Block Library Driven Translation Validation for Dataflow Models in Safety Critical Systems
Model driven engineering is widely used in the development of complex and safety critical systems. Systems’ designs are specified and validated in domain specific modeling languages and software code is often produced by autocoding. Thus the correctness of the final systems depend on the correctness of those tools. We propose an approach for the formal verification of code generation from dataflow languages, such as Simulink, based on translation validation. It relies on the BlockLibraryDSL for the formal specification and verification of the structure, semantics and variability of the complex block libraries found in these languages. These specifications are then used here for deriving model and block-specific semantic contracts that will be woven into the generated C code. We present two different approaches for performing the block matching and weaving step. Finally, we rely on the Frama-C toolset and state-of-the-art SMT solvers for verifying the annotated code.
KeywordsTranslation validation Deductive verification Data flow languages Block libraries Why3 toolset Frama-C toolset
This work has been funded by the French and Estonian Ministries of Research, Industry and Defense through the Projet-P (http://www.open-do.org/projects/p/), Hi-MoCo (http://www.adacore.com/press/project-p-and-hi-moco/) and Vorace (http://projects.laas.fr/vorace/) projects and through the Estonian Ministry of Education and Research institutional research grant no. IUT33-13. The authors wish to thank the members of these, the QGen project and the anonymous reviewers of this paper for providing valuable feedback for improving the work.
- 1.ANSI/ISO C Specification Language (ACSL). http://frama-c.com/acsl.html
- 2.Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: shepherd your herd of provers. In: Boogie 2011: First International Workshop on Intermediate Verification Languages, Wrocław, Poland, pp. 53–64, August 2011Google Scholar
- 3.Dieumegard, A., Toom, A., Pantel, M.: Model-based formal specification of a DSL library for a qualified code generator. In: Proceedings of the 12th Workshop on OCL and Textual Modelling, pp. 61–62. ACM, New York (2012)Google Scholar
- 4.Dieumegard, A., Toom, A., Pantel, M.: A software product line approach for semantic specification of block libraries in dataflow languages. In: Gnesi, S., Fantechi, A., Heymans, P., Rubin, J., Czarnecki, K. (eds.) 18th International Software Product Line Conference, SPLC 2014, Florence, Italy, 15–19 September 2014, pp. 217–226. ACM (2014). http://doi.acm.org/10.1145/2648511.2648534
- 5.Filliâtre, J.C., Pereira, M.: A modular way to reason about iteration. In: 8th NASA Formal Methods Symposium, Minneapolis, United States, June 2016. https://hal.inria.fr/hal-01281759
- 8.Kang, K.C., Cohen, S.G., Hess, J.A., Novak, W.E., Peterson, A.S.: Feature-oriented domain analysis (FODA) feasibility study. Technical report, Carnegie-Mellon University Software Engineering Institute, November 1990Google Scholar
- 17.Toom, A., Naks, T., Pantel, M., Gandriau, M., Wati, I.: Gene-Auto - an automatic code generator for a safe subset of Simulink-stateflow and scicos. In: ERTS, p. (electronic medium). Société des Ingénieurs de l’Automobile (2008). http://www.sia.fr
- 18.Wang, T.E., Ashari, A.E., Jobredeaux, R.J., Feron, E.M.: Credible autocoding of fault detection observers. In: 2014 American Control Conference, pp. 672–677, June 2014Google Scholar