Practical Theory Extension in Event-B

Abstract. The Rodin tool for Event-B supports formal modelling and proof using a mathematical language that is based on predicate logic and set theory. Although Rodin has in-built support for a rich set of operators and proof rules, for some application areas there may be a need to extend the set of operators and proof rules supported by the tool. This paper outlines a new feature of the Rodin tool, the theory component, that allows users to extend the mathematical language supported by the tool. Using theories, Rodin users may define new data types and polymorphic operators in a systematic and practical way. Theories also allow users to extend the proof capabilities of Rodin by defining new proof rules that get incorporated into the proof mechanisms. Soundness of new definitions and rules is provided through validity proof obligations.

Rewriting and Well-Definedness within a Proof System

Term rewriting has a significant presence in various areas, not least in automated theorem proving where it is used as a proof technique. Many theorem provers employ specialised proof tactics for rewriting. This results in an interleaving between deduction and computation (i.e., rewriting) steps. If the logic of reasoning supports partial functions, it is necessary that rewriting copes with potentially ill-defined terms. In this paper, we provide a basis for integrating rewriting with a deductive proof system that deals with well-definedness. The definitions and theorems presented in this paper are the theoretical foundations for an extensible rewriting-based prover that has been implemented for the set theoretical formalism Event-B.Comment: In Proceedings PAR 2010, arXiv:1012.455

Méthodes d’optimisation dynamique de systèmes à plusieurs états pour l'efficacité énergétique automobile

Energy management system (EMS) for hybrid vehicles consists on determining the power split between the different energy sources in order to minimize the overall fuel consumption and/or pollutant emissions of the vehicle. The objective of this thesis is to develop an EMS taking into account the internal temperatures (engine temperature and/or catalyst temperature). In a first part and using a prior knowledge of vehicle driving cycle, the EMS design is formulated as an optimal control problem. Then, the PMP is used to solve this optimization problem. Based on the obtained numerical results, some trade-off between performance of the control strategy and complexity of the model used to calculate this strategy is established. The various problems studied in this thesis are examples of successive model simplifications which can be recast in the concept of regular perturbations in optimal control under input constraints discussed here. In a second part, the feedback law of ECMS is generalized to include thermal dynamics. This defines sub-optimal feedback strategies which we have tested numerically and experimentally.La gestion énergétique (EMS) pour véhicules hybrides a pour objectif de déterminer la répartition de puissance entre les différentes sources d'énergie de manière à minimiser la consommation de carburant et/ou les émissions polluantes. L'objectif de cette thèse est de développer un EMS en prenant en compte des températures internes (la température du moteur et/ou la température du système de post-traitement). Dans une première partie et en utilisant une connaissance préalable du cycle de conduite, le calcul d'un EMS est formulé comme un problème de commande optimale. Ensuite, le principe du minimum de Pontryagin (PMP) est utilisé pour résoudre ce problème d'optimisation.~En se basant sur les résultats numériques obtenus, un compromis entre les performances de la stratégie de commande et de la complexité du modèle utilisé pour la calculer est établi. Les différents problèmes étudiés dans cette thèse sont des exemples des simplifications successives de modèle qui peuvent être regroupées dans le concept des perturbations régulières en contrôle optimal sous contrainte de commande discuté ici. Dans une deuxième partie, la formulation de l'ECMS a été généralisée pour inclure les dynamiques thermiques. Ces extensions définissent des stratégies sous-optimales que nous avons testées numériquement et expérimentalement

Optimal Predictive Eco-Driving Cycles for Conventional, Electric, and Hybrid Electric Cars

International audienceIn this paper, the computation of eco-driving cycles for electric, conventional and hybrid vehicles using receding horizon and optimal control is studied. The problem is formulated as consecutive-optimization problems aiming at minimizing the vehicle energy consumption under traffic and speed constraints. The impact of the look-ahead distance and the optimization frequency on the optimal speed computation is studied to find a trade-off between the optimality and the computation time of the algorithm. For the three architectures considered, simulation results show that in urban driving conditions, a look-ahead distance of 300m to 500m leads to a sub-optimality less than 1% in the energy consumption compared to the global solution. For highway driving conditions, a look-ahead distance of 1km to 1.5km leads to a sub-optimality less than 2% compared to the global solution

Towards a practically extensible Event-B methodology

Formal modelling is increasingly recognised as an important step in the development of reliable computer software. Mathematics provide a solid theoretical foundation upon which it is possible to specify and implement complex software systems. Event-B is a formalism that uses typed set theory to model and reason about complex systems. Event-B and its associated toolset, Rodin, provide a methodology that can be incorporated into the development process of software and hardware. Refinement and mathematical proof are key features of Event-B that can be exploited to rigorously specify and reason about a variety of systems. Successful and usable formal methodologies must possess certain attributes in order to appeal to end-users. Expressiveness and extensibility, among other qualities, are of major importance. In this thesis, we present techniques that enhance the extensibility of: (1) the mathematical language of Event-B in order to enhance expressiveness of the formalism, and (2) the proving infrastructure of the Rodin platform in order to cope with an extensible mathematical language. This thesis makes important contributions towards a more extensible Event-B methodology.Firstly, we show how the mathematical language of Event-B can be made extensible in a way that does not hinder the consistency of the underlying formalism. Secondly, we describe an approach whereby the prover used for reasoning can be augmented with proof rules without compromising the soundness of the framework. The theory component is the placeholder for mathematical and proof extensions. The theoretical contribution of this thesis is the study of rewriting in the presence of partiality. Finally, from a practical viewpoint, proof obligations are used to ensure soundness of user-contributed extensions

Ensuring extensibility within code generation

Making the step from Event-B to code is a process that can be aided through automatic code generation. The code generation plug-in for Rodin is a new tool for translating Event-B models to concurrent programmes. However users of such a tool will likely require a diverse range of target languages and target platforms, for which we do not currently provide translations. Some of these languages may be subtly different to existing languages and only have modest differences between the translation rules, for example C and C++, whilst others may have more fundamental differences. As the translation from Event-B to executable code is non-trivial and to reduce the likelihood of error, we want to generalise as much of the translation as possible so that existing translation rules are re-used. Therefore significant effort is needed to ensure that such a translation tool is extensible to allow additional languages to be included with relative ease. Here we concentrate on translation from a previously defined intermediary language, called IL1, which Event-B translates to directly