190 research outputs found
Development of Rabin’s Choice Coordination Algorithm in Event-B
The paper reports our investigation on tool support for the integration of qualitative probabilistic reasoning into Event-B. In the process, we formalise a non- trivial algorithm, namely Rabin’s choice coordination. Our correctness reasoning is a combination of termination proofs in terms of probabilistic convergence and standard invariant techniques. Moreover, we describe how qualitative probabilistic reasoning can be maintained during refinement
Abstract Data Types in Event-B - An Application of Generic Instantiation
Integrating formal methods into industrial practice is a challenging task.
Often, different kinds of expertise are required within the same development.
On the one hand, there are domain engineers who have specific knowledge of the
system under development. On the other hand, there are formal methods experts
who have experience in rigorously specifying and reasoning about formal
systems. Coordination between these groups is important for taking advantage of
their expertise. In this paper, we describe our approach of using generic
instantiation to facilitate this coordination. In particular, generic
instantiation enables a separation of concerns between the different parties
involved in developing formal systems.Comment: In Proceedings of DS-Event-B 2012: Workshop on the experience of and
advances in developing dependable systems in Event-B, in conjunction with
ICFEM 2012 - Kyoto, Japan, November 13, 201
Rodin: an open toolset for modelling and reasoning in Event-B
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods
Foundations for using linear temporal logic in Event-B refinement
In this paper we present a new way of reconciling Event-B refinement with linear temporal logic (LTL) properties. In particular, the results presented in this paper allow properties to be established for abstract system models, and identify conditions to ensure that the properties (suitably translated) continue to hold as those models are developed through refinement. There are several novel elements to this achievement: (1) we identify conditions that allow LTL properties to be mapped across refinement chains; (2) we provide translations of LTL predicates to reflect the introduction through refinement of new events and the renaming and splitting of existing events; (3) we do this for an extended version of LTL particularly suited to Event-B, including state predicates and enabledness of events, which can be model-checked at the abstract level. Our results are more general than any previous work in this area, covering liveness in the context of anticipated events, and relaxing constraints between adjacent refinement levels. The approach is illustrated with a case study. This enables designers to develop event based models and to consider their execution patterns so that liveness and fairness properties can be verified for Event-B systems
DeepSaucer: Unified Environment for Verifying Deep Neural Networks
In recent years, a number of methods for verifying DNNs have been developed.
Because the approaches of the methods differ and have their own limitations, we
think that a number of verification methods should be applied to a developed
DNN. To apply a number of methods to the DNN, it is necessary to translate
either the implementation of the DNN or the verification method so that one
runs in the same environment as the other. Since those translations are
time-consuming, a utility tool, named DeepSaucer, which helps to retain and
reuse implementations of DNNs, verification methods, and their environments, is
proposed. In DeepSaucer, code snippets of loading DNNs, running verification
methods, and creating their environments are retained and reused as software
assets in order to reduce cost of verifying DNNs. The feasibility of DeepSaucer
is confirmed by implementing it on the basis of Anaconda, which provides
virtual environment for loading a DNN and running a verification method. In
addition, the effectiveness of DeepSaucer is demonstrated by usecase examples
- …