Using Simulink Design Verifier for Proving Behavioral Properties on a Complex Safety Critical System in the Ground Transportation Domain

  • J. -F. Etienne
  • S. Fechter
  • E. Juppeaux

Abstract

We present our return of experience in using Simulink Design Verifier for the verification and validation of a safety-critical function. The case study concerns the train tracking function for an automatic train protection system (ATP). We basically show how this function is formalized in Simulink and present the various proof strategies devised to prove the correctness of the model w.r.t. high-level safety properties. These strategies have for purpose to provide a certain harness over time/memory consumption during proof construction, thus avoiding the state space explosion problem.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdulla, P.A., Deneux, J., Stålmarck, G., Ågren, H., Åkerlund, O.: Designing safe, reliable systems using scade. In: Margaria, T., Steffen, B. (eds.) ISoLA 2004. LNCS, vol. 4313, pp. 115–129. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Abrial, J.R.: The B Book, Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)MATHCrossRefGoogle Scholar
  3. 3.
    Caspi, P., Pilaud, D., Halbwachs, N., Place, J.: Lustre: a declarative language for programming synchronous systems. In: ACM Symp. on Princ. of Prog. Langs., POPL 1987 (1987)Google Scholar
  4. 4.
    Clarke, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Formal Methods in System Design 19 (2001)Google Scholar
  5. 5.
    Halbwachs, N., Caspi, P., Raymond, P., Pilaud, D.: The synchronous dataflow programming language lustre. Proceedings of the IEEE 79(9), 1305–1320 (1991)CrossRefGoogle Scholar
  6. 6.
    MathWorks. Simulink Design Verifier, http://www.mathworks.com/products/sldesignverifier/
  7. 7.
  8. 8.
  9. 9.
    Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a SAT-solver. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 108–125. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Sheeran, M., Stålmarck, G.: A tutorial on stålmarck’s proof procedure for propositional logic. In: Gopalakrishnan, G.C., Windley, P. (eds.) FMCAD 1998. LNCS, vol. 1522, pp. 82–99. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    The Coq Development Team. Coq, version 8.2. INRIA (February 2009), http://coq.inria.fr/

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • J. -F. Etienne
    • 1
  • S. Fechter
    • 1
  • E. Juppeaux
    • 1
  1. 1.Safe-RiverParisFrance

Personalised recommendations