Abstract
In the domain of safety-critical control systems, the Lustre/SCADE development environment has proved its value, with notable achievements such as the Hong Kong subway signaling system and Airbus A380 flight controls. The interest of the approach comes from the synchronous data-flow style of the Lustre language which makes it well-adapted to the culture of control engineers. Moreover Lustre is endowed with simple formal semantics which makes it amenable to formal development. The currently running Flush project consists in building a formal system development tool on top of Lustre, by taking advantage of the language formal properties. To this end, a refinement calculus is defined, encompassing both functional and temporal aspects. Refinement proof obligations are generated, and several proof approaches can be used to discharge them: model-checking, abstract interpretation, and theorem proving through repeated induction and, finally translation to PVS proof obligations. The resulting methodology is illustrated on the island example used by J.R. Abrial for presenting the B system method.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abrial J.R.: The B-Book. Cambridge University Press, Cambridge (1995)
Abrial, J.R.: B: A formalism for complete correct system development. Conference given at Inria Rhône-Alpes (1999)
Behm, P., Desforges, P., Meynadier, J.: Météor: An industrial success in formal development. In: Bert, D. (ed.) B’98: Recent Advances in the Development and Use of the B Method. Lecture Notes in Computer Science, vol. 1393. Springer, Berlin (1998)
Bergerand, J., Pilaud, E.: SAGA; a software development environment for dependability in automatic control. In: SAFECOMP’88. Pergamon Press, New York (1988)
Brière, D., Ribot, D., Pilaud, D., Camus, J.: Methods and specification tools for Airbus on-board systems. In: Avionics Conference and Exhibition. ERA Technology, London (1994)
Caspi, P., Curic, A., Maignan, A., Sofronis, C., Tripakis, S., Niebert, P.: From Simulink to Scade/Lustre to TTA: a layered approach for distributed embedded applications. In: Languages, Compilers and Tools for Embedded Systems, LCTES 2003. ACM-SIGPLAN, San Diego (2003)
Caspi, P., Pouzet, M.: Synchronous Kahn networks. In: International Conference on Functional Programming. ACM SIGPLAN (1996)
Colaco, J.L., Pouzet, M.: Type-based initialisation analysis of a synchronous data-flow language. In: Maraninchi, F. (ed.) SLAP02, Electronic Notes in Theoretical Computer Science, vol. 65.5. Elsevier Science B. V., Amsterdam (2002)
Dumas, C., Caspi, P.: A PVS proof obligation generator for Lustre programs. In: 7th International Conference on Logic for Programming and Automated Reasoning. Lecture Notes in Artificial Intelligence, vol. 1955 (2000)
Halbwachs N., Caspi P., Raymond P., Pilaud D.: The synchronous dataflow programming language lustre. Proc. IEEE 79(9), 1305–1320 (1991)
Halbwachs, N., Lagnier, F., Raymond, P.: Synchronous observers and the verification of reactive systems. In: Nivat, M., Rattray, C., Rus, T., Scollo, G. (eds.) Third Internmational Conference on Algebraic Methodology and Software Technology, AMAST’93. Workshops in Computing, Springer, Twente (1993)
Jeannet, B., Halbwachs, N., Raymond, P.: Dynamic partitioning in analyses of numerical properties. In: Static Analysis Symposium, SAS’99. Lecture Notes in Computer Science, vol. 1694. Venezia, Italy (1999)
Jones, C.: Systematic Software Development using VDM. Prentice-Hall, Upper Saddle River (1990). citeseer.nj.nec.com/jones95systematic.html
Krüger, A., Kant, D., Buhlmann, M.: Software development process and software-components for x-by-wire systems. In: SAE WorldCongress (2004)
LeGoff, G.: Using synchronous languages for interlocking. In: First International Conference on Computer Application in Transportation Systems (1996)
Lamport, L.: The temporal logic of actions. ACM Trans. Prog. Lang. Syst. 16(3) (1994)
Métayer, C., Abrial, J.R., Voisin, L.: Event-B language. Deliverable 3.2, RODIN IST-511599 Project (2005). http://rodin.cs.ncl.ac.uk/deliverables/D7.pdf
Mikáč, J.: Raffinements et preuves de syst’s Lustre. Thèse de doctorat de l’INPG (2005)
Miká č, J., Caspi, P.: Temporal Refinement for Lustre. In: Maraninchi, F., Pouzet, M., Roy, V. (eds.) Synchronous Languages Applications and Programming, SLAP’05, Electronic Notes in Theoretical Computer Science. Elsevier Science, Edinburgh (2005)
Owre, S., Shankar, N., Rushby, J., Stringer-Calvert, D.: PVS language reference. Tech. rep., SRI International (2001).pvs.csl.sri.com
Scaife, N., Sofronis, C., Caspi, P., Tripakis, S., Maraninchi, F.: Defining and translating a “safe” subset of Simulink/Stateflow into Lustre. In: Buttazzo, G. (ed.) 4th International Conference on Embedded Software, EMSOFT04. ACM, New York (2004)
Sheeran M., Stålmarck G.: A tutorial on Stålmarck’s proof procedure for propositional logic. Formal Methods Syst. Des. 16(1), 23–58 (2000)
Spivey J.: Understanding Z: a specification language and its formal semantics. Cambridge University Press, Cambridge (1988)
Traverse, P., Lacaze, I., Souyris, J.: Airbus fly-by-wire: a total approach to dependability. In: IFIP World Congress, Toulouse. IFIP (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mikáč, J., Caspi, P. Flush: an example of development by refinements in SCADE/Lustre. Int J Softw Tools Technol Transfer 11, 409–418 (2009). https://doi.org/10.1007/s10009-009-0113-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-009-0113-6