12 research outputs found
Shared Event Composition/Decomposition in Event-B
The construction of specifications is often a combination of smaller sub-components. Composition and decomposition are techniques that support reuse and allow us to formally combine sub-components through refinement steps while reusing their properties. Sub-components can result from a design or architectural goal and a refinement framework should allow further parallel development over the sub-components. We propose the definition of composition and decomposition in the Event-B formalism following a shared event approach where sub-components interact via synchronisation over shared events and shared states are not allow. We define the necessary proof obligations to ensure a valid composition or decomposition. We also show that shared event composition preserves refinement proofs for sub-components, that is, in order to maintain refinement of compositions, it is sufficient to prove refinement between corresponding subcomponents. A case study applying these two techniques is illustrated using Rodin, the Event-B toolset
Building on the DEPLOY legacy: code generation and simulation
The RODIN, and DEPLOY projects have laid solid foundations for further theoretical, and practical (methodological and tooling) advances with Event-B; we investigated code generation for embedded, multi-tasking systems. This work describes activities from a follow-on project, ADVANCE; where our interest is co-simulation of cyber-physical systems. We are working to better understand the issues arising in a development when modelling with Event-B, and animating with ProB, in tandem with a multi-simulation strategy. With multi-simulation we aim to simulate various features of the environment separately, in order to exercise the deployable code. This paper has two contributions, the first is the extension of the code generation work of DEPLOY, where we add the ability to generate code from Event-B state-machine diagrams. The second describes how we may use code, generated from state-machines, to simulate the environment, and simulate concurrently executing state-machines, in a single task. We show how we can instrument the code to guide the simulation, by controlling the relative rate that non-deterministic transitions are traversed in the simulation
Building on the DEPLOY Legacy: Code Generation and Simulation
The RODIN, and DEPLOY projects laid solid foundations for further
theoretical, and practical (methodological and tooling) advances with Event-B.
Our current interest is the co-simulation of cyber-physical systems using
Event-B. Using this approach we aim to simulate various features of the
environment separately, in order to exercise deployable code. This paper has
two contributions, the first is the extension of the code generation work of
DEPLOY, where we add the ability to generate code from Event-B state-machine
diagrams. The second describes how we may use code, generated from
state-machines, to simulate the environment, and simulate concurrently
executing state-machines, in a single task. We show how we can instrument the
code to guide the simulation, by controlling the relative rate that
non-deterministic transitions are traversed in the simulation.Comment: In Proceedings of DS-Event-B 2012: Workshop on the experience of and
advances in developing dependable systems in Event-B, in conjunction with
ICFEM 2012 - Kyoto, Japan, November 13, 201
Applying model transformation and Event-B for specifying an industrial DSL
In this paper we describe our experience in applying the Event-B formalism for specifying the dynamic semantics of a real-life industrial DSL. The main objective of this work is to enable the industrial use of the broad spectrum of specification analysis tools that support Event-B. To leverage the usage of Event-B and its analysis techniques we developed model transformations, that allowed for automatic generation of Event-B specifications of the DSL programs. The model transformations implement a modular approach for specifying the semantics of the DSL and, therefore, improve scalability of the specifications and the reuse of their verification. Keywords: domain specific language, Event-B, model transformations, verification and validation, reuse, scalabilit
Building Correct SDN-Based Components from a Global Formal Mode
Software Defined Networking (SDN) brings flexibility in the construction and
managment of distributed applications by reducing the constraints imposed by
physical networks and by moving the control of networks closer to the
applications. However mastering SDN still poses numerous challenges among which
the design of correct SDN components (more specifically controller and
switches). In this work we use a formal stepwise approach to model and reason
on SDN. Although formal approaches have already been used in this area, this
contribution is the first state-based approach; it is based on the Event-B
formal method, and it enables a correct-by-construction of SDN components. We
provide the steps to build, using several refinements, a global formal model of
a SDN system; correct SDN components are then systematically built from the
global formal model satisfying the desired properties. Event-B is used to
experiment the approach.Comment: 16 pages; 2 figures (under polishment for submission
証明責務の構造に基づくEvent-Bモデルの設計および証明支援手法
形式手法Event-B では,証明対象の仕様をモデル記述し,モデルから作成される証明責務を証明することで仕様の正しさを示せる.しかし記述したモデルに矛盾や不備がある場合は,証明責務を証明できない.その場合,その証明責務を満たすようにモデルを修正する.しかし,モデルを修正することにより,既に実施済みの証明が無効化され,証明の手戻りが発生する可能性がある.本研究では,上記証明の手戻りを防止可能なモデル修正手法を提案する.さらに,提案手法の適用可能性および有効性を確認するため,ファイル転送プロトコルを対象とする適用例とその評価結果を示す.また,上記提案手法の前提となるモデル全体像を策定する工程に対しても,分割戦略木と呼ぶ記法に基づく手法を整備する.電気通信大学201
A Set of Refactoring Rules for UML-B Specifications
UML-B is a graphical formal modelling notation which is based on UML and relies on Event-B and its verification tools. In this paper, we propose annealing and introduce subtyping rules as well-known refactoring rules which can improve and assist the derivation of object-oriented design from an abstract specification written in UML-B. We prove that the proposed annealing rules are behavior preserving. We also demonstrate the applicability and effectiveness of our refactoring rules by applying them on two UML-B specifications
Building Specifications in the Event-B Institution
This paper describes a formal semantics for the Event-B specification
language using the theory of institutions. We define an institution for
Event-B, EVT, and prove that it meets the validity requirements for
satisfaction preservation and model amalgamation. We also present a series of
functions that show how the constructs of the Event-B specification language
can be mapped into our institution. Our semantics sheds new light on the
structure of the Event-B language, allowing us to clearly delineate three
constituent sub-languages: the superstructure, infrastructure and mathematical
languages. One of the principal goals of our semantics is to provide access to
the generic modularisation constructs available in institutions, including
specification-building operators for parameterisation and refinement. We
demonstrate how these features subsume and enhance the corresponding features
already present in Event-B through a detailed study of their use in a worked
example. We have implemented our approach via a parser and translator for
Event-B specifications, EBtoEVT, which also provides a gateway to the Hets
toolkit for heterogeneous specification.Comment: 54 pages, 25 figure