Rodin: an open toolset for modelling and reasoning in Event-B

Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods

Learning to communicate computationally with Flip: a bi-modal programming language for game creation

Teaching basic computational concepts and skills to school children is currently a curricular focus in many countries. Running parallel to this trend are advances in programming environments and teaching methods which aim to make computer science more accessible, and more motivating. In this paper, we describe the design and evaluation of Flip, a programming language that aims to help 11–15 year olds develop computational skills through creating their own 3D role-playing games. Flip has two main components: 1) a visual language (based on an interlocking blocks design common to many current visual languages), and 2) a dynamically updating natural language version of the script under creation. This programming-language/natural-language pairing is a unique feature of Flip, designed to allow learners to draw upon their familiarity with natural language to “decode the code”. Flip aims to support young people in developing an understanding of computational concepts as well as the skills to use and communicate these concepts effectively. This paper investigates the extent to which Flip can be used by young people to create working scripts, and examines improvements in their expression of computational rules and concepts after using the tool. We provide an overview of the design and implementation of Flip before describing an evaluation study carried out with 12–13 year olds in a naturalistic setting. Over the course of 8 weeks, the majority of students were able to use Flip to write small programs to bring about interactive behaviours in the games they created. Furthermore, there was a significant improvement in their computational communication after using Flip (as measured by a pre/post-test). An additional finding was that girls wrote more, and more complex, scripts than did boys, and there was a trend for girls to show greater learning gains relative to the boys

Reasoned modelling critics: turning failed proofs into modelling guidance

The activities of formal modelling and reasoning are closely related. But while the rigour of building formal models brings significant benefits, formal reasoning remains a major barrier to the wider acceptance of formalism within design. Here we propose reasoned modelling critics — an approach which aims to abstract away from the complexities of low-level proof obligations, and provide high-level modelling guidance to designers when proofs fail. Inspired by proof planning critics, the technique combines proof-failure analysis with modelling heuristics. Here, we present the details of our proposal, implement them in a prototype and outline future plans

Collaborative Verification-Driven Engineering of Hybrid Systems

Hybrid systems with both discrete and continuous dynamics are an important model for real-world cyber-physical systems. The key challenge is to ensure their correct functioning w.r.t. safety requirements. Promising techniques to ensure safety seem to be model-driven engineering to develop hybrid systems in a well-defined and traceable manner, and formal verification to prove their correctness. Their combination forms the vision of verification-driven engineering. Often, hybrid systems are rather complex in that they require expertise from many domains (e.g., robotics, control systems, computer science, software engineering, and mechanical engineering). Moreover, despite the remarkable progress in automating formal verification of hybrid systems, the construction of proofs of complex systems often requires nontrivial human guidance, since hybrid systems verification tools solve undecidable problems. It is, thus, not uncommon for development and verification teams to consist of many players with diverse expertise. This paper introduces a verification-driven engineering toolset that extends our previous work on hybrid and arithmetic verification with tools for (i) graphical (UML) and textual modeling of hybrid systems, (ii) exchanging and comparing models and proofs, and (iii) managing verification tasks. This toolset makes it easier to tackle large-scale verification tasks

An implementation of the behavior annex in the AADL-toolset Osate2

AADL is a modeling language to design and analyze High-Integrity Distributed and Real-time systems. Embedded sub-languages published as AADL annexes extend an AADL model to enhance analysis. The behavior annex specifies the behavior of an AADL application model. An implantation of this annex allows to perform behavior analysis. In addition, as there are several AADL annexes, the implementation of generic mechanisms to support each one of them is challenging. The behavior annex is a valid candidate to illustrate these challenges by combining several sub-languages. In this paper we expose our experiment to support the behavior annex in the reference AADL toolset OSATE2. This one, supports the AADL version 2 by providing a front-end and a set of analysis plug-ins to analyze an AADL model

Co-designing smart home technology with people with dementia or Parkinson's disease

Involving users is crucial to designing technology successfully, especially for vulnerable users in health and social care, yet detailed descriptions and critical reflections on the co-design process, techniques and methods are rare. This paper introduces the PERCEPT (PERrsona-CEntred Participatory Technology) approach for the co-design process and we analyse and discuss the lessons learned for each step in this process. We applied PERCEPT in a project to develop a smart home toolset that will allow a person living with early stage dementia or Parkinson's to plan, monitor and self-manage his or her life and well-being more effectively. We present a set of personas which were co-created with people and applied throughout the project in the co-design process. The approach presented in this paper will enable researchers and designers to better engage with target user groups in co-design and point to considerations to be made at each step for vulnerable users

Prototyping the Semantics of a DSL using ASF+SDF: Link to Formal Verification of DSL Models

A formal definition of the semantics of a domain-specific language (DSL) is a key prerequisite for the verification of the correctness of models specified using such a DSL and of transformations applied to these models. For this reason, we implemented a prototype of the semantics of a DSL for the specification of systems consisting of concurrent, communicating objects. Using this prototype, models specified in the DSL can be transformed to labeled transition systems (LTS). This approach of transforming models to LTSs allows us to apply existing tools for visualization and verification to models with little or no further effort. The prototype is implemented using the ASF+SDF Meta-Environment, an IDE for the algebraic specification language ASF+SDF, which offers efficient execution of the transformation as well as the ability to read models and produce LTSs without any additional pre or post processing.Comment: In Proceedings AMMSE 2011, arXiv:1106.596