Formal Methods
eBook - ePub

Formal Methods

Industrial Use from Model to the Code

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Formal Methods

Industrial Use from Model to the Code

About this book

Although formal analysis programming techniques may be quite old, the introduction of formal methods only dates from the 1980s. These techniques enable us to analyze the behavior of a software application, described in a programming language. It took until the end of the 1990s before formal methods or the B method could be implemented in industrial applications or be usable in an industrial setting.

Current literature only gives students and researchers very general overviews of formal methods. The purpose of this book is to present feedback from experience on the use of "formal methods" (such as proof and model-checking) in industrial examples within the transportation domain.

This book is based on the experience of people who are currently involved in the creation and evaluation of safety critical system software. The involvement of people from within the industry allows us to avoid the usual problems of confidentiality which could arise and thus enables us to supply new useful information (photos, architecture plans, real examples, etc.).

Topics covered by the chapters of this book include SAET-METEOR, the B method and B tools, model-based design using Simulink, the Simulink design verifier proof tool, the implementation and applications of SCADE (Safety Critical Application Development Environment), GATeL: A V&V Platform for SCADE models and ControlBuild.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Chapter 1

From Classic Languages to Formal Methods 1

1.1. Introduction

The introduction to this book has provided the opportunity to set formal analysis techniques in a general context. In this chapter, we are going to focus on formal methods and their implementation.
The classic development process of a software application is based on the use of a programming language (for example, Ada [ANS 83], C [ISO 99] and/or C++ [ISO 03]). These languages have a certain abstraction level in comparison to the code finally executed on the computer, a program is a set of line of code write manually.
The size of applications has gone from several thousands of lines to several hundreds of thousands of lines of code (possibly several millions for new applications). Considering the number of faults introduced by developers, it is then important to use techniques to limit the number of faults introduced and to more easily identify potential faults.
As we will show later, formal methods enable us to fulfill this double objective.

1.2. Classic development

The objective of this section is to analyze the weaknesses of the classic (meaning non-formal) process, which is implemented to make a software application.

1.2.1. Development process

1.2.1.1. Presentation

The creation of a software application is broken down into stages (specification, design, coding, tests, etc.). We refer to the lifecycle. The lifecycle is necessary to describe the dependencies and sequencing between activities.
Figure 1.1. Three possible lifecycles
ch1-fig1.1.gif
The lifecycle must take into account the progressive refinement aspect of the development as well as possible iterations. In this section, we present the lifecycle, which is used to make a software application.
As Figure 1.1 shows, there are several cycles: a) V-cycle, b) waterfall cycle, c) spiral cycle, etc. for making a software application, but the cycle recommended by different standards (CENELEC EN 50128 [CEN 01], DO 178 [ARI 92], IEC 61508 [IEC 98], ISO 26262 [ISO 09]) remains the V-cycle.
Figure 1.2 presents the V-cycle as it is generally presented. The objective of needs analysis is to verify adequacy to the expectations of the client and technological feasibility. The objective of the specification phase is to describe what the software must do (and not how it will do it). In the context of architecture definition, the aim is create a hierarchical breakdown of the software application into modules/components and to identify interfaces between these elements.
Figure 1.2. V-cycle
ch1-fig1.2.gif
Description of each module/component (data, algorithms, etc.) is achieved within the framework of the design. The design phase is often separated into two stages. The first stage, named preliminary design, aims to identify manipulated data and necessary services; the second stage, named detailed design, aims to describe all services through their algorithms. The design phase then gives rise to the coding phase.
Figure 1.2 shows that there are different test phases: module tests (focused on the lowest-level components), integration tests (focused on software and/or hardware interfaces), and functional tests (sometimes known as validation tests), which show that a product conforms to its specification. As for the operation/maintenance phase, it involves operational life and control of potential evolutions.
There is a horizontal correspondence (dotted arrow) between activity specification and design and activity testing. The V-cycle is thus broken down into two phases: bottom-up phase and top-down phase. Top-down phase activity (execution of the MT/IT and FT) must be processed during the bottom-up phase. Figure 1.3 is thus closer to the V-cycle recommended.
Figure 1.3. V-cycle including test specifications
ch1-fig1.3.gif

1.2.1.2. Advantages/disadvantages

The V-cycle of Figure 1.3 reveals that faults introduced in the making of the software application will be detected during the top-down phase, which has a direct impact on the cost and delays of making the software.
Experience in safety-critical applications shows that activity testing accounts for 50% to 75% of the cost of production and that the presence of faults can multiply delays in production two or three times over.
Increased delays are caused by the discovery of anomalies, their identification, analysis of their effects (impact on the safety and/or reliability of the software application), selection of anomalies to correct, analysis of anomalies, implementation of corrections and verification of corrections (in general, verifying correct implementation of modifications is achieved through test runs, but it will be necessary to verify that no additional modification has been implemented).
Analysis of anomalies is achieved through an impact analysis (definition 1.1) and a non-regression analysis (definition 1.2). In certain cases, non-regression is said to be total, and for this, it is necessary to re-execute the series of tests on one phase or all phases.
The objective of non-regression analysis is to minimize the cost of a new version.
DEFINITION 1.1.— IMPACT ANALYSIS. Impact analysis of an anomaly consists of identifying modifications to make in the bottom-up phase (impact on the documents, impact on the code, impact on the description and test implementations) of production.
DEFINITION 1.2.— NON-REGRESSION ANALYSIS. Non-regression analysis consists of determining a series of tests, which make it possible to demonstrate that the modification made has not had an effect on the rest of the software application1.
In addition, it should be noted that the cost of correcting a fault is directly linked to the phase during which it is identified. In effect, detecting a fault during the functional testing phase is 10 to 100 times more expensive (not to mention higher in certain cases) than a fault identified in the module testing phase. This cost is linked to resources that have been used right up to discovery of the fault and to the difficulty of carrying out functional testing (usage of targeting equipment, necessity of taking real time into account, difficulty of observation, technical expertise of people involved, etc.).
Our experience feedback (in a railway system2 evaluator/certifier cap...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Introduction
  5. Chapter 1: From Classic Languages to Formal Methods
  6. Chapter 2: Formal Method in the Railway Sector the First Complex Application: SAET-METEOR
  7. Chapter 3: The B Method and B Tools
  8. Chapter 4: Model-Based Design Using Simulink — Modeling, Code Generation, Verification, and Validation
  9. Chapter 5: Proving Global Properties with the Aid of the SIMULINK DESIGN VERIFIER Proof Tool
  10. Chapter 6: SCADE: Implementation and Applications
  11. Chapter 7: GATeL: A V&V Platform for SCADE Models
  12. Chapter 8: ControlBuild, a Development Framework for Control Engineering
  13. Chapter 9: Conclusion
  14. Glossary
  15. List of Authors
  16. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Formal Methods by Jean-Louis Boulanger in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Industrial Engineering. We have over one million books available in our catalogue for you to explore.