Type Inference of Simulink Hierarchical Block Diagrams in Isabelle

Simulink is a de-facto industrial standard for embedded system design. In previous work, we developed a compositional analysis framework for Simulink, the Refinement Calculus of Reactive Systems (RCRS), which allows checking compatibility and substitutability of components. However, standard type checking was not considered in that work. In this paper we present a method for the type inference of Simulink models using the Isabelle theorem prover. A Simulink diagram is translated into an (RCRS) Isabelle theory. Then Isabelle’s powerful type inference mechanism is used to infer the types of the diagram based on the types of the basic blocks. One of the aims is to handle formally as many diagrams as possible. In particular, we want to be able to handle even those diagrams that may have typing ambiguities, provided that they are accepted by Simulink. This method is implemented in our toolset that translates Simulink diagrams into Isabelle theories and simplifies them. We evaluate our technique on several case studies, most notably, an automotive fuel control system benchmark provided by Toyota.

[1]  Sabine Glesner,et al.  Formal Verification of Discrete-Time MATLAB/Simulink Models Using Boogie , 2014, SEFM.

[2]  Alberto L. Sangiovanni-Vincentelli,et al.  Implementing Synchronous Models on Loosely Time Triggered Architectures , 2008, IEEE Transactions on Computers.

[3]  Gabor Karsai,et al.  Semantic Translation of Simulink/Stateflow Models to Hybrid Automata Using Graph Transformations , 2004, GT-VMT@ETAPS.

[4]  Markus Wenzel,et al.  Constructive Type Classes in Isabelle , 2006, TYPES.

[5]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[6]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[7]  Jun Sun,et al.  A formal framework for modeling and validating Simulink diagrams , 2009, Formal Aspects of Computing.

[8]  Joseph Sifakis,et al.  Compositional translation of simulink models into synchronous BIP , 2010, International Symposium on Industrial Embedded System (SIES).

[9]  Natarajan Shankar,et al.  SimCheck: a contract type system for Simulink , 2011, Innovations in Systems and Software Engineering.

[10]  Stavros Tripakis,et al.  Translating discrete-time simulink to lustre , 2003, TECS.

[11]  Ratnesh Kumar,et al.  Semantic Translation of Simulink Diagrams to Input/Output Extended Finite Automata , 2012, Discret. Event Dyn. Syst..

[12]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[13]  Stavros Tripakis,et al.  Refinement calculus of reactive systems , 2014, 2014 International Conference on Embedded Software (EMSOFT).

[14]  Sudeepa Roy,et al.  Tool for Translating Simulink Models into Input Language of a Model Checker , 2006, ICFEM.

[15]  Stavros Tripakis,et al.  Compositional Semantics and Analysis of Hierarchical Block Diagrams , 2016, SPIN.

[16]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[17]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[18]  Stavros Tripakis,et al.  Towards Compositional Feedback in Non-Deterministic and Non-Input-Receptive Systems* , 2015, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[19]  Edward A. Lee,et al.  A Theory of Synchronous Relational Interfaces , 2011, TOPL.

[20]  Goran Frehse,et al.  SL2SX Translator: From Simulink to SpaceEx Models , 2016, HSCC.

[21]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[22]  Shengchao Qin,et al.  Verifying Simulink diagrams via a Hybrid Hoare Logic Prover , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[23]  Kenneth R. Butts,et al.  Powertrain control verification benchmark , 2014, HSCC.

[24]  Valeriy Vyatkin,et al.  Transformation of Simulink models to IEC 61499 Function Blocks for verification of distributed control systems , 2012 .