Rigorous development process of a safety-critical system: from ASM models to Java code

  • Paolo Arcaini
  • Angelo Gargantini
  • Elvinia Riccobene
ABZ 2014

Abstract

The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study.

Keywords

Abstract State Machines Landing Gear System Refinement  Validation and verification  Model-based testing Runtime verification 

References

  1. 1.
    Abrial, J.-R.: Modeling in Event-B: System and Software Engineering, 1st edn. Cambridge University Press, New York, NY, USA (2010)CrossRefMATHGoogle Scholar
  2. 2.
    Arcaini, P., Gargantini, A., Riccobene, E.: AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications. In: Proceedings of the 2nd International Conference on Abstract State Machines, Alloy, B and Z (ABZ 2010), volume 5977 of Lecture Notes in Computer Science, pages 61–74. Springer (2010)Google Scholar
  3. 3.
    Arcaini, P., Gargantini, A., Riccobene, E.: Automatic Review of Abstract State Machines by Meta-Property Verification. In: Muñoz, C. (ed.) Proceedings of the Second NASA Formal Methods Symposium (NFM 2010), NASA/CP-2010-216215, pp. 4–13. NASA (2010)Google Scholar
  4. 4.
    Arcaini, P., Gargantini, A., Riccobene, E.: CoMA: Conformance monitoring of Java programs by Abstract State Machines. In: Khurshid, S., Sen, K. (eds.) Runtime Verification volume 7186 of Lecture Notes in Computer Science, pp. 223–238. Springer (2012)Google Scholar
  5. 5.
    Arcaini, P., Gargantini, A., Riccobene, E.: Combining model-based testing and runtime monitoring for program testing in the presence of nondeterminism. In: 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation, Workshops Proceedings, Luxembourg, March 18-22, 2013, pp. 178–187. IEEE (2013)Google Scholar
  6. 6.
    Arcaini, P., Gargantini, A., Riccobene, E.: Modeling and Analyzing Using ASMs: The Landing Gear System Case Study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 36–51. Springer International Publishing (2014)Google Scholar
  7. 7.
    Arcaini, P., Gargantini, A., Riccobene, E.: Offline Model-Based Testing and Runtime Monitoring of the Sensor Voting Module. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 95–109. Springer International Publishing (2014)Google Scholar
  8. 8.
    Arcaini, P., Gargantini, A., Riccobene, E.: Using SMT for dealing with nondeterminism in ASM-based runtime verification. ECEASST 70 (2014)Google Scholar
  9. 9.
    Arcaini, P., Gargantini, A., Riccobene, E., Scandurra, P.: A model-driven process for engineering a toolset for a formal method. Softw.: Pract. Exp. 41, 155–166 (2011)Google Scholar
  10. 10.
    Banach, R.: The Landing Gear Case Study in Hybrid Event-B. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 126–141. Springer International Publishing (2014)Google Scholar
  11. 11.
    Barnett, M., Schulte, W.: Runtime verification of NET contracts. J. Syst. Softw. 65(3), 199–208 (2003)CrossRefGoogle Scholar
  12. 12.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Method. (TOSEM) 20 (2011)Google Scholar
  13. 13.
    Berthomieu, B., Dal Zilio, S., Fronc, Ł.: Model-Checking Real-Time Properties of an Aircraft Landing Gear System Using Fiacre. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 110–125. Springer International Publishing (2014)Google Scholar
  14. 14.
    Boniol, F., Wiels, V.: The Landing Gear System Case Study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 1–18. Springer International Publishing (2014)Google Scholar
  15. 15.
    Boniol, F., Wiels, V., Ameur, Y.A., Schewe, K.-D.: ABZ 2014: The Landing Gear Case Study Case Study Track, Held at the 4th International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z Toulouse, France, June 2-6, 2014, Proceedings. Springer International Publishing (2014)Google Scholar
  16. 16.
    Börger, E.: The ASM refinement method. Form. Aspects Comput. 15, 237–257 (2003)CrossRefMATHGoogle Scholar
  17. 17.
    Börger, E.: The ASM method for system design and analysis. A tutorial introduction. In: Gramlich, B. (ed.) Proceedings of Frontiers of Combining Systems, 5th International Workshop, FroCoS 2005, Vienna, Austria, September 19-21, 2005, volume 3717 of Lecture Notes in Computer Science, pp. 264–283. Springer (2005)Google Scholar
  18. 18.
    Börger, E.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, Berlin Heidelberg (2003)CrossRefMATHGoogle Scholar
  19. 19.
    Carioni, A., Gargantini, A., Riccobene, E., Scandurra, P.: A Scenario-Based Validation Language for ASMs. In: Proceedings of the 1st International Conference on Abstract State Machines, B and Z (ABZ 2008), volume 5238 of Lecture Notes in Computer Science, pp. 71–84. Springer-Verlag (2008)Google Scholar
  20. 20.
    Chen, F., D’Amorim, M., Roşu, G.: A formal monitoring-based framework for software development and analysis. In: Davies, J., Schulte, W., Barnett, M. (eds.) Formal Methods and Software Engineering, volume of 3308 LNCS, pp. 357–372. Springer, Berlin / Heidelberg (2004)Google Scholar
  21. 21.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge, MA, USA (1999)Google Scholar
  22. 22.
    Dausend, M., Raschke, A.: Introducing Aspect-Oriented Specification for Abstract State Machines. In: Ait Ameur, Y., Schewe, K.-D. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, volume 8477 of Lecture Notes in Computer Science, pp. 174–187. Springer Berlin Heidelberg (2014)Google Scholar
  23. 23.
    Dausend, M., Stegmaier, M., Raschke, A.: Debugging Abstract State Machine Specifications: An Extension of CoreASM. In: Mazzanti, F., Trentanni, G. (eds.) Proceedings of iFM 2012 & ABZ 2012 - Posters & Tool demos Session, pp. 21–25 (2012)Google Scholar
  24. 24.
    Delgado, N., Gates, A.Q., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng. 30(12), 859–872 (2004)CrossRefGoogle Scholar
  25. 25.
    Dhaussy, P., Teodorov, C.: Context-Aware Verification of a Landing Gear System. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 52–65. Springer International Publishing (2014)Google Scholar
  26. 26.
    Falcone, Y., Havelund, K., Reger, G.: A Tutorial on Runtime Verification. In: Engineering Dependable Software Systems, volume 34 of NATO Science for Peace and Security Series—D: Information and Communication Security, pp. 141–175. IOS Press (2013)Google Scholar
  27. 27.
    Farahbod, R., Glässer, U.: The CoreASM modeling framework. Softw., Pract. Exp. 41(2), 167–178 (2011)CrossRefGoogle Scholar
  28. 28.
    Gargantini, A., Riccobene, E.: ASM-based testing: coverage criteria and automatic test sequence generation. J. Univ. Comput. Sci. 7, 262–265 (2001)Google Scholar
  29. 29.
    Gargantini, A., Riccobene, E., Rinzivillo, S.: Using Spin to Generate Tests from ASM Specifications. In: Börger, E., Gargantini, A., Riccobene, E. (eds.) Abstract State Machines 2003, volume of 2589 Lecture Notes in Computer Science, pp. 263–277. Springer, Berlin Heidelberg (2003)Google Scholar
  30. 30.
    Gargantini, A., Riccobene, E., Scandurra, P.: A metamodel-based language and a simulation engine for abstract state machines. J. Univ. Comput. Sci. 14(12), 1949–1983 (2008)Google Scholar
  31. 31.
    Glässer, U., Hallerstede, S., Leuschel, M., Riccobene, E.: Integration of tools for rigorous software construction and analysis (Dagstuhl Seminar 13372). Dagstuhl Rep. 3(9), 74–105 (2013)Google Scholar
  32. 32.
    Hansen, D., Ladenberger, L., Wiegard, H., Bendisposto, J., Leuschel, M.: Validation of the ABZ Landing Gear System Using ProB. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 66–79.Springer International Publishing (2014)Google Scholar
  33. 33.
    Hierons, R., Derrick, J.: Editorial: special issue on specification-based testing. Softw. Test. Verif. Reliab. 10(4), 201–202 (2000)CrossRefGoogle Scholar
  34. 34.
    Kossak, F.: Landing Gear System: An ASM-Based Solution for the ABZ Case Study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 142–147. Springer International Publishing (2014)Google Scholar
  35. 35.
    Laddad, R.: AspectJ in Action: Practical Aspect-Oriented Programming. Manning Publications Co., Greenwich, CT, USA (2003)Google Scholar
  36. 36.
    Liang, H., Dong, J., Sun, J., Wong, W.: Software monitoring through formal specification animation. Innov. Syst. Soft. Eng. 5, 231–241 (2009)CrossRefGoogle Scholar
  37. 37.
    Mammar, A., Laleau, R.: Modeling a Landing Gear System in Event-B. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 80–94. Springer International Publishing (2014)Google Scholar
  38. 38.
    Méry, D., Singh, N. K.: Modeling an Aircraft Landing System in Event-B. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D., (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 154–159. Springer International Publishing (2014)Google Scholar
  39. 39.
    Schellhorn, G.: Verification of ASM refinements using generalized forward simulation. J. Univ. Comput. Sci. 7(11), 952–979 (2001)MathSciNetGoogle Scholar
  40. 40.
    Slissenko, A., Vasilyev, P.: Simulation of timed abstract state machines with predicate logic model-checking. J. Univ. Comput. Sci. 14(12), 1984–2006 (2008)MATHGoogle Scholar
  41. 41.
    Stärk, R.F., Schmid, J., Börger, E.: Java and the Java Virtual Machine: Definition, Verification, Validation. Springer (2001)Google Scholar
  42. 42.
    Su, W., Abrial, J.-R.: Aircraft Landing Gear System: Approaches with Event-B to the Modeling of an Industrial System. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 19–35. Springer International Publishing (2014)Google Scholar
  43. 43.
    Utting, M., Legeard, B.: Practical Model-Based Testing: A Tools Approach. Morgan-Kaufmann, San Francisco, CA (2006)Google Scholar
  44. 44.
    Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.: Formal methods: practice and experience. ACM Comput. Surv. 41(4), 19:1–19:36 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Paolo Arcaini
    • 1
  • Angelo Gargantini
    • 2
  • Elvinia Riccobene
    • 3
  1. 1.Charles University in Prague, Faculty of Mathematics and PhysicsPragueCzech Republic
  2. 2.Department of Management, Information and Production EngineeringUniversity of BergamoBergamoItaly
  3. 3.Department of Computer ScienceUniversità degli Studi di MilanoMilanItaly

Personalised recommendations