証明責務の構造に基づくEvent-Bモデルの設計および証明支援手法

形式手法Event-B では，証明対象の仕様をモデル記述し，モデルから作成される証明責務を証明することで仕様の正しさを示せる．しかし記述したモデルに矛盾や不備がある場合は，証明責務を証明できない．その場合，その証明責務を満たすようにモデルを修正する．しかし，モデルを修正することにより，既に実施済みの証明が無効化され，証明の手戻りが発生する可能性がある．本研究では，上記証明の手戻りを防止可能なモデル修正手法を提案する．さらに，提案手法の適用可能性および有効性を確認するため，ファイル転送プロトコルを対象とする適用例とその評価結果を示す．また，上記提案手法の前提となるモデル全体像を策定する工程に対しても，分割戦略木と呼ぶ記法に基づく手法を整備する．電気通信大学201

Development of Control Systems Guided by Models of their Environment

AbstractEvent-B is a formal method that allows one to develop various kinds of systems including discrete control systems. However, it is lacking a systematic approach for developing this type of systems and it hinders the applicability of Event-B. Our contribution is such an approach and it is presented in this paper. Our proposed method focuses on a set of elements that should be captured by the formal model and prescribes an order in which they should be introduced. The key aspect of our approach is to first model the required behaviour of the environment, and then to introduce the controller to appropriately influence the environment. It has the advantage that every step of such a development is dictated by the information available so far, including the requirements. We argue that having a clear development strategy early in the design process will assist the developers in producing high-quality models of the future software systems