Who watches the watchers: Validating the ProB Validation Tool

Over the years, ProB has moved from a tool that complemented proving, to a development environment that is now sometimes used instead of proving for applications, such as exhaustive model checking or data validation. This has led to much more stringent requirements on the integrity of ProB. In this paper we present a summary of our validation efforts for ProB, in particular within the context of the norm EN 50128 and safety critical applications in the railway domain.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

Animating and Model Checking B Specifications with Higher-Order Recursive Functions

Real-life specifications often contain complicated functions. Animation and validation of such functions and specifications is very important. However, such functions pose a major challenge to animation and model checking. Earlier versions of ProB required that functions be explicitly expanded which is prohibitively expensive or impossible. The central idea of this new research is to compile such functions into symbolic closures which are only examined when the function is applied to some particular argument. This enables ProB to successfully animate and model check a new class of specifications, where animation is especially important due to the involved nature of the specification. We will illustrate this new approach on an industrial case study

Verification of Symmetry Detection using PVS

One of the major limitations of model checking is that of state-space explosion. Symmetry reduction is a method that has been successfully used to alleviate this problem for models of systems that consist of sets of identical components. In earlier work, we have introduced a specification language, Promela-Lite, which captures the essential features of Promela but has a fully defined semantics. We used hand proofs to show that a static symmetry detection technique developed for this language is sound, and suitable to be used in a symmetry reduction tool for SPIN. One of the criticisms often levelled at verification implementations, is that they have not been proved mechanically to be correct, i.e., no mechanical formal verification technique has been used to check the soundness of the approach. In this paper, we address this issue by mechanically verifying the correctness of the symmetry detection technique. We do this by embedding the syntax and semantics of Promela-Lite into the theorem prover PVS and using these embeddings to both check the consistency of syntax/semantics definitions, and interactively prove relevant theoretical properties