Abstract
A system development case study problem based on a set of aircraft landing gear is examined in Hybrid Event-B (an extension of Event-B that includes provision for continuously varying behaviour as well as the usual discrete changes of state). Although tool support for Hybrid Event-B is currently lacking, the complexity of the case study provides a valuable challenge for the expressivity and modelling capabilities of the Hybrid Event-B formalism. The size of the case study, and in particular, the number of overtly independent subcomponents that the problem domain contains, both significantly exercise the multi-machine and coordination capabilities of the modelling formalism. These aspects of the case study, vital in the development of realistic cyberphysical systems in general, have contributed significant improvements in the theoretical formulation of multi-machine Hybrid Event-B itself.
Highlights
This paper reports on a treatment of a landing gear system case study using Hybrid Event-B
This perspective is appropriate to a treatment centred on system control via isolated discrete events, such events being used to mark the start and end of a physical process while quietly ignoring what might happen in the interior. While this approach certainly reduces the modelling workload, the penalty paid for it is the loss of the ability to justify the values of these constants during the verification activity, whether this be on the basis of deeper theory or of values obtained from lower level phenomenological models
This paper has described the development of the landing gear case study in the multi-machine Hybrid Event-B framework, as it is defined in [10]
Summary
This paper reports on a treatment of a landing gear system case study (see [17]) using Hybrid Event-B. This perspective is appropriate to a treatment centred on system control via isolated discrete events, such events being used to mark the start and end of a physical process while quietly ignoring what might happen in the interior While this approach certainly reduces the modelling workload, the penalty paid for it is the loss of the ability to justify the values of these constants during the verification activity, whether this be on the basis of deeper theory or of values obtained from lower level phenomenological models. In the conference version of the case study [6], hereafter referred to as Conf, only the nominal regime of the case study was covered Still, this proved sufficient to bring out the main benefits of the approach, and, through the complexity of the case study, highlighted several issues that needed to be handled better in the multi-machine context. Various detailed differences from the earlier treatment are mentioned below, as they arise
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
