Rigorous development process of a safety-critical system: from ASM models to Java code

The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study

Integrating formal methods into medical software development : the ASM approach

Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification

Metamodelling a formal method : applying MDE to abstract state machines

This paper presents the AsmM, a metamodel for Abstract State Machines developed by following the guidelines of the Model Driven Engineering. The AsmM represents concepts and constructs of the ASM formal method in an abstract way, it is endowed with a standard visual notation, and it is intended easy to learn and understand by practitioners and students. From the AsmM a concrete syntax is also proposed and a standard interchange format for a systematic integration of a number of loosely-coupled ASM tools is derived. The metamodelling advantages for tool interoperability are shown by referring to the experience in making the ATGT, an existing tool supporting test case generation for ASMs, compliant to the AsmM

LEMP : a language engineering model-driven process

In this paper, we propose LEMP as a model-driven process to develop a language endowed with a set of derived artifacts (syntax, interchange format, APIs, ...) and with a well defined formal semantics. The process exploits the Model Driven Engineering principles of metamodeling, model transformation and automatic generation of language processing tools. We describe the requirements to fulfill and the development steps of this language engineering life cycle, including the validation activities regarding the syntactic and semantic aspects. As a proof-of-concepts, we apply LEMP to the Finite State Machines and we report our experience in developing a language for the Abstract State Machine formal method

Equivalence checking of NuSMV specifications

We present a technique for checking the equivalence of NuSMV specifications. The approach is founded on the notion of equivalence between Kripke structures. The necessity to tackle this problem arisen working on using mutation to asses the static analysis fault detection capability. Indeed, mutation, consisting into introducing simple syntactic changes -- representing typical mistakes designers often make -- into specifications, may produce equivalent mutants, namely models behaving as the original one. Equivalent mutants should be detected since they do not represent actual faults. In program mutation, detecting equivalent mutants is an undecidable problem and, when possible, is a time-consuming activity, difficult to automatize. In this work we focus on how detecting equivalence of NuSMV specifications. The novel technique we propose, consists in building a merging unique specification and proving by model checking a series of CTL properties

Decomposition-Based Approach for Model-Based Test Generation

Model-based test generation by model checking is a well-known testing technique that, however, suffers from the state explosion problem of model checking and it is, therefore, not always applicable. In this paper, we address this issue by decomposing a system model into suitable subsystem models separately analyzable. Our technique consists in decomposing that portion of a system model that is of interest for a given testing requirement, into a tree of subsystems by exploiting information on model variable dependency. The technique generates tests for the whole system model by merging tests built from those subsystems. We measure and report effectiveness and efficiency of the proposed decomposition-based test generation approach, both in terms of coverage and time

Management of the mother-infant dyad with suspected or confirmed SARS-CoV-2 infection in a highly epidemic context

In the context of SARS-CoV-2 pandemic, the hospital management of mother-infant pairs poses to obstetricians and neonatologists previously unmet challenges. In Lombardy, Northern Italy, 59 maternity wards networked to organise the medical assistance of mothers and neonates with suspected or confirmed SARS-CoV-2 infection. Six "COVID-19 maternity centres" were identified, the architecture and activity of obstetric and neonatal wards of each centre was reorganised, and common assistance protocols for the management of suspected and proven cases were formulated. Here, we present the key features of this reorganization effort, and our current management of the mother-infant dyad before and after birth, including our approach to rooming-in practice, breastfeeding and neonatal follow-up, based on the currently available scientific evidence. Considered the rapid diffusion of COVID-19 all over the world, we believe that preparedness is fundamental to assist mother-infant dyads, minimising the risk of propagation of the infection through maternity and neonatal wards