Block Library Driven Translation Validation for Dataflow Models in Safety Critical Systems

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9933)

Abstract

Model driven engineering is widely used in the development of complex and safety critical systems. Systems’ designs are specified and validated in domain specific modeling languages and software code is often produced by autocoding. Thus the correctness of the final systems depend on the correctness of those tools. We propose an approach for the formal verification of code generation from dataflow languages, such as Simulink, based on translation validation. It relies on the BlockLibraryDSL for the formal specification and verification of the structure, semantics and variability of the complex block libraries found in these languages. These specifications are then used here for deriving model and block-specific semantic contracts that will be woven into the generated C code. We present two different approaches for performing the block matching and weaving step. Finally, we rely on the Frama-C toolset and state-of-the-art SMT solvers for verifying the annotated code.

Keywords

Translation validation Deductive verification Data flow languages Block libraries Why3 toolset Frama-C toolset 

References

  1. 1.
    ANSI/ISO C Specification Language (ACSL). http://frama-c.com/acsl.html
  2. 2.
    Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: shepherd your herd of provers. In: Boogie 2011: First International Workshop on Intermediate Verification Languages, Wrocław, Poland, pp. 53–64, August 2011Google Scholar
  3. 3.
    Dieumegard, A., Toom, A., Pantel, M.: Model-based formal specification of a DSL library for a qualified code generator. In: Proceedings of the 12th Workshop on OCL and Textual Modelling, pp. 61–62. ACM, New York (2012)Google Scholar
  4. 4.
    Dieumegard, A., Toom, A., Pantel, M.: A software product line approach for semantic specification of block libraries in dataflow languages. In: Gnesi, S., Fantechi, A., Heymans, P., Rubin, J., Czarnecki, K. (eds.) 18th International Software Product Line Conference, SPLC 2014, Florence, Italy, 15–19 September 2014, pp. 217–226. ACM (2014). http://doi.acm.org/10.1145/2648511.2648534
  5. 5.
    Filliâtre, J.C., Pereira, M.: A modular way to reason about iteration. In: 8th NASA Formal Methods Symposium, Minneapolis, United States, June 2016. https://hal.inria.fr/hal-01281759
  6. 6.
    Furia, C.A., Meyer, B.: Inferring loop invariants using postconditions. In: Blass, A., Dershowitz, N., Reisig, W. (eds.) Fields of Logic and Computation. LNCS, vol. 6300, pp. 277–300. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Izerrouken, N., Pantel, M., Thirioux, X.: Machine-checked sequencer for critical embedded code generator. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 521–540. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Kang, K.C., Cohen, S.G., Hess, J.A., Novak, W.E., Peterson, A.S.: Feature-oriented domain analysis (FODA) feasibility study. Technical report, Carnegie-Mellon University Software Engineering Institute, November 1990Google Scholar
  9. 9.
    Lee, E., Messerschmitt, D.: Static scheduling of synchronous data flow programs for digital signal processing. IEEE Trans. Comput. C–36(1), 24–35 (1987)CrossRefGoogle Scholar
  10. 10.
    Liu, S., Offutt, A.J., Ho-Stuart, C., Sun, Y., Ohba, M.: SOFL: a formal engineering methodology for industrial applications. IEEE Trans. Softw. Eng. 24(1), 24–45 (1998)CrossRefGoogle Scholar
  11. 11.
    Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Oper. Syst. Rev. 30, 229–244 (1996)CrossRefGoogle Scholar
  12. 12.
    Ngo, V., Talpin, J.P., Gautier, T., Le Guernic, P., Besnard, L.: Formal verification of synchronous data-flow program transformations toward certified compilers. Front. Comput. Sci. 7(5), 598–616 (2013). doi:10.1007/s11704-013-3910-8 MathSciNetCrossRefGoogle Scholar
  13. 13.
    O’Halloran, C.: Automated verification of code automatically generated from Simulink. Autom. Softw. Eng. 20(2), 237–264 (2013). doi:10.1007/s10515-012-0116-5 CrossRefGoogle Scholar
  14. 14.
    Pires, A.F., Polacsek, T., Wiels, V., Duprat, S.: Behavioural verification in embedded software, from model to source code. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 320–335. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Pnueli, A., Siegel, M.D., Singerman, E.: Translation validation. In: Steffen, B. (ed.) TACAS 1998. LNCS, vol. 1384, pp. 151–166. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Ryabtsev, M., Strichman, O.: Translation validation: from simulink to C. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 696–701. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Toom, A., Naks, T., Pantel, M., Gandriau, M., Wati, I.: Gene-Auto - an automatic code generator for a safe subset of Simulink-stateflow and scicos. In: ERTS, p. (electronic medium). Société des Ingénieurs de l’Automobile (2008). http://www.sia.fr
  18. 18.
    Wang, T.E., Ashari, A.E., Jobredeaux, R.J., Feron, E.M.: Credible autocoding of fault detection observers. In: 2014 American Control Conference, pp. 672–677, June 2014Google Scholar
  19. 19.
    Wiik, J., Boström, P.: Contract-based verification of MATLAB-style matrix programs. Formal Aspects Comput. 28(1), 79–107 (2016). doi:10.1007/s00165-015-0353-z MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Institut de Recherche Technologique Antoine de Saint ExupéryToulouse Cedex 4France
  2. 2.Institut de Recherche en Informatique de Toulouse, Université de Toulouse, ENSEEIHTToulouse CedexFrance
  3. 3.Institute of Cybernetics at Tallinn University of TechnologyTallinnEstonia
  4. 4.IB Krates OÜTallinnEstonia

Personalised recommendations