Robustness of Simulink/Stateflow Model Against Implementation Imperfections*

Model-based software development frameworks such as Simulink/Stateflow support auto code generation. Due to the limitations of the implementation platform on which the generated code is deployed on, imprecision is introduced to the implementation and may lead to unpredictable behaviors in the implementation. In this paper, an implementation model is defined to model the imprecisions introduced by the platform. We present a notion of Path-Robustness (P-Robustness) and Path/Output-Robustness (P/O-Robustness) between the software model and its implementation model to determine if the implementation preserves the control and data flow of the software. An approach is proposed to check the P-Robustness and P/O-Robustness properties of the software model by constructing an error propagation model from the implementation model. P/O-Robustness is proved stronger than approximate bisimulation introduced by Girard et al.