13 research outputs found
Automatic Generation of C from Event-B
Abstract. Event-B [15] is a formal modeling method intended to support refinement, an initial system description at a high level of abstraction with detail added in successive understandable steps. The refinement process may be carried to its logical conclusion, specification of all detail needed to define an executable in a high-level language, and automatic generation of source code from the model via a suitable tool. The introduction of the RODIN [20] tool-set allows such extensions to be provided by third-party developers [3], and translation of Event-B to the C [12] programming language has always been intended [2]. This paper discusses the requirements of such a tool, introduces the B2C extension to RODIN that has been developed to meet these needs, and describes its use on a practical example. 1
The use of knowledge management systems and Event-B modelling in a lean enterprise
This paper provides a case study describing an approach to improving the efficiency of an information system (IS) by supporting processes outside the IS, using the ontology-driven knowledge management systems (KMS) as a mini-application in the area of so-called lean enterprise. Lean enterprise is focused on creating a maximal value for final customers while eliminating all kinds of waste and unnecessary costs, which significantly helps to increase the level of its competitiveness. It is about managerial decision-making, which can be in some cases contradictory (solving a local problem can cause a problem in another place). In this paper, we describe the KMS ATOM, which supports the innovation process in a lean enterprise. We show how the risk of wrong decisions due to contradictory effects can be eliminated by implementing a safety-critical system into the traditional IS. Our model is supported by Event-B modelling, a refinement-based formal modelling method, which is successfully used in important areas such as infrastructure, medicine, nuclear engineering and transportation (fire alarm systems, robotic surgery machines, braking systems in transportation, etc.). Nowadays, Event-B modelling is starting to be used for various management decision-making activities, and it is becoming a powerful competitiveness tool. This paper introduces a simple example of how Event-B modelling and its proof obligations can help improve and automate the decision-making process by eliminating potential threats of inefficient decisions.RVO project "Modelling of effective production and administration processes parameters in industrial companies based on the concept Industry 4.0
Concurrent Scheduling of Event-B Models
Event-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be designed so that their application results in a correctness-preserving refinement step. For practical application, two patterns for schedule introduction are provided, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem
Scheduling of guarded command based models
Formal methods provide a means of reasoning about computer programs
in order to prove correctness criteria. One subtype of formal methods is
based on the weakest precondition predicate transformer semantics and uses
guarded commands as the basic modelling construct. Examples of such
formalisms are Action Systems and Event-B. Guarded commands can intuitively
be understood as actions that may be triggered when an associated
guard condition holds. Guarded commands whose guards hold are nondeterministically
chosen for execution, but no further control flow is present
by default. Such a modelling approach is convenient for proving correctness,
and the Refinement Calculus allows for a stepwise development method. It
also has a parallel interpretation facilitating development of concurrent software,
and it is suitable for describing event-driven scenarios. However, for
many application areas, the execution paradigm traditionally used comprises
more explicit control flow, which constitutes an obstacle for using the above
mentioned formal methods. In this thesis, we study how guarded command
based modelling approaches can be conveniently and efficiently scheduled in
different scenarios. We first focus on the modelling of trust for transactions
in a social networking setting. Due to the event-based nature of the scenario,
the use of guarded commands turns out to be relatively straightforward. We
continue by studying modelling of concurrent software, with particular focus
on compute-intensive scenarios. We go from theoretical considerations to the
feasibility of implementation by evaluating the performance and scalability
of executing a case study model in parallel using automatic scheduling performed
by a dedicated scheduler. Finally, we propose a more explicit and
non-centralised approach in which the flow of each task is controlled by a
schedule of its own. The schedules are expressed in a dedicated scheduling
language, and patterns assist the developer in proving correctness of the
scheduled model with respect to the original one
Building Specifications in the Event-B Institution
This paper describes a formal semantics for the Event-B specification
language using the theory of institutions. We define an institution for
Event-B, EVT, and prove that it meets the validity requirements for
satisfaction preservation and model amalgamation. We also present a series of
functions that show how the constructs of the Event-B specification language
can be mapped into our institution. Our semantics sheds new light on the
structure of the Event-B language, allowing us to clearly delineate three
constituent sub-languages: the superstructure, infrastructure and mathematical
languages. One of the principal goals of our semantics is to provide access to
the generic modularisation constructs available in institutions, including
specification-building operators for parameterisation and refinement. We
demonstrate how these features subsume and enhance the corresponding features
already present in Event-B through a detailed study of their use in a worked
example. We have implemented our approach via a parser and translator for
Event-B specifications, EBtoEVT, which also provides a gateway to the Hets
toolkit for heterogeneous specification.Comment: 54 pages, 25 figure
VĂ©rification des politiques XACML avec le langage Event-B
Les politiques permettent de définir les règles de la sécurité et de la gestion des différents composants du système. Cela implique l'emploi d'un langage pour exprimer les règles d'affaires et les règles non fonctionnelles, et de donner aux utilisateurs la possibilité de tester et de corriger les politiques. Plusieurs langages tels que XACML, Rei ou PONDER, sont utilisés pour exprimer les politiques par rapport aux objectifs du système d'information. Ces langages peuvent définir plusieurs règles et politiques, mais la plupart de ces langages ne donnent pas de mécanisme pour tester et vérifier la présence des conflits et de l'incohérence entre les politiques du système. Ce mémoire vise la vérification des politiques de contrôle d'accès. Notre approche consiste à traduire les politiques XACML sous forme d'un ensemble de machines abstraites de la méthode B. Nous exprimons aussi les propriétés à vérifier par des formules logiques. L'approche offre aux utilisateurs des moyens pour vérifier les politiques afin de s'assurer que les règles expriment bien les objectifs régissant le comportement et les interactions des systèmes gérés. Dans la première phase, les composantes des politiques XACML ont été exprimées avec des expressions formelles basées sur la logique du premier ordre. Par la suite, les outils développés pour la méthode B, comme le langage Event-B sous la plate forme Rodin, ont été utilisés pour vérifier les règles des politiques par rapport à un ensemble de propriétés que nous avons définies. Notre approche est plus flexible et permet aux utilisateurs de tester et de vérifier les règles avant l'implémentation de ces politiques. Une telle vérification est fondée sur les preuves avec logique du premier ordre, où des propriétés importantes de la politique peuvent être énoncées et prouvées. \ud
______________________________________________________________________________ \ud
MOTS-CLÉS DE L’AUTEUR : Politique, XACML, Méthode formelle, Event-B, Vérification
On the Extensibility of Formal Methods Tools
Modern software systems often have long lifespans over which they must continually evolve to meet new, and sometimes unforeseen, requirements. One way to effectively deal with this is by developing the system as a series of extensions. As requirements change, the system evolves through the addition of new extensions and, potentially, the removal of existing extensions. In order for this kind of development process to thrive, it is necessary that the system have a high level of extensibility. Extensibility is the capability of a system to support the gradual addition of new, unplanned functionalities. This dissertation investigates extensibility of software systems and focuses on a particular class of software: formal methods tools. The approach is broad in scope. Extensibility of systems is addressed in terms of design, analysis and improvement, which are carried out in terms of source code and software architecture. For additional perspective, extensibility is also considered in the context of formal modelling. The work carried out in this dissertation led to the development of various extensions to the Overture tool supporting the Vienna Development Method, including a new proof obligation generator and integration with theorem provers. Additionally, the extensibility of Overture itself was also improved and it now better supports the development and integration of various kinds of extensions. Finally, extensibility techniques have been applied to formal modelling, leading to an extensible architectural style for formal models
Extending Event-B with discrete timing properties
Event-B is a formal language for systems modelling, based on set theory and predicate logic. It has the advantage of mechanized proof, and it is possible to model a system in several levels of abstraction by using refinement. Discrete timing properties are important in many critical systems. However, modelling of timing properties is not directly supported in Event-B. In this work, we identify three main categories of discrete timing properties for trigger response patterns, deadline, delay and expiry. We introduce language constructs for each of these timing properties that augment the Event-B language. We describe how these constructs have been given a semantics in terms of the standard Event-B constructs. To ease the process of using timing properties in a refinement-based development, we introduce patterns for refining the timing constructs that allow timing properties on abstract models to be replaced by timing properties on refined models. The language constructs and refinement patterns are illustrated through some generic examples.We have developed a tool to support our approach. Our tool is a plug-in to the Rodin tool-set for Event-B and automates the translation of timing properties to Event-B as well as the generation of gluing invariants, required to verify the consistency of timing properties refinement. In the end, we demonstrate the practicality of our approach, by going through the modelling and verifying process of two real-time case studies. The main focus will be the usefulness of the timing refinement patterns in a step-wise modelling and verification process of a real-time system