Software Engineering with Formal Methods: The Development of a Storm Surge Barrier Control System Revisiting Seven Myths of Formal Methods

This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called BOS, completely autonomously decides about closing and opening of the barrier and, when necessary, also performs these tasks without human intervention. BOS is a safety-critical software system of the highest Safety Integrity Level according to IEC 61508. One of the reliability increasing techniques used during its development is formal methods. This paper reports experiences obtained from using formal methods in the development of BOS. These experiences are presented in the context of Hall's famous “Seven Myths of Formal Methods”.

[1]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[2]  Derek J. Hatley,et al.  Strategies for Real-Time System Specification , 1987 .

[3]  Pim Kars The application of Promela and Spin in the BOS project , 1996, The Spin Verification System.

[4]  Pim Kars,et al.  Formal Methods in the Design of s Storm Surge Barrier Control System , 1996, European Educational Forum: School on Embedded Systems.

[5]  Xiaoping Jia ZTC: A Type Checker for Z User's Guide , 1994 .

[6]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[7]  K.C.J. Wijbrans,et al.  Software Engineering with Formal Methods: The Development of a Storm Surge Barrier Control System -- Seven Myths of Formal Methods Revisited , 1999 .

[8]  Jan Tretmans,et al.  Testing Concurrent Systems: A Formal Approach , 1999, CONCUR.

[9]  Michel R. V. Chaudron,et al.  Lessons from the Application of Formal Methods to the Design of a Storm Surge Barrier Control System , 1999, World Congress on Formal Methods.

[10]  Jeremy M. R. Martin,et al.  A Design Strategy for Deadlock-Free Concurrent Systems , 1997 .

[11]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[12]  Jan Peleska,et al.  Test automation of safety-critical reactive systems , 1997 .

[13]  K.C.J. Wijbrans,et al.  Testing and Formal Methods - BOS Project Case Study , 1998 .

[14]  Paul Ward,et al.  Structured Development for Real-Time Systems , 1986 .

[15]  Nicolae Goga,et al.  Formal Test Automation: A Simple Experiment , 1999, IWTCS.

[16]  Jonathan P. Bowen,et al.  Seven More Myths of Formal Methods , 1994, FME.

[17]  Anthony Hall,et al.  Seven myths of formal methods , 1990, IEEE Software.

[18]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[19]  Jan Tretmans,et al.  On-the-fly conformance testing using SPIN , 2000, International Journal on Software Tools for Technology Transfer.