Formal methods are the mathematically techniques and tools which are used at early stages of software development lifecycle processes. The utter need of using formal methods in safety critical system leads to accuracy, consistency and correctness in proposed system. In safety critical real time application, requirements should be unambiguous and very accurate which can be achieved by using mathematical theorems. There is utter need to focus on the requirement phase which is the most critical phase of SDLC. This paper focuses on the use of Z notation for incorporating the accuracy, consistency, and eliminates ambiguity in safety critical system: Road Traffic Management System as a case study. The syntax, semantics, type checking and domain checking are further verified by using Z/EVES: a Z notation type checker tool.
Formal specification languages are mathematically based on languages which are adequately used for construction of accurate, consistent and unambiguous systems and software. As formal methods are equipped with tool, which can be used for both the prospective i.e. describing a system and later on for analyzing their functionalities. The major obstacles behind formal methods to be used in practices frequently are the time spent on specification [
A lot of work has been done in this area of formal analysis of UML diagrams with formal approaches [
In this article, Z notation is used for formal analysis of safety critical system i.e. Road Traffic Management System which is further verified by using the Z/EVES tool.
In the first part of this section, the proposed approach is discussed. Then the tool and methodology used are discussed in section.
This tool is used for verifying the specification written in Z notation language. This verification includes syntax, semantics, type checking, and domain checking of the given system’s specification. Z/EVES present two type of interface: graphical user interface and the command line interface [
・ syntax and type checking;
・ schema expansion;
・ precondition calculation;
・ domain checking;
・ general theorem proving.
Unified Modeling language is in fact the blue prints for the system to be developed. It provides a better way to understands the requirements of the propose system. UML consists of nine diagrams which are used for capturing the both aspects of the system i.e. static and dynamic [
Z schema is the notion for structuring the specification including the pre, post condition and the list of invariant & variables. Z schema has two parts i.e. declaration part and predicate part. The Z schema has both declaration as well as predicate part that is shown in
The above part of central line consists of variables declaration and the below part of line describes the relationship the variable’s various values. This paper emphasis on three main characteristics of formal analysis of safety critical system which are:
1) Syntax & Type checking; 2) Schema Expansion; and 3) Domain checking.
1) Syntax & Type Checking
The syntax and type checking facility is provided by the Z/EVES tool. The syntax & type checking facility enables that the syntax used in Z specification is correct which is automatically done by Z/EVES tool. In case of road traffic management system, the schema of Vehicle Owner is considered for syntax & type checking which is consists of two variables:
・ Vowner is the set of names with RTMS registered.
・ Regist Vowner is the function which when implemented on a particular Vehicle Owner name, provides the unique registration number associated with the person.
In
In Vehicle Owner schema, a partial function named “Regist Vowner” is defined which maps the corresponding vehicle owner with a registration number i.e.
Regist Vowner: Name→ Seqchar
Moreover, “Regist Vowner” is a one-to-one function which maps Vehicle Owner name with registration number. Since it is a one-to-one function, therefore every Vehicle Owner has a unique registration number and consequently, would be no ambiguity. The schema of Vehicle Owner is further verified by Z/EVES tool for syntax & type checking in
2) Schema Expansion
The schema expansion facility enables to extend the functionality of system and helps in understanding the complex schema structure in detail. Initially, the list of registered vehicle owner in RTMS is empty which is depicted by the “Init Vehicle Owner” schema in
Since the lower part of the schema explain the relation between the variables, the function Regist Vowner is assigned a value “f”, and means initially there is no registered vehicle owner in RTMS.
Now, the Vehicle Owner may perform a list of tasks like: Login. If the Vehicle Owner is Login first time, he/she has to register him/her; otherwise he/she will sign in. In
In this schema:
Password: Vowner→Word
“Password” is a function which associates a username to password. Nevertheless, it is a one-to-one function which in turn provides accuracy and correctness to system. Now Signin set and registered set both is the member of power set of Vehicle Owner which is mathematically shown by using set theory as following.
Signin, Reg: ℙ Vowner
Also the Signin set is a subset of registered set and the registered set having the values which are there in domain of “password” function i.e.
Signin
Initially, Login schema is empty which is here explained by assigning a value “f” to both the set whether it’s a registers one or a new one i.e.
Reg = f; Signin = f
This is called schema expansion which is one of the key features of Z/EVES tool i.e. from “Init Login” schema to “Login” schema.
In
3) Domain Checking
Domain checking feature of Z/EVES tool enables us to write the statements which are meaningful and in finding the domain errors. However, it has been found that as compared to syntax & type checking, domain checking is more crucial because where syntax and type checking is done automatically, one needs to work together with theorem prover to accomplish the domain checking. We also observed that proof “by reduce” in the proof window of the tool was sufficient for our formal specifications for domain checking. Now if you are already registered, you will opt for the sigin option. By investigating
The proof can be done by various mean in Z/EVES by choosing “Action Point” by Reduction, Cases, Quantifiers, Normal Norms and Equality. In our case, we use the option “prove by reduction”.
Any proposed model is incomplete without tool support. Nevertheless, use of formal language adequately increases the accuracy and completeness but, the use of computer tool indeed increases the level of confidence significantly for the system to be developed by fingering out the potential errors in syntax and semantics of formal narration.
The use of formal methods in safety critical application increases quality in terms of accuracy, consistency, and
Schema Name | Syntax & Type Checking | Domain Checking | Schema Expansion | Proof by Reduction |
---|---|---|---|---|
Vehicle Owner | Y | Y | Y | Y¹ |
Login | Y | Y | Y | Y¹ |
Signin | Y | Y | Y | Y¹ |
in completeness. This paper describes the use of Z notation, a formal methods for Vehicle Owner, an actor of Road Traffic Management System; which will be further verified by Z/EVES, a typechecker tool for Z notation specification. In Future, the schema of Traffic Police, Admin, and Traffic Manager will be implemented and verified by Z/EVES theorem prover.
Authors are thankful to faculty of Engineering & Technology (FET), Mody University of Science & Technology for providing the facility to carry out the research work.
MonikaSingh,Ashok KumarSharma,RuhiSaxena, (2015) Why Formal Methods Are Considered for Safety Critical Systems?. Journal of Software Engineering and Applications,08,531-538. doi: 10.4236/jsea.2015.810050