3,655 research outputs found
A rigorous approach to combining use case modelling and accident scenarios
Nearly all serious accidents, in the past twenty years, in which software has
been involved can be traced to requirements
flaws. Accidents related to
or involving safety-critical systems often lead to significant damage to life,
property, and environment in which the systems operate.
This thesis explores an extension to use case modelling that allows safety
concerns to be modelled early in the systems development process. This
motivation comes from interaction with systems and safety engineers who
routinely rely upon use case modelling during the early stages of defining
and analysing system behaviour.
The approach of embedded formal methods is adopted. That is, we use one
discipline of use case modelling to guide the development of a formal model.
This enables a greater precision and formal assurance when reasoning about
concerns identified by system and safety engineers as well as the subsequent
changes made at the level of use case modelling. The chosen formal method
is Event-B, which is re nement based and has consequently enabled the
approach to exploit a natural abstractions found within use case modelling.
This abstraction of the problem found within use cases help introduce their
behaviour into the Event-B model via step-wise re nement.
The central ideas underlying this thesis are implemented in, UC-B, a tool
support for modelling use cases on the Rodin platform (an eclipse-based
development environment for Event-B). UC-B allows the specification of
the use cases to be detailed with both informal and formal notation, and
supports the automatic generation of an Event-B model given a formally
specified use case. Several case studies of use cases with accident cases are
provided, with their formalisation in Event-B supported by UC-B tool. An
examination of the translation from use cases to Event-B model is discussed,
along with the subsequent verification provided by Event-B to the use case
model
Redevelopment of an industrial case study using Event-B and Rodin
CDIS is a commercial air traffic information system that was developed using formal methods 15 years ago by Praxis, and it is still in operation today. This system is an example of an industrial scale system that has been developed using formal methods. In particular, the functional requirements of the system were specified using VVSL -- a variant of VDM. A subset of the original specification has been chosen to be reconstructed on the Rodin platform based on the new Event-B formalism. The goal of our reconstruction was to overcome three key difficulties of the original formalisation, namely the difficulty of comprehending the original specification, the lack of any mechanical proof of the consistency of the specification and the difficulty of dealing with distribution and atomicity refinement. In this paper we elucidate how a new formal notation and tool can help to overcome these difficulties
Rodin: an open toolset for modelling and reasoning in Event-B
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods
An open extensible tool environment for Event-B
Abstract. We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal modelling of complex systems is a difficult task. Even when theorem provers improve further and get more powerful, modelling will remain difficult. The reason for this that modelling is an exploratory activity that requires ingenuity in order to arrive at a meaningful model. We are aware that automated theorem provers can discharge most of the onerous trivial proof obligations that appear when modelling systems. In this article we present a modelling tool that seamlessly integrates modelling and proving similar to what is offered today in modern integrated development environments for programming. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods.
From Event-B models to Dafny code contracts
International audienceThe constructive approach to software correctness aims at formal modelling and verification of the structure and behaviour of a system in different levels of abstraction. In contrast, the analytical approach to software verification focuses on code level correctness and its verification. Therefore it would seem that the constructive and analytical approaches should complement each other well. To demonstrate this idea we present a case for linking two existing verification methods, Event-B (constructive) and Dafny (analytical). This approach combines the power of Event-B abstraction and its stepwise refinement with the verification capabilities of Dafny. We presented a small case study to demonstrate this approach and outline of the rules for transforming Event-B events to Dafny contracts. Finally, a tool for automatic generation of Dafny contracts from Event-B formal models is presented
Towards a Formalism-Based Toolkit for Automotive Applications
The success of a number of projects has been shown to be significantly
improved by the use of a formalism. However, there remains an open issue: to
what extent can a development process based on a singular formal notation and
method succeed. The majority of approaches demonstrate a low level of
flexibility by attempting to use a single notation to express all of the
different aspects encountered in software development. Often, these approaches
leave a number of scalability issues open. We prefer a more eclectic approach.
In our experience, the use of a formalism-based toolkit with adequate notations
for each development phase is a viable solution. Following this principle, any
specific notation is used only where and when it is really suitable and not
necessarily over the entire software lifecycle. The approach explored in this
article is perhaps slowly emerging in practice - we hope to accelerate its
adoption. However, the major challenge is still finding the best way to
instantiate it for each specific application scenario. In this work, we
describe a development process and method for automotive applications which
consists of five phases. The process recognizes the need for having adequate
(and tailored) notations (Problem Frames, Requirements State Machine Language,
and Event-B) for each development phase as well as direct traceability between
the documents produced during each phase. This allows for a stepwise
verification/validation of the system under development. The ideas for the
formal development method have evolved over two significant case studies
carried out in the DEPLOY project
- ā¦