Formal systems modelling offers a rigorous system-level analysis resulting in a precise and reliable specification. However, some issues remain: Modellers need to understand the requirements in order to formulate the models, formal verification may focus on safety properties rather than temporal behaviour, domain experts need to validate the final models to ensure they fit the needs of stakeholders. In this paper we discuss how the principles of Behaviour-Driven Development (BDD) can be applied to formal systems modelling and validation. We propose a process where manually authored scenarios are used initially to support the requirements and help the modeller. The same scenarios are used to verify behavioural properties of the model. The model is then mutated to automatically generate scenarios that have a more complete coverage than the manual ones. These automatically generated scenarios are used to animate the model in a final acceptance stage. For this acceptance stage, it is important that a domain expert decides whether or not the behaviour is useful.
Railway interlocking system is a typical safety-critical system, design defects of the system will pose the great risks on the safety and affect the operation efficiency of the railway station. Formal method is an important approach to verify the design requirement and to get the reliable logic for coding. By analysing the requirement of railway interlocking system, the properties of specification and the events of system's function were obtained, and then a multilayer formal model using the Event-B language and refinement strategy was established. The safety attributes of the system were verified and the formal model was refined based the theorem proving. Taking a real railway station as example, the contradictions of the axioms and the deadlock of the model were checked, as well as the correctness of the interlocking data was validated. Finally, the correctness of the model function was tested by simulation. We developed a formal prototype model for the general interlocking system and proposed an approach of data validation for the real station with the interlocking table.
Large-scale sudden-onset disasters may cause massive injuries and thus place great pressure on the emergency blood supplies of local blood banks. When blood is in short supply, blood products gathered urgently to a local blood center should be appropriately allocated to blood banks in the affected area. Moreover, ABO/ Rh(D) compatibilities among blood groups must be considered during emergency situations. To minimize the total unmet demand of blood products considering the optimal ABO/Rh(D)-compatible blood substitution scheme, a mixed integer programming model is developed and solved efficiently by using a greedy heuristic algorithm. Finally, a numerical example derived from the emergency blood supply scenario of the Wenchuan Earthquake is presented to verify the proposed model and algorithm. The results show that considering ABO/Rh(D)-compatible blood substitution can remarkably increase the efficiency of emergency blood allocation while lowering blood shortage, and the preference order of possible ABO/Rh(D)-compatible substitutions has an influence on the allocation solution.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.