Along with the popularity of software-intensive systems, the interactions between system components and between humans and software applications are becoming more and more complex. This results in system accidents related to sys-tem safety issues. System accidents are different to failures related to component reliability. System safety is not well addressed, because functional requirements and safety re-quirements are separately handled in practice. In this paper, we consider safety requirements as control structures that restrict system behaviors at meta-model level. We propose the formalism of interface C-Systems, short for “interface control systems”. In this framework, functional requirements and safety requirements are separately formalized as in-terface automata and controlling automata respectively, as what we are doing in practice. The controlling automaton may guarantee safety requirements at design-time or run-time. Then the global system is a safe specification. The underlying mechanism differs from that of model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a new top-down methodology for designing and modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. In practice, this methodology may be also used for safety checking, incident reporting and service restoration. 1.

Abstract. Guidelines and consistency rules of UML are used to control the degrees of freedom provided by the language to prevent faults. Guidelines are used in specific domains (e.g., avionics) to recommend the proper use of technologies. Consistency rules are used to deal with inconsistencies in models. However, guidelines and consistency rules use informal restrictions on the uses of languages, which makes checking difficult. In this paper, we consider these problems from a language-theoretic view. We propose the formalism of C-Systems, short for “formal language control systems”. A C-System consists of a controlled grammar and a controlling grammar. Guidelines and consistency rules are formalized as controlling grammars that control the uses of UML, i.e. the derivations using the grammar of UML. This approach can be implemented as a parser, which can automatically verify the rules on a UML user model in XMI format. A comparison to related work shows our contribution: a generic top-down and syntax-based approach that checks language level constraints at compile-time. 1