ebook img

Formal Methods Applied to Complex Systems PDF

478 Pages·2014·7.988 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Formal Methods Applied to Complex Systems

W632-Boulanger.qxp_Layout 1 21/05/2014 08:40 Page 1 COMPUTER ENGINEERING SERIES This book presents real-world examples of formal techniques in JE ed an industrial context. It covers formal methods such as SCADE, anite the B-Method, ControlBuild and Matelo, in various fields such as -Lod Formal Methods b u railways, aeronautics, and the automotive industry. The purpose iy s of this book is to present a summary of experience on the use of B o “formal methods” (such as proof and model-checking) in u Applied to Industrial l a industrial examples of complex systems, based on the n g experience of people currently involved in the creation and e r evaluation of safety critical system software. The involvement of Complex Systems people from within the industry allows the authors to avoid the usual confidentiality problems which can arise and thus enables them to supply new useful information (photos, architecture t o plans, real examples, etc.). I The authors cover the following topics: the use of SCADE, n F o constraint solving in B, validation of Petri Nets-based automated d r u rail safety, Mitsubichi, Clearsy, the B-method, B extended to m s Edited by flight, which is sufficient to prove avionics software, data t a validation with ProB, proof with new GNATprove tools. r l i Jean-Louis Boulanger a M l e C t o h m o Jean-Louis Boulanger is currently an Independent Safety d p Assessor (ISA) in the railway domain focusing on software s l e elements. He is a specialist in software engineering (requirement A x engineering, semi-formal and formal method, proof and model- p checking). He also works as an expert for the French notified body S p y CERTIFER in the field of certification of safety critical railway l s i applications based on software (ERTMS, SCADA, automatic e t subway, etc.). His research interests include requirements, e d m software verification and validation, traceability and RAMS with a special focus on SAFETY. s Z(7ib8e8-CBGDCH( www.iste.co.uk Formal Methods Applied to Industrial Complex Systems Dedicated to Mr Paul Caspi Series Editor Jean-Charles Pomerol Formal Methods Applied to Industrial Complex Systems Edited by Jean-Louis Boulanger Firstpublished2014inGreatBritainandtheUnitedStatesbyISTELtdandJohnWiley&Sons,Inc. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permittedundertheCopyright,DesignsandPatentsAct1988,thispublicationmayonlybereproduced, storedortransmitted,inanyformorbyanymeans,withthepriorpermissioninwritingofthepublishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentionedaddress: ISTELtd JohnWiley&Sons,Inc. 27-37StGeorge’sRoad 111RiverStreet LondonSW194EU Hoboken,NJ07030 UK USA www.iste.co.uk www.wiley.com ©ISTELtd2014 TherightsofJean-LouisBoulangertobeidentifiedastheauthorofthisworkhavebeenassertedbyhim inaccordancewiththeCopyright,DesignsandPatentsAct1988. LibraryofCongressControlNumber: 2014936487 BritishLibraryCataloguing-in-PublicationData ACIPrecordforthisbookisavailablefromtheBritishLibrary ISBN978-1-84821-632-7 PrintedandboundinGreatBritainbyCPIGroup(UK)Ltd.,Croydon,SurreyCR04YY Contents INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii CHAPTER1.FORMALDESCRIPTIONANDMODELINGOFRISKS. . . . . . . . . 1 Jean-LouisBOULANGER 1.1.Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2.Standardprocess. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2.1.Risks,undesirableeventsandaccidents. . . . . . . . . . . . . . . . . 2 1.2.2.Usualprocess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.3.Formalsoftwareprocessesforsafety-criticalsystems . . . . . . . . 8 1.2.4.Formalmethodsforsafety-criticalsystems. . . . . . . . . . . . . . . 9 1.2.5.Safetykernel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.1.Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.2.Riskmasteryprocess. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.4.Casestudy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.1.Railtransportsystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.2.Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.3.Descriptionoftheenvironment. . . . . . . . . . . . . . . . . . . . . . 14 1.4.4.Definitionofside-oncollision . . . . . . . . . . . . . . . . . . . . . . 16 1.4.5.Riskanalysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.5.Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 1.5.1.TheBmethod. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 1.5.2.Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.5.3.Specificationoftherailtransportsystemandside-oncollision. . . 19 1.6.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 1.7.Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 1.8.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 vi FormalMethodsAppliedtoIndustrialComplexSystems CHAPTER2.ANINNOVATIVEAPPROACHANDAN ADVENTUREIN RAILSAFETY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 SylvainFIORONI 2.1.Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.2.OpenControlofTrainInterchangeableandIntegratedSystem . . . . . 30 2.3.Computerizedinterlockingsystems . . . . . . . . . . . . . . . . . . . . . 32 2.4.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.5.Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 2.6.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 CHAPTER3.USEOFFORMALPROOFFORCBTC(OCTYS) . . . . . . . . . . 37 ChristopheTREMBLIN,PierreLESOILLEandOmarREZZOUG 3.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.2.PresentationoftheOpenControlofTrainInterchangeable andIntegratedSystemCBTC . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.2.1.OpenControlofTrainInterchangeableandIntegrated System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.2.2.PurposeofCBTC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2.3.CBTCarchitectures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 3.3.Zonecontrolequipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.3.1.Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.3.2.SCADEmodel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.4.Implementationofthesolution . . . . . . . . . . . . . . . . . . . . . . . . 46 3.5.Technicalsolutionandimplementation . . . . . . . . . . . . . . . . . . . 49 3.5.1.Propertydefinition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.5.2.Twobasicprinciplesofpropertydefinition . . . . . . . . . . . . . . 50 3.5.3.Testtopologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.5.4.Initialanalyses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.5.5.Thepropertytreatmentprocess. . . . . . . . . . . . . . . . . . . . . . 57 3.5.6.Non-regression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.6.Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 3.7.Possibleimprovements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 3.8.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 3.9.Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.10.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 CHAPTER4.SAFETYDEMONSTRATIONFORARAILSIGNALING APPLICATIONINNOMINALANDDEGRADEDMODESUSING FORMALPROOF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Jean-MarcMOTA,EvgueniaDMITRIEVA,AmelMAMMAR, PaulCASPI,SalimehBEHNIA,NicolasBRETONandPascalRAYMOND 4.1.Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Contents vii 4.1.1.Context. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 4.2.Casedescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 4.2.1.OperationalarchitectureofthePMIsystem . . . . . . . . . . . . . . 75 4.2.2.CIMsubsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 4.2.3.CIMprogramverificationwithandwithoutproof . . . . . . . . . . 78 4.2.4.Scopeofverification. . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 4.3.Modelingthewholesystem . . . . . . . . . . . . . . . . . . . . . . . . . . 82 4.3.1.Applicationmodel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 4.3.2.Safetyproperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.3.3.Environmentmodel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 4.4.Formalproofsuite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.4.1.Modelingthesystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.4.2.Non-certifiedanalysischain . . . . . . . . . . . . . . . . . . . . . . . 98 4.4.3.Thecertifiedanalysischain. . . . . . . . . . . . . . . . . . . . . . . . 99 4.4.4.Assessmentoftheproofsuite. . . . . . . . . . . . . . . . . . . . . . . 100 4.5.Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.6.Resultsofourexperience. . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.6.1.Environmentmodeling. . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.6.2.Proofvs.testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.6.3.Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.7.Conclusionandprospects . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.8.Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.9.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 CHAPTER5.FORMALVERIFICATIONOFDATAFOR PARAMETERIZEDSYSTEMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 MathieuCLABAUT 5.1.Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.1.1.Systerel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.1.2.Dataverification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.1.3.Parameterizedsystems. . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.2.Datainthedevelopmentcycle. . . . . . . . . . . . . . . . . . . . . . . . . 118 5.2.1.Dataandpropertyidentification . . . . . . . . . . . . . . . . . . . . . 119 5.2.2.Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 5.2.3.Propertyvalidation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5.2.4.Dataproduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5.2.5.Propertyverificationusingdata . . . . . . . . . . . . . . . . . . . . . 120 5.2.6.Dataintegration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5.3.Dataverification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 5.3.1.Manualverification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 5.3.2.Algorithmicverification. . . . . . . . . . . . . . . . . . . . . . . . . . 122 5.3.3.Formalverification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 5.4.Exampleofimplementation . . . . . . . . . . . . . . . . . . . . . . . . . . 130 viii FormalMethodsAppliedtoIndustrialComplexSystems 5.4.1.Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 5.4.2.Propertymodeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 5.4.3.Dataextraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 5.4.4.Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 5.5.SSIL4process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 5.6.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 5.7.Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 5.8.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 CHAPTER6.ERTMSMODELINGUSINGEFS. . . . . . . . . . . . . . . . . . . . 137 LaurentFERIER,SvitlanaLUKICHEVAandStanislasPINTE 6.1.Thecontext. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 6.2.EFSdescription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 6.2.1.Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 6.2.2.Modelingprocess. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 6.2.3.Interpretationorcodegeneration. . . . . . . . . . . . . . . . . . . . . 148 6.3.Brakingcurvesmodeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 6.3.1.Computingbrakingcurves . . . . . . . . . . . . . . . . . . . . . . . . 149 6.3.2.Permittedspeedandspeedlimitationcurves. . . . . . . . . . . . . . 151 6.3.3.Decelerationfactors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 6.3.4.Decelerationcurves. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 6.3.5.Targetsupervisionlimits . . . . . . . . . . . . . . . . . . . . . . . . . 159 6.3.6.Symboliccomputation. . . . . . . . . . . . . . . . . . . . . . . . . . . 159 6.3.7.Brakingcurvesverification . . . . . . . . . . . . . . . . . . . . . . . . 160 6.4.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 6.5.Furtherworks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 6.6.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 CHAPTER7.THEUSEOFA“MODEL-BASEDDESIGN”APPROACHON ANERTMSLEVEL2GROUNDSYSTEM . . . . . . . . . . . . . . . . . . . . . . . 165 StéphaneCALLET,SaïdELFASSI,HervéFEDELER,DamienLEDOUXand ThierryNAVARRO 7.1.Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 7.2.ModelinganERTMSLevel2RBC . . . . . . . . . . . . . . . . . . . . 168 7.2.1.Overallarchitectureofthemodel . . . . . . . . . . . . . . . . . . . . 170 7.2.2.Functionalseparation . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 7.3.Generationoftheconfiguration. . . . . . . . . . . . . . . . . . . . . . . . 175 7.3.1.Developmentofatrackplan . . . . . . . . . . . . . . . . . . . . . . . 175 7.3.2.Writingtheconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . 176 7.3.3.TranslationoftheconfigurationstotheMATLAB/ Simulinkformat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 7.4.Validatingthemodel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 7.4.1.Developmentofalanguageinwhichtowritethescenarios. . . . . 178

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.