Extending Event-B with discrete timing properties

Event-B is a formal language for systems modelling, based on set theory and predicate logic. It has the advantage of mechanized proof, and it is possible to model a system in several levels of abstraction by using refinement. Discrete timing properties are important in many critical systems. However, modelling of timing properties is not directly supported in Event-B. In this work, we identify three main categories of discrete timing properties for trigger response patterns, deadline, delay and expiry. We introduce language constructs for each of these timing properties that augment the Event-B language. We describe how these constructs have been given a semantics in terms of the standard Event-B constructs. To ease the process of using timing properties in a refinement-based development, we introduce patterns for refining the timing constructs that allow timing properties on abstract models to be replaced by timing properties on refined models. The language constructs and refinement patterns are illustrated through some generic examples.We have developed a tool to support our approach. Our tool is a plug-in to the Rodin tool-set for Event-B and automates the translation of timing properties to Event-B as well as the generation of gluing invariants, required to verify the consistency of timing properties refinement. In the end, we demonstrate the practicality of our approach, by going through the modelling and verifying process of two real-time case studies. The main focus will be the usefulness of the timing refinement patterns in a step-wise modelling and verification process of a real-time system

Specification and refinement of discrete timing properties in Event-B

Event-B is a formal language for systems modeling, based on set theoryand predicate logic. It has the advantage of mechanized proof, and it is possible tomodel a system in several levels of abstraction by using refinement. Discrete timingproperties are important in many critical systems. However, modeling of timingproperties is not directly supported in Event-B. In this paper we identify three maincategories of discrete timing properties for trigger-response pattern, deadline, delayand expiry. We introduce language constructs for each of these timing properties thataugment the Event-B language. We describe how these constructs can be mappedto standard Event-B constructs. To ease the process of using the timing constructsin a refinement-based development, we introduce patterns for refining the timingconstructs that allow timing properties on abstract models to be replaced by timingproperties on refined models. The language constructs and refinement patternsare illustrated through some generic examples. Event-B refinement allows atomicevents at the abstract level to be broken down into sub-steps at the refined level.The goal of our refinement patterns is to provide an easy way to represent and correctlyrefine timing constraints on abstract atomic events with more elaborate timingconstraints on the refined events. This paper presents an initial set of patterns

Specification and refinement of discrete timing properties in Event-B

Event-B is a formal language for systems modeling, based on set theory and predicate logic. It has the advantage of mechanized proof, and it is possible to model a system in several levels of abstraction by using refinement. Discrete timing properties are important in many critical systems. However, modeling of timing properties is not directly supported in Event-B. In this paper we identify three main categories of discrete timing properties for trigger-response pattern, deadline, delay and expiry. We introduce language constructs for each of these timing properties that augment the Event-B language. We describe how these constructs can be mapped to standard Event-B constructs. To ease the process of using the timing constructs in a refinement-based development, we introduce patterns for refining the timing constructs that allow timing properties on abstract models to be replaced by timing properties on refined models. The language constructs and refinement patterns are illustrated through some generic examples. Event-B refinement allows atomic events at the abstract level to be broken down into sub-steps at the refined level. The goal of our refinement patterns is to provide an easy way to represent and correctly refine timing constraints on abstract atomic events with more elaborate timing constraints on the refined events. This paper presents an initial set of patterns