He Zhao,Bin Fang,Hui-jie Li,Pu Wang

DOI: https://doi.org/10.2991/icismme-15.2015.288

2015-01-01

Abstract:In order to ensure the safety of equipment and persons, the rigorous requirements on the correctness and reliability of control program are always needed in industrial control system. The traditional program design methods are based on the realization of the functions and verified by the simulations and tests. Errors can only be founded during the simulation and test phase. And some vital errors cannot be tested, because these errors may cause damages to the equipment and persons. So the correctness and reliability of control program cannot be ensured. For these problems, the formal design methods emerged as the times require. The errors can be found in design level by the formalized-model. In other word, formal methods could detect the errors earlier, reduce the cost of development, and are suitable for the occasions that require rigorous requirements on the correctness and reliability. This paper discussed a kind of Event-B based formal method, using Rodin Platform, to model, refine and verify the automated production line control system.

Paulius Stankaitis,Alexei Iliasov,David Adjepon-Yamoah,Alexander Romanovsky

DOI: https://doi.org/10.48550/arXiv.1611.02923

2016-11-09

Abstract:Event-B is one of more popular notations for model-based, proof driven specification. It offers a fairly high-level mathematical lan- guage based on FOL and ZF set theory and an economical yet expres- sive modelling notation. Model correctness is established by discharging proving a number conjectures constructed via a syntactic instantiation of schematic conditions. A large proportion of provable conjectures re- quires proof hints from a user. For larger models this becomes extremely onerous as identical or similar proofs have to be repeated over and over, especially after model refactoring stages. In the paper we briefly present a new Rodin Platform proof back-end based on the Why3 umbrella prover.

Software Engineering

Haoxuan Yuan,Fang Li,Xin Huang

DOI: https://doi.org/10.1109/ICIS46139.2019.8940189

2019-01-01

Abstract:The intelligent production line is a complex application with a large number of independent equipment network integration. In view of the characteristics of CPS, the existing modeling methods cannot well meet the application requirements of large scale high-performance system. a formal simulation verification framework and verification method are designed for the performance constraints such as the real-time and security of the intelligent production line based on soft bus. A model-based service-oriented integration approach is employed, which adopts a model-centric way to automate the development course of the entire software life cycle. Developing experience indicate that the proposed approach based on the formal modeling and verification framework in this paper can improve the performance of the system, which is also helpful to achieve the balance of the production line and maintain the reasonable use rate of the processing equipment.

Abeer Saeed Abdo Hadad,Chunyan Ma,Adeeb Abdulwakeel Obadi Ahmed

DOI: https://doi.org/10.1109/access.2020.2987972

IF: 3.9

2020-01-01

IEEE Access

Abstract:AADL is widely used to depict the architecture and behavior of real-time safety-critical systems such as avionics and aerospace. The development of these systems has strict requirements for building fault-free systems. Formal verification is frequently applied to verify the critical properties of the systems, such as safety and liveness; however, the formal verification is not supported by AADL. Model transformation is commonly applied to provide formal semantics; hence, the AADL model can be verified by a language that supports formal verification in addition to the ability to cover all AADL model behavior. Event-B, with its proof obligation, is increasingly used to model and verify safety-critical systems. This paper presents the transformation of the AADL model into Event-B, which captures most AADL components and behavioral actions to be effective in the verification of current real-time systems models. Then, we define theorems and invariants of safety and liveness properties to be proven by using the RODIN platform. To demonstrate the efficacy of our method, we model the AADL of movement authority (MA) control of the Chinese Train Control System, transform the AADL model to Event-B and verify its crucial properties.

Siwei Zhu,Jianjun Zhang,Sulei Zhao,Zhenchun Wei,Yang Lu,Lei Cheng

DOI: https://doi.org/10.1016/j.compeleceng.2020.106790

2020-10-01

Abstract:<p>The traditional underground mine locomotive unmanned system is difficult to define requirements accurately and guarantee the functional safety and integrity. To solve this problem, a solution based on Event-B formal method is put forward. In this paper, we select the locomotive running process control for formal modeling and verification, which is the core of the underground mine locomotive unmanned system. Based on the Event-B formal method and Rodin platform, five refinements are proposed to model and verify the locomotive running process control with both discrete and continuous attributes. The correctness, consistency and deadlock-freeness of the system design in the actual situation are verified with extensive simulations. The verification and simulation results show that the solution meets the design requirements of the running process control of the underground mine locomotive.</p>

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

TONG Hudong,NING Bin,WANG Haifeng

DOI: https://doi.org/10.3969/j.issn.1005-8451.2013.06.016

2013-01-01

Abstract:Computer Interlocking System was a safety critical system.Traditional development method for interlocking software couldn't ensure the completeness and safety of software function.The all errors couldn't be found by test.This paper used Event-B formalization method and relative tools to build models for the core function of interlocking—concerning its function requirement and safety requirement of route control,refined and proved the models.This method provided a new way of developing interlocking software.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Xia Mao,Yueling Zhang,Jianqi Shi,Yanhong Huang,Qin Li

DOI: https://doi.org/10.1016/j.scico.2021.102763

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Programmable Logic Controllers (PLC) are widely used in Industrial Control Systems (ICS) with strict safety assurance requirements. Unfortunately, traditional techniques for debugging prefer to use post-development approaches, such as simulation and black-box testing, rather than enhancing safety before programing. In this paper, we propose a refinement-based approach to model and verify PLC systems, aiming to assure safety properties by construction. It uses the Event-B formalism and focuses on the levels of requirement analysis, specification refinement, and system development. This approach takes a three-layer framework stepwise to specify the behaviors and properties of PLC programs, thereby reducing the modeling complexity. The basic firmware layer models the general mechanisms of PLC firmware, such as periodical instruction execution and centralized I/O scanning, which are application-independent models with fundamental safety properties at an abstract level. The middle layer establishes configuration models. These models correspond to the PLC settings and interactive environments of a specific system, such as I/O addresses and peripheral devices. The business layer models business logic with more specific system-level safety requirements. With our approach, the safety properties of PLC systems can be verified throughout the modeling and refinement process. In addition, rules are proposed to convert the most concrete Event-B model into PLC code satisfying the IEC 61131-3 standard. We demonstrate this approach with a real-world running example of a pump control system for gas transmission.

Zhen Li,Bin Liu,Ning Ma,Yongfeng Yin

DOI: https://doi.org/10.1109/icrms.2009.5270098

2009-01-01

Abstract:Embedded systems have the features of being driven by events, concurrency, high safety, high reliability and so on. Considering the system states transference, real-time concurrence and schedule strategies, it is necessary and suitable to use formal methods to software testing. This paper laid out the induction of the dependable attributes of embedded software and focused on the modeling and validation on models in a formal view. Meanwhile, we put forward an integrated framework to test embedded software with formal validation and automated test cases generation. Using this framework and according to the collected failure mode base, we can improve the efficiency of testing by generating corresponding and various test cases automatically. In the end the framework was proven to be practical with an example, which expanded the formal description of state charts and generated test cases on interface automatically.

Mo Xia,Mian Sun,Guiming Luo,Xibin Zhao

DOI: https://doi.org/10.1109/icci-cc.2013.6622270

2013-01-01

Abstract:Programmable Logic Controller (PLC) have been widely used in industries, and safety and reliability of them has been urgently concerned. However, it's hard to verify all the cases to discover the logical flaws of complex systems by traditional testing. Formal verification methods introduce mathematical rigor in their analysis thereby guaranteeing exhaustive state space coverage. But there is not an effective and efficient tool for PLC verification, and the general-purpose formal tools need lots of relevant knowledge. This paper proposes an automatic verification tool for PLC systems. It includes graphical modeling, syntax check, code generation, code optimization and representation of the counter-examples which violate some system properties.

fang yan,tao tang

DOI: https://doi.org/10.2495/safe050561

2005-01-01

Abstract:The safety of software is becoming increasingly important as computers pervade control systems on which human life depends. This has become more complex and in rail transportation fields and the methods to ensure its correctness have been slow in development. One feasible approach is to mathematically verify software design in such systems with Formal Methods. ATP (Automatic Train Protection) is a vital part of Train Control Systems. It assures safe train movement by a combination of train detection, separation of trains running on the same track or over interlocked routes, over speed prevention, and route interlocking. Obviously ATP is a safety-critical system and we regard it as a case study for our formal development methods. Firstly, the multi-tasks ATP onboard software model and state transitions will be modelled with UML; secondly, the timing model will be verified to meet the requirement of timing by SMV model checker; finally, the multi-tasking timing model will be realized with VxWorks (a real-time operating system by WindRiver). A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to assist in developing safety-critical systems.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Hongjiang Gao,Yongsheng Zhao,Jun Liu,Zheng Qin

2007-01-01

Abstract:With increasingly complexity in intellectualized information management systems (IIMS), the problem of their verification and validation is acquiring increasing importance, and rigorous design practices are needed in case of critical applications. In this paper, a practical approach for increasingly developing flexible and reliable formal specifications of IIMS using Event-B is described, with a roles-based collaboration model, exemplified on iterated contract net interaction protocol in the interaction of IIMS, and then B models generated with evt2b supported by Atelier B are then proven in consistency and correctness.

Fei Yan,Tao Tang

DOI: https://doi.org/10.1109/wcica.2008.4592925

2008-01-01

Abstract:The next few years will see distributed real-time computer systems playing an important role in control systems of high-dependability applications, such as rail transportation. In these applications a failure in the temporal domain can be as critical as a failure in the value domain. In rail transportation, train control system has become more complex and the methods to ensure its correctness of have been considered outmoded. The safety of train control system is becoming increasingly important as computers pervade them on which human life depends and the failure to meet time deadline can have serious or even fatal consequences. This paper proposes a formal modeling and verification approach for real-time system. In the proposed method the real-time system is modeled by timed automata network (TAN) and verified by model checking which explores the state space to determine whether the system satisfies a given specification. The case study of ATP (automatic train protection) shows how the method can assist in designing more efficient and reliable real-time systems. Firstly, automatic train protection (ATP) system and timed automata network (TAN) model is proposed; secondly, the state transitions and multi-tasks ATP onboard model was modeled with TAN model, and then the time sequences of each task are expressed in UML sequence diagrams. Finally, the timing characteristics was verified to meet the requirement by UPPAAL model checker. A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to model and verify real-time systems.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Arnaud Dieumegard,Ning Ge,Éric Jenn

2016-01-01

Abstract:The application of formal refinements and formal software verification in an industrial context has already been exposed in multiple work. Whereas the results of such approaches have been presented and its interest argued, the methodology and related pitfalls on its application have not been widely discussed. We present here a report on the difficulties encountered and the lessons learnt applying such a method. In this work, we focus on the verification of safety properties on the developed system, the method applied for the validation of the developed system according to the requirements, the production of executable code from formally refined models, and globally on the lessons we learnt during this development process. We illustrate our work on the development of an anti-collision function of a small rolling robot.

CAO Yuan,TANG Tao,XU Tian-hua,MU Jian-cheng

DOI: https://doi.org/10.19818/j.cnki.1671-1637.2010.01.020

2010-01-01

Journal of Traffic and Transportation Engineering

Abstract:To ensure the correctness of train control system design and development, the ways of simulation, test and formalization were compared. According to the safe critical attribute of train control system, the characters related to system safety were propounded such as real time, hybrid, distribution(concurrence) and reactivity, and the specific formal methods associated with every character were introduced in details. The analysis and classification of the methods were done based on their mathematical basis and applications, and their advantages and disadvantages were given. Analysis result indicates that every method has determinate limitations, which is determined by the essences of model checking and theory proving. It is pointed out that the presentation of new method, the expansion of existing methods and the integration of many methods will be the development trend of formalization in train control system. 1 tab, 10 figs, 46 refs.

Yueshan Zheng,Guiming Luo,Junbo Sun,Junjie Zhang,Zhenfeng Wang

DOI: https://doi.org/10.4236/jsea.2010.311124

2010-01-01

Abstract:High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industrial processes. Some requirements of complex PLC systems cannot be satisfied by the traditional verification methods. In this paper, an efficient method for the PLC systems modeling and verification is proposed. To ensure the high-speed property of PLC, we proposed a technique of “Time interval model” and “notice-waiting”. It could reduce the state space and make it possible to verify some complex PLC systems. Also, the conversion from the built PLC model to the Promela language is obtained and a tool PLC-Checker for modeling and checking PLC systems are designed. Using PLC-Checker to check a classical PLC example, a counter-example is found. Although the probability of this logic error occurs very small, it could result in system crash fatally.

A. Cimatti,F. Giunchiglia,G. Mongardi,D. Romano,F. Torielli,P. Traverso

DOI: https://doi.org/10.1007/s001650050022

1998-01-01

Formal Aspects of Computing

Abstract:In this paper we describe an industrial application of formal methods. We have used model checking techniques to model and formally verify a rather complex software, i.e. part of the “safety logic” of a railway interlocking system. The formal model is structured to retain the reusability and scalability properties of the system being modelled. Part of it is defined once for all at a low cost, and re-used. The rest of the model can be mechanically generated from the designers' current specification language. The model checker is “hidden” to the user, it runs as a powerful debugger. Its performances are impressive: exhaustive analysis of quite complex configurations with respect to rather complex properties are run in the order of minutes. The main reason for this achievement is essentially a carefully designed model, which exploits all the behaviour evolution constraints. The re-usability/scalability of the model and the fact that formal verification is automatic and efficient are the key factors which open up the possibility of a real usage by designers at design time. We have thus assessed the possibility of introducing the novel technique in the development cycle with an advantageous costs/benefits relation.

Peizun Liu,Guiming Luo,Mo Xia,Maosong He

DOI: https://doi.org/10.1109/IWACI.2011.6160012

2011-01-01

Abstract:Execution environment and temporal performance are very important for modeling a real PLC system. They also become two impediments when verifying with model checking. This paper presents a methodology for modeling a PLC system including time and environment. In order to take into account interaction of PLC controller with execution environment, the proposed method extends the modeling method with an event-driven mechanism. The heterogeneous environments are abstracted as concurrent entities and further formalized into state graphs. A timed abstraction method is proposed to deal with real-time features which specified as timer on delay (TON). We have validated our approach on a concrete case study, a controller for steel plate transfer devices, and report on the results obtained for this case study.