Towards a Correct-by-Construction design flow : A case-study from railway signaling systems

Abstract: As technological advancements and manufacturing techniques continues to bring us more complex and powerful hardware, software engineers struggle to keep up with this rapid progress and reap the benefits brought by this hardware. In the field of safety-critical system development, where a thorough understanding and deterministic nature of the hardware often is required, the cost of development closely relates to the complexity of the hardware used. For software developers to be able to reap the benefits of the technological advancement in hardware design, a Correct-by-Construction with a model- based design flow seem promising. Even though there seem to be significant benefits in using a Correct-by-Construction workflow for developing safety- critical systems, it is far from exclusively used within the industry. Therefore, this thesis illustrates how a model-based design flow should be applied when developing safety-critical systems for usage in the rail transport sector. This thesis also explores the benefits Correct-by-Construction can bring to the development process of safety-critical systems. Within this thesis, two different modeling tools, ForSyDe and Simulink, were used to achieve a model-based design flow. The functionality of these tools is investigated to see how they can be used for developing safety-critical systems, meeting the EN 50128 standard. The result presented is an example of how these tools can be used within a model-based design flow which meets the EN 50128 standard for developing Safety Integrity Level (SIL) 4 systems. The thesis also compares the tools investigated and highlights their differences. Finally, future work required to create a complete Correct-by-Construction workflow that complies with the EN 50128 standard requirements for system development is identified.