Defining requirements on domain-specific languages in model-driven software engineering of safety-critical systems

Abstract

Domain-specific languages are designed and used to assist software development in various domains. Safety-critical systems such as aviation systems, railway control systems and nuclear power plants require certified software by law. This paper focuses on domain-specific languages that are used to represent a physical reality and to describe the behavior of a control software as a finite state machine. Furthermore we focus on domain-specific languages that are able to generate source code for sensor/actor systems from a specified finite state machine model. The source code is intended to be compiled and operated in a fixed time slot of a real-time operating system of a safety-critical controlling hardware. We give an example of a model that is expressed using a functional tree, a method that is based on input and state space partitioning. We show that models expressed by a functional tree are equivalent to deterministic and complete finite state machines. To formally prove the equivalence we analyze a model in terms of automata theory. We will furthermore show that omitting the properties of determinism and completeness violates normative requirements when a model is used to generate software for safetycritical systems. The major contribution of this paper is the definition of formal requirements on domain-specific languages employing formalisms of automata theory. The requirements are easily verifiable criteria for domain-specific languages to assess the suitability in an engineering process of a safety-critical system. We analyze two example modeling languages for their suitability to create a source code for safety-critical applications.