Formal modelling for Ada implementations: tasking Event-B

This paper describes a formal modelling approach, where Ada code is automatically generated from the modelling artefacts. We introduce an implementation-level specification, Tasking Event-B, which is an extension to Event-B. Event-B is a formal method, that can be used to model safety-, and business-critical systems. The work may be of interest to a section of the Ada community who are interested in applying formal modelling techniques in their development process, and automatically generating Ada code from the model. We describe a streamlined process, where the abstract modelling artefacts map easily to Ada language constructs. Initial modelling takes place at a high level of abstraction. We then use refinement, decomposition, and finally implementation-level annotations, to generate Ada code. We provide a brief introduction to Event-B, before illustrating the new approach using small examples taken from a larger case study

Formal Modelling for Ada Implementations: Tasking Event-B

This paper describes a formal modelling approach, where Ada code is automatically generated from the modelling artefacts. We introduce an implementation-level specification, Tasking Event-B, which is an extension to Event-B. Event-B is a formal method, that can be used to model safety-, and business-critical systems. The work may be of interest to a section of the Ada community who are interested in applying formal modelling techniques in their development process, and automatically generating Ada code from the model. We describe a streamlined process, where the abstract modelling artefacts map easily to Ada language constructs. Initial modelling takes place at a high level of abstraction. We then use refinement, decomposition, and finally implementation-level annotations, to generate Ada code. We provide a brief introduction to Event-B, before illustrating the new approach using small examples taken from a larger case study

Integrating formal methods into medical software development : the ASM approach

Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification

Invariant-driven specifications in Maude

AbstractThis work presents a general mechanism for executing specifications that comply with given invariants, which may be expressed in different formalisms and logics. We exploit Maude’s reflective capabilities and its properties as a general semantic framework to provide a generic strategy that allows us to execute Maude specifications taking into account user-defined invariants. The strategy is parameterized by the invariants and by the logic in which such invariants are expressed. We experiment with different logics, providing examples for propositional logic, (finite future time) linear temporal logic and metric temporal logic

Event-B モデルの詳細化構造の計画とリファクタリングの支援手法

学位の種別: 課程博士審査委員会委員 : （主査）東京大学准教授 蓮尾 一郎, 東京大学教授 萩谷 昌己, 東京大学教授 小林 直樹, 東京大学教授 高野 明彦, 東京大学教授 千葉 滋University of Tokyo(東京大学

Extensión de lógicas temporales con nociones deónticas para la especificación y análisis de sistemas tolerantes a fallas

Tesis (Doctor en Ciencias de la Computación)--Universidad Nacional de Córdoba, Facultad de Matemática, Astronomía, Física y Computación, 2020.En la actualidad la tolerancia a fallas cada vez adquiere mayor importancia, debido a que cada día hay más sistemas críticos en donde es necesario garantizar cierto comportamiento deseado aún ante la ocurrencia ocasional de fallas. En este trabajo presentamos algunos formalismos lógicos que resultan adecuados para la especificación, y luego la verificación, de propiedades de sistemas tolerantes a fallas. En particular, nos enfocamos en el uso de aquellos que si bien, tradicionalmente fueron utilizados para representar y analizar la estructura lógica de normas o leyes (conocidos con el nombre de lógicas deónticas), nos posibilitan, a diferencia de otros enfoques, distinguir entre los comportamientos normal y anormal de un sistema. Hacia el final de esta tesis, además, se presentan algunas incursiones en el área de sistemas probabilistas, ya que cuando se piensa en sistemas tolerantes a fallas surge naturalmente pensar en un grado de tolerancia/robustez deseado o esperado; y es justamente este tipo de noción cuantificable la que conduce a la idea de utilizar las probabilidades para capturar este concepto. En particular se presentan algunos ejemplos para ilustrar la capacidad de dichos formalismos para capturar nociones relacionadas con tolerancia a fallas.At present, fault tolerance is becoming more and more important, because every day there are more critical systems where it's necessary to guarantee a certain desired behavior even in the event of occasional failure. In this work we present some logical formalisms suitable for the specification, and later verification, of properties for fault tolerant systems. In particular, we focus on the use of those formalisms traditionally used to represent and analyze the logical structure of norms or laws (known as deontic logics), that allow us to distinguish between normal and abnormal behaviors of a system. Towards the end of this thesis, some forays made into the area of probabilistic systems are also presented, due that when thinking about fault tolerant systems it naturally arises the notion of a desired or expected degree of tolerance / robustness; and it's precisely this kind of quantifiable notion that leads us to think about using probabilities to capture this concept. In particular we show some examples to illustrate the ability of such formalisms to capture notions related to fault tolerance.Fil: Kilmurray, Cecilia Noelia. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía, Física y Computación; Argentina

A formal approach for correct-by-construction system substitution

Safety-critical systems depend on the fact that their software components provide services that behave correctly (i.e. satisfy their requirements). Additionally, in many cases, these systems have to be adapted or reconfigured in case of failures or when changes in requirements or in quality of service occur. When these changes appear at the software level, they can be handled by the notion of substitution. Indeed, the software component of the source system can be substituted by another software component to build a new target system. In the case of safety-critical systems, it is mandatory that this operation enforces that the new target system behaves correctly by preserving the safety properties of the source system during and after the substitution operation. In this thesis, the studied systems are modeled as state-transition systems. In order to model system substitution, the Event-B method has been selected as it is well suited to model such state-transition systems and it provides the benefits of refinement, proof and the availability of a strong tooling with the Rodin Platform. This thesis provides a generic model for system substitution that entails different situations like cold start and warm start as well as the possibility of system degradation, upgrade or equivalence substitutions. This proposal is first used to formalize substitution in the case of discrete systems applied to web services compensation and allowed modeling correct compensation. Then, it is also used for systems characterized by continuous behaviors like hybrid systems. To model continuous behaviors with Event-B, the Theory plug-in for Rodin is investigated and proved successful for modeling hybrid systems. Afterwards, a correct substitution mechanism for systems with continuous behaviors is proposed. A safety envelope for the output of the system is taken as the safety requirement. Finally, the proposed approach is generalized, enabling the derivation of the previously defined models for web services compensation through refinement, and the reuse of proofs across system models