Statecharts: A visual formalism for complex systems
Science of Computer Programming
Defining and translating a "safe" subset of simulink/stateflow into lustre
Proceedings of the 4th ACM international conference on Embedded software
A denotational semantics for stateflow
Proceedings of the 5th ACM international conference on Embedded software
An operational semantics for Stateflow
International Journal on Software Tools for Technology Transfer (STTT)
Formal methods: Practice and experience
ACM Computing Surveys (CSUR)
Automated Property Verification for Large Scale B Models
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Model Based Testing and Abstract Interpretation in the Railway Signaling Context
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
A story about formal methods adoption by a railway signaling manufacturer
FM'06 Proceedings of the 14th international conference on Formal Methods
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Science of Computer Programming
Where does model-driven engineering help? Experiences from three industrial cases
Software and Systems Modeling (SoSyM)
Hi-index | 0.00 |
The railway and metro signaling industries are currently investigating strategies for the introduction of formal model based development within their development processes. Among the various platforms supporting this technology, the Simulink/Stateflow tool-suite has been adopted in various safety-critical domains for modeling and code generation of control systems. Despite their flexibility and ease of use, introduction of these tools for developing dependable software, and in particular signaling applications, has been often hampered by the lack of a rigorous formal semantics and by the absence of a certified code generator. This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metrô Rio Automatic Train Protection system, describing the design strategy and the approach followed in addressing weaknesses and certification issues related to the adopted tool-suite.