Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:22:59ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2013-11-20T12:45:52Z2013-11-20T12:45:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/464This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4642013-11-20T12:45:52ZMathematical Language of Event-B ProofsThis model proves correct the optimisation implemented in Rodin 3.0 for storing the mathematical language in which proofs are written.
See http://wiki.event-b.org/index.php/Language_of_an_Event-B_Component for more details on the context of this model.Laurent Voisinlaurent.voisin@systerel.fr2012-12-06T09:51:10Z2013-03-09T12:50:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/459This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4592012-12-06T09:51:10ZMastering System Analysis and Design through Abstraction and RefinementThe complexity of requirements and complexity of operating environments make error detection in early stages of software system development difficult. This paper makes an argument for the use of formal modelling and verification in early stages of system development to identify and eliminate errors in a timely fashion.
Precision is key to eliminating errors in requirements while abstraction is key to mastering requirements complexity. The paper outlines the way in which precision and abstraction may be achieved through modelling and how refinement allows the complexity to be managed through layering. The role of model validation and model verification in improving the quality of formal models and in improving the quality of the requirements is also outlined. The formalism used throughout is Event-B supported by the Rodin toolset.
Based on lectures given at 2012 Marktoberdorf International Summer School on Engineering Dependable Software Systems
Michael Butlermjb@ecs.soton.ac.uk2012-07-23T06:29:23Z2012-09-11T18:36:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/425This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4252012-07-23T06:29:23ZA Systematic Approach to Atomicity Decomposition in Event-BAsieh Salehi FathabadiMichael ButlerAbdolbaghi Rezazadeh2012-10-09T16:18:22Z2013-02-18T14:58:53Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/457This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4572012-10-09T16:18:22ZTutorial: a Practical Introduction to using Event-B for Complex �Hardware and Embedded System Specification and Design John ColleyJ.L.Colley@ecs.soton.ac.uk2012-10-09T16:24:20Z2013-02-18T14:58:34Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/458This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4582012-10-09T16:24:20ZAbstraction, Refinement and Decomposition for Systems Engineering
Michael Butlermjb@ecs.soton.ac.uk2012-09-20T12:48:47Z2013-02-18T14:59:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/456This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4562012-09-20T12:48:47ZMore AbstractionBased on 10+ years of formal modelling in industry, I advocate the use
of domain theories and modelling patterns in system modelling.
When modelling a system, one has to somehow encode some domain data
structures
into some mathematical notation (e.g., set-theory for Event-B). This
encoding is not trivial, except for very simple case studies. Inlining this
encoding within a model makes it difficult to read and consequently difficult
to prove. It is much better to separate the encoding in a separate file
(i.e., a theory) which will describe the data structure, provide operators for
updating it together with proof rules for reasoning about them. The model is
then free from clutter and can be expressed at the same level of discourse as
domain experts.
I think that AI could provide significant benefits by detecting when a model
is not at the correct level of discourse and contains too much encoding. This
could be detected by inspecting the model and assessing its intrinsic
complexity. This would be particularly useful for beginners who usually have
difficulty to separate concerns.
Another use of AI is to implement refinement plans (see paper by Grov, Ireland
and Llano presented at ABZ 2012). In this setting, a failing proof is
analysed with respect to some refinement patterns and the tool suggests
amendment to the model that would allow to fix its proof. I think that it
would be much more valuable if the refinement patterns would be in the form of
generic models. The tool would then propose to instantiate the generic
pattern and suggest ways to instantiate it (e.g., provide actual parameters).
This would reuse not only the pattern but also its associated proof. The user
would only have to prove that the actual parameters fulfill the pattern
pre-conditions.
More generally, AI could be used to mine existing models to extract generic
patterns from them. This would allow to build a library of recurring
patterns. As for refinement plans, AI could also be used for guiding users
within the library and help them select the appropriate patterns with respect
to their modelling needs.
In conclusion, using both theories and generic model patterns makes models
more easy to develop, read and prove, by allowing better reuse. AI could be
of great help in assisting users for making the better use of these tools.Laurent Voisin2012-03-15T09:45:21Z2012-09-11T18:39:18Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/375This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3752012-03-15T09:45:21ZFormal modelling for Ada implementations: Tasking Event-BThis paper describes a formal modelling approach, where Ada code is automatically generated from the modelling artefacts. We introduce an implementation-level specification, Tasking Event-B, which is an extension to Event-B. Event-B is a formal method, that can be used to model safety-, and business-critical systems. The work may be of interest to a section of the Ada community who are interested in applying formal modelling techniques in their development process, and automatically generating Ada code from the model. We describe a streamlined process, where the abstract modelling artefacts map easily to Ada language constructs. Initial modelling takes place at a high level of abstraction. We then use refinement, decomposition, and finally implementation-level annotations, to generate Ada code. We provide a brief introduction to Event-B, before illustrating the new approach using small examples taken from a larger case study.Andrew EdmundsAbdolbaghi RezazadehMichael Butler2012-05-16T08:21:38Z2012-09-11T18:34:26Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/401This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4012012-05-16T08:21:38ZExtending Event-B with Discrete Timing PropertiesEvent-B is a formal language for systems modelling, based on set theory and predicate logic. It has the advantage of mechanized proof, and it is possible to model a system in several levels of abstraction by using refinement. Discrete timing properties are important in many critical systems. However, modelling of timing properties is not directly supported in Event-B. In this paper we identify three main categories of discrete timing properties for trigger-response patterns, deadline, delay and expiry. We introduce language constructs for each of these timing properties that augment the Event-B language. We describe how these constructs have been given a semantic in terms of the standard Event-B constructs. To ease the process of using timing properties in a refinement-based development, we introduce patterns for refining the timing constructs that allow timing properties on abstract models to be replaced by timing properties on refined models. The language constructs and refinement patterns are illustrated through some generic examples.Sarshogh Mohammad Rezamrs2g09@ecs.soton.ac.ukButler Michaelmjb@ecs.soton.ac.uk2012-05-17T14:15:58Z2012-09-11T18:35:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/402This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4022012-05-17T14:15:58ZControl systems: phenomena and structuring functional requirement documentsInfluenced by the Parnas and Madey?s fourvariable model and the concept of phenomena in problem frames, we desire to provide guidelines to facilitate refinement-based formal modelling. These guidelines are based on monitored, controlled, mode and commanded (MCMC) phenomena of a control system. Commanded phenomena reflect the role that an operator plays in system control. The mode phenomenon captures the states of the controller. Requirements of several case studies have been formally modelled using the MCMC phenomena. This helped to identify some of the ambiguities and advantages of the guidelines. In particular, we realised that the concept of commanded phenomena and its difference with monitored phenomena can cause confusion. Also, it was noticed that the mode is a special phenomenon, as it can be modified by operator requests or internally by the control system. In this paper we clarify the concept of commanded phenomena and differentiate between monitored and commanded phenomena clearly. The concept of mode phenomenon is also introduced in details. As practical examples, the phenomena of two case studies, namely a cruise control system and a lane centering controller (LCC), are identified. The MCMC phenomena are also used to structure the requirement document (RD) of a control system. This can help with the transition from an informal RD to a formal model. This approach is used to structure the RD of the LCC case study which is supported by our industrial partner.Sanaz YeganefardMichael Butler2012-05-08T09:23:13Z2012-09-11T18:17:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/394This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3942012-05-08T09:23:13ZEvent-B code generation: type extension with theoriesThe Event-B method is a formal modelling approach; our interest is the final step, of generating code for concurrent programs, from Event-B. Our Tasking Event-B tool integrates Event-B to facilitate code generation. The theory plug-in allows mathematical extensions to be added to an Event-B development. When working at the implementation level we need to consider how to translate the newly added types and operators into code. In this paper, we augment the theory plug-in, by adding a Translation Rules section to the tool. This enables us to define translation rules that map Event-B formulas to code. We illustrate the approach using a small case study, where we add a theory of arrays, and specify translation rules for generating Ada code.Andrew EdmundsMichael ButlerIssam MaamriaRenato SilvaChris Lovell2012-09-11T18:46:24Z2012-09-11T18:46:24Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/452This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4522012-09-11T18:46:24ZA Method and Tool for Tracing Requirements into Specifications<p>The creation of a consistent system description is a challenging problem of requirements engineering. Formal and informal reasoning can greatly contribute to meet this challenge. However, this demands that formal and informal reasoning and the system description are connected in such way that the reasoning permits drawing conclusions about the system description.</p> <p>We describe an incremental approach to requirements modelling and validation that incorporates formal and informal reasoning. Our main contribution is an approach to requirements tracing that delivers the necessary connection that links the reasoning to the system description. Formal refinement is used in order to deal with large and complex system descriptions.</p> <p>We discuss tool support for our approach of requirements tracing that combines informal requirements modelling with formal modelling and verification while tracing requirements among each other and into the formal model.</p>Stefan HallerstedeMichael JastramLukas Ladenberger2012-07-16T18:29:48Z2012-09-11T18:37:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/422This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4222012-07-16T18:29:48ZExternal and internal choice with event groups in Event-BMichael Butler2012-07-18T12:48:03Z2012-09-11T18:38:26Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/424This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4242012-07-18T12:48:03ZSMT Solvers for RodinFormal development in Event-B generally requires the validation of a large number of proof obligations. Some automatic tools exist to automatically discharge a significant part of them, thus augmenting the efficiency of the formal development. We here investigate the use of SMT (Satisfiability Modulo Theories) solvers in addition to the traditional tools, and detail the techniques used for the cooperation between the Rodin platform and SMT solvers.
Our contribution is the definition of two approaches to use SMT solvers, their implementation in a Rodin plug-in, and an experimental evaluation on a large sample of industrial and academic projects. Adding SMT solvers to Atelier B provers reduces to one fourth the number of sequents that need to be proved interactively.David Déharbedavid@dimap.ufrn.brPascal FontainePascal.Fontaine@inria.frYoann Guyotyoann.guyot@systerel.frLaurent Voisinlaurent.voisin@systerel.fr2012-09-11T18:31:04Z2012-09-11T18:33:36Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/449This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4492012-09-11T18:31:04ZThe ProR Approach: Traceability of Requirements and System Descriptions<p>Creating a system description of high quality is still a challenging problem in the field of requirements engineering. Creating a formal system description addresses some issues. However, the relationship of the formal model to the user requirements is rarely clear, or documented satisfactorily.</p> <p>This work presents the ProR approach, an approach for the creation of a consistent system description from an initial set of requirements. The resulting system description is a mixture of formal and informal artefacts. Formal and informal reasoning is employed to aid in the process. To achieve this, the artefacts must be connected by traces to support formal and informal reasoning, so that conclusions about the system description can be drawn.</p> <p>The ProR approach enables the incremental creation of the system description, alternating between modelling (both formal and informal) and validation. During this process, the necessary traceability for reasoning about the system description is established. The formal model employs refinement for further structuring of large and complex system descriptions. The development of the ProR approach is the first contribution of this work.</p> <p>This work also presents ProR, a tool platform for requirements engineering, that supports the ProR approach. ProR has been integrated with Rodin, a tool for Event-B modelling, to provide a number of features that allow the ProR approach to scale.</p> <p>The core features of ProR are independent from the ProR approach. The data model of ProR builds on the international ReqIF standard, which provides interoperability with industrial tools for requirements engineering. The development of ProR created enough interest to justify the creation of the Requirements Modeling Framework (RMF), a new Eclipse Foundation project, which is the open source host for ProR. RMF attracted an active community, and ProR development continues. The development of ProR is the second contribution of this work.</p> <p>This work is accompanied by a case study of a traffic light system, which demonstrates the application of both the ProR approach and ProR.</p>Michael Jastram2012-09-11T18:42:09Z2012-09-11T18:42:09Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/450This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4502012-09-11T18:42:09ZTranslating TLA+ to B for Validation with ProBTLA+ and B share the common base of predicate logic, arithmetic and set theory. However, there are still considerable differences, such as very different approaches to typing and modularization. There is also considerable difference in the available tool support. In this paper, we present a translation of the non-temporal part of TLA+ to B, which makes it possible to feed TLA+ specifications into existing tools for B. Part of this translation must include a type inference algorithm, in order to produce typed B specifications. There are many other tricky aspects, such as translating modules as well as let and if-then-else expressions. We also present an integration of our translation into ProB. ProB thus provides a complementary tool to the explicit state model checker TLC, with convenient animation and constraint solving for TLA+. We also present a series of case studies, highlighting the complementarity to TLC. In particular, we highlight the sometimes dramatic difference in performance when it comes to solving complicated constraints in TLA+.Dominik HansenMichael Leuschel2012-09-11T18:47:59Z2012-09-12T07:11:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/453This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4532012-09-11T18:47:59ZValidating B, Z and TLA+ using ProB and KodkodWe present the integration of the Kodkod high-level interface to SAT-solvers into the kernel of ProB. As such, predicates from B, Event-B, Z and TLA+ can be solved using a mixture of SAT-solving and ProB's own constraint-solving capabilities developed using constraint logic programming: the first-order parts which can be dealt with by Kodkod and the remaining parts solved by the existing ProB kernel. We also present an extensive empirical evaluation and analyze the respective merits of SAT-solving and classical constraint solving. We also compare to using SMT solvers via recently available translators for Event-B.Daniel PlaggeMichael Leuschelleuschel@cs.uni-duesseldorf.de2012-09-11T18:44:18Z2012-09-11T18:44:18Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/451This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4512012-09-11T18:44:18ZArchitectures for an Extensible Text Editor for RodinIngo Weigelt2012-09-13T09:16:59Z2013-02-18T14:59:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/455This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4552012-09-13T09:16:59ZBuilding on the DEPLOY legacy: code generation and simulationThe RODIN, and DEPLOY projects have laid solid foundations for further theoretical, and practical (methodological and tooling) advances with Event-B; we investigated code generation for embedded, multi-tasking systems. This work describes activities from a follow-on project, ADVANCE; where our interest is co-simulation of cyber-physical systems. We are working to better understand the issues arising in a development when modelling with Event-B, and animating with ProB, in tandem with a multi-simulation strategy. With multi-simulation we aim to simulate various features of the environment separately, in order to exercise the deployable code. This paper has two contributions, the first is the extension of the code generation work of DEPLOY, where we add the ability to generate code from Event-B state-machine diagrams. The second describes how we may use code, generated from state-machines, to simulate the environment, and simulate concurrently executing state-machines, in a single task. We show how we can instrument the code to guide the simulation, by controlling the relative rate that non-deterministic transitions are traversed in the simulation.Andrew Edmundsae2@ecs.soton.ac.ukJohn ColleyJ.L.Colley@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2013-03-26T15:12:41Z2013-03-26T15:13:35Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/463This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4632013-03-26T15:12:41ZFrameworks for developing Event-B modelling extensions in EMFThese Slides are intended for for plugin developers who wish to extend the Event-B notation using EMF modelling facilities. Diagrammatic editors are also supported. (Some of these slides were originally developed in the deploy project and have been extended during the Advance project)Colin SnookVitaly SavicksFabian FritzAlexei Illisaov