Supporting Consistency in the Heterogeneous Design of Safety-Critical Software

Safety-critical software are highly heterogeneous, possessing very different characteristics. These characteristics are described using diverse modelling mechanisms (e.g., MathWorks Simulink and Stateflow, UML). The different resulting models may facilitate understanding and communication, but hinder verification and certification. This is in part due to the fact that design models have to be kept consistent, specially in cases where overlaps exist. Moreover, where overlapping exists, mappings between overlapping elements are required. In particular, the regulated nature of these systems, along with the size and complexity of their design models requires well-defined guidelines for ensuring model consistency. This paper presents a model-driven approach for verifying consistency between UML, Simulink and Stateflow design models, and for recording mappings between overlapping elements in them. The approach is intended to be part of the design standards and process of avionics companies to help them comply with DO-178C. An avionics industrial case study is used to motivate the work and demonstrate the proposed approach.