Formal methods and tools have a long history of successful applications in the design of safety-critical railway products. However, most of the experiences focused on the application of a single method at once, and little work has been performed to compare the applicability of the dierent available frameworks to the railway context. As a result, companies willing to introduce formal methods in their development process have little guidance on the selection of tools that could t their needs. To address this goal, this paper presents a comparison between 9 dierent formal tools, namely Atelier B, CADP, FDR4, NuSMV, ProB, Simulink, SPIN, UMC, and UPPAAL SMC. We performed a judgment study, involving 17 experts with experience in formal methods applied to railways. In the study, part of the experts were required to model a railway signaling problem (a moving-block train distancing system) with the dierent tools, and to provide feedback on their experience. The information produced was then synthesized, and the results were validated by the remaining experts. Based on the outcome of this process, we provide a synthesis that describes when to use a certain tool, and what are the problems that may be faced by modelers. Our experience shows that the dierent tools serve dierent purposes, and multiple formal methods are required to fully cover the needs of the railway system design process.
Comparing formal tools for system design: A judgment study / Ferrari A.; Mazzanti F.; Basile D.; ter Beek M.H.; Fantechi A.. - STAMPA. - (2020), pp. 62-74. (Intervento presentato al convegno 42nd ACM/IEEE International Conference on Software Engineering, ICSE 2020 tenutosi a kor nel 2020) [10.1145/3377811.3380373].
Comparing formal tools for system design: A judgment study
Ferrari A.;Basile D.;Fantechi A.
2020
Abstract
Formal methods and tools have a long history of successful applications in the design of safety-critical railway products. However, most of the experiences focused on the application of a single method at once, and little work has been performed to compare the applicability of the dierent available frameworks to the railway context. As a result, companies willing to introduce formal methods in their development process have little guidance on the selection of tools that could t their needs. To address this goal, this paper presents a comparison between 9 dierent formal tools, namely Atelier B, CADP, FDR4, NuSMV, ProB, Simulink, SPIN, UMC, and UPPAAL SMC. We performed a judgment study, involving 17 experts with experience in formal methods applied to railways. In the study, part of the experts were required to model a railway signaling problem (a moving-block train distancing system) with the dierent tools, and to provide feedback on their experience. The information produced was then synthesized, and the results were validated by the remaining experts. Based on the outcome of this process, we provide a synthesis that describes when to use a certain tool, and what are the problems that may be faced by modelers. Our experience shows that the dierent tools serve dierent purposes, and multiple formal methods are required to fully cover the needs of the railway system design process.
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
