An industrial application of formal model based development: the Metrô Rio ATP case

Authors:
Alessio Ferrari;Mario Papini;Alessandro Fantechi;Daniele Grasso
Affiliations:
General Electric Transportation Systems, Florence, Italy;General Electric Transportation Systems, Florence, Italy;University of Florence, Florence, Italy;University of Florence, Florence, Italy
Venue:
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
Year:
2010

Citing 8
Cited 3

Statecharts: A visual formalism for complex systems

Science of Computer Programming
Defining and translating a "safe" subset of simulink/stateflow into lustre

Proceedings of the 4th ACM international conference on Embedded software
A denotational semantics for stateflow

Proceedings of the 5th ACM international conference on Embedded software
An operational semantics for Stateflow

International Journal on Software Tools for Technology Transfer (STTT)
Formal methods: Practice and experience

ACM Computing Surveys (CSUR)
Automated Property Verification for Large Scale B Models

FM '09 Proceedings of the 2nd World Congress on Formal Methods
Model Based Testing and Abstract Interpretation in the Railway Signaling Context

ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
A story about formal methods adoption by a railway signaling manufacturer

FM'06 Proceedings of the 14th international conference on Formal Methods

The metrô rio ATP case study

FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
The Metrô Rio case study

Science of Computer Programming
Where does model-driven engineering help? Experiences from three industrial cases

Software and Systems Modeling (SoSyM)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The railway and metro signaling industries are currently investigating strategies for the introduction of formal model based development within their development processes. Among the various platforms supporting this technology, the Simulink/Stateflow tool-suite has been adopted in various safety-critical domains for modeling and code generation of control systems. Despite their flexibility and ease of use, introduction of these tools for developing dependable software, and in particular signaling applications, has been often hampered by the lack of a rigorous formal semantics and by the absence of a certified code generator. This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metrô Rio Automatic Train Protection system, describing the design strategy and the approach followed in addressing weaknesses and certification issues related to the adopted tool-suite.