CSPm models for the ATM case study

Communicating Sequential Processes (CSP) [7] is a calculus for concurrent systems that has been the basis of subject-oriented business process management (S-BPM) [4]. We use CSPm -- a machine readable dialect of CSP -- to create a sequence of models for a case study on an "Automated Teller Machine" [1]. We use the refinement checker FDR2 to prove that certain models are correct implementations of specifications

Visualization of formal specifications for understanding and debugging an industrial DSL

In this work we report on our proof of concept of a generic approach: visualized formal specification of a Domain Specific Language (DSL) can be used for debugging, understanding, and impact analysis of the DSL programs. In our case study we provide a domain-specific visualization for the Event-B specification of a real-life industrial DSL and perform a user study among DSL engineers to discover opportunities for its application. In this paper, we explain the rationale behind our visualization design, discuss the technical challenges of its realization and how these challenges were solved using the Model Driven Engineering (MDE) techniques. Based on the positive feedback of the user study, we present our vision on how this successful experience can be reused and the approach can be generalized for other DSLs

Behaviour-driven formal model development

Formal systems modelling offers a rigorous system-level analysis resulting in a precise and reliable specification. However, some issues remain: Modellers need to understand the requirements in order to formulate the models, formal verification may focus on safety properties rather than temporal behaviour, domain experts need to validate thefinal models to ensure they fit the needs of stakeholders. In this paper we discuss how the principles of Behaviour-Driven Development (BDD) can be applied to formal systems modelling and validation. We propose a process where manually authored scenarios are used initially to support the requirements and help the modeller.The same scenarios are used to verify behavioural properties of the model. The model is then mutated to automatically generate scenarios that have a more complete coverage than the manual ones. These automatically generated scenarios are used to animate the model in a final acceptance stage. For this acceptance stage, it is important that a domain expert decides whether or not the behaviour is useful

Assessment of a formal requirements modeling approach on a transportation system

International audienceThis paper describes a case study of the SysML/KAOS method for a road transportation system for the City of Montreal (VdM), the second-largest city in Canada. The transportation system was developed from unstructured requirements represented in textual and schematic documents. Therefore, the VdM wanted to investigate new ways of organising and analysing the requirements of traffic projects, in order to increase the level of confidence in their safety, usability and reusability. This paper describes the formal specification, verification and validation of system requirements and provides an appraisal of the SysML/KAOS requirements engineering method on an industrial-scale case study. SysML/KAOS is designed within the ANR FORMOSE project to bridge the gap between stakeholder needs and the formal specification of system functionalities and domain constraints. The method has proven useful to deal with the seven refinement levels, twelve components (human, hardware, software and cyber-physical) and a hundred functional and non-functional goals that constitute the specification of the road transportation system, mainly focused on the safe movement of vehicles on road. It especially facilitated their validation with VdM stakeholders who had never dealt with formal methods and requirements engineering. Animation tools (ProB and B-Motion Studio) were also used to validate the formal specification with VdM stakeholders. This paper also reports improvements identified to enhance the expressiveness of SysML/KAOS goal modeling languages during validation sessions with VdM stakeholders. This includes the introduction of a non-functional goal refinement strategy based on logical formulas and of an obstacle modeling language

Towards a tool-based domain specific approach for railway systems modeling and validation

RSSRail 2019, International Conference on Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification , Lille, FRANCE, 04-/06/2019 - 06/06/2019International audienceIn the railway field, graphical representations of domain concepts are omnipresent thanks to their ability to share standardized information with common knowledge about several railway mechanisms: track circuits, signalling rules. This paper proposes a domain specific approach for railway systems modeling and validation by combining the Model-Driven Engineering (MDE) paradigm and a formal method. First, an example of a graphical DSL is defined thanks to MDE tools, and then the formal B method is used to define its underlying operational semantics and to guarantee the correctness of the model's behaviour with respect to its safety properties. Our approach is assisted by the Meeduse tool which animates and visualizes execution scenarios of domain models. Starting from a given model designed in the DSL tool, Meeduse asks ProB to animate B operations and gets the reached state by means of B variables valuations. Then, it translates back these valuations to the initial DSL resulting in automatic modifications of the domain model. Our approach allows a more pragmatic domain-centric animation than current visual animation techniques since the resulting DSL tool allows domain experts, who are not necessarily trained in formal methods, to design and validate by themselves the various domain models

Meeduse: A Tool to Build and Run Proved DSLs

International audienc

Visual notation and patterns for abstract state machines

Formal models are a rigorous way to specify informal system requirements. However, they are not widely used in practice, since they are considered difficult to develop and understand. Visualization is often considered a good means for people to communicate and to get a common understanding. We here make a proposal of a visual notation for Abstract State Machines (ASMs), and we introduce visual trees that visualize ASM transition rules. In addition to these graphical components that are based only on the syntactical structure of the model, we also present visual patterns that permit to visualize part of the behavior of the machine. A tool is also available to graphically represent ASM models using the proposed notation