Symbolic Reachability Analysis of B through ProB and LTSmin

We present a symbolic reachability analysis approach for B that can provide a significant speedup over traditional explicit state model checking. The symbolic analysis is implemented by linking ProB to LTSmin, a high-performance language independent model checker. The link is achieved via LTSmin's PINS interface, allowing ProB to benefit from LTSmin's analysis algorithms, while only writing a few hundred lines of glue-code, along with a bridge between ProB and C using ZeroMQ. ProB supports model checking of several formal specification languages such as B, Event-B, Z and TLA. Our experiments are based on a wide variety of B-Method and Event-B models to demonstrate the efficiency of the new link. Among the tested categories are state space generation and deadlock detection; but action detection and invariant checking are also feasible in principle. In many cases we observe speedups of several orders of magnitude. We also compare the results with other approaches for improving model checking, such as partial order reduction or symmetry reduction. We thus provide a new scalable, symbolic analysis algorithm for the B-Method and Event-B, along with a platform to integrate other model checking improvements via LTSmin in the future

Integrating Formal Methods with Informal Digital Hardware Development

This paper presents some results from an industrial project to develop high-integrity digital hardware by integrating formal methods with a more traditional informal approach. The ultimate goal of the project team was to produce sythesisable VHDL that could be proven to meet given requirements for an embedded controller. The burden was on the formal methods experts to integrate themselves into the team. This paper describes the formal approach that was developed as a result

Towards Validating a Platoon of Cristal Vehicles using CSP||B

24 pagesInternational audienceThe complexity of specification development and verification of large systems has to be mastered. In this paper a specification of a real case study, a platoon of Cristal vehicles is developed using the combination, named CSP||B, of two well-known formal methods. This large -- both distributed and embedded -- system typically corresponds to a multi-level composition of components that have to cooperate. We show how to develop and verify the specification and check some properties in a compositional way. We make use of previous theoretical results on CSP||B to validate this complex multi-agent system

Using CSP||B Components: Application to a Platoon of Vehicles

27 pagesInternational audienceThis paper presents an experience report on the specification and the validation of a real case study in the context of the industrial CRISTAL project. The case study concerns a platoon of a new type of urban vehicles with new functionalities and services. It is specified using the combination, named CSP$\|$B, of two well-known formal methods, and validated using the corresponding support tools. This large -- both distributed and embedded -- system typically corresponds to a multi-level composition of components that have to cooperate. We identify some lessons learned, showing how to develop and verify the specification and check some properties in a compositional way using theoretical results and support tools to validate this complex system

Towards Validating a Platoon of Cristal Vehicles using CSP||B

24 pagesInternational audienceThe complexity of specification development and verification of large systems has to be mastered. In this paper a specification of a real case study, a platoon of Cristal vehicles is developed using the combination, named CSP||B, of two well-known formal methods. This large -- both distributed and embedded -- system typically corresponds to a multi-level composition of components that have to cooperate. We show how to develop and verify the specification and check some properties in a compositional way. We make use of previous theoretical results on CSP||B to validate this complex multi-agent system

Mobile CSP||B

CSP||B is a combination of CSP and B in which CSP processes are used as control executives for B machines. This architecture enables a B machine and its controller to interact and communicate with each other while working in parallel. The architecture has focused on sequential CSP processes as dedicated controllers for B machines. This paper introduces Mobile CSP||B, a formal framework based on CSP||B which enables us to specify and verify concurrent systems with mobile architecture instead of the previous static architecture. In Mobile CSP||B, a parallel combination of CSP processes act as the control executive for the B machines and these B machines can be transferred between CSP processes during the system execution. The paper introduces the foundations of the approach, and illustrates the result with an example

Formal Modeling of Connectionism using Concurrency Theory, an Approach Based on Automata and Model Checking

This paper illustrates a framework for applying formal methods techniques, which are symbolic in nature, to specifying and verifying neural networks, which are sub-symbolic in nature. The paper describes a communicating automata [Bowman & Gomez, 2006] model of neural networks. We also implement the model using timed automata [Alur & Dill, 1994] and then undertake a verification of these models using the model checker Uppaal [Pettersson, 2000] in order to evaluate the performance of learning algorithms. This paper also presents discussion of a number of broad issues concerning cognitive neuroscience and the debate as to whether symbolic processing or connectionism is a suitable representation of cognitive systems. Additionally, the issue of integrating symbolic techniques, such as formal methods, with complex neural networks is discussed. We then argue that symbolic verifications may give theoretically well-founded ways to evaluate and justify neural learning systems in the field of both theoretical research and real world applications

A CSP Account of Event-B Refinement

Event-B provides a flexible framework for stepwise system development via refinement. The framework supports steps for (a) refining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can moreover possibly be anticipated or convergent. All such steps are accompanied with precise proof obligations. Still, it remains unclear what the exact relationship - in terms of a behaviour-oriented semantics - between an Event-B machine and its refinement is. In this paper, we give a CSP account of Event-B refinement, with a treatment for the first time of splitting events and of anticipated events. To this end, we define a CSP semantics for Event-B and show how the different forms of Event-B refinement can be captured as CSP refinement.Comment: In Proceedings Refine 2011, arXiv:1106.348

Decentralised Evaluation of Temporal Patterns over Component-based Systems at Runtime

Long version of the paper accepted for FACS 2014 - The 11th International Symposium on Formal Aspects of Component SoftwareInternational audienceSelf-adaptation allows systems to modify their structure and/or their behaviour depending on the environment and the system itself. Since reconfigurations must not happen at any but in suitable circumstances, guiding and controlling dynamic reconfigurations at runtime is an important issue. This paper contributes to two essential topics of the self-adaptation---a runtime temporal properties evaluation, and a decentralization of control loopsSelf-adaptation allows systems to modify their structure and/or their behaviour depending on the environment and the system itself. Since reconfigurations must not happen at any but in suitable circumstances, guiding and controlling dynamic reconfigurations at runtime is an important issue. This paper contributes to two essential topics of the self-adaptation - a runtime temporal properties evaluation, and a decentralization of control loops. It extends the work on the adaptation of component-based systems at runtime via policies with temporal patterns by providing a) a specific progressive semantics of temporal patterns and b) a decentralised method which is suitable to deal with temporal patterns of component-based systems at runtime

A tool for checking CSP||B specifications

International audienceThis paper reports about our experience with building a simple tool to assist us in the verification of CSP||B specifications. We present the Control Loop Invariant technique to check the consistency of a CSP||B specification. From this, we deduce the requirements of an assistant tool. The tool was developed in Ocaml. We discuss several issues observed during the development