Contract-Based Design of Embedded Systems Integrating Nominal Behavior and Safety

Kaiser, Bernhard; Weber, Raphael; Oertel, Markus Florian; Böde, Eckard; Nejad, Behrang Monajemi; Zander, Justyna

doi:10.7250/csimq.2015-4.05

Cited by 15 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast to the bottom up approach of combining component contracts into a composed contract, a top down approach is also possible and sometimes desired. Decomposing a set of requirements into individual component contracts has been studied in [14].…”

Section: Component Substitution and Diagnosismentioning

confidence: 99%

Compositionality in Model-Based Testing

van Cuyck,

van Arragon,

Tretmans

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Model-based testing (MBT) promises a scalable solution to testing large systems, if a model is available. Creating these models for large systems, however, has proven to be difficult. Composing larger models from smaller ones could solve this, but our current MBT conformance relation uioco is not compositional, i.e. correctly tested components, when composed into a system, can still lead to a faulty system. To catch these integration problems, we introduce a new relation over component models called mutual acceptance. Mutually accepting components are guaranteed to communicate correctly, which makes MBT compositional. In addition to providing compositionality, mutual acceptance has benefits when retesting systems with updated components, and when diagnosing systems consisting of components. Keywords: model-based testing • component-based testing • compositional testing • labelled transition systems • uioco This work is part of the project TiCToC -Testing in Times of Continuous Change, project nr 17936, part of the research program MasCot -Mastering Complexity, which is supported by the Dutch Research Council NWO.

show abstract

Section: Component Substitution and Diagnosismentioning

confidence: 99%

Compositionality in Model-Based Testing

van Cuyck,

van Arragon,

Tretmans

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The behavior of a system, e.g., a platoon, in various degraded operational modes can be captured by a set of Assumption/Guarantee contracts [8]. A contract C =< A, G > can be defined as a pair of properties in which A represents the Assumptions on the system environment and G represents the Guarantee that the system promises, given that the assumptions are fulfilled [55]. Sljivo et al distinguish between strong contract C and weak contract C weak =< B, H >, where B and H are weak Assumption and weak Guarantee, respectively [56].…”

Section: ) Degradation Cascade Employing Contractsmentioning

confidence: 99%

PlatoonSAFE: An Integrated Simulation Tool for Evaluating Platoon Safety

Hasan

Gorospe

Girs

et al. 2023

IEEE Open J. Intell. Transp. Syst.

View full text Add to dashboard Cite

Platooning is highly tractable for enabling fuel savings for autonomous and semi-autonomous cars and trucks. Safety concerns are one of the main impediments that need to be overcome before vehicle platoons can be deployed on ordinary roads despite their readily available technical feasibility. Simulation studies remain vital for evaluating platoon safety applications primarily due to the high cost of field tests. To this end, we present PlatoonSAFE, an open-source simulation tool that promotes the simulation studies of fault tolerance in platooning by enabling the monitoring of transient communication outages during runtime and assigning an appropriate performance level as a function of the instantaneous communication quality. In addition, PlatoonSAFE facilitates the simulation of several emergency braking strategies to evaluate their efficacy in transitioning a platoon to a fail-safe state. Furthermore, two Machine Learning (ML) models are integrated into PlatoonSAFE that can be employed as an onboard prediction tool in the platooning vehicles to facilitate online training of ML models and real-time prediction of communication, network, and traffic parameters. In this paper, we present the PlatoonSAFE structure, its features and implementation details, configuration parameters, and evaluation metrics required to evaluate the fault tolerance of platoon safety applications.

show abstract

“…Based on the counterexample, a user can manually localize the fault in K that causes the violation of φ. Contract-based design (CBD) (Cimatti and Tonetta 2012;Kaiser et al 2015) supports the automated verification of refinement consistency and correctness. In CBD, model checking is used to identify whether the top-level requirements of a system are consistently refined along the refinement of the system to components.…”

Section: Model Checkingmentioning

confidence: 99%

A user study for evaluation of formal verification results and their explanation at Bosch

Kaleeswaran,

Nordmann,

Vogel

et al. 2023

Empir Software Eng

View full text Add to dashboard Cite

Context Ensuring safety for any sophisticated system is getting more complex due to the rising number of features and functionalities. This calls for formal methods to entrust confidence in such systems. Nevertheless, using formal methods in industry is demanding because of their lack of usability and the difficulty of understanding verification results. Objective We evaluate the acceptance of formal methods by Bosch automotive engineers, particularly whether the difficulty of understanding verification results can be reduced. Method We perform two different exploratory studies. First, we conduct a user survey to explore challenges in identifying inconsistent specifications and using formal methods by Bosch automotive engineers. Second, we perform a one-group pretest-posttest experiment to collect impressions from Bosch engineers familiar with formal methods to evaluate whether understanding verification results is simplified by our counterexample explanation approach. Results The results from the user survey indicate that identifying refinement inconsistencies, understanding formal notations, and interpreting verification results are challenging. Nevertheless, engineers are still interested in using formal methods in real-world development processes because it could reduce the manual effort for verification. Additionally, they also believe formal methods could make the system safer. Furthermore, the one-group pretest-posttest experiment results indicate that engineers are more comfortable understanding the counterexample explanation than the raw model checker output. Limitations The main limitation of this study is the generalizability beyond the target group of Bosch automotive engineers.

show abstract

Contract-Based Design of Embedded Systems Integrating Nominal Behavior and Safety

Cited by 15 publications

References 17 publications

Compositionality in Model-Based Testing

Compositionality in Model-Based Testing

PlatoonSAFE: An Integrated Simulation Tool for Evaluating Platoon Safety

A user study for evaluation of formal verification results and their explanation at Bosch

Contact Info

Product

Resources

About