Decomposition tool for Event-B

Two methods have been identified for Event-B model decomposition: shared variable and shared event. The purpose of this paper is to introduce the two approaches and the respective tool support in the Rodin platform. Besides alleviating the complexity for large systems and respective proofs, decomposition allows team development in parallel over the same model which is very attractive in the industrial environment

06191 Abstracts Collection -- Rigorous Methods for Software Construction and Analysis

From 07.05.06 to 12.05.06, the Dagstuhl Seminar 06191 ``Rigorous Methods for Software Construction and Analysis\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Reasoned modelling critics: turning failed proofs into modelling guidance

The activities of formal modelling and reasoning are closely related. But while the rigour of building formal models brings significant benefits, formal reasoning remains a major barrier to the wider acceptance of formalism within design. Here we propose reasoned modelling critics — an approach which aims to abstract away from the complexities of low-level proof obligations, and provide high-level modelling guidance to designers when proofs fail. Inspired by proof planning critics, the technique combines proof-failure analysis with modelling heuristics. Here, we present the details of our proposal, implement them in a prototype and outline future plans

From Event-B models to Dafny code contracts

International audienceThe constructive approach to software correctness aims at formal modelling and verification of the structure and behaviour of a system in different levels of abstraction. In contrast, the analytical approach to software verification focuses on code level correctness and its verification. Therefore it would seem that the constructive and analytical approaches should complement each other well. To demonstrate this idea we present a case for linking two existing verification methods, Event-B (constructive) and Dafny (analytical). This approach combines the power of Event-B abstraction and its stepwise refinement with the verification capabilities of Dafny. We presented a small case study to demonstrate this approach and outline of the rules for transforming Event-B events to Dafny contracts. Finally, a tool for automatic generation of Dafny contracts from Event-B formal models is presented

Filling in CMB map missing data using constrained Gaussian realizations

For analyzing maps of the cosmic microwave background sky, it is necessary to mask out the region around the galactic equator where the parasitic foreground emission is strongest as well as the brightest compact sources. Since many of the analyses of the data, particularly those searching for non-Gaussianity of a primordial origin, are most straightforwardly carried out on full-sky maps, it is of great interest to develop efficient algorithms for filling in the missing information in a plausible way. We explore practical algorithms for filling in based on constrained Gaussian realizations. Although carrying out such realizations is in principle straightforward, for finely pixelized maps as will be required for the Planck analysis a direct brute force method is not numerically tractable. We present some concrete solutions to this problem, both on a spatially flat sky with periodic boundary conditions and on the pixelized sphere. One approach is to solve the linear system with an appropriately preconditioned conjugate gradient method. While this approach was successfully implemented on a rectangular domain with periodic boundary conditions and worked even for very wide masked regions, we found that the method failed on the pixelized sphere for reasons that we explain here. We present an approach that works for full-sky pixelized maps on the sphere involving a kernel-based multi-resolution Laplace solver followed by a series of conjugate gradient corrections near the boundary of the mask.Comment: 22 pages, 14 figures, minor changes, a few missing references adde

Step-wise development of resilient ambient campus scenarios

This paper puts forward a new approach to developing resilient ambient applications. In its core is a novel rigorous development method supported by a formal theory that enables us to produce a well-structured step-wise design and to ensure disciplined integration of error recovery measures into the resulting implementation. The development method, called AgentB, uses the idea of modelling database to support a coherent development of and reasoning about several model views, including the variable, event, role, agent and protocol views. This helps system developers in separating various modelling concerns and makes it easier for future tool developers to design a toolset supporting this development. Fault tolerance is systematically introduced during the development of various model views. The approach is demonstrated through the development of several application scenarios within an ambient campus case study conducted at Newcastle University (UK) as part of the FP6 RODIN project. © 2009 Springer Berlin Heidelberg

The composition of Event-B models

The transition from classical B [2] to the Event-B language and method [3] has seen the removal of some forms of model structuring and composition, with the intention of reinventing them in future. This work contributes to thatreinvention. Inspired by a proposed method for state-based decomposition and refinement [5] of an Event-B model, we propose a familiar parallel event composition (over disjoint state variable lists), and the less familiar event fusion (over intersecting state variable lists). A brief motivation is provided for these and other forms of composition of models, in terms of feature-based modelling. We show that model consistency is preserved under such compositions. More significantly we show that model composition preserves refinement

Rodin: an open toolset for modelling and reasoning in Event-B

Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods