Case Study: Safety Metro System

Abstract

This case study describes how the composition, decomposition and generic instantiation techniques can be applied in practice. A case study involving the specification and refinement of an Event-B model is presented. We aim to develop a system that becomes more complex in each refinement step, preserve its properties (requirements) reusing existing developments as much as possible and discharge as little proof obligations as possible. We achieve that using the studied techniques. A safety-critical metro system case study is developed. This version is a simplified version of a real system but tackles relevant points where our studied techniques become relevant: increment of the complexity of the system being modelled, sub-components communication, stepwise addition of requirements at each refinement level, refinement of decomposed sub-components. Although this system is initially modelled as a single component, it can be seen as a distributed system where the initial model is split into smaller sub-components that communicate via shared events. The split is achieved through a shared event decomposition and the sub-components are further refined independently. After several refinements, we reach a refinement that fits an existing generic development of metro doors. Using that development as a pattern, two models are instantiated accordingly. The zip file contains several Event-B Projects. It starts with 'SafetyMetroSystem'; then after the first decomposition, the project 'Train' is further refined; then after another refinement and we go to project 'Carriage'; the resulting decomposition are projects 'CarriageInterface' and 'EmergencyDoors'; the pattern used in the instantiation is project 'GCDoors'; the instantiations are in projects 'EmergencyDoors' and 'ServiceDoors'. A pdf file is attached containing the description of the case study.

More information

Identifiers

Catalogue record

Export record