Rigorous development process of a safety-critical system: from ASM models to Java code

The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study

Integrating formal methods into medical software development : the ASM approach

Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification

Equivalence checking of NuSMV specifications

We present a technique for checking the equivalence of NuSMV specifications. The approach is founded on the notion of equivalence between Kripke structures. The necessity to tackle this problem arisen working on using mutation to asses the static analysis fault detection capability. Indeed, mutation, consisting into introducing simple syntactic changes -- representing typical mistakes designers often make -- into specifications, may produce equivalent mutants, namely models behaving as the original one. Equivalent mutants should be detected since they do not represent actual faults. In program mutation, detecting equivalent mutants is an undecidable problem and, when possible, is a time-consuming activity, difficult to automatize. In this work we focus on how detecting equivalence of NuSMV specifications. The novel technique we propose, consists in building a merging unique specification and proving by model checking a series of CTL properties

Metamodelling a formal method : applying MDE to abstract state machines

This paper presents the AsmM, a metamodel for Abstract State Machines developed by following the guidelines of the Model Driven Engineering. The AsmM represents concepts and constructs of the ASM formal method in an abstract way, it is endowed with a standard visual notation, and it is intended easy to learn and understand by practitioners and students. From the AsmM a concrete syntax is also proposed and a standard interchange format for a systematic integration of a number of loosely-coupled ASM tools is derived. The metamodelling advantages for tool interoperability are shown by referring to the experience in making the ATGT, an existing tool supporting test case generation for ASMs, compliant to the AsmM

LEMP : a language engineering model-driven process

In this paper, we propose LEMP as a model-driven process to develop a language endowed with a set of derived artifacts (syntax, interchange format, APIs, ...) and with a well defined formal semantics. The process exploits the Model Driven Engineering principles of metamodeling, model transformation and automatic generation of language processing tools. We describe the requirements to fulfill and the development steps of this language engineering life cycle, including the validation activities regarding the syntactic and semantic aspects. As a proof-of-concepts, we apply LEMP to the Finite State Machines and we report our experience in developing a language for the Abstract State Machine formal method

Composición de semillas de girasol cultivadas en Argentina

Constituents seed oil content, physic structure, oil seed quality and wax content are evaluated. The relations of these characters and its agroclimatic interactions facilitate the introduction of this cultivar into food and/or industrial market improving its utility and profit. Correlations coefficients on the analyzed characters are presented. Causality hypothesis on the newer tendency behaviour of this cultivar are planned. The hull content influence on oil content and like principal wax container is detached.Se evaluaron contenidos de aceite de los constituyentes de la semilla, estructura física, calidad del aceite de semilla y contenido de ceras. El conocimiento del comportamiento de estos caracteres, las relaciones entre ellos y su interacción con el medio agroclimático, facilita la introducción de este cultivo en el mercado alimenticio y/o industrial optimizando su rendimiento y aprovechamiento. Se presentan los valores de las correlaciones obtenidas entre los caracteres analizados. Se plantean hipótesis de causalidad sobre las nuevas tendencias de comportamiento de este cultivo. Se destaca la influencia del contenido de cascara tanto sobre el rendimiento del contenido de aceite como sobre la cantidad de ceras de la semilla, de las cuales se considera principal portadora

Decomposition-Based Approach for Model-Based Test Generation

Model-based test generation by model checking is a well-known testing technique that, however, suffers from the state explosion problem of model checking and it is, therefore, not always applicable. In this paper, we address this issue by decomposing a system model into suitable subsystem models separately analyzable. Our technique consists in decomposing that portion of a system model that is of interest for a given testing requirement, into a tree of subsystems by exploiting information on model variable dependency. The technique generates tests for the whole system model by merging tests built from those subsystems. We measure and report effectiveness and efficiency of the proposed decomposition-based test generation approach, both in terms of coverage and time