Int J Softw Tools Technol Transf 14(6): 653–671
Cavalcanti ALC, Sampaio ACA, Woodcock JCP (2003) A refinement strategy for Circus. Formal Aspect Comput 15(2–3): 146–181
Cavalcanti ALC, Woodcock JCP (1999) ZRC—a refinement calculus for Z. Formal Aspect Comput 10(3): 267–289
Ferrari A, Fantechi A, Bacherini S, Zingoni N (2009) Modeling guidelines for code generation in the railway signaling context. In: NASA formal methods, pp 166–170
Harel D (1987) Statecharts: a visual formalism for complex systems. Sci Comput Program 8(3): 231–274
Hoare CAR, He J (1998) Unifying theories of programming. Prentice-Hall, Englewood Cliffs
Harel D, Pnueli A, Schmidt JP, Sherman R (1987) On the formal semantics of statecharts. In: 2nd IEEE symposium on logic in computer science. IEEE Press, New York, pp 54–64
Latella D, Majzik I, Massink M (1999) Towards a formal operational semantics of UML statechart diagrams. In: Ciancarini P, Gorrieri R (eds) IFIP TC6/WG6.1 third international conference on formal methods for open object-based distributed systems. Kluwer, Dordrecht, pp 331–347
Lilius J, Paltor IP (1999) The semantics Of UML state machines. Technical Report 273, Turku Centre and Computer Science
Lublinerman R, Szegedy C, Tripakis S (2009) Modular code generation from synchronous block diagrams modularity versus code size. In: 36th symposium on principles of programming languages
Mathworks Automotive Advisory Board. MAAB Control Algorithm Modeling. http://www.mathworks.co.uk/help/simulink/maab-control-algorithm-modeling.html
The MathWorks,Inc. Real-Time Workshop. www.mathworks.com/products/rtwt
The MathWorks,Inc. Simulink. www.mathworks.com/products/simulink
The MathWorks,Inc. Stateflow and Stateflow coder 7 user’s guide. www.mathworks.com/products
Miyazawa A, Cavalcanti ALC (2011) Refinement-based verification of sequential implementations of Stateflow charts. In: Derrick J, Boiten E, Reeves S (eds) Refinement workshop. Electronic Notes in Theoretical Computer Science. Elsevier. doi:10.4204/EPTCS.55
Miyazawa A, Cavalcanti ALC (2012) Refinement-oriented models of Stateflow charts. Sci Comput Program 77(10–11): 1151–1177
Miyazawa A (2012) Formal verification of implementations of Stateflow charts. PhD thesis, University of York
Mikk E, Lakhnech Y, Petersohn C, Siegel M (1997) On formal semantics of Statecharts as supported by statemate. In: BCS-FACS northern formal methods workshop. Springer, Berlin
Morgan CC (1994) Programming from specifications. Prentice-Hall, Englewood Cliffs
Miller SP, Whalen MW, Cofer DD (2010) Software model checking takes off. Commun ACM 53(2): 58–64
Ng MY, Butler M (2003) Towards formalizing UML state diagrams in CSP. In: International conference on software engineering and formal methods. IEEE Computer Society, Silver Spring, pp 138–148
Oliveira MVM, Cavalcanti ALC (2008) ArcAngelC: a refinement tactic language for Circus. Electron Notes Theor Comput Sci 214C:203–229
Oliveira MVM (2006) Formal derivation of state-rich reactive programs using Circus. PhD thesis, University of York
Oliveira MVM, Zeyda F, Cavalcanti ALC (2011) A tactic language for refinement of state-rich concurrent specifications. Sci Comput Program 76(9): 792–833
Pnueli A, Shalev M (1991) What is in a step: on the semantics of statecharts. In: Ito T, Meyer AR (eds) Theoretical aspects of computer software, volume 526 of Lecture Notes in Computer Science. Springer, Berlin, pp 244–264
Roscoe AW (2011) Understanding concurrent systems. Texts in Computer Science. Springer, Berlin
Ramos R, Sampaio ACA, Mota AC (2005) A semantics for UML-RT active classes via mapping into Circus. In: Formal methods for open object-based distributed systems, volume 3535 of Lecture Notes in Computer Science, pp 99–114
Snook C, Savicks V, Butler M (2011) Verification of UML models by translation to UML-B. In: 9th international conference on formal methods for components and objects, volume 6957 of Lecture Notes in Computer Science. Springer, Berlin, pp 251–266
Scaife N, Sofronis C, Caspi P, Tripakis S, Maraninchi F (2004) Defining and translating a “Safe” subset of Simulink/Stafeflow into Lustre. In: International conference on embedded software. ACM Press, New york, pp 259–268
Sekerinski E, Zurob R (2002) Translating statecharts to B. In: Butler M, Petre L, Sere K (eds) Integrated formal methods, volume 2335 of Lecture Notes in Computer Science. Springer, Berlin, pp 128–144
TargetLink. http://www.dspace.com/en/inc/home/products/sw/pcgs/targetli.cfm. Accessed: 05 May 2013
Toyn I, Galloway A (2005) Proving properties of stateflow models using ISO Standard Z and CADiZ. In: Henson MC, Treharne H, King S, Schneider S (eds) ZB 2005: formal specification and development in Z and B, volume 3455 of Lecture Notes in Computer Science. Springer, Berlin, pp 104–123
Tiwari A (2002) Formal semantics and analysis methods for Simulink Stateflow models. Technical report, SRI International. www.csl.sri.com/~tiwari/stateflow.html
Toom A, Naks T, Pantel M, Gandriau M, Indrawati (2008) Gene-auto: an automatic code generator for a safe subset of Simulink/Stateflow and Scicos. In: 4th European congress ERTS embedded real-time software
von der Beeck M (2002) A structured operational semantics for UML-statecharts. Softw Syst Model V1:130–141
Woodcock JCP, Davies J (1996) Using Z—specification, refinement, and proof. Prentice-Hall, Englewood Cliffs
Zeyda F, Cavalcanti A (2010) Encoding Circus programs in ProofPower-Z. In: Butterfield A (ed) Unifying theories of programming, volume 5713 of Lecture Notes in Computer Science. Springer, Berlin, pp 218–237
Zeyda F, Oliveira MVM, Cavalcanti ALC (2012) Mechanised support for sound refinement tactics. Formal Aspect Comput 24(1): 127–160
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Eerke Albert Boiten
Rights and permissions
About this article
Cite this article
Miyazawa, A., Cavalcanti, A. Refinement-based verification of implementations of Stateflow charts. Form Asp Comp 26, 367–405 (2014). https://doi.org/10.1007/s00165-013-0291-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-013-0291-6