Industrial Deployment of System Engineering Methods

A formal method is not the main engine of a development process, its contribution is to improve system dependability by motivating formalisation where useful. This book summarizes the results of the DEPLOY research project on engineering methods for dependable systems through the industrial deployment of formal methods in software development. The applications considered were in automotive, aerospace, railway, and enterprise information systems, and microprocessor design. The project introduced a formal method, Event-B, into several industrial organisations and built on the lessons learned to provide an ecosystem of better tools, documentation and support to help others to select and introduce rigorous systems engineering methods. The contributing authors report on these projects and the lessons learned. For the academic and research partners and the tool vendors, the project identified improvements required in the methods and supporting tools, while the industrial partners learned about the value of formal methods in general. A particular feature of the book is the frank assessment of the managerial and organisational challenges, the weaknesses in some current methods and supporting tools, and the ways in which they can be successfully overcome. The book will be of value to academic researchers, systems and software engineers developing critical systems, industrial managers, policymakers, and regulators.

[1]  Aryldo G. Russo,et al.  Formal Methods as an Improvement Tool , 2013, Industrial Deployment of System Engineering Methods.

[2]  Michael J. Butler,et al.  Linking Event-B and Concurrent Object-Oriented Programs , 2008, Refine@FM.

[3]  Daniel Dollé,et al.  B in Large-Scale Projects: The Canarsie Line CBTC Experience , 2007, B.

[4]  Laurie J. Hendren,et al.  SableCC, an object-oriented compiler framework , 1998, Proceedings. Technology of Object-Oriented Languages. TOOLS 26 (Cat. No.98EX176).

[5]  Alessandro Fantechi,et al.  A Story About Formal Methods Adoption by a Railway Signaling Manufacturer , 2006, FM.

[6]  Michael Leuschel,et al.  Automated Property Verification for Large Scale B Models , 2009, FM.

[7]  Michael Jastram ProR, an Open Source Platform for Requirements Engineering based on RIF , 2010 .

[8]  S. Wieczorek,et al.  Practical model-based testing of user scenarios , 2012, 2012 IEEE International Conference on Industrial Technology.

[9]  Christophe Ponsard,et al.  From Requirements Models to Formal Specifications in B , 2006, ReMo2V.

[10]  Dan Craigen,et al.  An International Survey of Industrial Applications of Formal Methods , 1992, Z User Workshop.

[11]  Alexei Iliasov,et al.  On fault tolerance reuse during refinement , 2010, SERENE.

[12]  Harry D. Foster,et al.  Assertion-Based Design , 2010 .

[13]  Paul Benoit,et al.  Météor: A Successful Application of B in a Large Project , 1999, World Congress on Formal Methods.

[14]  Cindy Eisner,et al.  Using symbolic CTL model checking to verify the railway stations of Hoorn-Kersenboogerd and Heerhugowaard , 2002, International Journal on Software Tools for Technology Transfer.

[15]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[16]  Cliff B. Jones,et al.  From Problem Frames to HJJ (and its known unknowns) , 2009 .

[17]  Colin F. Snook,et al.  Verification of UML Models by Translation to UML-B , 2010, FMCO.

[18]  Elena Troubitsyna,et al.  An Event-B model of the Attitude and Orbit Control System , 2010 .

[19]  Geoff Sutcliffe,et al.  SRASS - A Semantic Relevance Axiom Selection System , 2007, CADE.

[20]  Darren D. Cofer,et al.  Software model checking takes off , 2010, Commun. ACM.

[21]  Ivar Jacobson,et al.  Object-oriented software engineering - a use case driven approach , 1993, TOOLS.

[22]  Jonathan P. Bowen,et al.  Seven More Myths of Formal Methods , 1994, FME.

[23]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[24]  Bishop Brock,et al.  ACL2 Theorems About Commercial Microprocessors , 1996, FMCAD.

[25]  Lawrence C. Paulson,et al.  Lightweight relevance filtering for machine-generated resolution problems , 2009, J. Appl. Log..

[26]  David May,et al.  The XMOS XS1 Architecture , 2009 .

[27]  Michael J. Butler,et al.  Applying Atomicity and Model Decomposition to a Space Craft System in Event-B , 2011, NASA Formal Methods.

[28]  Miroslaw Ochodek,et al.  Automatic Transactions Identification in Use Cases , 2008, CEE-SET.

[29]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[30]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[31]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[32]  Stefan Wittmann,et al.  Formal Methods Diffusion: Past Lessons and Future Prospects , 2000, SAFECOMP.

[33]  Lawrence C. Paulson,et al.  The foundation of a generic theorem prover , 1989, Journal of Automated Reasoning.

[34]  Michael Leuschel,et al.  Under consideration for publication in Formal Aspects of Computing Automated Property Verification for Large Scale B Models with ProB , 2010 .

[35]  Dan Craigen,et al.  Formal Methods Adoption: What's Working, What's Not! , 1999, SPIN.

[36]  Pim Kars,et al.  Formal Methods in the Design of s Storm Surge Barrier Control System , 1996, European Educational Forum: School on Embedded Systems.

[37]  Dan Craigen,et al.  Formal Methods Reality Check: Industrial Usage , 1993, FME.

[38]  Lukas Ladenberger,et al.  Mixing Formal and Informal Model Elements for Tracing Requirements , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[39]  C. A. R. Hoare,et al.  A Calculus of Durations , 1991, Inf. Process. Lett..

[40]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[41]  Ina Schieferdecker,et al.  Applying Model Checking to Generate Model-Based Integration Tests from Choreography Models , 2009, TestCom/FATES.

[42]  Elena Troubitsyna,et al.  Developing Mode-Rich Satellite Software by Refinement in Event B , 2010, FMICS.

[43]  Farhad Mehta,et al.  Proofs for the working engineer , 2008 .

[44]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[45]  Matthias Schmalz The logic of event-B , 2011 .

[46]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[47]  Michael Jastram,et al.  Requirements Modeling Framework , 2011 .

[48]  Michael J. Butler,et al.  Formal Modelling for Ada Implementations: Tasking Event-B , 2012, Ada-Europe.

[49]  Daniel Jackson,et al.  Lightweight Formal Methods , 2001, FME.

[50]  Marco Bozzano,et al.  Design and Safety Assessment of Critical Systems , 2010 .

[51]  Janick Bergeron,et al.  Writing Testbenches: Functional Verification of HDL Models , 2000 .

[52]  Michael Leuschel,et al.  Improving Railway Data Validation with ProB , 2013, Industrial Deployment of System Engineering Methods.

[53]  Michael Leuschel,et al.  An Approach of Requirements Tracing in Formal Refinement , 2010, VSTTE.

[54]  Michael J. Butler,et al.  Evaluation of a Guideline by Formal Modelling of Cruise Control System in Event-B , 2010, NASA Formal Methods.

[55]  Michael Jackson,et al.  A Reference Model for Requirements and Specifications , 2000, IEEE Softw..

[56]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[57]  Matthias Schmalz,et al.  Formalizing the logic of event-B: Partial functions, definitional extensions, and automated theorem proving , 2012 .

[58]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[59]  Michael W. Whalen,et al.  Formal Verification of Flight Critical Software , 2005 .

[60]  Andrei Voronkov,et al.  The design and implementation of VAMPIRE , 2002, AI Commun..

[61]  Kimmo Varpaaniemi Event-B Project BepiColombo_Models_v6.4 , 2009 .

[62]  Huibiao Zhu,et al.  Formalizing hybrid systems with Event-B and the Rodin Platform , 2014, Sci. Comput. Program..

[63]  John Colley Advanced Design and Verification Environment for Cyber-physical System Engineering , 2011 .

[64]  Alexander Romanovsky,et al.  Rigorous Development of Dependable Systems Using Fault Tolerance Views , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[65]  Kent L. Beck,et al.  Test-driven Development - by example , 2002, The Addison-Wesley signature series.

[66]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[67]  Jim Woodcock,et al.  Industrial Practice in Formal Methods: A Review , 2009, FM.

[68]  Elena Troubitsyna,et al.  Patterns for Representing FMEA in Formal Specification of Control Systems , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[69]  Alexei Iliasov Use Case Scenarios as Verification Conditions: Event-B/Flow Approach , 2011, SERENE.

[70]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[71]  Jonathan P. Bowen,et al.  To formalize or not to formalize , 1996 .

[72]  Ian J. Hayes,et al.  Using Continuous Real Functions to Model Timed Histories , 1991 .

[73]  Ina Schieferdecker,et al.  Viewpoints for modeling choreographies in service-oriented architectures , 2009, 2009 Joint Working IEEE/IFIP Conference on Software Architecture & European Conference on Software Architecture.

[74]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[75]  Michael Leuschel,et al.  Developing Camille, a text editor for Rodin , 2011, Softw. Pract. Exp..

[76]  Axel van Lamsweerde,et al.  Formal refinement patterns for goal-driven requirements elaboration , 1996, SIGSOFT '96.

[77]  Formal Verification of the Aamp5 Microprocessor 1 2.1 Aamp Family of Microprocessors 2.2 Pvs 2.3 Historical Perspective/scale of the Challenge 2.4 Overview of the Technical Approach , 2022 .

[78]  Wei Wei,et al.  Checking Consistency Between Message Choreographies And Their Implementation Models , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[79]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[80]  Martyn Thomas,et al.  Introducing Formal Methods into Existing Industrial Practices , 2013, Industrial Deployment of System Engineering Methods.

[81]  Frédéric Badeau,et al.  Using B as a High Level Programming Language in an Industrial Project: Roissy VAL , 2005, ZB.

[82]  Geoff Sutcliffe,et al.  Divvy: An ATP Meta-system Based on Axiom Relevance Ordering , 2009, CADE.

[83]  Sebastian Wieczorek,et al.  Model-Driven Service Integration Testing - A Case Study , 2010, 2010 Seventh International Conference on the Quality of Information and Communications Technology.

[84]  Aloysius K. Mok,et al.  Modechart: A Specification Language for Real-Time Systems , 1994, IEEE Trans. Software Eng..

[85]  Andreas Fürst,et al.  Event-B patterns and their tool support , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[86]  Jann Röder,et al.  Relevance filters for event-B , 2010 .

[87]  Wei Wei,et al.  Formal Analysis of BPMN Models Using Event-B , 2010, FMICS.

[88]  Andreas Graf,et al.  Requirement Traceability in Topcased with the Requirements Interchange Format (RIF/ReqIF) , 2011 .

[89]  Elena Troubitsyna,et al.  Deployment in the Space Sector , 2013, Industrial Deployment of System Engineering Methods.

[90]  Alexander Romanovsky,et al.  Formal Modelling and Analysis of Business Information Applications with Fault Tolerant Middleware , 2009, 2009 14th IEEE International Conference on Engineering of Complex Computer Systems.

[91]  Wei Wei,et al.  A Survey on Event-B Decomposition , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[92]  Elena Troubitsyna,et al.  Supporting Reuse in Event B Development: Modularisation Approach , 2010, ASM.

[93]  Elena Troubitsyna,et al.  Augmenting Event-B modelling with real-time verification , 2012, 2012 First International Workshop on Formal Methods in Software Engineering: Rigorous and Agile Approaches (FormSERA).

[94]  Hung Ledang Automatic translation from UML specifications to B , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[95]  Florentin Ipate,et al.  Learn and Test for Event-B - A Rodin Plugin , 2012, ABZ.

[96]  Peter Gorm Larsen,et al.  Applying Formal Specification in Industry , 1996, IEEE Softw..

[97]  Michael Leuschel,et al.  Mapping Requirements to B models , 2009 .

[98]  Alexei Iliasov Augmenting Formal Development with Use Case Reasoning , 2012, Ada-Europe.

[99]  Peter B. Andrews An introduction to mathematical logic and type theory - to truth through proof , 1986, Computer science and applied mathematics.

[100]  Elena Troubitsyna,et al.  Formal Derivation of a Distributed Program in Event B , 2011, ICFEM.

[101]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[102]  Wei Wei,et al.  Local Enforceability and Inconsumable Messages in Choreography Models , 2009, 2009 Fourth South-East European Workshop on Formal Methods.

[103]  Martyn Thomas,et al.  Industrial deployment of system engineering methods providing high dependability and productivity. , 2013 .

[104]  Ivar Jacobson,et al.  Object-oriented development in an industrial environment , 1987, OOPSLA '87.

[105]  Elena Troubitsyna,et al.  Derivation and Formal Verification of a Mode Logic for Layered Control Systems , 2011, 2011 18th Asia-Pacific Software Engineering Conference.

[106]  Sebastian Wieczorek,et al.  Improving Testing of Enterprise Systems by Model-Based Testing on Graphical User Interfaces , 2010, 2010 17th IEEE International Conference and Workshops on Engineering of Computer Based Systems.

[107]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[108]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[109]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[110]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[111]  Wei Wei,et al.  Business Information Sector , 2013, Industrial Deployment of System Engineering Methods.

[112]  Thai Son Hoang,et al.  Decomposition tool for event‐B , 2011, Softw. Pract. Exp..

[113]  Joseph Y. Halpern,et al.  What causes a system to satisfy a specification? , 2003, TOCL.

[114]  Alexander Romanovsky,et al.  Patterns for Modelling Time and Consistency in Business Information Systems , 2010, 2010 15th IEEE International Conference on Engineering of Complex Computer Systems.

[115]  Elena Troubitsyna,et al.  Verifying Mode Consistency for On-Board Satellite Software , 2010, SAFECOMP.