Statecharts: A visual formalism for complex systems
Science of Computer Programming
ICSE '90 Proceedings of the 12th international conference on Software engineering
Model checking and abstraction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Bounded Model Checking Using Satisfiability Solving
Formal Methods in System Design
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Symbolic Logic and Mechanical Theorem Proving
Symbolic Logic and Mechanical Theorem Proving
Checking Safety Properties Using Induction and a SAT-Solver
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
TACAS '98 Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Defining and translating a "safe" subset of simulink/stateflow into lustre
Proceedings of the 4th ACM international conference on Embedded software
A denotational semantics for stateflow
Proceedings of the 5th ACM international conference on Embedded software
An operational semantics for Stateflow
International Journal on Software Tools for Technology Transfer (STTT)
Software model checking takes off
Communications of the ACM
Automated Property Verification for Large Scale B Models
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Testing-based translation validation of generated code in the context of IEC 61508
Formal Methods in System Design
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Designing safe, reliable systems using scade
ISoLA'04 Proceedings of the First international conference on Leveraging Applications of Formal Methods
A story about formal methods adoption by a railway signaling manufacturer
FM'06 Proceedings of the 14th international conference on Formal Methods
Lessons learnt from the adoption of formal model-based development
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
An industrial application of formal model based development: the Metrô Rio ATP case
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
Adoption of Model-Based Testing and Abstract Interpretation by a Railway Signalling Manufacturer
International Journal of Embedded and Real-Time Communication Systems
| Hi-index | 0.00 |
This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metro Rio Automatic Train Protection system. Particular focus is given to the strategies followed to address formal weaknesses and certification issues of the adopted tool-suite. On the development side, constraints on the Simulink/Stateflow semantics have been introduced and design practices have been adopted to gradually achieve a formal model of the system. On the verification side, a two-phase approach based on model-based testing and abstract interpretation has been followed to enforce functional correctness and runtime error freedom. Formal verification has been experimented as a side activity of the project. Quantitative results are presented to assess the overall strategy: the effort required by the design activities is balanced by the effectiveness of the verification tasks enabled by model-based development and automatic code generation.