Skip to main content
SpringerLink
Log in

From control law diagrams to Ada via Circus

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Control engineers make extensive use of diagrammatic notations; control law diagrams are used in industry every day. Techniques and tools for analysis of these diagrams or their models are plentiful, but verification of their implementations is a challenge that has been taken up by few. We are aware only of approaches that rely on automatic code generation, which is not enough assurance for certification, and often not adequate when tailored hardware components are used. Our work is based on Circus, a notation that combines Z, CSP, and a refinement calculus, and on industrial tools that produce partial Z and CSP models of discrete-time Simulink diagrams. We present a strategy to translate Simulink diagrams to Circus, and a strategy to prove that a parallel Ada implementation refines the Circus specification; we rely on a Circus semantics for the program. By using a combined notation, we provide a specification that considers both functional and behavioural aspects of a large set of diagrams, and support verification of a large number of implementations. We can handle, for instance, arbitrarily large data types and dynamic scheduling.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adams MM, Clayton PB (2005) Cost-effective formal verification for control systems. In: Lau K, Banach R (eds) ICFEM 2005: formal methods and software engineering. Lecture notes in computer science, vol 3785. Springer, Berlin, pp 465–479

  2. Arthan R, Caseley P, O’Halloran CM, Smith A (2000) ClawZ: control laws in Z. In: 3rd international conference on formal engineering methods. IEEE Press, pp 169–176

  3. Aldrich B, Fehnker A, Feiler PH, Han Z, Krogh BH, Lim K, Sivashankar S (2004) Managing verification activities using SVM. In: Davies J, Schultte W, Barnett M (eds) 6th international conference on formal engineering methods. Lecture notes in computer science, vol 3308. Springer, Berlin, pp 61–75

  4. Alur R, Henzinger TA, Lafeerriere G, Pappas GJ (2000) Discrete abstractions of hybrid systems. Proc IEEE 88(2): 971–984

    Article  Google Scholar 

  5. Barnes J (2005) Programming in Ada 95. Addison-Wesley, Reading

    Google Scholar 

  6. Basir N, Denney E, Fischer B (2010) Deriving safety cases for hierarchical structure in model-based development. In: Computer safety, reliability, and security. Lecture Notes in Computer Science, vol 6351. Springer, Berlin, pp 68–81

  7. Blow J, Galloway A (2002) Generalised substitution language and differentials. In: Bert D, Bowen JP, Henson MC, Robinson K (eds) ZB 2002: Formal Specification and Development in Z and B. of Lecture notes in computer science, vol 2272. Springer, Berlin, pp 396–415

  8. Boulton RJ, Gottliebsen H, Hardy R, Kelsy T, Martin U (2004) Design verification for control engineering. In: Boiten EA, Derrick J, Smith G (eds) IFM 2004: integrated formal methods. Lecture notes in computer science, vol 2999. Springer, Berlin, pp 21–35 Invited paper

  9. Boulton RJ, Hardy R, Martin U (2003) A hoare-logic for single-input single-output continuous-time control systems. In: 6th international workshop on hybrid systems: computation and control. Lecture notes in computer science, vol 2623. Springer, Berlin, pp 113–125

  10. Boström P, Morel L, Waldén M (2007) Stepwise development of Simulink models using the refinement calculus framework. In: Woodcock JCP, Jones CB, Liu Z (eds) International colloquium on theoretical aspects of computing. Lecture notes in computer science, vol 4711. Springer, Berlin

  11. Cavalcanti ALC (2008) Stateflow diagrams in Circus. In: Machado P (eds) SBMF 2008: Brazilian symposium on formal methods. In: Electronic notes in theoretical computer science. Elsevier, Amsterdam (invited paper)

  12. Cavalcanti ALC, Clayton P (2006) Verification of control systems using Circus. In: 11th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, pp 269–278

  13. Caspi P, Curic A, Maignan A, Sofronis C, Tripakis S (2003) Translating discrete-time Simulink to lustre. In: Alur R, Lee I (eds) EMSOFT 2003. Lecture Notes in Computer Science, vol 2855. Springer, Berlin, pp 84–99

  14. Cavalcanti ALC, Clayton P, O’Halloran C (2005) Control law diagrams in Circus. In: Fitzgerald J, Hayes IJ, Tarlecki A (eds) FM 2005: formal methods. Lecture notes in computer science, vol 3582. Springer, Berlin, pp 253–268

  15. Chen C, Dong JS (2006) Applying timed interval calculus to Simulink diagrams. In: Liu Z, Jifeng H (eds) International conference on formal engineering methods. Lecture notes in computer science. Springer, Berlin, pp 74–93

  16. Chen C, Dong JS, Sun J (2009) A formal framework for modeling and validating simulink diagrams. Formal Aspects of Computing 21(5): 451–484

    Article  MATH  Google Scholar 

  17. Cavalcanti ALC, Sampaio ACA, Woodcock JCP (2003) A refinement strategy for Circus. Formal Aspects Comput 15(2–3): 146–181

    Article  MATH  Google Scholar 

  18. Cavalcanti ALC, Woodcock JCP (1999) ZRC—a refinement calculus for Z. Formal Aspects Comput 10(3): 267–289

    Article  Google Scholar 

  19. Dajani-Brown S, Cofer D, Hartmann G, Pratt S (2003) Formal modeling and analysis of an avionics triplex sensor voter. In: Ball T, Rajamani SK (eds) SPIN 2003. Lecture notes in computer science, vol 2648. Springer, Berlin, pp 34–48

  20. Freitas AF, Cavalcanti ALC (2006) Automatic translation from Circus to Java. In: Misra J, Nipkow T, Sekerinski E (eds) FM 2006: formal methods. Lecture notes in computer science, vol 4085. Springer, Berlin, pp 115–130

  21. Freitas LJS, Cavalcanti ALC, Woodcock JCP (2006) Taking our own medicine: applying the refinement calculus to state-rich refinement model checking. In: Liu Z, He J (eds) Formal methods and software engineering. 8th international conference on formal engineering methods, ICFEM 2006. Lecture notes in computer science, vol 4260. Springer, Berlin, pp 697–716

  22. Fischer C (1998) How to combine Z with a process algebra. In: Bowen J, Fett A, Hinchey M (eds) ZUM’98: the Z formal specification notation. Springer, Berlin

    Google Scholar 

  23. Fischer C (2000) Combination and implementation of processes and data: from CSP-OZ to Java. PhD thesis, Fachbereich Informatik Universität Oldenburg

  24. Fehnker A, Krogh BH (2004) Hybrid system verification is not a sinecure: electronic throttle control case study. In: Wang F (ed) ATVA 2004. Lecture notes in computer science, vol 3299. Springer, Berlin, pp 263–277

  25. Freitas LJS (2006) Model checking Circus. PhD thesis, University of York, Department of Computer Science

  26. Giese H, Hirsch M (2006) Modular verification of safe online-reconfiguration for proactive components in mechatronic UML. In: Bruel J-M (ed) Satellite events at the MoDELS 2005 conference. Lecture Notes in Computer Science, vol 1618. Springer, Berlin, pp 67–78

  27. Graf S, Haugen O, Ober I, Selic B (2006) Modelling and analysis of real-time and embedded systems. In: Bruel J-M (ed) Satellite events at the MoDELS 2005 conference. Lecture notes in computer science, vol 1618. Springer, Berlin, pp 58–66

  28. Gurr C, Tourlas K (2000) Towards the principled design of software engineering diagrams. In: 22nd international conference on software engineering. ACM Press, pp 509–5188

  29. Hammond K, Michaelson G (2003) Hume: a domain-specific language for real-time embedded systems. In: Generative programming and component engineering. Lecture notes in computer science, vol 2830. Springer, Berlin, pp 37–56

  30. Hoenick J, Olderog E-R (2002) Combining specification techniques for processes, data and time. In: Butler MJ, Petre L, Sere K (eds) Integrated formal methods. Lecture notes in computer science, vol 2335, pp 245–266

  31. Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs

    MATH  Google Scholar 

  32. Joshi A, Heimdahl MPE (2005) Model-Based Safety Analysis of Simulink Models using SCADE Design Verifier. In: Winther R, Gran Ba, Dahll G, editors, SAFECOMP 2005, volume 3688 of Lecture Notes in Computer Science, pages 122–135. Springer-Verlag

  33. Jersak M, Ziegenbein D, Wolf F, Richter K, Ernst R, Cieslok F, Teich J, Strehl K, Thiele L (2000) Embedded system design using the SPI workbench. In: 3rd international forum on design languages

  34. King DJ, Arthan RD, Winnersh ICL (1996) Development of practical verification tools. ICL Syst J 11(1)

  35. Krogh BH (1999) Approximating Hybrid System Dynamics for Analysis and Control. In: Vaandrager FW, van Schuppen JH (eds) Hybrid systems: computation and control: second international workshop. Lecture notes in computer science, vol 1569. Springer, Berlin

  36. Krogh BH (1999) Recent developments in modeling and analysis of hybrid dynamic systems. In: Donatelli S, Kleijn J (eds) Applications and theory of petri nets 1999: 20th international conference. Lecture notes in computer science, vol 1639. Springer, Berlin

  37. Kirsch CM, Sanvido MAA (2002) A Giotto-based helicopter control system. In: Sangiovanni-Vincentelli A, Sifakis J (eds) EMSOFT 2002. Lecture notes in computer science, vol 2491. Springer, Berlin, pp 46–60

  38. Mahony B (2002) 1st international workshop on formalising continuous mathematics. In: The DOVE approach to the design of complex dynamic processes, pp 167–187

  39. The MathWorks,Inc. Simulink. http://www.mathworks.com/products/simulink

  40. Mahony B, Dong JS (2000) Timed communicating object Z. IEEE Trans Softw Eng 26(2): 150–177

    Article  Google Scholar 

  41. Morgan CC (1994) Programming from specifications, 2nd edn. Prentice-Hall, Englewood Cliffs

    MATH  Google Scholar 

  42. Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2003) ArcAngel: a tactic language for refinement. Formal Aspects Comput 15(1): 28–47

    Article  MATH  Google Scholar 

  43. Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2005) Formal development of industrial-scale systems. Innov Syst Softw Eng 1(2): 126–147

    Google Scholar 

  44. Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2007) Unifying theories in ProofPowerZ. Formal Aspects Comput. doi:10.1007/s00165-007-0044-5

  45. Oliveira MVM, Cavalcanti ALC, Woodcock JCP (2009) A UTP semantics for Circus. Formal Aspects Comput 21(1–2): 3–32

    Article  MATH  Google Scholar 

  46. Oliveira MVM (2006) Formal derivation of state-rich reactive programs Using Circus. PhD thesis, University of York

  47. Ranville S, Black PE (2001) Automated testing requirements—automotive perspective. In: 2nd international workshop on automated program analysis, testing and verification

  48. Sherif A, Cavalcanti ALC, Jifeng H, Sampaio ACA (2010) A process algebraic framework for specification and validation of real-time systems. Formal Aspects Computing 22(2): 153–191

    Article  MATH  Google Scholar 

  49. Sherif A (2006) A Framework for Specification and Validation of Real-time Systems using Circus actions. PhD thesis, Centro de Informática/UFPE, Brazil

  50. Sherif A, He Jifeng, Cavalcanti ALC, Sampaio ACA (2005) A framework for specification and validation of real-time systems using circus actions. In: Liu Z, Araki K (eds) International colloquium on theoretical aspects of computing. Lecture notes in computer science, vol 3407. Springer, Berlin, pp 478–493

  51. Spencer C (2002) Model checking for stateflow diagram with floating point variables and complex expressions. Master’s thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University

  52. Tiwari A (2002) Formal semantics and analysis methods for Simulink stateflow models. Technical report, SRI International. http://www.csl.sri.com/~tiwari/stateflow.html

  53. Tiwari A, Khanna G (2002) Series of abstractions for hybrid automata. In: Vaandrager FW, van Schuppen JH (eds) Hybrid systems: computation and control: second international workshop. Lecture notes in computer science, vol 2289. Springer, Berlin, pp 465–478

  54. Treharne H, Schneider S (1999) Using a process algebra to control B operations. In: 1st international conference on integrated formal methods, IFM’99. Springer, Berlin, pp 437–457

  55. Tiwari A, Shankar N, Rushby J (2003) Invisible formal methods for embedded control systems. Proc IEEE 91(1): 29–39

    Article  Google Scholar 

  56. Woodcock JCP, Davies J (1996) Using Z—specification, refinement, and proof. Prentice-Hall, Englewood Cliffs

    MATH  Google Scholar 

  57. Zeyda F, Cavalcanti ALC (2009) Mechanised translation of control law diagrams into Circus. In: Integrated formal methods. Lecture notes in computer science. Springer, Berlin

Download references

Author information

Authors and Affiliations

  1. University of York, York, UK

    Ana Cavalcanti

  2. Systems Assurance Group, QinetiQ, Malvern, UK

    Phil Clayton & Colin O’Halloran

  3. Veonix, Worcester, UK

    Phil Clayton

Authors
  1. Ana Cavalcanti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Phil Clayton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Colin O’Halloran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ana Cavalcanti.

Additional information

Cliff Jones and Ursula Martin

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cavalcanti, A., Clayton, P. & O’Halloran, C. From control law diagrams to Ada via Circus . Form Asp Comp 23, 465–512 (2011). https://doi.org/10.1007/s00165-010-0170-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-010-0170-3

Keywords

Search

Navigation