Property preserving development and testing for CSP-CASL.

This thesis describes a theoretical study and an industrial application in the area of formal systems development, verification and formal testing using the specification language CSP-CASL. The latter is a comprehensive specification language which allows to describe systems in a combined algebraic / process algebraic notation. To this end it integrates the process algebra CSP and the algebraic specification language CASL. In this thesis we propose various formal development notions for CSP-CASL capable of capturing informal vertical and horizontal software development which we typically find in industrial applications. We provide proof techniques for such development notions and verification methodologies to prove interesting properties of reactive systems. We also propose a theoretical framework for formal testing from CSP-CASL specifications. Here, we present a conformance relation between a physical system and a CSP-C ASL specification. In particular we study the relationship between CSP-CASL development notions and the implemented system. The proposed theoretical notions of formal system development, property verification and formal testing for CSP-CASL, have been successfully applied to two industrial application: an electronic payment system called EP2 and the starting system of the BR725 Rolls- Royce jet engine control software

On the whereabouts of CSP-CASL – A survey

CSP-CASL is but one of the many languages for which Bernd Krieg-Brueckner (BKB) had a great deal of influence throughout its development process: from the initial idea of working towards an integration of the process algebra CSP with the algebraic specification language CASL, to the design of the concrete syntax, and also to tool support for CSP-CASL, where the theorem prover Isabelle should provide the common platform. In all this, BKB provided inspiration and guidance, funding, and also a helping hand when needed. This paper provides a survey on the technology developed so far for CSP-CASL, covering results of a theoretical nature, an industrial case study, theorem proving support as well as a testing approach. In honour of BKB’s 60th birthday, this survey documents what has become out of one of BKB’s visions

Encapsulating Formal Methods within Domain Specific Languages: A Solution for Verifying Railway Scheme Plans

Abstract The development and application of formal methods is a long standing research topic within the field of computer science. One particular challenge that remains is the uptake of formal methods into industrial practices. This paper introduces a methodology for developing domain specific languages for modelling and verification to aid in the uptake of formal methods within industry. It illustrates the successful application of this methodology within the railway domain. The presented methodology addresses issues surrounding faithful modelling, scalability of verification and accessibility to modelling and verification processes for practitioners within the domain

Developing proof technology for CSP-CASL.

Distributed applications such as flight booking systems, web services, and electronic payment systems require parallel processing of data. Such systems exhibit concurrent aspects (e.g., deadlock freedom) as well as data aspects (e.g., functional correctness). Often, these two aspects depend on each other. The language CSP-CASL is tailored to the specification and verification of such distributed systems and allows one to model data as well as processes within a single framework. In this thesis we explore methods and techniques tailored to theorem proving for CSP-CASL. This leads to the development of an architecture for CSP-CASL-Prover which re-uses the tools HETS and CSP-Prover. We also design - up to the algorithmic level - procedures for transforming a CSP- CASL specification into Isabelle/HOL code whilst preserving the semantics. By using this translation, it is possible to perform theorem proving on CSP-CASL specifications using Isabelle/HOL. As proof of concept we validate our tool CSP-CASL-Prover on a case study of industrial strength. Our experiment shows that CSP-CASL-Prover scales up to large systems. When using CSP-CASL-Prover reasoning about CSP-CASL specifications becomes as easy as reasoning about data and processes separately

Automating Test Case Selection in Model-Based Software Product Line Development

We address the problem of how to select test cases for products in a controlled model-based software product line development process. CVL, the common variability language, gives a framework for materialisation of product models from a given base model, variability model and resolution model. From such product models, software products can be derived. In practise, test case development for the product line often is independent from the product development. Therefore, the problem arises which test cases can be applied to which products. In particular, the question is whether a test case for one speci c product can be also used for a "similar" product. In this paper, we show how the expected outcome of a test case to a product in a model-based software product line development can be determined. That is, we give a procedure for assigning the outcome of a given test case on an arbitrary member of a software product line. We recall the relevant de nitions for software product line engineering, describe our approach, and demonstrate it with the example of a product line of super-automatic espresso machines

Event-B in the Institutional Framework: Defining a Semantics, Modularisation Constructs and Interoperability for a Specification Language

Event-B is an industrial-strength specification language for verifying the properties of a given system’s specification. It is supported by its Eclipse-based IDE, Rodin, and uses the process of refinement to model systems at different levels of abstraction. Although a mature formalism, Event-B has a number of limitations. In this thesis, we demonstrate that Event-B lacks formally defined modularisation constructs. Additionally, interoperability between Event-B and other formalisms has been achieved in an ad hoc manner. Moreover, although a formal language, Event-B does not have a formal semantics. We address each of these limitations in this thesis using the theory of institutions. The theory of institutions provides a category-theoretic way of representing a formalism. Formalisms that have been represented as institutions gain access to an array of generic specification-building operators that can be used to modularise specifications in a formalismindependent manner. In the theory of institutions, there are constructs (known as institution (co)morphisms) that provide us with the facility to create interoperability between formalisms in a mathematically sound way. The main contribution of this thesis is the definition of an institution for Event-B, EVT, which allows us to address its identified limitations. To this end, we formally define a translational semantics from Event- B to EVT. We show how specification-building operators can provide a unified set of modularisation constructs for Event-B. In fact, the institutional framework that we have incorporated Event-B into is more accommodating to modularisation than the current state-of-the-art for Rodin. Furthermore, we present institution morphisms that facilitate interoperability between the respective institutions for Event-B and UML. This approach is more generic than the current approach to interoperability for Event-B and in fact, allows access to any formalism or logic that has already been defined as an institution. Finally, by defining EVT, we have outlined the steps required in order to include similar formalisms into the institutional framework. Hence, this thesis acts as a template for defining an institution for a specification language