June 2000
·
7 Reads
·
2 Citations
IFAC Proceedings Volumes
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
June 2000
·
7 Reads
·
2 Citations
IFAC Proceedings Volumes
January 1999
·
83 Reads
·
301 Citations
Lecture Notes in Computer Science
The automatic train operating system for METEOR, the rst driverless metro in the city of Paris, is designed to manage the traf- c of the vehicles controlled automatically or manually. This system, developed by Matra Transport International for the RATP, requires a very high level of dependability and safety for the users and the opera- tor. To achieve this, the safety critical software located in the dierent control units (ground, line and on-board) was developed using the B formal method,together with the Vital Coded Processor. This architec- ture thus ensures an optimum,level of safety agreed with the customer. This experience with the METEOR project has convinced Matra Trans- port International of the advantages of using this B formal method,for large-scale industrial developments.
January 1999
·
23 Reads
·
18 Citations
April 1998
·
7 Reads
·
11 Citations
B is a language with a three-valued semantics: terms like min(0) or 1/0 are ill-defined, consequently formulas containing ill-defined terms may also be ill-defined. Therefore the deduction system we use to discharge the proof obligations should be constructed from a three-valued logic. In this paper, we introduce a deduction system that allows to reason in a two-valued logic if new proof obligations called well-definedness lemmas are also proved. We define this deduction s ystem and the new proof obligations that ensure the well-definedness of B components. The practical benefits on the proof mechanisms are then outlined.
... the human modellers and their experience. For the development of the Meteor metro safety automation, MATRA Transport [5] has developed and documented refinement techniques to systematise their use. This resulted in an automatic refinement tool that was later redeveloped for Atelier B. This tool (BART) automates the refinement of a B machine, using an extensible base of refinement rules and an inference engine to apply these rules to an abstract B model. ...
January 1999
... In fact, this kind of process is accepted by STRMTG (https://www.strmtg.developpement-durable.gouv.fr/), the French Technical service for ski lifts and guided transport, to assess metros in France. Since the first automated metro line in Paris, Meteor line [14], the use of formal methods for system validation and verification in urban railways has been an undeniable industrial success, at least for software components but not only the study [15]. The Event-B method is supported by tools providing visual animations which allows experts to validate high-level behaviour of a system [16,17]. ...
January 1999
Lecture Notes in Computer Science
... The first two cases are ill-defined: f(x) is meaningless since x does not belong to the domain of function f. The problem of well-defined B has been investigated in [3]: the concern was to tackle ill-defined proof obligations. The adopted solution was to 1) generate additional proof obligations of the well-definedness of models; 2) propose a deduction system such that the proof of a well-defined lemma does not introduce ill-defined formulae. ...
Reference:
Test Criteria Definition for B Models
April 1998