Papers by Jean-louis Boulanger
HAL (Le Centre pour la Communication Scientifique Directe), Jan 25, 2006
In the European railways standards (CENELEC EN 50126 [4], EN 50128 [5], EN 50129 [6]), it is requ... more In the European railways standards (CENELEC EN 50126 [4], EN 50128 [5], EN 50129 [6]), it is required to obtain evidence of safety in system requirements specifications. The focus of this paper is on the development of system requirements specifications with respect to fulfilling demands of European railways standards. In spite of progress carried out in software development, designing a complex system while respecting its safety requirements, remains very hard. Ambiguities and defects in system requirements specification may have consequences on the whole system development.
HAL (Le Centre pour la Communication Scientifique Directe), Oct 16, 2018
Static Analysis of Software, 2013
Nordic Workshop on Programming Theory, 2005
Computers in Railways X, Jun 27, 2006
The goal of this paper is to show how it is possible to combine the advantages of Unified Modelli... more The goal of this paper is to show how it is possible to combine the advantages of Unified Modelling Language (UML) and of the B method in order to design safety applications. We investigate how the Unified Modeling Langage (UML), can be used to formally specify and verify critical railways systems. A benefit of using UML is it status as an international standard (OMG) and its widespread use in the software industry. B is a formal method for the incremental development of specifications and their refinements down to an implementation. In the railway critical software domain, safety requirements are obviously severe. It is very important to keep requirements traceability during software development process even if the different used models are informal, semi formal or formal.
Certifiable Software Applications 2, 2017
: Configuration management (CM) consists of controlling changes in the system over time. The real... more : Configuration management (CM) consists of controlling changes in the system over time. The realization of a system requires managing the various parts and their changes. For a software application, the situation is even more complex because of the presence of source files, tools or documents whose changes need to be controlled. CM is implemented in order to control complex systems in all fields: information technology, aerospace, automotive, railway, aeronautic, nuclear, space systems, defense, etc.
Safety requirements are stringent in the railway environment. During the software development pro... more Safety requirements are stringent in the railway environment. During the software development process, it is very important to keep these requirements traceable, even if the different models used are informal, semi-formal, or formal. This article reports on a study that investigated how the Unified Modeling Language (UML) can be used to formally specify and verify critical railway systems. The authors note that a benefit of using UML is its status as an international standard and its widespread use in the software industries. In this study, the authors propose a method for modeling a safety application for railways. The UML must be used with precise semantics, by definition of translation rules for the conversion of UML notation in a formal language. This study is integrated into a larger one (B-RAIL) that aims at linking an informal approach (UML notation) to a formal (B method) one. The authors designed a level crossing, without bridge or tunnel, to illustrate their method.
Certifiable Software Applications 1, 2016
In this chapter, we shall discuss a few normative contexts. The purpose of this section is not to... more In this chapter, we shall discuss a few normative contexts. The purpose of this section is not to present all standards and their relationships, but just to locate a few key points that will be useful later.
IFAC Proceedings Volumes, 2007
Home> Analysis, Design, and Evaluation of Human-Machine Systems> 10th IFAC, IFIP, IFORS, IE... more Home> Analysis, Design, and Evaluation of Human-Machine Systems> 10th IFAC, IFIP, IFORS, IEA Symposium on Analysis, Design, and Evaluation of Human-Machine Systems> Human reliability analysis for automatic train supervision
IGI Global eBooks, May 21, 2010
This chapter presents an approach for certified design of railway critical systems. This approach... more This chapter presents an approach for certified design of railway critical systems. This approach, which realizes the software development cycle, relies on metamodeling architecture and model-transformations. It combines semi-formal UML models and formal models in order to check, proof and generate code by refinement; we use the process algebra FSP to check the dynamic behavior and B to generate proved code. Initially, the authors select an UML subset, which could be uses to model the key aspects of critical systems. Then, from this subset, the authors perform projections to obtain B and FSP models which are exploited by tools for checking, refinement and proof.
Safety standards in most domains (aeronautics, automotive, industry, nuclear, railway, space) con... more Safety standards in most domains (aeronautics, automotive, industry, nuclear, railway, space) consider software (and more generally, design) as a deterministic artefact. They propose a global rationale combining probabilistic evidence on hardware random failures and deterministic evidence on systematic causes of failures including software. In a context where software is more and more pervasive in all systems, and where it is sometimes advocated that software complexity and size seem to provide some relevance to a probabilistic view of software behaviour, several initiatives suggest to change the way to address software in the global system safety assessment. This is a complex question with many facets. Among them the authors propose to discuss in the paper:-foundations, relevance and limits of probabilistic assessment for software,-relationship between software criticality category, (or class, DAL/SIL/ASIL/SSIL etc.) and probabilistic safety objectives,-the rationale for software d...
This paper compares the influence of Development Assurance Levels (DALs) on the prescribed object... more This paper compares the influence of Development Assurance Levels (DALs) on the prescribed objectives, activities, methods and tools of six different software development assurance standards, indeed that of civil aviation, automotive, space, process automation, nuclear and railway. Through an inventory of their respective requirements, we attempt to compare the software safety levels ensured by each standard for its lowest and highest DALs. We first explain the rationale of the comparison, i.e on what basis we compare the securing effects of the various process-based or product-based requirements issued by the six software development assurance standards. Then we review the DAL-dependent variability of each standard and finally outline some tentative cross-domain equivalence classes or ranking.
ABSTRACT In this paper, we aim at formalising an experimental fault and failure description langu... more ABSTRACT In this paper, we aim at formalising an experimental fault and failure description language in order to design a safety verification process for circuits. We would like to extend methods and techniques which check that circuits are design fault free, e.g. they correctly behave in normal mode, in such a way that circuits could be statically verified as well when unexpected failures arise, e.g. in degraded mode. We then model a formal fault and failure description language that suits a tiny language able to design structural configuration of circuits. As we borrow Gordon and Melham's "circuits as predicates" paradigm to perform circuit design verification, we shall define fault and failure semantics in terms of "predicates transformers". We choose to take advantage of higher order logic features to realise this goal. Then we are able to build a verification process for safety properties that express the conditions from which circuit behaviour can be proved stable when faults and failures arise.
Certifiable Software Applications 3, 2018
Certifiable Software Applications 2, 2017
This chapter is designed to introduce the concepts, techniques and to a lesser extent the impleme... more This chapter is designed to introduce the concepts, techniques and to a lesser extent the implemented tools to verify and validate a software-based system. It is about seeing the verification as a support process with methods that are independent of the product to realize.
Certifiable Software Applications 2, 2017
As already mentioned, critical applications have a longer life expectancy and an obligation in te... more As already mentioned, critical applications have a longer life expectancy and an obligation in terms of availability that may be strong, such as for transport and energy production.
Certifiable Software Applications 3, 2018
Abstract: The software application architecture phase allowed us to identify components, interfac... more Abstract: The software application architecture phase allowed us to identify components, interfaces between these components and interfaces with the environment. As we have explained, the architecture phase could be built upon at least two levels (SwAD and SwCD), but if needed more decomposition levels should be employed. It is now necessary to define the content of each component. This stage involves the identification of the services performed by these components and the definition of the associated algorithms.
Uploads
Papers by Jean-louis Boulanger