Aircraft landing gear system: approaches with Event-B to the modeling of an industrial system

Abstract

This paper describes the modeling, done using the Event-B notation, of the aircraft landing gear case study that was proposed in a special track of the ABZ'2014 Conference. In the course of our development, we discovered some problems in our initial modeling approach. This has led us to propose a second approach and then a third one. Each approach is more efficient than the previous one in terms of proof obligations (roughly speaking: 2000, 1000, 500). All this will be described in this paper. The methodology of proving reachability and deadlock freeness are discussed. Animation and simulation are used as complementary analysis to formal proofs. We also try to go beyond this specific case study and give some thoughts about large industrial modeling.