Abstract
We present the Refinement Calculus of Reactive Systems Toolset, an environment for compositional formal modeling and reasoning about reactive systems, built around Isabelle, Simulink, and Python. The toolset implements the Refinement Calculus of Reactive Systems (RCRS), a contract-based refinement framework inspired by the classic refinement calculus and interface theories. The toolset formalizes the entire RCRS theory in about 30000 lines of Isabelle code. The toolset also contains a translator of Simulink diagrams and a formal analyzer implemented on top of Isabelle. We present the main functionalities of the RCRS Toolset via a series of pedagogical examples and also describe a larger case study from the automotive domain.
Similar content being viewed by others
Notes
In order to write special characters in Isabelle such as \(\leadsto \), one has to type the TeX corresponding command (e.g., \(\leadsto \)) and press the Tab key. Then, the special character will be typed in the Isabelle jEdit interface as shown in Fig. 5.
Note that UnitDelay is the RCRS component, and not the UnitDelay Simulink block. The latter has a single output wire, but in RCRS it is modeled as a stateful block which has an extra input modeling the current state and an extra output modeling the next state.
Note that we duplicate here the use of atomic components definitions in order to illustrate the algorithm. These are already part of the basic_simps simplification rules.
We downloaded the Simulink models from https://cps-vo.org/group/ARCH/benchmarks. One of those models is made available both in the figshare repository [15] and in the distribution.
References
Agrawal, A., Simon, G., Karsai, G.: Semantic translation of simulink/stateflow models to hybrid automata using graph transformations. Electron. Notes Theor. Comput. Sci. 109, 43–56 (2004). Proceedings of the Workshop on Graph Transformation and Visual Modelling Techniques (GT-VMT 2004)
Alur, R., Grosu, R., Lee, I., Sokolsky, O.: Compositional refinement for hierarchical hybrid systems. In: 4th International Workshop on Hybrid Systems: Computation and Control, HSCC ’01, pp. 33–48. Springer, Berlin (2001)
Alur, R., Henzinger, T.: Reactive modules. Formal Methods Syst. Des. 15, 7–48 (1999)
Back, R.-J., von Wright, J.: Refinement Calculus. Springer, Berlin (1998)
Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanovi’c, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan G., Qadeer S. (eds.) Proceedings of the 23rd International Conference on Computer Aided Verification (CAV ’11). Lecture Notes in Computer Science, vol. 6806, pp. 171–177. Springer, Utah (2011)
Boulton, R.J., Gordon, A., Gordon, M.J.C., Harrison, J., Herbert, J., Tassel, J.V.: Experience with embedding hardware description languages in HOL. In: IFIP TC10/WG 10.2 International Conference on Theorem Provers in Circuit Design, pp. 129–156. North-Holland Publishing Co., Amsterdam (1992)
Broy, M., Stølen, K.: Specification and Development of Interactive Systems: Focus on Streams, Interfaces, and Refinement. Springer, Berlin (2001)
Chen, C., Dong, J.S., Sun, J.: A formal framework for modeling and validating Simulink diagrams. Formal Asp. Comput. 21(5), 451–483 (2009)
de Alfaro, L., Henzinger, T.: Interface automata. In Foundations of Software Engineering (FSE). ACM Press, New York (2001)
De Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Proceedings of the Theory and Practice of Software 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’08/ETAPS’08, pp. 337–340, Springer, Berlin (2008)
Dijkstra, E.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)
Dill, D.: Trace Theory for Automatic Hierarchical Verification of Speed-independent Circuits. MIT Press, Cambridge (1987)
Dragomir, I., Preoteasa, V., Tripakis, S.: Compositional Semantics and Analysis of Hierarchical Block Diagrams. In SPIN, pp. 38–56. Springer, Berlin (2016)
Dragomir, I., Preoteasa, V., Tripakis, S.: Compositional Semantics and Analysis of Hierarchical Block Diagrams. In SPIN, pp. 38–56. Springer, Berlin (2016)
Dragomir, I., Preoteasa, V., Tripakis, S.: The Refinement Calculus of Reactive Systems Toolset. figshare. (2018) Doi: https://doi.org/10.6084/m9.figshare.5900911
Dutertre, B., de Moura, L.: The Yices SMT solver. Technical report, SRI International (2006)
Fan, C., Qi, B., Mitra, S., Viswanathan, M., Duggirala, P.S.: Automatic reachability analysis for nonlinear hybrid models with C2E2. In: Chaudhuri S., Farzan A. (eds.) Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part I, Lecture Notes in Computer Science, vol. 9779, pp. 531–538. Springer, Berlin (2016)
Freeman, T., Pfenning, F.: Refinement types for ML. SIGPLAN Not. 26(6), 268–277 (1991)
Frehse, G., Guernic, C.L., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., Maler, O.: Spaceex: Scalable verification of hybrid systems. In: Gopalakrishnan G., Qadeer S. (eds.) Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings, Lecture Notes in Computer Science, vol. 6806, pp. 379–395. Springer, (2011)
Fritzson, P.: Principles of Object-Oriented Modeling and Simulation with Modelica 3.3: A Cyber-Physical Approach, 2nd edn. Wiley, Hoboken (2014)
Henzinger, T., Ho, P.-H., Wong Toi, H.: Hytech: A model checker for hybrid systems. Software Tools for Technology Transfer, 1, (1997)
Jin, X., Deshmukh, J.V., Kapinski, J., Ueda, K., Butts, K.: Powertrain Control Verification Benchmark. In: Proceedings of the 17th International Conference on Hybrid Systems: Computation and Control, HSCC’14, pp. 253–262. ACM, (2014)
Lynch, N., Tuttle, M.: An introduction to input/output automata. CWI Q. 2, 219–246 (1989)
Malik, S.: Analysis of cyclic combinational circuits. IEEE Trans. CAD Integra. Circuits Syst. 13(7), 950–956 (1994)
Meenakshi, B., Bhatnagar, A., Roy, S.: Tool for translating simulink models into input language of a model checker. In: Formal Methods and Software Engineering, LNCS, vol. 4260, pp. 606–620. Springer, (2006)
Milner, R., Tofte, M., Harper, R.: The Definition of Standard ML. MIT Press, Cambridge (1990)
Minopoli, S., Frehse, G.: SL2SX Translator: From Simulink to SpaceEx Verification Tool. In: 19th ACM International Conference on Hybrid Systems: Computation and Control (HSCC), (2016)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic. LNCS 2283. Springer, (2002)
Preoteasa, V., Dragomir, I., Tripakis, S.: Type Inference of Simulink Hierarchical Block Diagrams in Isabelle. In: FORTE, (2017)
Preoteasa, V., Dragomir, I., Tripakis, S.: The refinement calculus of reactive systems. CoRR, arXiv:1710.03979 (2018)
Preoteasa, V., Dragomir, I., Tripakis, S.: Mechanically proving determinacy of hierarchical block diagram translations. In: Enea C., Piskac R. (eds.) Verification, Model Checking, and Abstract Interpretation - 20th International Conference, VMCAI 2019, Cascais, Portugal, January 13-15, 2019, Proceedings, Lecture Notes in Computer Science, vol. 11388, pp. 577–600. Springer, Berlin (2019)
Preoteasa, V., Dragomir, I., Tripakis, S.: Mechanically proving determinacy of hierarchical block diagram translations. In: VMCAI 2019 - 20th International Conference on Verification, Model Checking, and Abstract Interpretation, (2019). Extended version available as arXiv report arXiv:1611.01337
Preoteasa, V., Tripakis, S.: Refinement calculus of reactive systems. In: Embedded Software (EMSOFT), 2014 International Conference on, pp. 1–10, (Oct 2014)
Preoteasa, V., Tripakis, S.: Towards Compositional Feedback in Non-Deterministic and Non-Input-Receptive Systems. In: 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), (2016)
Quesel, J., Mitsch, S., Loos, S.M., Arechiga, N., Platzer, A.: How to model and prove hybrid systems with keymaera: a tutorial on safety. STTT 18(1), 67–91 (2016)
Reicherdt, R., Glesner, S.: Formal verification of discrete-time MATLAB/Simulink models using boogie. In: Giannakopoulou D., Salaün G. (eds.) Software Engineering and Formal Methods: 12th International Conference, SEFM 2014, Grenoble, France, September 1–5, 2014. Proceedings, pp. 190–204. Springer International Publishing, Cham (2014)
Rondon, P.M., Kawaguci, M., Jhala, R.: Liquid types. In: 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’08, pp. 159–169, New York, NY, USA, ACM (2008)
Roy, P., Shankar, N.: SimCheck: a contract type system for Simulink. Innov. Syst. Softw. Eng. 7(2), 73–83 (2011)
Sfyrla, V., Tsiligiannis, G., Safaka, I., Bozga, M., Sifakis, J.: Compositional translation of Simulink models into synchronous BIP. In: Industrial Embedded Systems (SIES), 2010 International Symposium on, pp. 217–220, (July 2010)
Sistla, A.P., Vardi, M.Y., Wolper, P.: The complementation problem for Büchi automata with applications to temporal logic. Theor. Comput. Sci. 49, 217–237 (1987)
Tripakis, S., Lickly, B., Henzinger, T.A., Lee, E.A.: A Theory of Synchronous Relational Interfaces. ACM TOPLAS 33(4), 14:1–14:41 (2011)
Tripakis, S., Sofronis, C., Caspi, P., Curic, A.: Translating discrete-time Simulink to lustre. ACM Trans. Embed. Comput. Syst. 4(4), 779–818 (2005)
Tripakis, S., Stergiou, C., Broy, M., Lee, E.A.: Error-completion in interface theories. In: International SPIN Symposium on Model Checking of Software – SPIN 2013, LNCS, vol. 7976, pp. 358–375. Springer, (2013)
Xi, H., Pfenning, F.: Dependent types in practical programming. In: POPL, pp. 214–227. ACM, (1999)
Yang, C., Vyatkin, V.: Transformation of Simulink models to IEC 61499 function blocks for verification of distributed control systems. Control Eng. Pract. 20(12), 1259–1269 (2012)
Zhou, C., Kumar, R.: Semantic translation of Simulink diagrams to input/output extended finite automata. Discrete Event Dyn. Syst. 22(2), 223–247 (2012)
Zou, L., Zhany, N., Wang, S., Franzle, M., Qin, S.: Verifying Simulink diagrams via a hybrid hoare logic prover. In: Embedded Software (EMSOFT), (Sept 2013)
Acknowledgements
This work has been supported by the Academy of Finland and the US National Science Foundation (Awards 1329759 and 1801546). Dragomir was partially supported by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement #730080 (ESROCOS). Preoteasa was partially supported by the ECSEL JU MegaM@Rt2 project under Grant Agreement #737494.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Dragomir, I., Preoteasa, V. & Tripakis, S. The Refinement Calculus of Reactive Systems Toolset. Int J Softw Tools Technol Transfer 22, 689–708 (2020). https://doi.org/10.1007/s10009-020-00561-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-020-00561-4