Fifty years of Hoare's Logic

We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin

A CSP Account of Event-B Refinement

Event-B provides a flexible framework for stepwise system development via refinement. The framework supports steps for (a) refining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can moreover possibly be anticipated or convergent. All such steps are accompanied with precise proof obligations. Still, it remains unclear what the exact relationship - in terms of a behaviour-oriented semantics - between an Event-B machine and its refinement is. In this paper, we give a CSP account of Event-B refinement, with a treatment for the first time of splitting events and of anticipated events. To this end, we define a CSP semantics for Event-B and show how the different forms of Event-B refinement can be captured as CSP refinement.Comment: In Proceedings Refine 2011, arXiv:1106.348

LSB - Live and Safe B: Alternative semantics for Event B

We define two lifted, total relation semantics for Event B machines: Safe B for safety-only properties and Live B for liveness properties. The usual Event B proof obligations, Safe, are sufficient to establish Safe B refinement. Satisfying Safe plus a simple additional proof obligation ACT REF is sufficient to establish Live B refinement. The use of lifted, total relations both prevents the ambiguity of the unlifted relational semantics and prevents operations being clairvoyant

A Generalized Hybrid Hoare Logic

Deductive verification of hybrid systems (HSs) increasingly attracts more attention in recent years because of its power and scalability, where a powerful specification logic for HSs is the cornerstone. Often, HSs are naturally modelled by concurrent processes that communicate with each other. However, existing specification logics cannot easily handle such models. In this paper, we present a specification logic and proof system for Hybrid Communicating Sequential Processes (HCSP), that extends CSP with ordinary differential equations (ODE) and interrupts to model interactions between continuous and discrete evolution. Because it includes a rich set of algebraic operators, complicated hybrid systems can be easily modelled in an algebra-like compositional way in HCSP. Our logic can be seen as a generalization and simplification of existing hybrid Hoare logics (HHL) based on duration calculus (DC), as well as a conservative extension of existing Hoare logics for concurrent programs. Its assertion logic is the first-order theory of differential equations (FOD), together with assertions about traces recording communications, readiness, and continuous evolution. We prove continuous relative completeness of the logic w.r.t. FOD, as well as discrete relative completeness in the sense that continuous behaviour can be arbitrarily approximated by discretization. Besides, we discuss how to simplify proofs using the logic by providing a simplified assertion language and a set of sound and complete rules for differential invariants for ODEs. Finally, we implement a proof assistant for the logic in Isabelle/HOL, and apply it to verify two case studies to illustrate the power and scalability of our logic

Refinement and verification of concurrent systems specified in Object-Z and CSP

The formal development of large or complex systems can often be facilitated by the use of more than one formal specification language. Such a combination of languages is particularly suited to the specification of concurrent or distributed systems, where both the modelling of processes and state is necessary. This paper presents an approach to refinement and verification of specifications written using a combination of Object-Z and CSP. A common semantic basis for the two languages enables a unified method of refinement to be used, based upon CSP refinement. To enable state-based techniques to be used for the Object-Z components of a specification we develop state-based refinement relations which are sound and complete with respect to CSP refinement. In addition, a verification method for static and dynamic properties is presented. The method allows us to verify properties of the CSP system specification in terms of its component Object-Z classes by using the laws of the CSP operators together with the logic for Object-Z

Automated verification of reactive and concurrent programs by calculation

Reactive programs combine traditional sequential programming constructs with primitives to allow communication with other concurrent agents. They are ubiquitous in modern applications, ranging from components systems and web services, to cyber-physical systems and autonomous robots. In this paper, we present an algebraic verification strategy for concurrent reactive programs, with a large or infinite state space. We define novel operators to characterise interactions and state updates, and an associated equational theory. With this we can calculate a reactive program's denotational semantics, and thereby facilitate automated proof. Of note is our reasoning support for iterative programs with reactive invariants, based on Kleene algebra, and for parallel composition. We illustrate our strategy by verifying a reactive buffer. Our laws and strategy are mechanised in Isabelle/UTP, our implementation of Hoare and He's Unifying Theories of Programming (UTP) framework, to provide soundness guarantees and practical verification support

A survey using constraints to decision-making for fault tolerance in Business processes

Sometimes the business processes do not work how it is expected. In these cases, a diagnosis process has to be executed to determine the responsible activity or activities of the fault in order to substitute it or them for a correct activity. The aim of this paper is describe the necessary steps to find out another service that can replace it in an efficient way. In order to automate the search and substitution of activities, we propose to describe the functionality of the tasks using constraints, making easier the determination of the possible activities that could substitute everyone faulty activities in the business process. In this paper, it is also analyzed how to adapt the communication protocol with XML messages to a behavior described using constraints.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia y Tecnología TIN2009-1371

NONDETERMINACY AND RECURSION VIA STACKS AND GAMES

The weakest-precondition interpretation of recursive procedures is developed for a language with a combination of unbounded demonic choice and unbounded angelic choice. This compositional formal semantics is proved to be equal to a game-theoretic operational semantics. Two intermediate stages are exploited. One step consists of unfolding the declaration of the recursive procedures. Fixpoint induction is used to prove the validity of this step. The compositional semantics of the unfolded declaration is proved to be equal to a formal semantics of a stack implementation of the recursive procedures. After an introduction to boolean two-person games, this stack semantics is shown to correspond to a game-theoretic operational semantics

Mobile CSP||B

CSP||B is a combination of CSP and B in which CSP processes are used as control executives for B machines. This architecture enables a B machine and its controller to interact and communicate with each other while working in parallel. The architecture has focused on sequential CSP processes as dedicated controllers for B machines. This paper introduces Mobile CSP||B, a formal framework based on CSP||B which enables us to specify and verify concurrent systems with mobile architecture instead of the previous static architecture. In Mobile CSP||B, a parallel combination of CSP processes act as the control executive for the B machines and these B machines can be transferred between CSP processes during the system execution. The paper introduces the foundations of the approach, and illustrates the result with an example