Data Flow Control Systems: an Example of Safety Validation

  • Cinzia Bernardeschi
  • Luca Simoncini
  • Andrea Bondavalli
Conference paper


In this paper a methodology to develop safety-critical control systems is proposed. These systems continuously interact with the physical environment, and those admitting at least one failure causing a catastrophe are classified as safety-critical. Our methodology takes into account both the control system (controller) and the physical environment (plant). After the requirements analysis, the system is developed following data flow model, i.e., described as a static data flow network of nodes executing concurrently and communicating asynchronously. The plant is used as the test case for the validation of the controller and their composition is analysed to show whether hazards are reached. To this purpose we apply a transformation from data flow networks to LOTOS specifications. The transformation preserves the semantics of the original network and data flow network properties can be derived and proved on the LOTOS specification using available support tools. A train set example for the contact-free moving of trains on a circular track divided into sections is shown as an application of the methodology.


Data Flow Process Algebra Safety Strategy Data Flow Graph FIFO Buffer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Saeed A, de Lemos R, Anderson T. The role of formal methods in the requirements analysis of safety-critical systems: a train set example. Proc. of FTCS-21, Montreal, Canada, 1991, pp. 478–485Google Scholar
  2. 2.
    Kavi K, Buckles B, Bhat U. Isomorphism between Petri nets and data flow graphs. IEEE TSE 1987; SE-13: 1127–1134Google Scholar
  3. 3.
    Bondavalli A, Strigini L, Simoncini L. Data-flow like languages for real-time systems: issues of computational models and notation. Proc. of SRDS-11, 11th Symposium on Reliable Distributed Systems, Houston, Texas, USA, 1992, pp. 214–221Google Scholar
  4. Bondavalli A, Simoncini L. Functional paradigm for designing dependable large-scale parallel computing systems. Proc. of ISADS 93 International Symposium on Autonomous Decentralized Systems, Kawasaki, Japan, 1993, pp. 108–114Google Scholar
  5. 5.
    Jagannathan R, Ashcroft E A. Fault tolerance in parallel implementations of functional languages. Proc. of FTCS-21, Montreal, Canada, 1991, pp. 256–263Google Scholar
  6. 6.
    Kahn G. The semantics of a simple language for parallel programming. Proc. of IFIP 74, 1974, pp. 471–475MathSciNetzbMATHGoogle Scholar
  7. 7.
    Jonsson B. A fully abstract trace model for data flow networks. Journal of ACM 1989; 36: 155–165Google Scholar
  8. 8.
    Mellor P. Modular structured software reliability modelling. Private communication, 1992Google Scholar
  9. 9.
    Bolognesi T, Brinskma E. Introduction to the ISO specification language LOTOS. In: The Formal Description Technique LOTOS. Elsevier Science Publishers B.V. (North-Holland), 1989, pp. 23–73Google Scholar
  10. 10.
    van Eijk P. The Lotosphere integrated tool environment LITE. Proc. of IFIP TC6/WG6.1 4th International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols — FORTE 91, Sydney, Australia, 1991, pp. 473–476Google Scholar
  11. 11.
    Genrich H J. Predicate/transition nets. In: LNCS 254. Springer Verlag, 1986, pp. 207–247Google Scholar
  12. 12.
    Milner R. Communication and concurrency. Prentice Hall, Englewood Cliffs, NJ, 1989Google Scholar
  13. 13.
    Bernardeschi C. An approach to the analysis of data flow networks by LOTOS. Proc. of Congresso annuale AICA’93 (to appear), Lecce, Italy, 1993Google Scholar
  14. 14.
    Bernardeschi C, Bondavalli A, Simoncini L. From data flow networks to process algebras. Proc. of PARLE 93, Munchen, Germany, 1993.Google Scholar
  15. 15.
    Madeleine E, Vergamini D. AUTO: a verification tool for distributed systems using reduction of finite automata networks. Proc. of IFIP TC6 2nd International Conference on Formal Description Tecniques for Distributed Systems and Communication Protocols — FORTE 89, Vancouver, B.C., Canada, 1989, pp. 61–66Google Scholar
  16. De Nicola R, Fantechi A, Gnesi S, Ristori G. An action-based framework for verifying logical and behavioural properties of concurrent systems. Computer Networks and ISDN Systems 1993; 25: 761–778CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London Limited 1993

Authors and Affiliations

  • Cinzia Bernardeschi
    • 1
  • Luca Simoncini
    • 1
  • Andrea Bondavalli
    • 2
  1. 1.Department of Information EngineeringUniversity of PisaPisaItaly
  2. 2.CNUCE-CNRPisaItaly

Personalised recommendations