Reasoned modelling critics: turning failed proofs into modelling guidance

The activities of formal modelling and reasoning are closely related. But while the rigour of building formal models brings significant benefits, formal reasoning remains a major barrier to the wider acceptance of formalism within design. Here we propose reasoned modelling critics — an approach which aims to abstract away from the complexities of low-level proof obligations, and provide high-level modelling guidance to designers when proofs fail. Inspired by proof planning critics, the technique combines proof-failure analysis with modelling heuristics. Here, we present the details of our proposal, implement them in a prototype and outline future plans

Reasoned modelling with Event-B

This paper provides an overview of how the Event-B language and verification method can be used to model and reason about system behaviour. Formal modelling and reasoning help to increase understanding and reduce defects in requirements specification. Sets and relations play a key role in modelling as do operators on these structures. Precise definitions and rules are provided in order to help the reader gain a strong understanding of the mathematical operators for sets and relations. While the emphasis is on mathematical reasoning, particularly through invariant proofs, the paper also covers less formal reasoning such as identification of problem entities supported by class diagrams and validation of formal models against informal requirements. The use of tools for animation, model checking and proof is also outlined

An Innovative Approach to the Integrated Management System Development: SIMPRO-IMS Web Based Environment

The purpose of this paper is to contribute to learning, knowledge creation and knowledge transfer for building organization innovability by integrating the management systems in the SIMPRO-IMS web based environment. The paper content consists of the interpretation of role-play simulation, role-play simulation process description, methodology, and the employment of role-play simulation outcomes, as well as the discussion of the knowledge thus obtained. Primary the model of the SIMPRO-Q education environment has been developed and tested during a period of 15 years in several industrial organizations as well as service organizations such as Higher Education Institution (HEI) and Healthcare Organization (HCO). The newest version SIMPRO-IMS has recently been developed to support a need of integration of management systems and information archiving. With the last development, SIMPRO-IMS web based environment, processes of five ISO systems are integrated for parallel development, implementation, auditing, maintaining and leading. SIMPRO-IMS provides management with the apparatus necessary to realize a systematic and verifiable approach to the creation and control of IMS documentation. At the same time contributes to the preservation of organization memory in response to the growing challenges of globalization and digitalization. The research is limited by the complexity of a real system and possible empiric results verification. The results achieved are verified when people really overcome the resistance to change. This can be assessed thoughtfully only after some period of time. Another limitation is presented by measurability of real enhancement achieved in quality, safety and environmentality of production, and business continuity and social responsibility of an organization. Development and progress in the methodology of SIMPRO-IMS web based environment is encoded in upgrading the SIMPRO database by processes of the environmental management, occupational health & safety management, information security management, energy management, service management, business continuity management and social responsibility management into one cohesive system with a holistic set of documentation, policies, procedures and processes, and a preserving knowledge for learning, new knowledge creation and knowledge transfer for building organization innovability

Invariant discovery and refinement plans for formal modelling in Event-B

The continuous growth of complex systems makes the development of correct software increasingly challenging. In order to address this challenge, formal methods o er rigorous mathematical techniques to model and verify the correctness of systems. Refinement is one of these techniques. By allowing a developer to incrementally introduce design details, refinement provides a powerful mechanism for mastering the complexities that arise when formally modelling systems. Here the focus is on a posit-and-prove style of refinement, where a design is developed as a series of abstract models introduced via refinement steps. Each refinement step generates proof obligations which must be discharged in order to verify its correctness – typically requiring a user to understand the relationship between modelling and reasoning. This thesis focuses on techniques to aid refinement-based formal modelling, specifically, when a user requires guidance in order to overcome a failed refinement step. An integrated approach has been followed: combining the complementary strengths of bottomup theory formation, in which theories about domains are built based on basic background information; and top-down planning, in which meta-level reasoning is used to guide the search for correct models. On the theory formation perspective, we developed a technique for the automatic discovery of invariants. Refinement requires the definition of properties, called invariants, which relate to the design. Formulating correct and meaningful invariants can be tedious and a challenging task. A heuristic approach to the automatic discovery of invariants has been developed building upon simulation, proof-failure analysis and automated theory formation. This approach exploits the close interplay between modelling and reasoning in order to provide systematic guidance in tailoring the search for invariants for a given model. On the planning perspective, we propose a new technique called refinement plans. Refinement plans provide a basis for automatically generating modelling guidance when a step fails but is close to a known pattern of refinement. This technique combines both modelling and reasoning knowledge, and, contrary to traditional pattern techniques, allow the analysis of failure and partial matching. Moreover, when the guidance is only partially instantiated, and it is suitable, refinement plans provide specialised knowledge to further tailor the theory formation process in an attempt to fully instantiate the guidance. We also report on a series of experiments undertaken in order to evaluate the approaches and on the implementation of both techniques into prototype tools. We believe the techniques presented here allow the developer to focus on design decisions rather than on analysing low-level proof failures

Semi-Automated Design Space Exploration for Formal Modelling

Refinement based formal methods allow the modelling of systems through incremental steps via abstraction. Discovering the right levels of abstraction, formulating correct and meaningful invariants, and analysing faulty models are some of the challenges faced when using this technique. We propose Design Space Exploration that aims to assist a designer by automatically providing high-level modelling guidance

Automating Event-B invariant proofs by rippling and proof patching

This work is supported by EPSRC grants EP/H024204/1, EP/E005713/1, EP/M018407/1 and EP/J001058/1.The use of formal method techniques can contribute to the production of more reliable and dependable systems. However, a common bottleneck for industrial adoption of such techniques is the needs for interactive proofs. We use a popular formal method, called Event-B, as our working domain, and set invariant preservation (INV) proofs as targets, because INV proofs can account for a significant proportion of the proofs requiring human interactions. We apply an inductive theorem proving technique, called rippling, for Event-B INV proofs. Rippling automates proofs using meta-level guidance. The guidance is in particular useful to develop proof patches to recover failed proof attempts. We are interested in the case when a missing lemma is required. We combine a scheme-based theory-exploration system, called IsaScheme [MRMDB10], with rippling to develop a proof patch via lemma discovery. We also develop two new proof patches to unfold operator definitions and to suggest case-splits, respectively. The combined use of rippling with these three proof patches as a proof method significantly improves the proof automation for our evaluation set.Publisher PDFPeer reviewe

Aspects of the theory of containers within automated theorem proving

This thesis explores applications of the theory of containers within automated theorem proving. Container theory provides a foundational analysis of data types as containers, specified by a type $S$ of shapes and a function P assigning to each shape its set of positions for data.More importantly, a representation theorem guarantees that polymorphic functions between container data types are given by container morphisms, which are characterised by mappings between shapes and positions. Container theory is interesting, in this context, for the following reasons. A mechanism for representing and reasoning with ellipsis (the dots in x_1, x_2, ... , x_n) in lists, existing in the literature, has proved to be very useful for formalisations involving abstractions. Success with this mechanism came by means of a meta-level representation through which many functions that normally require recursive definitions can be given explicit ones. As a result, not only can induction and generalisation be eliminated from proofs but, by means of an associated portrayal system, the resulting proofs are also intuitive and much closer to informal mathematical proofs. This ellipsis mechanism, however, is not based on any formal theory, making it rather exiguous in comparison with rival techniques. There also remains questions about its scope and applications. Our aim is to improve this ellipsis mechanism. In this connection, we hypothesize that the theory of containers provides a formal underpinning for such representations. In order to test our hypothesis, we identify limitations of the ellipsis mechanism and show how they can be addressed within the theory of containers. We subsequently develop a new reasoning system based on containers, which does not suffer from these limitations. This judicious container-based system endorses representations of polymorphic rewrite rules using arithmetic, which naturally lends itself to applications of arithmetic decision procedures. We exploit this facet to develop a new technique for deciding properties of lists. Our technique is developed within a quasi-container setting: shape maps are given as piecewise-linear functions, while a new representation is derived for re-indexing functions that obviates the need for dependent types, which are fundamental in a judicious container approach. We show that this new setting enables us to represent and reason about a large class of properties