The Metrô Rio ATP Case Study | SpringerLink
Skip to main content
Springer Nature Link
Log in

The Metrô Rio ATP Case Study

  • Conference paper
Formal Methods for Industrial Critical Systems (FMICS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6371))

Abstract

This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metrô Rio Automatic Train Protection system. Particular focus is given to the strategies followed to address formal weaknesses and certification issues of the adopted tool-suite. On the development side, constraints on the Simulink/Stateflow semantics have been introduced and design practices have been adopted to gradually achieve a formal model of the system. On the verification side, a two-phase approach based on model based testing and abstract interpretation has been followed to enforce functional correctness and runtime error freedom.

Quantitative results are presented to assess the overall strategy: the effort required by the design activities is balanced by the effectiveness of the verification tasks enabled by model based development and automatic code generation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. European Committee for Electrotechnical Standardization: CENELEC EN 50128, Railway Applications - Software for Railway Control and Protection Systems (1997)

    Google Scholar 

  2. Ferrari, A., Fantechi, A., Bacherini, S., Zingoni, N.: Modeling Guidelines for Code Generation in the Railway Signaling Context. In: 1st NASA Formal Methods Symphosium (NFM), Moffet Field, California, U.S.A. (2009)

    Google Scholar 

  3. Harel, D.: Statecharts: A Visual Formalism for Complex Systems. Science of Computer Programming 8(3), 231–274 (1987)

    Article  MATH  Google Scholar 

  4. Hamon, G., Rushby, J.: An operational semantics for stateflow. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 229–243. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Hamon, G.: A denotational semantics for stateflow. In: 5th ACM Int. Conf. on Embedded Software, Jersey City, NJ, USA, pp. 164–172 (2005)

    Google Scholar 

  6. Mathworks Automotive Advisory Board (MAAB): Control Algorithm Modeling Guidelines Using Matlab, Simulink and Stateflow, Version 2.0 (2007), http://www.mathworks.com/industries/auto/maab.html

  7. Sahbani, A., Pascal, J.C.: Simulation of hybrid systems using stateflow. In: Proceedings of the 14th European Simulation Multiconference on Simulation and Modelling: Enablers for a Better Quality of Life, pp. 271–275 (2000)

    Google Scholar 

  8. Scaife, N., et al.: Defining and translating a safe subset of simulink/stateflow into lustre. In: 4th ACM Int. Conf. on Embedded Software, Pisa, Italy, pp. 259–268 (2004)

    Google Scholar 

  9. Bacherini, S., Fantechi, A., Tempestini, M., Zingoni, N.: A Story about Formal Methods Adoption by a Railway Signaling Manufacturer. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 179–189. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Conrad, M.: Testing-based translation validation of generated code in the context of IEC 61508. In: Formal Methods in System Design, pp. 389–401. Springer, Heidelberg (2009)

    Google Scholar 

  11. Baresel, A., Conrad, M., Sadeghipour, S., Wegener, J.: The interplay between model coverage and code coverage. In: Proceedings of the 11th Eur. int. Conf. on Software Testing, Analysis and Review EuroSTAR’03, Amsterdam, Netherlands (2003)

    Google Scholar 

  12. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th ACM Symp. on Principles of Programming Languages (POPL), Los Angeles, California, pp. 238–252 (1977)

    Google Scholar 

  13. Grasso, D., Fantechi, A., Ferrari, A.: Model Based Testing and Abstract Interpretation in the Railway Signaling Context. In: 3rd International Conference on Software Testing, Verification and Validation (ICST), Paris, France, pp. 103–106 (2010)

    Google Scholar 

  14. Deutsch, A.: Static verification of dynamic properties. PolySpace White Paper (2004)

    Google Scholar 

  15. Ferrari, A., Fantechi, A., Papini, M., Grasso, D.: An industrial application of formal model based development: the Metrô Rio ATP case. In: 2nd International Workshop on Software Engineering for Resilient Systems, SERENE 2010 (2010)

    Google Scholar 

  16. Faivre, A., Benoit, P.: Safety critical software of meteor developed with the B formal method and vital coded processor. In: Proc. of WCRR’99, pp. 84–89 (1999)

    Google Scholar 

  17. Guiho, G., Hennebert, A.: SACEM Software Validation. In: 12th International Conference on Software Engineering, pp. 186–191 (1990)

    Google Scholar 

  18. Leuschel, M., et al.: Automated property verification for large scale B models. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 810–814. Springer, Heidelberg (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. General Electric Transportation Systems (GETS), Firenze, Italy

    Alessio Ferrari & Matteo Tempestini

  2. Universitá di Firenze, DSI, Firenze, Italy

    Daniele Grasso, Gianluca Magnani & Alessandro Fantechi

Authors
  1. Alessio Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Grasso
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gianluca Magnani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alessandro Fantechi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Matteo Tempestini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Embedded Software Laboratory, RWTH Aachen, Ahornstr. 55, 52074, Aachen, Germany

    Stefan Kowalewski

  2. Fondazione Bruno Kessler — IRST, Via Sommarive 18, 38123, Povo (Trento), Italy

    Marco Roveri

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ferrari, A., Grasso, D., Magnani, G., Fantechi, A., Tempestini, M. (2010). The Metrô Rio ATP Case Study. In: Kowalewski, S., Roveri, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2010. Lecture Notes in Computer Science, vol 6371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15898-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15898-8_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15897-1

  • Online ISBN: 978-3-642-15898-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation