The behavior of embedded hardware and software systems is determined by at least three dimensions: control flow, data aspects, and real-time requirements. To specify the different dimensions of a system with the best-suited techniques, the formal language CSP-OZ-DC [1] integrates Communicating Sequential Processes (CSP) [2], Object-Z (OZ) [3], and Duration Calculus (DC) [4] into a declarative formalism equipped with a unified and compositional semantics. In this paper, we provide evidence that CSP-OZ-DC is a convenient language for modeling systems of industrial relevance. To this end, we examine the emergency message handling in the European Train Control System (ETCS) [5] as a case study with uninterpreted constants and infinite data domains. We automatically verify that our model ensures real-time safety properties, which crucially depend on the system's data handling. Related work on ETCS case studies focuses on stochastic examinations of the communication reliability [6], [7]. The components' data aspects are neglected, though.
展开▼
