Evaluation of graphical control flow management approaches for Event-B modelling

Integrating graphical representations with formal methods can help bridge the gap between requirements and formal modelling. In this paper, we compare and evaluate two graphical approaches aiming at describing control flows and refinement in Event-B, and we use a fire dispatch system case study to perform this evaluation. The fire dispatch system case study provides a good example of a complex workflow through which we try to identify a process that facilitates defining the structural and the behavioural parts of the Event-B model. In our case study, we focus on building the dynamic part of the model to evaluate the two diagrammatic notations: UML Activity Diagrams and Atomicity Decomposition Diagrams. Based on our evaluation, we try to identify the advantages and limitations of both approaches. Finally, we try to compare how both graphical notations can affect the Event-B formal modelling of our case study

A graphical tool for event refinement structures in Event-B

The Event Refinement Structures (ERS) approach provides a graphical extension of the Event-B formal method to represent event decomposition and control-flow explicitly. In this paper we present an improved version of the ERS plug-in, which provides a graphical environment for the ERS approach within the Event-B tool, Rodin. The improved ERS plug-in is based on the available frameworks that are developed to support Event-B with an EMF framework, language extensions and generic diagram extensions

Extending the ERS approach for workflow modelling in Event-B

The Event Refinement Structures (ERS) approach augments the Event-B formal method with hierarchical diagrams, providing explicit support for control fow and refinement relationships. ERS was originally designed to decompose the atomicity of the events in Event-B and later enriched with control flow combinators.Combining graphical workflow approaches with formal methods has been a subject of interest in both industry and academia, resulting in a diversity of approaches. In this thesis, we present an approach for workflow modelling that addresses both control flow and data handling. ERS is used for control flow, while Event-B mathematical notation supports the data handling. This separation simplifies the modelling by avoiding an extensive number of patterns, though separation does not mean the independence of control flow from data handling. The dependency is achieved by the ERS semantics, which are acquired by transforming the diagrams to Event-B. This combination not only benefits from the verification capabilities of Event-B and the graphical nature of ERS, but also supports incremental modelling through refinement and hierarchy.Our studies resulted in extending the ERS approach to support more flexible behaviour like unbounded replication and exception handling. Unbounded replication is needed when the number of instances of a flow to be executed is unknown and additional instances can be initiated during execution. We also enhance some of the existing ERS combinators such as the loop. We validate our approach and extensions by applying them to two complex work flows, the fire dispatch system and the travel agency booking system. Finally, we extend the ERS formal language with new translation rules to support our new ERS extensions. We formally define the new translation rules of ERS to Event-B, using the Augmented Backus-Naur Form (ABNF), to be easily integrated in the ERS plug-in. The ERS plug-in is a tool providing automatic generation of part of the Event-B model representing types and sequencing. We also evaluate the ERS combinators in control flow modelling against already published criteria

The novel sequential insertion of carbon monoxide and imines into palladium-carbon [sigma]-bonds : synthesis, mechanism and reactivity

The development of non-amino acid routes for the construction of peptides remains a challenge. The main goal of this study is to develop a new transition metal-mediated route to synthesize alpha-amino acid and peptide derivatives from imines and carbon monoxide. The proposed approach requires the sequential insertion of CO and imine into late transition metal sigma-bonds.In Chapters 2 and 3, the ability of the palladium complex L2Pd(CH 3)N(R)=C(H)R'+ X- [L2 = chelating nitrogen ligands, X- = non-coordinating counteranion] to mediate the insertion of imines is examined. While L 2Pd(CH3)N(R)=C(H)R'+ X- is inert towards imine insertion into a palladium-methyl bond, the addition of CO to L2Pd(CH3)N(R)=C(H)R '+ X- yields the palladium-acyl complex L2Pd(COCH3)N(R)=C(H)R' +X-, which subsequently reacts to form the novel product of imine insertion: (L2)Pd[eta2-CH(R ')NRCOCH3]+X-. This demonstrates that these palladium complexes can undergo the novel sequential insertion of carbon monoxide and imine into the palladium-carbon bond in a manner directly analogous to that observed in olefin/CO alternating co-polymerizations. Examination of the mechanism of imine insertion (Chapter 3) demonstrates that, unlike olefins, imines undergo a concerted migration from the sigma-imine complex to form the product of imine insertion. The X-ray structure of the insertion complex 2.6b suggests the unique combination of amide bond formation, carbonyl oxygen chelation, and resonance stabilization of the chelate ring provides the stabilization required for this reaction to occur.The product of CO/imine insertion is found to be inert towards reaction with carbon monoxide (Chapter 4). However, the addition of CO to its chloride analogue, generated via the oxidative addition of N-acyl iminium salts Tol(H)C=N(CH 2Ph)COPh+Cl- to Pd2(dba) 3•CHCl3 in the presence of 2,2'-bipyridine, results in the formation of 2-imidazolinecarboxylate derivatives (Chapter 5). Mechanistic studies reveal that imidazoline formation occurs via CO insertion into Pd--C bond of (bipy)Pd[eta2-CH(R' )NRCOR″]+Cl-, generating a palladium-bound alpha-amino acid derivative, which is followed by coupling with imine. This reaction is extended into a novel one pot palladium-catalyzed coupling of imine, carbon monoxide and acid chloride into 2-imidazolinecarboxylate derivatives. The described methodology provides a facile route to access the biologically relevant imidazoline derivatives through the sequential insertion of CO and imine into palladium-alkyl bonds

Formal model validation through acceptance tests

When formal systems modelling is used as part of the development process, modellers need to understand the requirements in order to create appropriate models, and domain experts need to validate the final models to ensure they fit the needs of stakeholders. A suitable mechanism for such a validation are acceptance tests.In this paper we discuss how the principles of Behaviour-Driven Development (BDD) can be applied to i) formal modelling and ii) validation of behaviour specifications, thus coupling those two tasks. We show how to close the gap between the informal domain specification and the formal model, thus enabling the domain expert to write acceptance tests in a high-level language matching the formal specification.We analyse the applicability of this approach by providing the Gherkin scenarios for an Event-B/iUML-B formal model of a ‘fixed virtual block’ approach to train movement control, developed according to the Hybrid ERTMS/ETCS Level 3 principles specified by the EEIG ERTMS Users Group and presented as a case study on the 6. International ABZ Conference 2018

Dataset for "An STPA-based formal composition framework for trustworthy autonomous maritime systems"

The data set contains the following material - *imms_classdiagram.zip* and *imms_statemachine.zip*: System model using UML-B class diagrams and statemachine - *MP2.zip*: Archive of the model for communication link MP2 in Event-B/Rodin </span