A Case in Point: Verification and Testing of a EULYNX Interface

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Formal Aspects of Computing Pub Date : 2023-03-16 DOI:https://dl.acm.org/doi/10.1145/3528207

Mark Bouwman, Djurre van der Wal, Bas Luttik, Mariëlle Stoelinga, Arend Rensink

{"title":"A Case in Point: Verification and Testing of a EULYNX Interface","authors":"Mark Bouwman, Djurre van der Wal, Bas Luttik, Mariëlle Stoelinga, Arend Rensink","doi":"https://dl.acm.org/doi/10.1145/3528207","DOIUrl":null,"url":null,"abstract":"<p>We present a case study on the application of formal methods in the railway domain. The case study is part of the FormaSig project, which aims to support the development of EULYNX — a European standard defining generic interfaces for railway equipment — using formal methods. We translate the semi-formal SysML models created within EULYNX to formal mCRL2 models. By adopting a model-centric approach in which a formal model is used both for analyzing the quality of the EULYNX specification and for automated compliance testing, a high degree of traceability is achieved.</p><p>The target of our case study is the EULYNX Point subsystem interface. We present a detailed catalog of the safety requirements, and provide counterexamples that show that some of them do not hold without specific fairness assumptions. We also use the mCRL2 model to generate both random and guided tests, which we apply to a third-party software simulator. We share metrics on the coverage and execution time of the tests, which show that guided testing outperforms random testing. The test results indicate several discrepancies between the model and the simulator. One of these discrepancies is caused by a fault in the simulator, the others are caused by false positives, i.e. an over-approximation of fail verdicts by our test setup.</p>","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"99 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2023-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Aspects of Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/https://dl.acm.org/doi/10.1145/3528207","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

We present a case study on the application of formal methods in the railway domain. The case study is part of the FormaSig project, which aims to support the development of EULYNX — a European standard defining generic interfaces for railway equipment — using formal methods. We translate the semi-formal SysML models created within EULYNX to formal mCRL2 models. By adopting a model-centric approach in which a formal model is used both for analyzing the quality of the EULYNX specification and for automated compliance testing, a high degree of traceability is achieved.

The target of our case study is the EULYNX Point subsystem interface. We present a detailed catalog of the safety requirements, and provide counterexamples that show that some of them do not hold without specific fairness assumptions. We also use the mCRL2 model to generate both random and guided tests, which we apply to a third-party software simulator. We share metrics on the coverage and execution time of the tests, which show that guided testing outperforms random testing. The test results indicate several discrepancies between the model and the simulator. One of these discrepancies is caused by a fault in the simulator, the others are caused by false positives, i.e. an over-approximation of fail verdicts by our test setup.

查看原文本刊更多论文

一个恰当的案例:一个EULYNX接口的验证与测试

我们提出了形式化方法在铁路领域应用的一个案例研究。该案例研究是FormaSig项目的一部分，该项目旨在支持使用形式化方法定义铁路设备通用接口的欧洲标准EULYNX的开发。我们将在EULYNX中创建的半形式化的SysML模型转换为形式化的mCRL2模型。通过采用以模型为中心的方法，其中正式模型用于分析EULYNX规范的质量和自动遵从性测试，可以实现高度的可追溯性。我们案例研究的目标是EULYNX Point子系统接口。我们提出了安全要求的详细目录，并提供反例，表明其中一些没有具体的公平假设就不成立。我们还使用mCRL2模型生成随机和引导测试，并将其应用于第三方软件模拟器。我们共享测试的覆盖率和执行时间的度量，这表明引导测试优于随机测试。测试结果表明，模型与模拟器之间存在一些差异。其中一个差异是由模拟器中的故障引起的，其他的是由误报引起的，即我们的测试设置对失败判决的过度近似。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Formal Aspects of Computing 工程技术-计算机：软件工程

CiteScore

3.30

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： This journal aims to publish contributions at the junction of theory and practice. The objective is to disseminate applicable research. Thus new theoretical contributions are welcome where they are motivated by potential application; applications of existing formalisms are of interest if they show something novel about the approach or application. In particular, the scope of Formal Aspects of Computing includes: well-founded notations for the description of systems; verifiable design methods; elucidation of fundamental computational concepts; approaches to fault-tolerant design; theorem-proving support; state-exploration tools; formal underpinning of widely used notations and methods; formal approaches to requirements analysis.