Decomposition tool for Event-B

Two methods have been identified for Event-B model decomposition: shared variable and shared event. The purpose of this paper is to introduce the two approaches and the respective tool support in the Rodin platform. Besides alleviating the complexity for large systems and respective proofs, decomposition allows team development in parallel over the same model which is very attractive in the industrial environment

Reasoned modelling critics: turning failed proofs into modelling guidance

The activities of formal modelling and reasoning are closely related. But while the rigour of building formal models brings significant benefits, formal reasoning remains a major barrier to the wider acceptance of formalism within design. Here we propose reasoned modelling critics — an approach which aims to abstract away from the complexities of low-level proof obligations, and provide high-level modelling guidance to designers when proofs fail. Inspired by proof planning critics, the technique combines proof-failure analysis with modelling heuristics. Here, we present the details of our proposal, implement them in a prototype and outline future plans

The composition of Event-B models

The transition from classical B [2] to the Event-B language and method [3] has seen the removal of some forms of model structuring and composition, with the intention of reinventing them in future. This work contributes to thatreinvention. Inspired by a proposed method for state-based decomposition and refinement [5] of an Event-B model, we propose a familiar parallel event composition (over disjoint state variable lists), and the less familiar event fusion (over intersecting state variable lists). A brief motivation is provided for these and other forms of composition of models, in terms of feature-based modelling. We show that model consistency is preserved under such compositions. More significantly we show that model composition preserves refinement

06191 Abstracts Collection -- Rigorous Methods for Software Construction and Analysis

From 07.05.06 to 12.05.06, the Dagstuhl Seminar 06191 ``Rigorous Methods for Software Construction and Analysis\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

From Event-B models to Dafny code contracts

International audienceThe constructive approach to software correctness aims at formal modelling and verification of the structure and behaviour of a system in different levels of abstraction. In contrast, the analytical approach to software verification focuses on code level correctness and its verification. Therefore it would seem that the constructive and analytical approaches should complement each other well. To demonstrate this idea we present a case for linking two existing verification methods, Event-B (constructive) and Dafny (analytical). This approach combines the power of Event-B abstraction and its stepwise refinement with the verification capabilities of Dafny. We presented a small case study to demonstrate this approach and outline of the rules for transforming Event-B events to Dafny contracts. Finally, a tool for automatic generation of Dafny contracts from Event-B formal models is presented

Time Will Tell: The Involvement of the Circadian Clock in Colorectal Cancer

A circadian rhythm is a 24 hour recurring biological process. A group of core genes and transcription factors (CLK, BMAL1, PER, CRY) called the circadian clock regulates these 24 hour rhythms through a transcription/translation feedback loop. Over 40% of the genome is transcribed rhythmically implicating the clock in many cellular processes. Recently, it has been shown that WNT, a mediator of intestinal stem cell proliferation is transcribed rhythmically. Uncontrolled cell proliferation can lead to cancer, which is seen with the mutation of APC, a regulator of Wnt mutated in 80% of all colorectal cancer cases. Colorectal cancer incidence has been steadily increasing due to chronic photoperiod disruptions such as shift work. My project will examine how the disruption of the circadian clock in the intestine affects cancer incidence. I hypothesize that a dysfunctional clock will lead to enhanced tumorigenesis. Due to the implication of APC in colorectal cancer, we will use a mouse that is heterozygous for the APC gene, APCmin/+ to model colorectal cancer in a mouse. I will compare APCmin/+; BMAL1+/+ intestines, which have a normal circadian clock, to APCmin/+; BMAL1-/- intestines, where the clock is dysfunctional. I will count polyps, and use H&E stained tissue sections to quantify the size of each tumour. The Wnt pathway, cell cycle activity and the circadian clock will be examined using immunofluorescence to study the potential relationship between cancer development and the clock. PER2, a core clock protein as well as cMYC, a Wnt target will be investigated. I predict that the APCmin/+; BMAL1+/+ mice, will have fewer tumors than the APCmin/+; BMAL1-/-. My preliminary data shows that the APCmin/+; BMAL1+/+ tissue has more tumours than APC+/+; BMAL1+/+ suggesting this colorectal mouse model works. Implicating the circadian clock in colorectal cancer may allow for greater understanding in how to treat or avoid it

Filling in CMB map missing data using constrained Gaussian realizations

For analyzing maps of the cosmic microwave background sky, it is necessary to mask out the region around the galactic equator where the parasitic foreground emission is strongest as well as the brightest compact sources. Since many of the analyses of the data, particularly those searching for non-Gaussianity of a primordial origin, are most straightforwardly carried out on full-sky maps, it is of great interest to develop efficient algorithms for filling in the missing information in a plausible way. We explore practical algorithms for filling in based on constrained Gaussian realizations. Although carrying out such realizations is in principle straightforward, for finely pixelized maps as will be required for the Planck analysis a direct brute force method is not numerically tractable. We present some concrete solutions to this problem, both on a spatially flat sky with periodic boundary conditions and on the pixelized sphere. One approach is to solve the linear system with an appropriately preconditioned conjugate gradient method. While this approach was successfully implemented on a rectangular domain with periodic boundary conditions and worked even for very wide masked regions, we found that the method failed on the pixelized sphere for reasons that we explain here. We present an approach that works for full-sky pixelized maps on the sphere involving a kernel-based multi-resolution Laplace solver followed by a series of conjugate gradient corrections near the boundary of the mask.Comment: 22 pages, 14 figures, minor changes, a few missing references adde

Developing Topology Discovery in Event-B

We present a formal development in Event-B of a distributed topology discovery algorithm. Distributed topology discovery is at the core of several routing algorithms and is the problem of each node in a network discovering and maintaining information on the network topology. One of the key challenges is specifying the problem itself. Our specification includes both safety properties, formalizing invariants that should hold in all system states, and liveness properties that characterize when the system reaches stable states. We establish these by appropriately combining proofs of invariant preservation, event refinement, event convergence, and deadlock freedom. The combination of these features is novel and should be useful for formalizing and developing other kinds of semi-reactive systems, which are systems that react to, but do not modify, their environment