Lecture Notes in Computer Science 6371 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbruecken, Germany
Stefan Kowalewski Marco Roveri (Eds.) Formal Methods for Industrial Critical Systems 15th International Workshop, FMICS 2010 Antwerp, Belgium, September 20-21, 2010 Proceedings 13
Volume Editors Stefan Kowalewski RWTH Aachen, Embedded Software Laboratory Ahornstr. 55, 52074, Aachen, Germany E-mail: kowalewski@embedded.rwth-aachen.de Marco Roveri Fondazione Bruno Kessler IRST Via Sommarive 18, 38123, Povo (Trento), Italy E-mail: roveri@fbk.eu Library of Congress Control Number: 2010934239 CR Subject Classification (1998): D.2.4, D.2, D.3, C.3, F.3, I.6 LNCS Sublibrary: SL 2 Programming and Software Engineering ISSN 0302-9743 ISBN-10 3-642-15897-8 Springer Berlin Heidelberg New York ISBN-13 978-3-642-15897-1 Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com Springer-Verlag Berlin Heidelberg 2010 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper 06/3180
Preface This volume contains the papers presented at FMICS 2010, the 15th International Workshop on Formal Methods for Industrial Critical Systems, which was held on September 20-21, 2010, in Antwerp, Belgium. Previous workshops of the ERCIM working group on Formal Methods for Industrial Critical Systems were held in Oxford (March 1996), Cesena (July 1997), Amsterdam (May 1998), Trento (July 1999), Berlin (April 2000), Paris (July 2001), Malaga (July 2002), Trondheim (June 2003), Linz (September 2004), Lisbon (September 2005), Bonn (August 2006), Berlin (July 2007), L Aquila (September 2008), and Eindhoven (November 2009). The aim of the FMICS workshop series is to provide a forum for researchers who are interested in the development and application of formal methods in industry. In particular, these workshops bring together scientists and engineers who are active in the area of formal methods and are interested in exchanging their experiences in the industrial usage of these methods. These workshops also strive to promote research and development for the improvement of formal methods and tools for industrial applications. The FMICS 2010 workshop was co-located with ASE 2010, the 25th IEEE/ACM International Conference on Automated Software Engineering, which offered a choice of events in the area in addition to the main conference. More information about ASE 2010 and the co-located events can be found on http://soft.vub.ac.be/ase2010/. The topics chosen for FMICS 2010 included, but were not restricted to: Design, specification, code generation, and testing based on formal methods; Methods, techniques, and tools to support automated analysis, certification, debugging, learning, optimization, and transformation of complex, distributed, real-time systems,andembeddedsystems; Verification and validation methods that address shortcomings of existing methods with respect to their industrial applicability (e.g., scalability and usability issues); Tools for the development of formal design descriptions; Case studies and experience reports on industrial applications of formal methods, focusing on lessons learned or identification of new research directions; Impact of the adoption of formal methods on the development process and associated costs; Application of formal methods in standardization and industrial forums. In response to the call for papers, 33 contributions were submitted from 16 different countries. The Program Committee selected 14 papers, basing this choice on their scientific quality, originality, and relevance to the workshop. Each paper was reviewed by at least four Program Committee members or external referees.
VI Preface In addition to the regular papers, the workshop included four invited presentations by Aarti Gupta (NEC Labs, USA), Axel Simon (Technical University of Munich, Germany), Stephan Tobies (European Microsoft Innovation Center, Aachen, Germany), and Bert van Beek (Technical University of Eindhoven, The Netherlands). Following a tradition established over the past few years, the European Association of Software Science and Technology (EASST) offered an award to the best FMICS paper. Further information about the FMICS working group and the next FMICS workshop can be found at: http://www.inrialpes.fr/vasy/fmics. On behalf of the Program Committee, we would like to express our gratitude to all the authors who submitted papers and all external referees for their careful work in the reviewing process. Special thanks go to Jörg Brauer who supported the program chairs in many respects, and to Alessandro Fantechi, the coordinator of the ERCIM Working Group on Formal Methods for Industrial Critical Systems, for sharing his experiences. We are very grateful to the organizers of ASE 2010, who worked with enthusiasm in order to make this event possible. We are also grateful to Andrei Voronkov for making EasyChair available to us. Finally, we gratefully acknowledge the institutions which sponsored this event: Fondazione Bruno Kessler, RWTH Aachen University, ERCIM, EASST, European Microsoft Innovation Center, the research cluster Ultra High Speed Information and Communication Systems (UMIC), and AXXTEQ GmbH. September 2010 Stefan Kowalewski Marco Roveri
Organization Program Chairs Stefan Kowalewski Marco Roveri FBK-irst, Italy ERCIM FMICS Working Group Coordinator Alessandro Fantechi Università degli Studi di Firenze and ISTI-CNR, Italy Program Committee María Alpuente Jörg Brauer Luboš Brim Dino Distefano Wan Fokkink Hubert Garavel Stefania Gnesi Aarti Gupta Holger Hermanns Barbara Jobstmann Andy King Daniel Kroening Thomas Kropf Diego Latella Thierry Lecomte Radu Mateescu Pedro Merino Juan José Moreno-Navarro Francois Pilarski Andreas Podelski Jaco van de Pol Jakob Rehof Thomas Santen Wilfried Steiner Masarykova Univerzita, Czech Republic Queen Mary, University of London, UK Vrije Universiteit Amsterdam, The Netherlands INRIA Rhône-Alpes, France ISTI-CNR, Italy NEC Labs, USA Universität des Saarlandes, Germany VERIMAG, France Portcullis Computer Security, UK Oxford University, UK Bosch, Germany CNR/IST Pisa, Italy ClearSy, France INRIA Rhône-Alpes, France Universidad de Málaga, Spain Airbus, France University of Freiburg, Germany Universiteit Twente, The Netherlands Technische Universität Dortmund, Germany Microsoft (EMIC), Germany TTTech, Austria
VIII Organization External Reviewers Mauricio F. Alba-Castro Jiri Barnat Maurice H. ter Beek Clara Benac Earle Sebastian Biallas Andrea Bracciali Doina Bucur Manuel Carro Liñarez Milan Češka Jakub Chaloupka Eva Darulova Alessandro Fantechi Marco A. Feliú Lars-Åke Fredlund Emilio Jesús Gallego Arias Rodolfo Gomez Nikos Gorogiannis Daniele Grasso Karin Greimel Andreas Griesmayer Radu Grigore Alex Groce Raúl Gutiérrez Paul Hänsch Ángel Herranz Alexander Kaiser Volker Kamin Mark Kattenbelt Jeroen Ketema Viktor Kuncak Frédéric Lang Ralf Laue Julio Mariño Mieke Massink Franco Mazzanti Ralf Möller Nannan He Jacob Palczynski Laura Panizo Masarykova Univerzita, Czech Republic CNR/IST, Italy Università de Pisa, Italy Oxford University, UK Brno University of Technology, Czech Republic Masarykova Univerzita, Czech Republic EPFL, Switzerland Università degli Studi di Firenze and ISTI-CNR, Italy University of Kent, UK Queen Mary, University of London, UK General Electric Transportation Systems (GETS), Italy Graz University of Technology, Austria VERIMAG, France Queen Mary, University of London, UK Oregon State University, USA Oxford University, UK Oxford University, UK Universiteit Twente, The Netherlands EPFL, Switzerland INRIA Rhône-Alpes, France Universität Leipzig, Germany CNR/IST Pisa, Italy CNR/IST Pisa, Italy Hamburg University of Technology, Germany Oxford University, UK Universidad de Málaga, Spain
Organization IX Elwin Pater Rasmus Lerchedahl Petersen Daniel Riesco Petr Ročkai Daniel Omar Romero Gwen Salaün Alberto Salmerón David Sanan Sonia Santiago Pinazo Mark Schellhase Wendelin Serwe Nicolas Stouls Salvador Tamarit Muñoz Fernando Tarín Andrei Tchaltsev Francesco Tiezzi Mark Timmer Laura Titolo Michael Weber Universiteit Twente, The Netherlands Queen Mary, University of London, UK National University of San Luis, Argentina Masarykova Univerzita, Czech Republic INRIA Rhône-Alpes, France Universidad de Málaga, Spain Universidad de Málaga, Spain Queen Mary, University of London, UK INRIA Rhône-Alpes, France Laboratoire CITI, INSA de Lyon, France FBK-irst, Italy Università degli Studi di Firenze, Italy Universiteit Twente, The Netherlands Universiteit Twente, The Netherlands
Table of Contents The Metrô Rio ATP Case Study... 1 Alessio Ferrari, Daniele Grasso, Gianluca Magnani, Alessandro Fantechi, and Matteo Tempestini Practical Issues with Formal Specifications: Lessons Learned from an Industrial Case Study... 17 Michael Altenhofen and Achim D. Brucker Formal Analysis of BPMN Models Using Event-B... 33 Jeremy W. Bryans and Wei Wei Developing Mode-Rich Satellite Software by Refinement in Event B... 50 Alexei Iliasov, Elena Troubitsyna, Linas Laibinis, Alexander Romanovsky, Kimmo Varpaaniemi, Dubravka Ilic, and Timo Latvala Automatic Error Correction of Java Programs... 67 Christian Kern and Javier Esparza Range Analysis of Microcontroller Code Using Bit-Level Congruences... 82 Jörg Brauer, Andy King, and Stefan Kowalewski An Automated Translator for Model Checking Time Constrained Workflow Systems... 99 Ahmed Shah Mashiyat, Fazle Rabbi, Hao Wang, and Wendy MacCaull Correctness of Sensor Network Applications by Software Bounded Model Checking... 115 Frank Werner and David Faragó Model Checking the FlexRay Physical Layer Protocol... 132 Michael Gerke, Rüdiger Ehlers, Bernd Finkbeiner, and Hans-Jörg Peter SMT-Based Formal Verification of a TTEthernet Synchronization Function... 148 Wilfried Steiner and Bruno Dutertre Embedded Network Protocols for Mobile Devices... 164 Despo Galataki, Andrei Radulescu, Kees Verstoep, and Wan Fokkink
XII Table of Contents A Study of Shared-Memory Mutual Exclusion Protocols Using CADP... 180 Radu Mateescu and Wendelin Serwe A Formal Model of Identity Mixer... 198 Jan Camenisch, Sebastian Mödersheim, and Dieter Sommer Automatic Structure-Based Code Generation from Coloured Petri Nets: A Proof of Concept... 215 Lars Michael Kristensen and Michael Westergaard Author Index... 231