Thierry Lecomte

• Engineer
• Research Director at ClearSy System Engineering

Formal methods encompass a wide choice of techniques and tools for the specification, development, analysis, and verification of software and hardware systems. Formal methods are widely applied in industry, in activities ranging from the elicitation of requirements and the early design phases all the way to the deployment, configuration, and runtim...

The article focuses on the continuous improvement of Ate-lier B's automatic proof capabilities since its industrialisation in the 90s. The evolution of Atelier B addressed challenges in proof obligations generation and optimisation, adapting to new languages like Event-B and incorporating newer formats for easier analysis and third-party prover con...

The article focuses on the continuous improvement of Atelier B’s automatic proof capabilities since its industrialisation in the 90s. The evolution of Atelier B addressed challenges in proof obligations generation and optimisation, adapting to new languages like Event-B and incorporating newer formats for easier analysis and third-party prover conn...

In previous work, we have presented a methodology for the specification and verification of relay-based Railway Interlocking Systems (RIS) based on their transient states. By using CSP as formal support, it is possible to use a model checker in order to analyse the safety of such critical systems as a way to improve their safety. However, this type...

System safety is based on the implementation of technical and organisational principles to ensure that a feared event cannot occur more frequently than expected. Such a demonstration, so-called safety case, relies on domain specific standards which capitalise on experience gained after decades of development and operation. For more than a decade, t...

Despite significant advancements in the design of formal integrated development environments, applying formal methods in software industry is still perceived as a difficult task. To ease the task, providing tools that help during the development cycle is essential but proper education of computer scientists and software engineers is also an importa...

In this paper, we review software-based technologies already known to be, or expected to become essential for autonomous train control systems with grade of automation GoA 4 (unattended train operation) in existing open railway environments. It is discussed which types of technology can be developed and certified already today on the basis of exist...

The distribution of safety functions along the tracks requires the networking of the ECUs (Electronic Control Unit is an embedded system that controls one or more electrical systems or subsystems) that support them, to facilitate their operation and maintenance. The latter enables logs to be sent, commands to be received and sent that will lead to...

The railways have a quite long modelling history, covering many technical aspects from infrastructure to rolling stock, train movement, maintenance, etc. These models are mostly separate and operated independently by various stakeholders and with diverse objectives. This article presents some of the various digital modelling activities, including f...

During the last five years, Event-B formal modelling has been successfully applied to various railway systems to demonstrate safety early in the design process or once systems are in operation. This approach is aimed at formalising a safety reasoning instead of modelling every bit of the system. This approach is intrinsically fit to scale up to lar...

The CLEARSY Safety Platform (CSSP) is both a hardware and software platform aimed at developing safety critical applications. A smart combination of hardware features (double processor) and formal method (B method and code generators) was used to produce a SIL4-ready platform where safety principles are built-in. A first version, SK0, was released...

The B-Method has an interesting history, where language and tools have evolved over the years. This not only led to considerable research and progress in the area of formal methods, but also to numerous industrial applications, in particular in the railway domain. We present a survey of the industrial usage of the B-Method since the first toolset i...

Industrial applications involving formal methods are still exceptions to the general rule. Lack of understanding, employees without proper education, difficulty to integrate existing development cycles, no explicit requirement from the market, etc. are explanations often heard for not being more formal. This article reports some experience about a...

The CLEARSY Safety Platform (CSSP) was designed to ease the development of safety critical systems and to reduce the overall costs (development, deployment, and certification) under the pressure of the worldwide market. A smart combination of hardware features (double processor) and formal method (B method and code generators) was used to produce a...

The CLEARSY Safety Platform (CSSP) is aimed at easing the development and the deployment of safety critical applications, up to the safety integrity level 4 (SIL4). It relies on the smart integration of the B formal method, redundant code generation and compilation, and a hardware platform that ensures a safe execution of the software. This paper e...

Developing safety critical applications often require rare human resources to complete successfully while off-the-shelf block solutions appear difficult to adapt especially during short-term projects. The CLEARSY Safety Platform fulfils a need for a technical solution to overcome the difficulties to develop SIL3/SIL4 system with its technology base...

Industrial applications involving formal methods are still exceptions to the general rule. Lack of understanding, employees without proper education, difficulty to integrate existing development cycles, no explicit requirement from the market, etc. are explanations often heard for not being more formal. Hence the feedback provided by industry to ac...

Industrial applications involving formal methods are still exceptions to the general rule. Lack of understanding, employees without proper education, difficulty to integrate existing development cycles, no explicit requirement from the market, etc. are explanations often heard for not being more formal. This article reports some experience about a...

The CLEARSY Safety Platform (CSSP) was designed to ease the development of safety critical systems and to reduce the overall costs (development, deployment, and certification) under the pressure of the worldwide market. A smart combination of hardware features (double processor) and formal method (B method and code generators) was used to produce a...

A Revolution for developing of safety critical application Developing safety critical applications often requires rare human resources to complete successfully while off-the-shelf block solutions appear difficult to adapt especially during short-term projects. Developed during the R&D project FUI LCHIP[5], the CLEARSY Safety Platform fulfills a nee...

Industrial applications involving formal methods are still exceptions to the general rule. Lack of understanding, employees without proper education, difficulty to integrate existing development cycles, no explicit requirement from the market, etc. are explanations often heard for not being more formal. This article reports some experience about a...

This book constitutes the refereed proceedings of the Third International Conference on Reliability, Safety, and Security of Railway Systems, RSSRail 2019, held in Lille, France in June 2019. The 18 full papers presented in this book were carefully reviewed and selected from 38 submissions. They cover a range of topics including railways system and...

Presentation of the Ate lier B proof system: - intro to the B method - proof system - improvements given at the occasion of the Escola de Informática Teórica e Métodos Formais (ETMF) (http://www.sbmf2018.ufba.br/)

Developing safety critical systems is a very difficult task. Such systems require talented engineers, strong experience and dedication when designing the safety principles of these systems. Indeed it should be demonstrated that no failure or combination of failures may lead to a catastrophic situation where people could be injured or could die beca...

Industrial applications involving formal methods are still exceptions to the general rule. Lack of understanding, employees without proper education, difficulty to integrate existing development cycles, no explicit requirement from the market, etc. are explanations often heard for not being more formal. Hence the feedback provided by industry to ac...

This volume constitutes the proceedings of the Second International Conference on Reliability, Safety and Security of Railway Systems, RRSRail 2017, held in Pistoia, Italy, in November 2017. The 16 papers presented in this volume were carefully reviewed and selected from 34 submissions. They are organized in topical sections named: communication ch...

What happened with B and Atelier B during its 20-year life - from industry point of view

We describe INTO-CPS, a project that aims to realise the goal of integrated tool chains for the collaborative and multidisciplinary engineering of dependable Cyber-Physical Systems (CPSs). Challenges facing model-based CPS engineering are described, focussing on the semantic diversity of models, management of the large space of models and artefacts...

Safety-critical systems and software require particular care when their parameters have to be verified and validated, as any mistake may lead to a catastrophic scenario during their operating use. A recent technique, called formal data validation, enables an improvement in the level of confidence of the verifica-tion/validation process by associati...

This book constitutes the refereed proceedings of the 19th Brazilian Symposium on Formal Methods, SBMF 2016, which took place in Natal, Brazil, in November 2016. The 12 papers presented together with two invited talks were carefully reviewed and selected from 22 submissions. They are organized in the following topical sections: analysis and verifi...

This book constitutes the refereed proceedings of the First International Conference on Reliability, Safety, and Security of Railway Systems, RSSRail 2016, held in Paris, France, in June 2016. The 15 revised full papers presented were carefully reviewed and selected from 36 initial submissions. The papers cover a wide range of topics including fai...

This paper reports on the use of formal techniques to ensure as far as possible a safe decommissioning of a plant several decades after it was designed and built. Combination of supervised learning, formal modelling, model animation and model checking enabled the recovery of an almost lost specification and the design of a virtual supervision syste...

In this talk we describe a multi-platform code generator for the B method. In particular, we present a translation procedure from a large subset of the B language for implementations towards LLVM source code. This translation is defined formally as a set of rules defined recursively on the abstract syntax for B implementations. It already handles m...

The B method was introduced at the end of the 1980s to produce software that is correct by construction. This chapter discusses the uses of B method for control-command systems for controlling platform doors of metro trains, and safety of microelectronic components. For several years now, the RATP in France has used platform doors on metro platform...

Atelier B has been used on many occasions in developing safety programs that are used for functions at the SSIL3 and SSIL4 levels. The RIMEL project7 involved the development of an automatic refinement tool known as B automatic refinement tool (BART), specifically designed for integration into Atelier B. The code generation phase is critical, as a...

Refining a B specification into an implementation can be a complex and time consuming process. This process can usually be separated in two distinct parts: the specification part, where the refinement is used to introduce new properties and specification details, and the implementation, where refinement is used to convert a detailed B specification...

This article presents industrial experience of validating large data sets against specification written using the B / Event-B mathematical language and the ProB model checker.

For a long time, formal methods have ignored floating-point computations. About ten years ago this has changed, and today specification languages and tools are in use in research and preindustrial contexts. Better late than never: the B method, which has been the first formal method to prove real-size software, will soon be able to prove the correc...

This article presents industrial experience of applying the B formal method in the industry, on diverse application fields (railways, automotive, smartcard, etc.). If the added value of such an approach has been demonstrated over the year, using a formal method is not the panacea and requires some precautions when introduced in an industrial develo...

In this article we would like to present some recent applications of the B formal method to the development of safety critical system. These SIL3/SIL4 1 compliant systems have their functional specification based on a formal model. This model has been proved, guaranteeing a correct by construction behaviour of the system in absence of failure of it...

In this article we would like to present some recent applications of the B formal method to the development of safety critical systems, namely platform screen door controllers. These SIL3/SIL4 1 compliant systems have their functional specification based on a formal model. This model has been proved, guaranteeing a correct by construction behaviour...

Proving system properties such as fail-safety is a challenge for systems engineering since industrial automation is nowadays embedding intensive on-site and remote infotronics components engineered with increasing intuitive ease-of-use techniques. Since a fonnal proof of the complete safe-behaviour of the resulting ad-hoc system is not possible, th...

Colloque avec actes et comité de lecture. nationale.

The approach presented in this book relies on the unification of System specification environments for developing electronic Systems that are formally proven to be correct (correct-by-construction Systems). The key concept conveyed is the formal proof of System properties, which is carried out at every phase of the co-design cycle. The main idea is...

Event B aims at providing a way to model Systems [1][2] that they are made of many parts interacting with a highly evolving (and sometimes hostile) environment. They also quite often involve several concurrent executing agents. They require a high degree of correctness. Finally, most of them are the result of a construction process which is spread...

When specifying a system, the refinement process of the B method enables (inner part) and the interface (outer part) of a component, from its abstraction to its implementation, while verifying, by proof at each refinement step, that there is no contradiction between two successive refinement levels

This chapter begins with an introduction to the main concepts of formal methods. Languages and tools for developing formal System modeis are also described, while the use of semi formal notations and their integration with formal methods is covered as well. At the end of the chapter, an overview of the current Status of formal methods in embedded S...

This book presents the perspective of the project on a Paradigm Unifying System Specification Environments for proven Electronic design (PUS SEE) as conceived in the course of the research during 2002 -2003. The initial statement of the research was formulated as follows: The objective of PUSSEE is to introduce the formal proof of system properties...

This article presents work related to event driven B that has been undertaken by ClearSy, in close collaboration with J.R. Abrial and Louis Mussat (DCSSI)

ClearSy, in close collaboration with J.R. Abrial and Louis Mussat (DCSSI). The main objective has been to verify suitability of B for system modelling. Most of these activities have been funded by MATISSE project (IST-1999-11435).