Advertisement

Formal Aspects of Computing

, Volume 23, Issue 4, pp 465–512 | Cite as

From control law diagrams to Ada via Circus

  • Ana CavalcantiEmail author
  • Phil Clayton
  • Colin O’Halloran
Original Article

Abstract

Control engineers make extensive use of diagrammatic notations; control law diagrams are used in industry every day. Techniques and tools for analysis of these diagrams or their models are plentiful, but verification of their implementations is a challenge that has been taken up by few. We are aware only of approaches that rely on automatic code generation, which is not enough assurance for certification, and often not adequate when tailored hardware components are used. Our work is based on Circus, a notation that combines Z, CSP, and a refinement calculus, and on industrial tools that produce partial Z and CSP models of discrete-time Simulink diagrams. We present a strategy to translate Simulink diagrams to Circus, and a strategy to prove that a parallel Ada implementation refines the Circus specification; we rely on a Circus semantics for the program. By using a combined notation, we provide a specification that considers both functional and behavioural aspects of a large set of diagrams, and support verification of a large number of implementations. We can handle, for instance, arbitrarily large data types and dynamic scheduling.

Keywords

CSP Simulink Refinement 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AC05.
    Adams MM, Clayton PB (2005) Cost-effective formal verification for control systems. In: Lau K, Banach R (eds) ICFEM 2005: formal methods and software engineering. Lecture notes in computer science, vol 3785. Springer, Berlin, pp 465–479Google Scholar
  2. ACOS00.
    Arthan R, Caseley P, O’Halloran CM, Smith A (2000) ClawZ: control laws in Z. In: 3rd international conference on formal engineering methods. IEEE Press, pp 169–176Google Scholar
  3. AFF+04.
    Aldrich B, Fehnker A, Feiler PH, Han Z, Krogh BH, Lim K, Sivashankar S (2004) Managing verification activities using SVM. In: Davies J, Schultte W, Barnett M (eds) 6th international conference on formal engineering methods. Lecture notes in computer science, vol 3308. Springer, Berlin, pp 61–75Google Scholar
  4. AHLP00.
    Alur R, Henzinger TA, Lafeerriere G, Pappas GJ (2000) Discrete abstractions of hybrid systems. Proc IEEE 88(2): 971–984CrossRefGoogle Scholar
  5. Bar05.
    Barnes J (2005) Programming in Ada 95. Addison-Wesley, ReadingGoogle Scholar
  6. BDF10.
    Basir N, Denney E, Fischer B (2010) Deriving safety cases for hierarchical structure in model-based development. In: Computer safety, reliability, and security. Lecture Notes in Computer Science, vol 6351. Springer, Berlin, pp 68–81Google Scholar
  7. BG02.
    Blow J, Galloway A (2002) Generalised substitution language and differentials. In: Bert D, Bowen JP, Henson MC, Robinson K (eds) ZB 2002: Formal Specification and Development in Z and B. of Lecture notes in computer science, vol 2272. Springer, Berlin, pp 396–415Google Scholar
  8. BGH+04.
    Boulton RJ, Gottliebsen H, Hardy R, Kelsy T, Martin U (2004) Design verification for control engineering. In: Boiten EA, Derrick J, Smith G (eds) IFM 2004: integrated formal methods. Lecture notes in computer science, vol 2999. Springer, Berlin, pp 21–35 Invited paperGoogle Scholar
  9. BHM03.
    Boulton RJ, Hardy R, Martin U (2003) A hoare-logic for single-input single-output continuous-time control systems. In: 6th international workshop on hybrid systems: computation and control. Lecture notes in computer science, vol 2623. Springer, Berlin, pp 113–125Google Scholar
  10. BMW07.
    Boström P, Morel L, Waldén M (2007) Stepwise development of Simulink models using the refinement calculus framework. In: Woodcock JCP, Jones CB, Liu Z (eds) International colloquium on theoretical aspects of computing. Lecture notes in computer science, vol 4711. Springer, BerlinGoogle Scholar
  11. Cav08.
    Cavalcanti ALC (2008) Stateflow diagrams in Circus. In: Machado P (eds) SBMF 2008: Brazilian symposium on formal methods. In: Electronic notes in theoretical computer science. Elsevier, Amsterdam (invited paper)Google Scholar
  12. CC06.
    Cavalcanti ALC, Clayton P (2006) Verification of control systems using Circus. In: 11th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, pp 269–278Google Scholar
  13. CCM+03.
    Caspi P, Curic A, Maignan A, Sofronis C, Tripakis S (2003) Translating discrete-time Simulink to lustre. In: Alur R, Lee I (eds) EMSOFT 2003. Lecture Notes in Computer Science, vol 2855. Springer, Berlin, pp 84–99Google Scholar
  14. CCO05.
    Cavalcanti ALC, Clayton P, O’Halloran C (2005) Control law diagrams in Circus. In: Fitzgerald J, Hayes IJ, Tarlecki A (eds) FM 2005: formal methods. Lecture notes in computer science, vol 3582. Springer, Berlin, pp 253–268Google Scholar
  15. CD06.
    Chen C, Dong JS (2006) Applying timed interval calculus to Simulink diagrams. In: Liu Z, Jifeng H (eds) International conference on formal engineering methods. Lecture notes in computer science. Springer, Berlin, pp 74–93Google Scholar
  16. CDS09.
    Chen C, Dong JS, Sun J (2009) A formal framework for modeling and validating simulink diagrams. Formal Aspects of Computing 21(5): 451–484zbMATHCrossRefGoogle Scholar
  17. CSW03.
    Cavalcanti ALC, Sampaio ACA, Woodcock JCP (2003) A refinement strategy for Circus. Formal Aspects Comput 15(2–3): 146–181zbMATHCrossRefGoogle Scholar
  18. CW99.
    Cavalcanti ALC, Woodcock JCP (1999) ZRC—a refinement calculus for Z. Formal Aspects Comput 10(3): 267–289CrossRefGoogle Scholar
  19. DBCHP03.
    Dajani-Brown S, Cofer D, Hartmann G, Pratt S (2003) Formal modeling and analysis of an avionics triplex sensor voter. In: Ball T, Rajamani SK (eds) SPIN 2003. Lecture notes in computer science, vol 2648. Springer, Berlin, pp 34–48Google Scholar
  20. FC06.
    Freitas AF, Cavalcanti ALC (2006) Automatic translation from Circus to Java. In: Misra J, Nipkow T, Sekerinski E (eds) FM 2006: formal methods. Lecture notes in computer science, vol 4085. Springer, Berlin, pp 115–130Google Scholar
  21. FCW06.
    Freitas LJS, Cavalcanti ALC, Woodcock JCP (2006) Taking our own medicine: applying the refinement calculus to state-rich refinement model checking. In: Liu Z, He J (eds) Formal methods and software engineering. 8th international conference on formal engineering methods, ICFEM 2006. Lecture notes in computer science, vol 4260. Springer, Berlin, pp 697–716Google Scholar
  22. Fis98.
    Fischer C (1998) How to combine Z with a process algebra. In: Bowen J, Fett A, Hinchey M (eds) ZUM’98: the Z formal specification notation. Springer, BerlinGoogle Scholar
  23. Fis00.
    Fischer C (2000) Combination and implementation of processes and data: from CSP-OZ to Java. PhD thesis, Fachbereich Informatik Universität OldenburgGoogle Scholar
  24. FK04.
    Fehnker A, Krogh BH (2004) Hybrid system verification is not a sinecure: electronic throttle control case study. In: Wang F (ed) ATVA 2004. Lecture notes in computer science, vol 3299. Springer, Berlin, pp 263–277Google Scholar
  25. Fre06.
    Freitas LJS (2006) Model checking Circus. PhD thesis, University of York, Department of Computer ScienceGoogle Scholar
  26. GH06.
    Giese H, Hirsch M (2006) Modular verification of safe online-reconfiguration for proactive components in mechatronic UML. In: Bruel J-M (ed) Satellite events at the MoDELS 2005 conference. Lecture Notes in Computer Science, vol 1618. Springer, Berlin, pp 67–78Google Scholar
  27. GHOS06.
    Graf S, Haugen O, Ober I, Selic B (2006) Modelling and analysis of real-time and embedded systems. In: Bruel J-M (ed) Satellite events at the MoDELS 2005 conference. Lecture notes in computer science, vol 1618. Springer, Berlin, pp 58–66Google Scholar
  28. GT00.
    Gurr C, Tourlas K (2000) Towards the principled design of software engineering diagrams. In: 22nd international conference on software engineering. ACM Press, pp 509–5188Google Scholar
  29. HM03.
    Hammond K, Michaelson G (2003) Hume: a domain-specific language for real-time embedded systems. In: Generative programming and component engineering. Lecture notes in computer science, vol 2830. Springer, Berlin, pp 37–56Google Scholar
  30. HO02.
    Hoenick J, Olderog E-R (2002) Combining specification techniques for processes, data and time. In: Butler MJ, Petre L, Sere K (eds) Integrated formal methods. Lecture notes in computer science, vol 2335, pp 245–266Google Scholar
  31. Hoa85.
    Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  32. JH05.
    Joshi A, Heimdahl MPE (2005) Model-Based Safety Analysis of Simulink Models using SCADE Design Verifier. In: Winther R, Gran Ba, Dahll G, editors, SAFECOMP 2005, volume 3688 of Lecture Notes in Computer Science, pages 122–135. Springer-VerlagGoogle Scholar
  33. JZW+00.
    Jersak M, Ziegenbein D, Wolf F, Richter K, Ernst R, Cieslok F, Teich J, Strehl K, Thiele L (2000) Embedded system design using the SPI workbench. In: 3rd international forum on design languagesGoogle Scholar
  34. KAW96.
    King DJ, Arthan RD, Winnersh ICL (1996) Development of practical verification tools. ICL Syst J 11(1)Google Scholar
  35. Kro99a.
    Krogh BH (1999) Approximating Hybrid System Dynamics for Analysis and Control. In: Vaandrager FW, van Schuppen JH (eds) Hybrid systems: computation and control: second international workshop. Lecture notes in computer science, vol 1569. Springer, BerlinGoogle Scholar
  36. Kro99b.
    Krogh BH (1999) Recent developments in modeling and analysis of hybrid dynamic systems. In: Donatelli S, Kleijn J (eds) Applications and theory of petri nets 1999: 20th international conference. Lecture notes in computer science, vol 1639. Springer, BerlinGoogle Scholar
  37. KS02.
    Kirsch CM, Sanvido MAA (2002) A Giotto-based helicopter control system. In: Sangiovanni-Vincentelli A, Sifakis J (eds) EMSOFT 2002. Lecture notes in computer science, vol 2491. Springer, Berlin, pp 46–60Google Scholar
  38. Mah02.
    Mahony B (2002) 1st international workshop on formalising continuous mathematics. In: The DOVE approach to the design of complex dynamic processes, pp 167–187Google Scholar
  39. Mat.
    The MathWorks,Inc. Simulink. http://www.mathworks.com/products/simulink
  40. MD00.
    Mahony B, Dong JS (2000) Timed communicating object Z. IEEE Trans Softw Eng 26(2): 150–177CrossRefGoogle Scholar
  41. Mor94.
    Morgan CC (1994) Programming from specifications, 2nd edn. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  42. OCW03.
    Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2003) ArcAngel: a tactic language for refinement. Formal Aspects Comput 15(1): 28–47zbMATHCrossRefGoogle Scholar
  43. OCW05.
    Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2005) Formal development of industrial-scale systems. Innov Syst Softw Eng 1(2): 126–147Google Scholar
  44. OCW07.
    Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2007) Unifying theories in ProofPowerZ. Formal Aspects Comput. doi: 10.1007/s00165-007-0044-5
  45. OCW09.
    Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2009) A UTP semantics for Circus. Formal Aspects Comput 21(1–2): 3–32zbMATHCrossRefGoogle Scholar
  46. Oli06.
    Oliveira MVM (2006) Formal derivation of state-rich reactive programs Using Circus. PhD thesis, University of YorkGoogle Scholar
  47. RB01.
    Ranville S, Black PE (2001) Automated testing requirements—automotive perspective. In: 2nd international workshop on automated program analysis, testing and verificationGoogle Scholar
  48. SCJS10.
    Sherif A, Cavalcanti ALC, Jifeng H, Sampaio ACA (2010) A process algebraic framework for specification and validation of real-time systems. Formal Aspects Computing 22(2): 153–191zbMATHCrossRefGoogle Scholar
  49. She06.
    Sherif A (2006) A Framework for Specification and Validation of Real-time Systems using Circus actions. PhD thesis, Centro de Informática/UFPE, BrazilGoogle Scholar
  50. SJCS05.
    Sherif A, He Jifeng, Cavalcanti ALC, Sampaio ACA (2005) A framework for specification and validation of real-time systems using circus actions. In: Liu Z, Araki K (eds) International colloquium on theoretical aspects of computing. Lecture notes in computer science, vol 3407. Springer, Berlin, pp 478–493Google Scholar
  51. Spe02.
    Spencer C (2002) Model checking for stateflow diagram with floating point variables and complex expressions. Master’s thesis, Department of Electrical and Computer Engineering, Carnegie Mellon UniversityGoogle Scholar
  52. Tiw02.
    Tiwari A (2002) Formal semantics and analysis methods for Simulink stateflow models. Technical report, SRI International. http://www.csl.sri.com/~tiwari/stateflow.html
  53. TK02.
    Tiwari A, Khanna G (2002) Series of abstractions for hybrid automata. In: Vaandrager FW, van Schuppen JH (eds) Hybrid systems: computation and control: second international workshop. Lecture notes in computer science, vol 2289. Springer, Berlin, pp 465–478Google Scholar
  54. TS99.
    Treharne H, Schneider S (1999) Using a process algebra to control B operations. In: 1st international conference on integrated formal methods, IFM’99. Springer, Berlin, pp 437–457Google Scholar
  55. TSR03.
    Tiwari A, Shankar N, Rushby J (2003) Invisible formal methods for embedded control systems. Proc IEEE 91(1): 29–39CrossRefGoogle Scholar
  56. WD96.
    Woodcock JCP, Davies J (1996) Using Z—specification, refinement, and proof. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  57. ZC09.
    Zeyda F, Cavalcanti ALC (2009) Mechanised translation of control law diagrams into Circus. In: Integrated formal methods. Lecture notes in computer science. Springer, BerlinGoogle Scholar

Copyright information

© British Computer Society 2010

Authors and Affiliations

  • Ana Cavalcanti
    • 1
    Email author
  • Phil Clayton
    • 2
    • 3
  • Colin O’Halloran
    • 2
  1. 1.University of YorkYorkUK
  2. 2.Systems Assurance Group, QinetiQMalvernUK
  3. 3.VeonixWorcesterUK

Personalised recommendations