Formal Aspects of Computing

, Volume 26, Issue 2, pp 319–366 | Cite as

Continuous KAOS, ASM, and formal control system design across the continuous/discrete modeling interface: a simple train stopping application

Original Article


A very simple model for train stopping is used as a vehicle for investigating how the development of a control system, initially designed in the continuous domain and subsequently discretized, can be captured within a formal development process compatible with standard model based refinement methodologies. Starting with a formalized requirements analysis using KAOS, an abstract model of the continuous system is created in the ASM formalism. This requires extensions of the KAOS and ASM formalisms, capable of dealing with quantities evolving continuously over real time, which are developed. After considering how the continuous system, described as a continuous control system in the state space framework, can be discretized, a discrete control system is created in the state space framework. This is re-expressed in the ASM formalism. The rigorous results on the relationship between continuous and discrete control system models that are needed to establish provable properties of the discretization, then become the ingredients of a retrenchment between continuous and discrete ASM models, and are thus fully integrated into the formal development. The discrete ASM model can then be further refined towards implementation.


Continuous KAOS Continuous ASM Control systems Rigorous design Refinement Retrenchment Continuous modeling Discrete modeling Train control 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abr96.
    Abrial J-R (1996) The B-book: assigning programs to meanings. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
  2. Abr10.
    Abrial J-R (2010) Modeling in Event-B: System and Software Engineering. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  3. ACHH93.
    Alur R, Courcoubetis C, Henzinger T, Ho P-H (1993) Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems. In: Proceedings of workshop on theory of hybrid systems. LNCS, vol. 736. Springer, Berlin, pp. 209–229Google Scholar
  4. AD94.
    Alur R., Dill D (1994) A theory of timed automata. Theor Comput Sci 126: 183–235CrossRefMATHMathSciNetGoogle Scholar
  5. AH93.
    Alur R., Henzinger T (1993) Real-time logics: complexity and expressiveness. Inf Comput 104: 35–77CrossRefMATHMathSciNetGoogle Scholar
  6. AH94.
    Alur R, Henzinger T (1994) A really temporal logic. J ACM 41: 181–204CrossRefMATHMathSciNetGoogle Scholar
  7. Ahm06.
    Ahmed N (2006) Dynamic systems and control with applications. World Scientific, SingaporeCrossRefMATHGoogle Scholar
  8. AM06.
    Antsaklis P, Michel A (2006) Linear systems. Birkhauser, BostonMATHGoogle Scholar
  9. Ban.
    Banach R Model based refinement and the design of retrenchments. Available from [RET]Google Scholar
  10. Ban10.
    Banach R (2010) A deidealisation semantics for KAOS. In: Lencastre M (RE track) (ed) Proceedings of the ACM SAC-10 (RE track). ACM, New York, pp 267–274Google Scholar
  11. Bar75.
    Barnett S (1975) Introduction to mathematical control theory. Oxford University Press, OxfordMATHGoogle Scholar
  12. BH95.
    Bowen J, Hinchey M (1995) Seven more myths of formal methods. IEEE Softw 12: 34–41CrossRefGoogle Scholar
  13. BH99a.
    Bowen J, Hinchey M (1999) High-integrity system specification and design. Springer, BerlinCrossRefGoogle Scholar
  14. BH99b.
    Bowen J, Hinchey M (1999) Industrial-strength formal methods in practice. Springer, BerlinGoogle Scholar
  15. BJ.
    Banach R, Jeske C Retrenchment and refinement interworking: the tower theorems. Available from [RET] (Submitted)Google Scholar
  16. BJP08.
    Banach R, Jeske C, Poppleton M (2008) Composition mechanisms for retrenchment. J Log Algebraic Program 75: 209–229CrossRefMATHMathSciNetGoogle Scholar
  17. Bör03.
    Börger E (2003) The ASM refinement method. FACJ 15: 237–257MATHGoogle Scholar
  18. BPJS07.
    Banach R, Poppleton M, Jeske C, Stepney S (2007) Engineering and Theoretical Underpinnings of Retrenchment. Sci Comput Program 67: 301–329CrossRefMATHMathSciNetGoogle Scholar
  19. Bro10.
    Broenink J (2010) Embedded control software design with formal methods and engineering models. In: BCS-FACS Evening Seminar, September 2010Google Scholar
  20. BS03.
    Börger E, Stärk RF (2003) Abstract state machines. A method for high level system design and analysis. Springer, BerlinCrossRefMATHGoogle Scholar
  21. But.
    Butler M Private communicationGoogle Scholar
  22. But96.
    Butler R (1996) NASA Technical Memorandum 110255. An introduction to requirements capture using PVS: specification of a simple autopilot. Technical reportGoogle Scholar
  23. BZSW12a.
    Banach R, Zhu H, Su W, Wu X (2012) Continuous ASM, and a pacemaker sensing fragment. In: Derrick J, Fitzgerald JS, Gnesi S, Khurshid S, Leuschel M, Reeves S, Riccobene E (eds) Proceedings of the ABZ-12, LNCS, vol. 7316. Springer, Berlin, pp 65–78Google Scholar
  24. BZSW12b.
    Banach R, Zhu H, Su W, Wu X Moded operation, continuous ASM, and an approach to pacemaker sensing (Submitted)Google Scholar
  25. Cau.
    Cau A, Moszkowski B, Zedan H Interval temporal logic.
  26. Chi06.
    Chicone C (2006) Ordinary differential equations with applications. Springer, BerlinMATHGoogle Scholar
  27. Cla87.
    Clarke F (1987) Optimization and nonsmooth analysis. Soc Ind MathGoogle Scholar
  28. CLSW97.
    Clarke F, Ledyaev Y, Stern R, Wolenski P (1997) Nonsmooth analysis and control theory. Springer, BerlinGoogle Scholar
  29. COR+95.
    Crow J, Owre S, Rushby J, Shankar N, Srivas M (1995) A tutorial introduction to PVS. In: Larrondo-Petrie M, France R, Gerhart S (eds) WIFT’95: workshop on industrial-strength formal specification techniques.. IEEE Computer Society Press, New YorkGoogle Scholar
  30. CS08.
    Cohen J, Slissenko A (2008) Implementation of timed abstract state machines with instantaneous actions by machines with delays. Technical Report TR-LACL-2008-2, LACL, University of Paris-12Google Scholar
  31. DB01.
    Derrick J, Boiten E (2001) Refinement in Z and Object-Z: Foundations and Advanced Applications. Springer, UKCrossRefGoogle Scholar
  32. DB10.
    Dorf R, Bishop R (2010) Modern control systems. Pearson, Upper Saddle RiverGoogle Scholar
  33. DH95.
    D’Azzo J, Houpis C (1995) Linear control system analysis and design: conventional and modern. McGraw Hill, New YorkGoogle Scholar
  34. DHR05.
    Doyen L, Henzinger T, Raskin J-F (2005) Automatic rectangular refinement of affine hybrid systems. In: Proceedings of FORMATS-05. LNCS, vol 3829. Springer, Berlin, pp 144–161Google Scholar
  35. DIRR09.
    Dotti F, Iliasov A, Ribeiro L, Romanovsky A (2009) Modal systems: specification, refinement and realisation. In: Proceedings of ICFEM-09. LNCS, vol 5885. Springer, BerlinGoogle Scholar
  36. DM05.
    Debnath L, Mikusinski P (2005) Introduction to Hilbert Spaces with Applications. Springer, BerlinGoogle Scholar
  37. dRE98.
    de Roever WP, Engelhardt K (1998) Data refinement: model-oriented proof methods and their comparison. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
  38. DTB97.
    Dutton K, Thompson S, Barraclough B (1997) The art of control engineering. Addison Wesley, New YorkGoogle Scholar
  39. Esh09.
    Eshuis R (2009) Reconciling statechart semantics. Sci Comput Program, 74: 65–99CrossRefMATHMathSciNetGoogle Scholar
  40. FPW96.
    Franklin G, Powell J, Workman M (1996) Digital control systems. Prentice Hall, Upper Saddle RiverGoogle Scholar
  41. FV09.
    Fadali M, Visioli A (2009) Digital control engineering: analysis and design. Academic Press, New YorkGoogle Scholar
  42. GM93.
    Gordon M, Melham T (1993) Introduction to HOL: a theorem proving environment for higher order logic. Cambridge University Press, CambridgeMATHGoogle Scholar
  43. Hal90.
    Hall J (1990) Seven myths of formal methods. IEEE Softw 5: 11–19CrossRefGoogle Scholar
  44. Hal07.
    Hall J (2007) Realising the benefits of formal methods. JUCS 13: 669–678Google Scholar
  45. Har96.
    Harrison J (1996) HOL light: a tutorial introduction. In: Formal methods in computer aided design. LNCS, vol 1166. Springer, BerlinGoogle Scholar
  46. Har07.
    Harrison J (2007) Formalisong basic complex analysis. In: From insight to proof: Festschrift in Honour of Andrzej Trybulec. Studies in Logic, Grammar and Rhetoric, vol 10. University of Białystok, pp 151–165Google Scholar
  47. He94.
    He J (1994) From CSP to hybrid systems. In: Roscoe AW (ed) A classical mind, essays in honour of C.A.R. Hoare. Prentice-Hall, Upper Saddle River. pp 171–189Google Scholar
  48. Hei07.
    Heitmeyer C (2007) Formal methods for specifying, validating, and verifying requirements. JUCS 13: 607–618Google Scholar
  49. Hen96.
    Henzinger T (1996) The theory of hybrid automata. In: Proceedings of the IEEE LICS-96. IEEE, New York, pp 278–292.
  50. HJ85.
    Horn R, Johnson C (1985) Matrix analysis. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
  51. HJ91.
    Horn R, Johnson C (1991) Topics in matrix analysis. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
  52. HK97.
    Henzinger T, Kupferman O (1997) From quantity to quality. In: Proceedings of HART-97. LNCS, vol 1201. Springer, Berlin, pp 48–62Google Scholar
  53. HMP92.
    Henzinger T, Manna Z, Pnueli A (1992) What good are digital clocks? In: Proceedings of ICALP-92. LNCS, vol 623. Springer, Berlin, pp 545–558Google Scholar
  54. HT98.
    Harrison J, Théry L (1998) A Skeptic’s approach to combining HOL and maple. J Autom Reason 21: 279–294CrossRefMATHGoogle Scholar
  55. IEE.
    IEEE Standard 1474. IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements: IEEE Std 1474.1-2004; IEEE Standard for User Interface Requirements in Communications-Based Train Control (CBTC) Systems: IEEE Std 1474.2-2003; IEEE Recommended Practice for Communications-Based Train Control (CBTC) System Design and Functional Allocations: IEEE Std 1474.3-2008Google Scholar
  56. Jes05.
    Jeske C (2005) Algebraic integration of retrenchment and refinement. PhD thesis, University of ManchesterGoogle Scholar
  57. Kal05.
    Kalman R (2005) Opening lecture, IFAC World Congress, Prague, Czech Republic, July 4 2005Google Scholar
  58. Kar.
  59. Koy92.
    Koymans R (1992) Specifying message passing and time-critical systems with temporal logic. LNCS, vol 651. Springer, BerlinGoogle Scholar
  60. Kuo92.
    Kuo B (1992) Digital control systems. Oxford University Press, OxfordGoogle Scholar
  61. Lan93.
    Lang S (1993) Real and functional analysis. Springer, BerlinCrossRefMATHGoogle Scholar
  62. Les07.
    Lester D (2007) Topology in PVS: continuous mathematics with applications. In: Rushby J, Shankar N (eds) Proceedings of AFM-07. ACM, New YorkGoogle Scholar
  63. Let01.
    Letier E (2001) Reasoning about agents in goal-oriented requirements engineering. PhD thesis, Dépt. Ingénierie Informatique, Université Catholique de LouvainGoogle Scholar
  64. LPN11.
    Loos S, Platzer A, Nistor L (2011) Adaptive cruise control: hybrid, distributed, and now formally verified. In: Butler M, Schulte S (eds) Proceedings of FM-11. LNCS, vol 6664. Springer, Berlin, pp 42–56 [See also: Technical Report CMU-CS-11-107 Carnegie Mellon University (2011)]Google Scholar
  65. Mac09.
    MacCluer B (2009) Elementary functional analysis. Springer, BerlinCrossRefMATHGoogle Scholar
  66. Map.
    Maple. Accessed 21 Sep 2012
  67. Mat.
    Mathematica. Accessed 21 Sep 2012
  68. Mey.
    Meynadier J-M Private communicationGoogle Scholar
  69. MGL08.
    Matoussi A, Gervais F, Laleau R (2008) A first attempt to express kaos refinement patterns with event-B. In: Börger E, Butler M, Bowen JP, Boca P (eds) Proceedings ABZ-08. LNCS, vol 5238. Springer, BerlinGoogle Scholar
  70. OD08.
    Olderog E-R, Dierks H (2008) Real-time systems: formal specification and automatic verification. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  71. Oga08.
    Ogata K (2008) Modern control engineering. Pearson, Upper Saddle RiverGoogle Scholar
  72. Oua02.
    Ouaknine J (2002) Digitsation and Full Abstraction for Dense-Time Model Checking. In: Proceedings of TACAS-02, LNCS. Springer, Berlin, pp 37–51Google Scholar
  73. Par96.
    Paraskevopoulos P (1996) Digital control systems. Prentice Hall, Upper Saddle RiverMATHGoogle Scholar
  74. Pla10a.
    Platzer A (2010) Differential-algebraic dynamic logic for differential-algebraic programs. J Log Comput 20: 309–352CrossRefMATHMathSciNetGoogle Scholar
  75. Pla10b.
    Platzer A (2010) Logical analysis of hybrid systems: proving theorems for complex dynamics. Springer, BerlinCrossRefGoogle Scholar
  76. Pla10c.
    Platzer A (2010) Quantified differential dynamic logic for distributed hybrid systems. In: Dawar A, Veith H (eds) Proceedings of CSL-10. LNCS, vol 6247. Springer, Berlin, pp 469–483Google Scholar
  77. PST96.
    Potter B, Sinclair J, Till D (1996) An introduction to formal specification and Z. Prentice Hall, Upper Saddle RiverMATHGoogle Scholar
  78. PVS.
    PVS Homepage. Accessed 21 Sep 2012
  79. Pyt99.
    Pytlak R (1999) Numerical methods for optimal control problems with state constraints. Lecture Notes in Mathematics, vol 1707. Springer, BerlinGoogle Scholar
  80. RC04.
    Real J, Crespo A (2004) Mode change protocols for real-time systems: a survey and a new proposal. Real-Time Syst 26: 161–197CrossRefMATHGoogle Scholar
  81. Ret.
    Retrenchment Homepage. Accessed 21 Sep 2012
  82. RY00.
    Rynne B, Youngson M (2000) Linear functional analysis. Springer, BerlinCrossRefMATHGoogle Scholar
  83. SAZH11.
    Su W, Abrial J-R, Zhu H, Huang R (2011) From requirements to development: methodology and example. In: Proceedings of ICFEM-11. LNCS, vol 6991. Springer, Berlin, pp 437–455Google Scholar
  84. Sch01.
    Schellhorn G (2001) Verification of ASM refinements using generalized forward simulation. JUCS 7: 952–979MathSciNetGoogle Scholar
  85. Sch05.
    Schellhorn G (2005) ASM refinement and generalizations of forward simulation in data refinement: a comparison. Theor Comput Sci 336: 403–435CrossRefMATHMathSciNetGoogle Scholar
  86. Son98.
    Sontag E (1998) Mathematical control theory. Springer, BerlinCrossRefMATHGoogle Scholar
  87. SS98.
    Sekerinski E, Sere K (1998) Program development by refinement: case studies using the B-Method. Springer, BerlinGoogle Scholar
  88. Sta02.
    Stauner T (2002) Discrete-time refinement of hybrid automata. In: Proceedings of HSCC-02. LNCS, vol 2289. Springer, Berlin, pp 144–161Google Scholar
  89. SV08.
    Slissenko A, Vasilyev P (2008) Simulation of timed abstract state machines with predicate logic model checking. JUCS 14: 1984–2006MATHMathSciNetGoogle Scholar
  90. SYW+11.
    Su W, Yang F, Wu X, Gou J, Zhu H (2011) Formal approaches to mode conversion and positioning for vehicle systems. In: Proceedings of 3rd IEEE international workshop on security aspects of process and services engineering (COMPSAC Workshops). IEEE, New York, pp 416–421Google Scholar
  91. Szt11.
    Sztipanovits J (2011) Model integration and cyber physical systems: a semantics perspective. In: Butler M, Schulte S (eds) Proceedings of FM-11. LNCS, vol 6664. Springer, Berlin. [Invited talk, FM 2011, Limerick, Ireland]
  92. Tab09.
    Tabuada P (2009) Verification and control of hybrid systems: a symbolic approach. Springer, BerlinCrossRefGoogle Scholar
  93. vL09.
    van Lamsweerde A (2009) Requirements engineering: from system goals to uml models to software specifications. Wiley, New YorkGoogle Scholar
  94. Wal98.
    Walter W (1998) Ordinary differential equations. Springer, BerlinCrossRefMATHGoogle Scholar
  95. WD96.
    Woodcock J, Davies J (1996) Using Z, specification, refinement and proof. Prentice Hall, Upper Saddle RiverMATHGoogle Scholar
  96. Wil07.
    Willems J (2007) Open dynamical systems: their aims and their origins. Ruberti Lecture, Rome.
  97. ZHR91.
    Zhou C, Hoare T, Ravn A (1991) A calculus of durations. Inf Proc Lett 40: 269–276CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© British Computer Society 2012

Authors and Affiliations

  • Richard Banach
    • 1
  • Huibiao Zhu
    • 2
  • Wen Su
    • 2
  • Runlei Huang
    • 3
  1. 1.School of Computer ScienceUniversity of ManchesterManchesterUK
  2. 2.Software Engineering InstituteEast China Normal UniversityShanghaiPeople’s Republic of China
  3. 3.Alcatel-Lucent Shanghai BellShanghaiPeople’s Republic of China

Personalised recommendations