Skip to main content
Log in

The Refinement Calculus of Reactive Systems Toolset

  • General
  • Special Issue TACAS 2018
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

We present the Refinement Calculus of Reactive Systems Toolset, an environment for compositional formal modeling and reasoning about reactive systems, built around Isabelle, Simulink, and Python. The toolset implements the Refinement Calculus of Reactive Systems (RCRS), a contract-based refinement framework inspired by the classic refinement calculus and interface theories. The toolset formalizes the entire RCRS theory in about 30000 lines of Isabelle code. The toolset also contains a translator of Simulink diagrams and a formal analyzer implemented on top of Isabelle. We present the main functionalities of the RCRS Toolset via a series of pedagogical examples and also describe a larger case study from the automotive domain.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. In order to write special characters in Isabelle such as \(\leadsto \), one has to type the TeX corresponding command (e.g., \(\leadsto \)) and press the Tab key. Then, the special character will be typed in the Isabelle jEdit interface as shown in Fig. 5.

  2. Note that UnitDelay is the RCRS component, and not the UnitDelay Simulink block. The latter has a single output wire, but in RCRS it is modeled as a stateful block which has an extra input modeling the current state and an extra output modeling the next state.

  3. Note that we duplicate here the use of atomic components definitions in order to illustrate the algorithm. These are already part of the basic_simps simplification rules.

  4. We downloaded the Simulink models from https://cps-vo.org/group/ARCH/benchmarks. One of those models is made available both in the figshare repository [15] and in the distribution.

References

  1. Agrawal, A., Simon, G., Karsai, G.: Semantic translation of simulink/stateflow models to hybrid automata using graph transformations. Electron. Notes Theor. Comput. Sci. 109, 43–56 (2004). Proceedings of the Workshop on Graph Transformation and Visual Modelling Techniques (GT-VMT 2004)

    Article  MATH  Google Scholar 

  2. Alur, R., Grosu, R., Lee, I., Sokolsky, O.: Compositional refinement for hierarchical hybrid systems. In: 4th International Workshop on Hybrid Systems: Computation and Control, HSCC ’01, pp. 33–48. Springer, Berlin (2001)

  3. Alur, R., Henzinger, T.: Reactive modules. Formal Methods Syst. Des. 15, 7–48 (1999)

    Article  Google Scholar 

  4. Back, R.-J., von Wright, J.: Refinement Calculus. Springer, Berlin (1998)

    Book  MATH  Google Scholar 

  5. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanovi’c, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan G., Qadeer S. (eds.) Proceedings of the 23rd International Conference on Computer Aided Verification (CAV ’11). Lecture Notes in Computer Science, vol. 6806, pp. 171–177. Springer, Utah (2011)

  6. Boulton, R.J., Gordon, A., Gordon, M.J.C., Harrison, J., Herbert, J., Tassel, J.V.: Experience with embedding hardware description languages in HOL. In: IFIP TC10/WG 10.2 International Conference on Theorem Provers in Circuit Design, pp. 129–156. North-Holland Publishing Co., Amsterdam (1992)

  7. Broy, M., Stølen, K.: Specification and Development of Interactive Systems: Focus on Streams, Interfaces, and Refinement. Springer, Berlin (2001)

    Book  MATH  Google Scholar 

  8. Chen, C., Dong, J.S., Sun, J.: A formal framework for modeling and validating Simulink diagrams. Formal Asp. Comput. 21(5), 451–483 (2009)

    Article  MATH  Google Scholar 

  9. de Alfaro, L., Henzinger, T.: Interface automata. In Foundations of Software Engineering (FSE). ACM Press, New York (2001)

    Google Scholar 

  10. De Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Proceedings of the Theory and Practice of Software 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’08/ETAPS’08, pp. 337–340, Springer, Berlin (2008)

  11. Dijkstra, E.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  12. Dill, D.: Trace Theory for Automatic Hierarchical Verification of Speed-independent Circuits. MIT Press, Cambridge (1987)

    Google Scholar 

  13. Dragomir, I., Preoteasa, V., Tripakis, S.: Compositional Semantics and Analysis of Hierarchical Block Diagrams. In SPIN, pp. 38–56. Springer, Berlin (2016)

    Google Scholar 

  14. Dragomir, I., Preoteasa, V., Tripakis, S.: Compositional Semantics and Analysis of Hierarchical Block Diagrams. In SPIN, pp. 38–56. Springer, Berlin (2016)

    Google Scholar 

  15. Dragomir, I., Preoteasa, V., Tripakis, S.: The Refinement Calculus of Reactive Systems Toolset. figshare. (2018) Doi: https://doi.org/10.6084/m9.figshare.5900911

  16. Dutertre, B., de Moura, L.: The Yices SMT solver. Technical report, SRI International (2006)

  17. Fan, C., Qi, B., Mitra, S., Viswanathan, M., Duggirala, P.S.: Automatic reachability analysis for nonlinear hybrid models with C2E2. In: Chaudhuri S., Farzan A. (eds.) Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part I, Lecture Notes in Computer Science, vol. 9779, pp. 531–538. Springer, Berlin (2016)

  18. Freeman, T., Pfenning, F.: Refinement types for ML. SIGPLAN Not. 26(6), 268–277 (1991)

    Article  Google Scholar 

  19. Frehse, G., Guernic, C.L., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., Maler, O.: Spaceex: Scalable verification of hybrid systems. In: Gopalakrishnan G., Qadeer S. (eds.) Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings, Lecture Notes in Computer Science, vol. 6806, pp. 379–395. Springer, (2011)

  20. Fritzson, P.: Principles of Object-Oriented Modeling and Simulation with Modelica 3.3: A Cyber-Physical Approach, 2nd edn. Wiley, Hoboken (2014)

    Google Scholar 

  21. Henzinger, T., Ho, P.-H., Wong Toi, H.: Hytech: A model checker for hybrid systems. Software Tools for Technology Transfer, 1, (1997)

  22. Jin, X., Deshmukh, J.V., Kapinski, J., Ueda, K., Butts, K.: Powertrain Control Verification Benchmark. In: Proceedings of the 17th International Conference on Hybrid Systems: Computation and Control, HSCC’14, pp. 253–262. ACM, (2014)

  23. Lynch, N., Tuttle, M.: An introduction to input/output automata. CWI Q. 2, 219–246 (1989)

    MathSciNet  MATH  Google Scholar 

  24. Malik, S.: Analysis of cyclic combinational circuits. IEEE Trans. CAD Integra. Circuits Syst. 13(7), 950–956 (1994)

    Article  MATH  Google Scholar 

  25. Meenakshi, B., Bhatnagar, A., Roy, S.: Tool for translating simulink models into input language of a model checker. In: Formal Methods and Software Engineering, LNCS, vol. 4260, pp. 606–620. Springer, (2006)

  26. Milner, R., Tofte, M., Harper, R.: The Definition of Standard ML. MIT Press, Cambridge (1990)

    Google Scholar 

  27. Minopoli, S., Frehse, G.: SL2SX Translator: From Simulink to SpaceEx Verification Tool. In: 19th ACM International Conference on Hybrid Systems: Computation and Control (HSCC), (2016)

  28. Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic. LNCS 2283. Springer, (2002)

  29. Preoteasa, V., Dragomir, I., Tripakis, S.: Type Inference of Simulink Hierarchical Block Diagrams in Isabelle. In: FORTE, (2017)

  30. Preoteasa, V., Dragomir, I., Tripakis, S.: The refinement calculus of reactive systems. CoRR, arXiv:1710.03979 (2018)

  31. Preoteasa, V., Dragomir, I., Tripakis, S.: Mechanically proving determinacy of hierarchical block diagram translations. In: Enea C., Piskac R. (eds.) Verification, Model Checking, and Abstract Interpretation - 20th International Conference, VMCAI 2019, Cascais, Portugal, January 13-15, 2019, Proceedings, Lecture Notes in Computer Science, vol. 11388, pp. 577–600. Springer, Berlin (2019)

  32. Preoteasa, V., Dragomir, I., Tripakis, S.: Mechanically proving determinacy of hierarchical block diagram translations. In: VMCAI 2019 - 20th International Conference on Verification, Model Checking, and Abstract Interpretation, (2019). Extended version available as arXiv report arXiv:1611.01337

  33. Preoteasa, V., Tripakis, S.: Refinement calculus of reactive systems. In: Embedded Software (EMSOFT), 2014 International Conference on, pp. 1–10, (Oct 2014)

  34. Preoteasa, V., Tripakis, S.: Towards Compositional Feedback in Non-Deterministic and Non-Input-Receptive Systems. In: 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), (2016)

  35. Quesel, J., Mitsch, S., Loos, S.M., Arechiga, N., Platzer, A.: How to model and prove hybrid systems with keymaera: a tutorial on safety. STTT 18(1), 67–91 (2016)

    Article  Google Scholar 

  36. Reicherdt, R., Glesner, S.: Formal verification of discrete-time MATLAB/Simulink models using boogie. In: Giannakopoulou D., Salaün G. (eds.) Software Engineering and Formal Methods: 12th International Conference, SEFM 2014, Grenoble, France, September 1–5, 2014. Proceedings, pp. 190–204. Springer International Publishing, Cham (2014)

  37. Rondon, P.M., Kawaguci, M., Jhala, R.: Liquid types. In: 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’08, pp. 159–169, New York, NY, USA, ACM (2008)

  38. Roy, P., Shankar, N.: SimCheck: a contract type system for Simulink. Innov. Syst. Softw. Eng. 7(2), 73–83 (2011)

    Article  Google Scholar 

  39. Sfyrla, V., Tsiligiannis, G., Safaka, I., Bozga, M., Sifakis, J.: Compositional translation of Simulink models into synchronous BIP. In: Industrial Embedded Systems (SIES), 2010 International Symposium on, pp. 217–220, (July 2010)

  40. Sistla, A.P., Vardi, M.Y., Wolper, P.: The complementation problem for Büchi automata with applications to temporal logic. Theor. Comput. Sci. 49, 217–237 (1987)

    Article  MATH  Google Scholar 

  41. Tripakis, S., Lickly, B., Henzinger, T.A., Lee, E.A.: A Theory of Synchronous Relational Interfaces. ACM TOPLAS 33(4), 14:1–14:41 (2011)

    Article  Google Scholar 

  42. Tripakis, S., Sofronis, C., Caspi, P., Curic, A.: Translating discrete-time Simulink to lustre. ACM Trans. Embed. Comput. Syst. 4(4), 779–818 (2005)

    Article  Google Scholar 

  43. Tripakis, S., Stergiou, C., Broy, M., Lee, E.A.: Error-completion in interface theories. In: International SPIN Symposium on Model Checking of Software – SPIN 2013, LNCS, vol. 7976, pp. 358–375. Springer, (2013)

  44. Xi, H., Pfenning, F.: Dependent types in practical programming. In: POPL, pp. 214–227. ACM, (1999)

  45. Yang, C., Vyatkin, V.: Transformation of Simulink models to IEC 61499 function blocks for verification of distributed control systems. Control Eng. Pract. 20(12), 1259–1269 (2012)

    Article  Google Scholar 

  46. Zhou, C., Kumar, R.: Semantic translation of Simulink diagrams to input/output extended finite automata. Discrete Event Dyn. Syst. 22(2), 223–247 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  47. Zou, L., Zhany, N., Wang, S., Franzle, M., Qin, S.: Verifying Simulink diagrams via a hybrid hoare logic prover. In: Embedded Software (EMSOFT), (Sept 2013)

Download references

Acknowledgements

This work has been supported by the Academy of Finland and the US National Science Foundation (Awards 1329759 and 1801546). Dragomir was partially supported by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement #730080 (ESROCOS). Preoteasa was partially supported by the ECSEL JU MegaM@Rt2 project under Grant Agreement #737494.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stavros Tripakis.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dragomir, I., Preoteasa, V. & Tripakis, S. The Refinement Calculus of Reactive Systems Toolset. Int J Softw Tools Technol Transfer 22, 689–708 (2020). https://doi.org/10.1007/s10009-020-00561-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-020-00561-4

Keywords

Navigation