An Institution for Event-B

This paper presents a formalisation of the Event-B formal specification language in terms of the theory of institutions. The main objective of this paper is to provide: (1) a mathematically sound semantics and (2) modularisation constructs for Event-B using the specification-building operations of the theory of institutions. Many formalisms have been improved in this way and our aim is thus to define an appropriate institution for Event-B, which we call EVT. We provide a definition of EVT and the proof of its satisfaction condition. A motivating example of a traffic-light simulation is presented to illustrate our approach

ASP, amalgamation, and the conceptual blending workflow

We present a framework for conceptual blending – a concept invention method that is advocated in cognitive science as a fundamental, and uniquely human engine for creative thinking. Herein, we employ the search capabilities of ASP to find commonalities among input concepts as part of the blending process, and we show how our approach fits within a generalised conceptual blending workflow. Specifically, we orchestrate ASP with imperative Python programming, to query external tools for theorem proving and colimit computation. We exemplify our approach with an example of creativity in mathematics. © Springer International Publishing Switzerland 2015.This work is supported by the 7th Framework Programme for Research of the European Commission funded COINVENT project (FET-Open grant number: 611553). M. Eppe is supported by the German Academic Exchange ServicePeer Reviewe

Building Specifications in the Event-B Institution

This paper describes a formal semantics for the Event-B specification language using the theory of institutions. We define an institution for Event-B, EVT, and prove that it meets the validity requirements for satisfaction preservation and model amalgamation. We also present a series of functions that show how the constructs of the Event-B specification language can be mapped into our institution. Our semantics sheds new light on the structure of the Event-B language, allowing us to clearly delineate three constituent sub-languages: the superstructure, infrastructure and mathematical languages. One of the principal goals of our semantics is to provide access to the generic modularisation constructs available in institutions, including specification-building operators for parameterisation and refinement. We demonstrate how these features subsume and enhance the corresponding features already present in Event-B through a detailed study of their use in a worked example. We have implemented our approach via a parser and translator for Event-B specifications, EBtoEVT, which also provides a gateway to the Hets toolkit for heterogeneous specification.Comment: 54 pages, 25 figure

Abstract Semantics for K Module Composition

AbstractA structured K definition is easier to write, understand and debug than one single module containing the whole definition. Furthermore, modularization makes it easy to reuse work between definitions that share some principles or features. Therefore, it is useful to have a semantics for module composition operations that allows the properties of the resulting modules to be well understood at every step of the composition process. This paper presents an abstract semantics for a module system proposal for the K framework. It describes K modules and module transformations in terms of institution-based model theory introduced by Goguen and Burstall

Event-B in the Institutional Framework: Defining a Semantics, Modularisation Constructs and Interoperability for a Specification Language

Event-B is an industrial-strength specification language for verifying the properties of a given system’s specification. It is supported by its Eclipse-based IDE, Rodin, and uses the process of refinement to model systems at different levels of abstraction. Although a mature formalism, Event-B has a number of limitations. In this thesis, we demonstrate that Event-B lacks formally defined modularisation constructs. Additionally, interoperability between Event-B and other formalisms has been achieved in an ad hoc manner. Moreover, although a formal language, Event-B does not have a formal semantics. We address each of these limitations in this thesis using the theory of institutions. The theory of institutions provides a category-theoretic way of representing a formalism. Formalisms that have been represented as institutions gain access to an array of generic specification-building operators that can be used to modularise specifications in a formalismindependent manner. In the theory of institutions, there are constructs (known as institution (co)morphisms) that provide us with the facility to create interoperability between formalisms in a mathematically sound way. The main contribution of this thesis is the definition of an institution for Event-B, EVT, which allows us to address its identified limitations. To this end, we formally define a translational semantics from Event- B to EVT. We show how specification-building operators can provide a unified set of modularisation constructs for Event-B. In fact, the institutional framework that we have incorporated Event-B into is more accommodating to modularisation than the current state-of-the-art for Rodin. Furthermore, we present institution morphisms that facilitate interoperability between the respective institutions for Event-B and UML. This approach is more generic than the current approach to interoperability for Event-B and in fact, allows access to any formalism or logic that has already been defined as an institution. Finally, by defining EVT, we have outlined the steps required in order to include similar formalisms into the institutional framework. Hence, this thesis acts as a template for defining an institution for a specification language

ASP, Amalgamation and the Conceptual Blending Workflow

We present a framework for conceptual blending – a concept invention method that is advocated in cognitive science as a fundamental, and uniquely human engine for creative thinking. Herein, we employ the search capabilities of ASP to find commonalities among input concepts as part of the blending process, and we show how our approach fits within a generalised conceptual blending workflow. Specifically, we orchestrate ASP with imperative Python programming, to query external tools for theorem proving and colimit computation. We exemplify our approach with an example of creativity in mathematics. © Springer International Publishing Switzerland 2015.This work is supported by the 7th Framework Programme for Research of the European Commission funded COINVENT project (FET-Open grant number: 611553). M. Eppe is supported by the German Academic Exchange ServicePeer Reviewe

Foundations and techniques for software reconfigurability

Programa de doutoramento em Informática das Universidades do Minho, de Aveiro e do PortoThe qualifier reconfigurable is used for software systems which behave differently in different modes of operation (often called configurations) and commute between them along their lifetime. Such systems, which evolve in response to external or internal stimulus, are everywhere: from e-Health or e-Government integrated services to sensor networks, from domestic appliances to complex systems distributed and collaborating over the web, from safety or mission-critical applications to massive parallel software. There are two basic approaches to formally capture requirements of this sort of systems: one emphasizes behaviour and its evolution; the other focus on data and their transformations. Within the first paradigm, reconfigurable systems are regarded as (some variant of) state-machines whose states correspond to the different configurations they may assume. On the other hand, in data-oriented approaches the system’s functionality is specified in terms of input-output relations modelling operations on data. A specification presents a theory in a suitable logic, expressed over a signature which captures its syntactic interface. Its semantics is a class of concrete algebras or relational structures, acting as models for the specified theory. The observation that whatever services a reconfigurable system may offer, at each moment, may depend on the stage of its evolution, suggests that both dimensions (data and behaviour) are interconnected and should be combined. In particular, each node in the transition system which describes a reconfiguration space, may be endowed with a local structure modelling the functionality of the respective configuration. This is the basic insight of a configurations-as-local-models specification style. These specifications are modeled by structured state-machines, states denoting complex structures, rather than sets. A specification for this sort of system should be able to make assertions both about the transition dynamics and, locally, about each particular configuration. This leads to the adoption of hybrid logic, which adds to the modal description of transition structures the ability to refer to specific states, as the lingua franca for a suitable specification method. On the other hand, specific applications may require specific logics to describe their configurations. For example, requirements expressed equationally lead to a configurations-as-algebras perspective. But depending on their nature one could also naturally end up in configurations-as-relational-structutres, or probabilistic spaces or even in configurations-as-Kripke-structutres, if first-order, fuzzy or modal logic is locally used. The aim of this thesis is to develop the foundations for a specification method based on these principles. To subsume all the possibilities above our approach builds on very general grounds. Therefore, instead of committing to a particular version of hybrid logic, we start by choosing a specific logic for expressing requirements at the configuration (static) level. This is later taken as the base logic on top of which the characteristic features of hybrid logic, both at the level of syntax (i.e. modalities, nominals, etc.) and of the semantics (i.e. possible worlds), are developed. This process is called hybridisation and is one of the main technical contributions of this thesis. To be completely general, it is framed in the context of the theory of institutions of J. Goguen and R. Burstall, each logic (base and hybridised) being treated abstractly as an institution. In this setting the thesis’ contributions are the following: A method to hybridise arbitrary institutions; this can be understood as a source of logics to support arbitrary configurations-as-local-models specifications. A method to lift encodings (technically, comorphisms) from an institution to a presentation in first-order logic, into encodings from its hybridisation to a presentation in first-order logic; this result paves the way to the introduction of suitable automatised proof support for a wide range of hybridised logics. Suitable characterisations of bisimulation and refinement for models of (generic) hybridisations, which provide canonical, satisfaction preserving relations to identify and relate models. A two-stage specification method for reconfigurable systems based on a global transition structure to capture the system’s reconfiguration space, and a local specification of configurations in whatever logic is found expressive enough for the requirements at hands. A set of additional technics to assist the process of specifying and verifying requirements for reconfigurable systems, with partial tool support.O termo reconfigurável é usado para sistemas de software que se comportam de forma diferente em diferentes modos de operação (frequentemente chamados de configurações) comutando entre eles, ao longo do seu ciclo de vida. Estes sistemas, que evoluem em resposta a estímulos externos e internos, estão por toda a parte, desde sistemas de e-Health ou sistemas integrados de e-Governement, às redes de sensores, das aplicações domésticas aos complexos sistemas distribuidos, dos sistemas críticos de missão ao software de computação paralela. Existem duas abordagens formais para captar requisitos deste tipo de sistemas: uma focada no comportamento e evolução; e outra focada nos dados e respectivas transformações. Segundo o primeiro paradigma, os sistemas reconfiguráveis são abordados por (alguma variante) de máquinas-de-estados, correspondendo, cada um dos seus estados, a uma configuração que o sistema possa assumir. A outra abordagem, orientada aos dados, especifica as funcionalidades do sistema em função de relações de input-output, que modelam operações nos dados. Uma especificação apresenta uma teoria numa lógica adequada, expressa sobre uma assinatura que capta a sua interface sintática. A sua semântica consiste na classe de álgebras, ou estruturas de primeira ordem, que modelam a teoria especificada. A observação de que, a cada momento, os serviços oferecidos por um sistema reconfigurável possam depender do estado da sua evolução, sugere-nos que ambas as dimensões (dados e comportamento) estejam interligados e devam ser combinados. Em particular, cada nó do sistema de transição, que descreve o espaço de reconfigurabilidade, pode ser dotado de uma estrutura local onde as funcionalidades do sistema, na respectiva configuração, são modeladas. Esta é a ideia base da especificação configurações-como-modeloslocais. Tecnicamente, as especificações são modeladas por máquinas de estados estruturadas, onde cada estado denota uma estrutura complexa, ao invés de um conjunto. Uma especificação para este tipo de sistemas deve ser adequada à expressão de asserções acerca da dinâmica de transições, assim como, ao nível local de cada configuração particular. Isto leva-nos à adopção de lógica híbrida, que adiciona, mecanismos para referir estados específicos à expressividade modal dos sistemas de transição, como lingua franca para um método adequado de especificação. Por outro lado, aplicações podem requerer lógicas específicas para descrever as suas configurações. Por exemplo, requisitos expressos por equações devem ser modelados numa perspectiva configurações-como-álgebras. Dependendo da sua natureza, podemos considerar configurações-como-estruturas de primeira ordem, ou configurações-como-espaços probabilísticos ou mesmo configurações-como-estruturas de Kripke quando usadas, localmente, lógica de primeira ordem, lógica fuzzy, ou lógica modal respectivamente. O objectivo da tese é desenvolver os fundamentos para um método de especificação baseado nestes princípios. Por forma a acomodar todas estas possibilidades, a abordagem é desenvolvida sob fundamentos muito genéricos. Ao invés de comprometer a abordagem com uma lógica híbrida particular, partimos da escolha da lógica específica para especificar requisitos ao nível (estáctico) local. Esta lógica é então tomada como lógica de base, sobre a qual os mecanismos da lógica híbrida, tanto ao nível sintáctico (i.e., modalidades, nominais, etc.) como ao semântico (i.e., mundos possíveis), são desenvolvidos. Este processo, que chamamos de hibridização, é uma das principais contribuições técnicas da tese. A generalidade do método resulta do seu desenvolvimento no contexto da teoria das instituições de J. Goguen e R. Burstall. As peincipais contribuições da tese são: • um método para hibridizar instituições arbitrárias; o que pode ser entendido como uma fonte de lógicas para suportar especificações configurações- como-modelos-locais arbitrárias • um método para transportar codificações de uma instituição nas apresentações de primeira ordem (tecnicamente comorfismos), em codificações da sua hibridização em apresentações em primeira ordem; este resultado abre o caminho para a introdução do suporte de prova automático para uma ampla classe de lógicas híbridas; • caracterização de relações de bissimulação e de refinamento para modelos de hibridizações genéricas. Isto oferece relações canónicas, que preservam satisfação, para identificar e relacionar modelos; • um método de especificação para sistemas reconfiguráveis com dois estágios, baseado numa estrutura de transição global, onde o espaço de reconfigurações do sistema é modelado; e numa especificação local das configurações expressa numa lógica escolhida como adequada, aos requisitos a tratar; • um conjunto de técnicas adicionais para assistir o processo de especificação e de verificação de requisitos de sistemas reconfiguráveis com suporte parcial de ferramentas.Fundação para a Ciência e Tecnologia (FCT) and Critical Software S.A., under BDE grant under the contract SFRH/BDE/33650/2009 and by the MONDRIAN Project (FCT) under the contract PTDC/EIA-CCO/108302/2008