Understanding Z: a specification language and its formal semantics
Understanding Z: a specification language and its formal semantics
Systematic software development using VDM (2nd ed.)
Systematic software development using VDM (2nd ed.)
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the first ACM SIGPLAN international conference on Functional programming
A Tutorial on Stålmarck‘s Proof Procedure for PropositionalLogic
Formal Methods in System Design - Special issue on formal methods for computer-added design
Synchronous Observers and the Verification of Reactive Systems
AMAST '93 Proceedings of the Third International Conference on Methodology and Software Technology: Algebraic Methodology and Software Technology
MÉTÉOR: An Industrial Success in Formal Development
B '98 Proceedings of the Second International B Conference on Recent Advances in the Development and Use of the B Method
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
From simulink to SCADE/lustre to TTA: a layered approach for distributed embedded applications
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
Defining and translating a "safe" subset of simulink/stateflow into lustre
Proceedings of the 4th ACM international conference on Embedded software
A PVS proof obligation generator for Lustre programs
LPAR'00 Proceedings of the 7th international conference on Logic for programming and automated reasoning
| Hi-index | 0.02 |
In safety-critical control systems, the Scade/Lustre development environment has proved its value, with notable achievements such as the Hong-Kong subway signalling system and Airbus A380 flight controls. The interest of the approach comes from the synchronous data-flow style of the Lustre language which makes is well-adapted to the culture of control engineers. At the same time Lustre is endowed with simple formal semantics which makes it amenable to formal development.The currently running Flush project consists of building a formal system development tool on top of it, by taking advantage of the formal properties of the Lustre language. To this end, a refinement calculus is defined, encompassing both functional and temporal aspects. Refinement proof obligations are generated, and several proof approaches can be used to discharge them: model-checking, abstract interpretation, and theorem proving through repeated induction and, finally translation to PVS proof obligations. The resulting methodology is illustrated on the island example used by J.R. Abrial for presenting the B system method.