90,454 research outputs found
Redevelopment of an industrial case study using Event-B and Rodin
CDIS is a commercial air traffic information system that was developed using formal methods 15 years ago by Praxis, and it is still in operation today. This system is an example of an industrial scale system that has been developed using formal methods. In particular, the functional requirements of the system were specified using VVSL -- a variant of VDM. A subset of the original specification has been chosen to be reconstructed on the Rodin platform based on the new Event-B formalism. The goal of our reconstruction was to overcome three key difficulties of the original formalisation, namely the difficulty of comprehending the original specification, the lack of any mechanical proof of the consistency of the specification and the difficulty of dealing with distribution and atomicity refinement. In this paper we elucidate how a new formal notation and tool can help to overcome these difficulties
A Bi-Directional Refinement Algorithm for the Calculus of (Co)Inductive Constructions
The paper describes the refinement algorithm for the Calculus of
(Co)Inductive Constructions (CIC) implemented in the interactive theorem prover
Matita. The refinement algorithm is in charge of giving a meaning to the terms,
types and proof terms directly written by the user or generated by using
tactics, decision procedures or general automation. The terms are written in an
"external syntax" meant to be user friendly that allows omission of
information, untyped binders and a certain liberal use of user defined
sub-typing. The refiner modifies the terms to obtain related well typed terms
in the internal syntax understood by the kernel of the ITP. In particular, it
acts as a type inference algorithm when all the binders are untyped. The
proposed algorithm is bi-directional: given a term in external syntax and a
type expected for the term, it propagates as much typing information as
possible towards the leaves of the term. Traditional mono-directional
algorithms, instead, proceed in a bottom-up way by inferring the type of a
sub-term and comparing (unifying) it with the type expected by its context only
at the end. We propose some novel bi-directional rules for CIC that are
particularly effective. Among the benefits of bi-directionality we have better
error message reporting and better inference of dependent types. Moreover,
thanks to bi-directionality, the coercion system for sub-typing is more
effective and type inference generates simpler unification problems that are
more likely to be solved by the inherently incomplete higher order unification
algorithms implemented. Finally we introduce in the external syntax the notion
of vector of placeholders that enables to omit at once an arbitrary number of
arguments. Vectors of placeholders allow a trivial implementation of implicit
arguments and greatly simplify the implementation of primitive and simple
tactics
A Process Algebra Software Engineering Environment
In previous work we described how the process algebra based language PSF can
be used in software engineering, using the ToolBus, a coordination architecture
also based on process algebra, as implementation model. In this article we
summarize that work and describe the software development process more formally
by presenting the tools we use in this process in a CASE setting, leading to
the PSF-ToolBus software engineering environment. We generalize the refine step
in this environment towards a process algebra based software engineering
workbench of which several instances can be combined to form an environment
A theory of normed simulations
In existing simulation proof techniques, a single step in a lower-level
specification may be simulated by an extended execution fragment in a
higher-level one. As a result, it is cumbersome to mechanize these techniques
using general purpose theorem provers. Moreover, it is undecidable whether a
given relation is a simulation, even if tautology checking is decidable for the
underlying specification logic. This paper introduces various types of normed
simulations. In a normed simulation, each step in a lower-level specification
can be simulated by at most one step in the higher-level one, for any related
pair of states. In earlier work we demonstrated that normed simulations are
quite useful as a vehicle for the formalization of refinement proofs via
theorem provers. Here we show that normed simulations also have pleasant
theoretical properties: (1) under some reasonable assumptions, it is decidable
whether a given relation is a normed forward simulation, provided tautology
checking is decidable for the underlying logic; (2) at the semantic level,
normed forward and backward simulations together form a complete proof method
for establishing behavior inclusion, provided that the higher-level
specification has finite invisible nondeterminism.Comment: 31 pages, 10figure
Refinement of SDBC Business Process Models Using ISDL
Aiming at aligning business process modeling and software specification, the SDBC approach considers a multi-viewpoint modeling where static, dynamic, and data business process aspect models have to be mapped adequately to corresponding static, dynamic, and data software specification aspect models. Next to that, the approach considers also a business process modeling viewpoint which concerns real-life communication and coordination issues, such as meanings, intentions, negotiations, commitments, and obligations. Hence, in order to adequately align communication and dynamic aspect models, SDBC should use at least two modeling techniques. However, the transformation between two techniques unnecessarily complicates the modeling process. Next to that, different techniques use different modeling formalisms whose reflection sometimes causes limitations. For this reason, we explore in the current paper the value which the (modeling) language ISDL could bring to SDBC in the alignment of communication and behavioral (dynamic) business process aspect models; ISDL can usefully refine dynamic process models. Thus, it is feasible to expect that ISDL can complement the SDBC approach, allowing refinement of dynamic business process aspect models, by adding communication and coordination actions. Furthermore, SDBC could benefit from ISDL-related methods assessing whether a realized refinement conforms to the original process model. Our studies in the paper are supported by an illustrative example
- âŚ