Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:23:39ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2010-01-27T17:25:49Z2010-01-27T17:25:49Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/194This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1942010-01-27T17:25:49ZA Refinement-Based Correctness Proof of Symmetry Reduced Model CheckingEdd TurnerMichael ButlerMichael Leuschel2009-09-07T08:16:40Z2010-04-19T15:05:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/146This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1462009-09-07T08:16:40ZApplying Model Checking to Generate Model-based Integration Tests from Choreography ModelsChoreography models describe the communication protocols
between services. Testing of service choreographies is an important task for the
quality assurance of service-based systems as used e.g. in the context of
service-oriented architectures (SOA). The formal modeling of service
choreographies enables a model-based integration testing (MBIT) approach.
We present MBIT methods for our service choreography modeling approach
called Message Choreography Models (MCM). For the model-based testing of
service choreographies, MCMs are translated into Event-B models and used as
input for our test generator which uses the model checker ProB.S. WieczorekV. KozyuraA. RothMichael Leuschelleuschel@cs.uni-duesseldorf.deJens BendispostoDaniel Plaggeplagge@cs.uni-duesseldorf.deI. Schieferdecker2009-07-13T11:09:14Z2010-04-19T15:05:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/133This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1332009-07-13T11:09:14ZSAL, Kodkod, and BDDs for Validation of B Models. Lessons and Outlook.PROB is a model checker for high-level B and Event-B models based on constraint-solving. In this paper we investigate alternate approaches for validating high-level B models using alternative techniques and tools based on using BDDs, SAT-solving and SMT-solving. In particular, we examine whether PROB can be complemented or even supplanted by using one of the tools BDDBDDB, Kodkod or SAL.Daniel Plaggeplagge@cs.uni-duesseldorf.deMichael Leuschelleuschel@cs.uni-duesseldorf.deIlya LopatkinIlya.Lopatkin@newcastle.ac.ukAlexei IliasovAlexei.Iliasov@newcastle.ac.ukAlexander RomanovskyAlexander.Romanovsky@newcastle.ac.uk2008-11-04T09:04:12Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/44This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/442008-11-04T09:04:12ZProbing the Depths of CSP-M: A New FDR-Compliant Validation ToolWe present a new animation and model checking tool for CSP.
The tool covers the CSP-M language, as supported by existing
tools such as FDR and probe.
Compared to those tools, it provides visual feedback in the source code,
has an LTL model checker and can be used for combined CSP||B specifications.
During the development of the tool some intricate issues were uncovered with the CSP-M language.
We discuss those issues, and provide suggestions for improvement.
We also explain how we have ensured conformance with FDR, by using FDR itself to validate our tool's output.
We also provide empirical evidence on the performance of our tool compared to FDR, showing that it can be used on industrial-strength specifications.Michael Leuschelleuschel@cs.uni-duesseldorf.deMarc Fontaine2008-11-04T09:22:45Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/47This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/472008-11-04T09:22:45ZEasy Graphical Animation and Formula Visualisation for Teaching BProB is being used for teaching the B-method. In this paper, we present two new features of ProB that we have introduced while teaching B.
One feature allows a student (or an expert user) to graphically visualise any predicate as a tree. The underlying algorithm can deal with
undefined subformulas and tries to provide useful feedback even for existentially quantified formulas which are false.
This feature is especially useful to inspect unexpected invariant violations or operations which are unexpectedly enabled or disabled.
The other feature enables a student or lecturer to easily and quickly write custom graphical state representations, to provide a better understanding of the model.
With this method, one simply has to assemble a series of pictures and to write an animation function in B itself, which stipulates which pictures should be shown where depending on the current state of the model.
As an additional side-benefit, writing the animation function in B itself is a good exercise for students.Michael Leuschelleuschel@cs.uni-duesseldorf.deMireille SamiaJens BendispostoMireille Samia2008-11-04T09:16:45Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/46This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/462008-11-04T09:16:45ZLa validation de modèles Event-B avec le plug-in ProB pour RODINThe B-method, as well as its offspring Event-B, are both formal methods used for the development of critical computer systems whose correctness has to be formally established.
Event-B now spurs the Rodin platform, which is based on Eclipse and can be extended via plug-ins. In this paper, we present two such plug-ins; one for animation and one for interactive proof support, called a disprover. Both plug-ins are based on the ProB tool as well as a translation of Event-B to classical B.
With our new plug-ins, Rodin has now become a platform where a user can animate, prove and disprove formal models in an integrated fashion.
Jens BendispostoMichael Leuschelleuschel@cs.uni-duesseldorf.deOlivier LigotMireille Samia2008-11-04T09:08:49Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/45This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/452008-11-04T09:08:49ZProB gets Nauty: Effective Symmetry Reduction for B and Z ModelsSymmetry reduction holds great promise to counter the state explosion problem. However, currently it is ``conducting a life on the fringe'', and is not widely applied, mainly due to the restricted applicability of many of the techniques.
In this paper we propose a symmetry reduction technique applied to high-level formal specification languages (B and Z).
Not only does symmetry arise naturally in most models, it can also be exploited without restriction by our method.
This method translates states of a formal model into directed graphs, and then uses graph canonicalisation to detect symmetries.
We use the tool nauty to efficiently perform graph canonicalisation, which we have interfaced with the model checker ProB.
In this paper we present the general technique, show how states can be translated first into vertex-coloured graphs suitable for nauty.
We present empirical results, showing the effectiveness of our method as well as analysing the cost of graph canonicalisation.
Corinna SpermannMichael Leuschelleuschel@cs.uni-duesseldorf.de2007-12-12T17:15:09Z2008-10-07T21:26:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/5This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/52007-12-12T17:15:09ZProB: An Automated Analysis Toolset for the B MethodWe present ProB, a validation toolset for the B method. ProB's automated animation facilities allow users to gain confidence in their specifications. ProB also contains a model checker and a refinement checker, both of which can be used to detect various errors in B specifications. We describe the underlying methodology of ProB, and present the important aspects of the implementation. We also present empirical evaluations as well as several case studies, highlighting that ProB enables users to uncover errors that are not easily discovered by existing tools.Michael LeuschelMichael Butler2008-11-04T08:57:08Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/43This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/432008-11-04T08:57:08ZThe High Road to Formal Validation: Model Checking High-Level versus Low-Level SpecificationsIn this paper we examine the difference between model checking high-level and low-level models.
In particular, we compare the ProB model checker for the B-method and the spin model checker for Promela.
While spin has a dramatically more efficient model checking engine, we show that in practice the performance can be disappointing compared to model checking high-level
specifications with ProB.
We investigate the reasons for this behaviour, examining expressivity, granularity and spin's search algorithms.
We also show that certain types of information (such as symmetry) can be more easily inferred and exploited in high-level
models, leading to a considerable reduction in model checking time.Michael Leuschelleuschel@cs.uni-duesseldorf.de2009-09-09T08:05:36Z2010-04-19T15:05:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/149This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1492009-09-09T08:05:36ZAutomated Property Verification for Large Scale B ModelsIn this paper we describe the successful application of the ProB validation
tool on an industrial case study. The case study centres on the
San Juan metro system installed by Siemens. The control software was
developed and formally proven with B. However, the development contains
certain assumptions about the actual rail network topology which
have to be validated separately in order to ensure safe operation.
For this task, Siemens has developed custom proof rules for
AtelierB. AtelierB, however, was unable to deal with about 80 properties of the deployment (running out of memory).
These properties thus had to be validated by hand at great expense (and they need to be
revalidated whenever the rail network infrastructure changes).
In this paper we show how we were able to use ProB to validate all of the
about 300 properties of the San Juan deployment, detecting exactly the
same faults automatically in around 17 minutes that were manually uncovered in about one man-month.
This achievement required the extension of the ProB kernel for large sets
as well as an improved constraint propagation phase.
We also outline some of the effort and features that were required in moving
from a tool capable of dealing with medium-sized examples towards a tool
able to deal with actual industrial specifications. Notably, a new parser and
type checker had to be developed.
We also touch upon the issue of validating ProB, so that it can
be integrated into the SIL4 development chain at Siemens.Michael Leuschelleuschel@cs.uni-duesseldorf.deJérôme Falampinjerome.falampin@siemens.comFritz FabianPlagge Danielplagge@cs.uni-duesseldorf.de2009-09-21T15:42:14Z2010-04-19T15:05:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/152This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1522009-09-21T15:42:14ZProof Assisted Model Checking for BThe archives contain the models for proof supported model checking. For detailed description see
Bendisposto, Leuschel: Proof Assisted Model Checking for B
Proceedings of International Conference on Formal Engineering
Methods (ICFEM 09), LNCS, to appear
1) pomc_paper.zip: Contains the model that is guaranteed to terminate, but assumes finite(STATES)
2) pomc paper-wo_termination.zip: Contains the model without the assumption, but does not guarantee terminationJens Bendispostobendisposto@cs.uni-duesseldorf.deMichael Leuschelleuschel@cs.uni-duesseldorf.de2010-01-11T13:51:00Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/186This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1862010-01-11T13:51:00ZRefinement-Animation for Event-B - Towards a Method of ValidationWe provide a detailed description of refinement in Event-B, both as a contribution in itself and as a foundation for the approach to simultaneous animation of multiple levels of refinement that we propose.
We present an algorithm for simultaneous multi-level animation of refinement, and show how
it can be used to detect a variety of errors that occur frequently when using refinement.
The algorithm has been implemented in ProB and we applied it to several case studies, showing that multi-level animation is tractable also on larger models.Stefan HallerstedeMichael Leuschelleuschel@cs.uni-duesseldorf.deDaniel Plaggeplagge@cs.uni-duesseldorf.de