Fig 2 - uploaded by Yi Zhang
Content may be subject to copyright.
Source publication
An approach to integrating PVS executable specifications and Stateflow models is presented that uses web services to enable a seamless exchange of simulation events and data between PVS and Stateflow. Thus, it allows the wide range of applications developed in Stateflow to benefit from the rigor of PVS verification. The effectiveness of the approac...
Context in source publication
Context 1
... were able to run simulations over the integrated GPCA model using our approach. During the simulation, users interact with the PVS-based user inter- face by pressing buttons and reading display elements of the graphical front-end shown in figure 2. Each user interaction is captured by PVSio-web handlers, which in turn send PVS expressions to PVSio for model animation. ...
Similar publications
We present the SCATE prototype: A Smart Computer-Aided Translation Environment, developed in the SCATE research project. Its user interface displays translation suggestions coming from different resources, in an intelligible and interactive way. It contains carefully designed representations that show relevant context to clarify why certain suggest...
Citations
... Another example is OpenICE [3], a publish-subscribe middleware that allows the simulation of integrated medical devices. In [8,32], a co-simulation framework is developed that integrates PVS and Simulink. All these approaches provide ad hoc solutions for specific tools and architectures. ...
A framework for co-simulation of human–machine interfaces in Cyber-Physical Systems (CPS) is presented. The framework builds on formal (i.e. mathematical) methods. It aims to support the work of formal methods experts in charge of modelling and analysing safety-critical aspects of user interfaces in CPS. To carry out these modelling and analysis activities, formal methods experts usually need to engage with domain experts that may not fully understand the mathematical details of formal analysis results. The framework presented in this work mitigates this communication barrier by allowing formal methods experts to create interactive prototypes driven by formal models. The prototypes closely resemble the visual appearance of the system being developed. They can be used to discuss details of the formal analysis effort without showing any mathematical detail. An existing prototyping toolkit based on formal methods is used as baseline technology. Novel functionalities are developed for automatic generation of interactive prototypes supporting the Functional Mockup Interface (FMI), a de-facto standard technology for simulation of complex systems. Using the FMI interface, the prototypes can be integrated with simulations of other system components. The architecture of the framework is presented, along with a verification of core aspects of its functionalities. A case study based on a medical system is used to demonstrate the capabilities of the framework.
... The PVSio extension includes input/output functions allowing the system prototype to interact with the user and the computing environment. Moreover, MisraC code can be automatically generated from PVS theories for automata [22,23], using the PVSio-web tool-set [30]. ...
This paper presents a methodology for the formal modeling of security attacks on cyber-physical systems, and the analysis of their effects on the system using logic theories. We consider attacks only on sensors and actuators. A simulated attack can be triggered internally by the simulation algorithm or interactively by the user, and the effect of the attack is a set of assignments to the variables defined in the Controller. The global effects of the attacks are studied by injecting attacks in the system model and co-simulating the overall system, including the system dynamics and the control part. Interesting properties of the behavior of the system under attack can also be formally proved by theorem proving. The INTO-CPS framework has been used for co-simulation, and the methodology is applied to the Line follower robot case study of the INTO-CPS project. The theorem prover of PVS has been used for deriving formal proofs of invariants of the system under attack.
... The PVS theorem-proving environment [38] has been used for verification in many application fields, such as autonomous vehicles [15] and nonlinear controls [8]. In the field of medical systems, PVS and the PVSio-web prototyping environment [33,35] have been used to study implantable cardiac pacemakers [9,12] and infusion pumps [36]. The present chapter complements these works in that we demonstrate how formal methods technologies can be used to formalize requirements for an ICE system. ...
The concepts of integrated clinical environments and smart intensive care units refer to complex technological infrastructures where health care relies on interoperating medical devices monitored and coordinated by software applications under human supervision. These complex socio-technical systems have stringent safety requirements that can be met with rigorous and precise development methods. This chapter presents an approach to the formalization of system requirements for integrated clinical environments, using the Prototype Verification System, a theorem-proving environment based on a higher-order logic language. The approach is illustrated by modeling safety-related requirements affecting various aspects of an integrated clinical environment, and in particular the communication network. A simple but realistic wireless communication protocol will be used as an example of computer-assisted verification.
... Once verified, the formal model of the infusion pump is automatically translated into executable code through the PVS code generator, providing a prototype of the GPCA user interface from a verified model of the infusion pump. An approach to integrating PVS executable specifications and Stateflow models is proposed in ( Masci et al. 2014b), aiming at reducing the barriers that prevent nonexperts from using formal methods. It permits Stateflow models to be verified, avoiding the hazards of translating design models created in different tools. ...
This chapter provides an overview of several formal approaches for the design, specification, and verification of interactive systems. For each approach presented, we describe how they support both modelling and verification activities. We also exemplify their use on a simple example in order to provide the reader with a better understanding of their basic concepts. It is important to note that this chapter is not self-contained and that the interested reader should get more details looking at the references provided. The chapter is organized to provide a historical perspective of the main contributions in the area of formal methods in the field of human–computer interaction. The approaches are presented in a semi-structured way identifying their contributions alongside a set of criteria. The chapter is concluded by a summary section organizing the various approaches in two summary tables reusing the criteria previously derived.
... Formal methods are important for developing and understanding safe and secure systems. The PVSio-web framework [20,21,22,26] allows developers to use formal methods in a friendly and appealing way as it provides realistic animations and is integrated with a graphical editor for the Emucharts language [23]. (Emucharts is a state machine formalism with guards and actions associated with transitions; it is explained further in Sect. 3 ...
We are concerned with systems, particularly safety-critical systems, that involve interaction between users and devices, such as the user interface of medical devices. We therefore developed a MISRA C code generator for formal models expressed in the PVSio-web prototyping toolkit. PVSio-web allows developers to rapidly generate realistic interactive prototypes for verifying usability and safety requirements in human-machine interfaces. The visual appearance of the prototypes is based on a picture of a physical device, and the behaviour of the prototype is defined by an executable formal model. Our approach transforms the PVSio-web prototyping tool into a model-based engineering toolkit that, starting from a formally verified user interface design model, will produce MISRA C code that can be compiled and linked into a final product. An initial validation of our tool is presented for the data entry system of an actual medical device.
... In particular, a development team can employ different modeling and analysis tools for different parts of a complex system, while using the Co-Simulator to verify system properties in a coordinated simulation environment. Example prototypes using this module to perform co-simulation of PVS models and Simulink models are described in [28,29]. ...
PVSio-web is a graphical environment for facilitating the design and evaluation of interactive (human-computer) systems. Using PVSio-web, one can generate and evaluate realistic interactive prototypes from formal models. PVSio-web has been successfully used over the last two years for analyzing commercial, safety-critical medical devices. It has been used to create training material for device developers and device users. It has also been used for medical device design, by both formal methods experts and non-technical end users.
This paper presents the latest release of PVSio-web 2.0, which will be part of the next PVS distribution. The new tool architecture is discussed, and the rationale behind its design choices are presented.
PVSio-web Tool:
http:// www. pvsioweb. org
... The extensible nature means that it is easy to combine PVSioweb with the tools already used. For example an early plug-in [13] allows the interface model to be co-simulated with control software developed separately using traditional tools, such as MathWorks Simulink. Additional plugins enable mathematical analysis with different verification tools, such as Overture [7] and IVY/NuSMV [1]. ...
Use errors, where medical devices work to specification but lead to the clinicians making mistakes resulting in patient harm, is a critical problem. Manufacturers need tools to help them find such design flaws at an early stage and regulators need tools to help check devices are safe to approve for market. We have developed a prototyping tool, PVSio-web, to help check the safety of medical device interface and interaction design. It supports a model-based design process: that is, it is based on precise mathematical descriptions of the device's behaviour. This allows sophisticated proof and model checking technology to be used to verify that devices meet essential safety requirements. The architecture allows for the flexible addition of 'plug-in' modules to extend its functionality giving different views of the design that allow different stakeholders to work together. Working with the US regulator, the Food and Drug Administration (FDA), our tool has helped identify problems in a series of commercial medical devices. Hospitals have used it as part of training programmes highlighting safety-related design issues. In ongoing work we are developing plug-ins that support the verification and validation of interoperable medical systems.
This work proposes a method for the development of cyber-physical systems starting from a high-level representation of the control algorithm, performing a formal analysis of the algorithm, and co-simulating the algorithm with the controlled system both at high level, abstracting from the target processor, and at low level, i.e., including the emulation of the target processor. The expected advantages are a smoother and more controllable development process and greater design dependability and accuracy with respect to basic model-driven development. As a case study, an automatic transmission control has been used to show the applicability of the proposed approach.
This paper presents a methodology, with supporting tool, for formal modeling and analysis of software components in cyber-physical systems. Using our approach, developers can integrate a simulation of logic-based specifications of software components and Simulink models of continuous processes. The integrated simulation is useful to validate the characteristics of discrete system components early in the development process. The same logic-based specifications can also be formally verified using the Prototype Verification System (PVS), to gain additional confidence that the software design complies with specific safety requirements. Modeling patterns are defined for generating the logic-based specifications from the more familiar automata-based formalism. The ultimate aim of this work is to facilitate the introduction of formal verification technologies in the software development process of cyber-physical systems, which typically requires the integrated use of different formalisms and tools. A case study from the medical domain is used to illustrate the approach. A PVS model of a pacemaker is interfaced with a Simulink model of the human heart. The overall cyber-physical system is co-simulated to validate design requirements through exploration of relevant test scenarios. Formal verification with the PVS theorem prover is demonstrated for the pacemaker model for specific safety aspects of the pacemaker design.
Building models of safety-critical interactive systems (in healthcare, transport, avionics and finance, to name but a few) as part of the design process is essential. It is also advised for non-safety critical interactive systems if we want to be certain they will behave as intended in all circumstances. However, modelling interactive systems is also challenging. The levels of complexity in modern user interfaces and the wealth of interaction possibilities means that modelling at a suitable level of abstraction is crucial to ensure our models remain reasonably sized, readable, and therefore usable. The decisions we make about how to abstract the system to retain enough detail to be able to reason about it without running into known modelling problems (state-explosion, verbosity, unread ability) are complex, even for experienced modellers. We have identified a number of commonly seen problems in such models based on occurrences of common properties of interactive systems, and in order to help both experienced and novice modellers we propose model-patterns as a solution to this.
