Formal specification in Event-B

Similar documents
Event-B Course. 11. Formal Development of a Security Protocol (the Needham-Schroeder protocol)

User Manual of the RODIN Platform

Cyber Physical System Verification Seminar: Event-B

CSC 501 Semantics of Programming Languages

The Event-B Modelling Notation

Introductory logic and sets for Computer scientists

[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics

Rodin: An Open Toolset for Modelling and Reasoning in Event-B

CS 1200 Discrete Math Math Preliminaries. A.R. Hurson 323 CS Building, Missouri S&T

From Event-B Models to Dafny Code Contracts

Software development using B method. Julien Cervelle LACL - UPEC

Have we Learned from the Vasa Disaster?

The Needham-Schroeder-Lowe Protocol with Event-B


The Needham-Schroeder-Lowe Protocol with Event-B

Finding Deadlocks of Event-B Models by Constraint Solving

Formal Modelling of Railway Interlockings Using Event-B and the Rodin Tool-chain

CSC Discrete Math I, Spring Sets

Formal Methods. CITS5501 Software Testing and Quality Assurance

Some notes about Event-B and Rodin

Rodin: an open toolset for modelling and reasoning in Event-B

Software Construction

Self-Recovering Sensor-Actor Networks

Formal Verification of Distributed Transaction Execution in Replicated Database System using Event - B

A Mechanically and Incremental Development of the Remote Authentication Dial-In User Service Protocol

FOUNDATIONS OF THE B METHOD. Dominique Cansell, Dominique Méry 1 INTRODUCTION. 1.1 Overview of B. Computing and Informatics, Vol.

Reusable specification templates for defining dynamic semantics of DSLs

Tutorial on the event-based B method

FORMAL SPECIFICATION AND VERIFICATION OF TOTAL ORDER BROADCAST THROUGH DESTINATION AGREEMENT USING EVENT-B

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

6. Hoare Logic and Weakest Preconditions

Keywords: UML-B, refactoring, refinement, object-oriented design, annealing, introduce

Rodin. User s Handbook. Covers Rodin v.2.8. Michael Jastram (Editor) Foreword by Prof. Michael Butler. This work is sponsored by the Deploy Project

TIETS14 Introduction to Formal Specification

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. Discrete Mathematics

IFAD. VDMTools Validated. Design through Modelling. Overview of VDM -SL/++ IFAD. IFAD A/S Forskerparken 10 DK-5230 Odense M Denmark.

9/19/12. Why Study Discrete Math? What is discrete? Sets (Rosen, Chapter 2) can be described by discrete math TOPICS

1 The Axiom of Extensionality

13. The Leader Election Protocol (IEEE 1394) Jean-Raymond Abrial

Verifying Java Programs Verifying Java Programs with KeY

Formal Verification for UML/SysML models

CSE 20 DISCRETE MATH. Winter

B Specification Example

CMPSCI 250: Introduction to Computation. Lecture #1: Things, Sets and Strings David Mix Barrington 22 January 2014

Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics

Axiomatic Specification. Al-Said, Apcar, Jerejian

Language and Tool Support for Class and State Machine Refinement in UML-B

CSE20: Discrete Mathematics

UNIVERSITY OF SOUTHAMPTON Faculty of Engineering and Applied Science Department of Electronics and Computer Science

Summary of Course Coverage

Discrete Mathematics Lecture 4. Harper Langston New York University

Proceedings of the 12th International Workshop on Automated Verification of Critical Systems (AVoCS 2012)

CSE 20 DISCRETE MATH. Fall

Outline. A little history. Outline. The Unified Modeling Language Opportunities and Challenges for Formal Methods

Chapter 3. Describing Syntax and Semantics ISBN

Numerical Computations and Formal Methods

Formal analysis of imprecise system requirements with Event B

Redevelopment of an Industrial Case Study Using Event-B and Rodin

SOFTWARE ENGINEERING DESIGN I

Formal Specification: Z Notation. CITS5501 Software Testing and Quality Assurance

Lecture 11 Lecture 11 Nov 5, 2014

Logik für Informatiker Logic for computer scientists

Chapter 3 (part 3) Describing Syntax and Semantics

Formal Verification. Lecture 10

2.1 Sets 2.2 Set Operations

University of Southampton Research Repository eprints Soton

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

INTEGRATION OF AUTOMATIC THEOREM PROVERS IN EVENT-B PATTERNS

The learning objectives of this chapter are the followings. At the end of this chapter, you shall

Defining Classes and Methods

Syntax and Grammars 1 / 21

Mathematics for Computer Scientists 2 (G52MC2)

CMSC 330: Organization of Programming Languages. Operational Semantics

FMSE: Lecture 1. The Specification Language Z: Introduction

An Evolution of Mathematical Tools

Relations. Power set Cartesian product Relation Function

SMT solvers for Rodin

Event B Development of a Synchronous AADL Scheduler

Applying Atomicity and Model Decomposition to a Space Craft System in Event-B

Specification-based Testing of Embedded Systems H. Schlingloff, SEFM 2008

CSE101: Design and Analysis of Algorithms. Ragesh Jaiswal, CSE, UCSD

Contents. Chapter 1 SPECIFYING SYNTAX 1

Verification Condition Generation

The Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England


An introduction to Category Theory for Software Engineers*

Distributed Systems Programming (F21DS1) Formal Verification

Haskell Overview II (2A) Young Won Lim 8/9/16

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Abstract Interpretation

Structuring an Abstract Interpreter through Value and State Abstractions: EVA, an Evolved Value Analysis for Frama C

Domain Specific Languages. Requirements (Engineering)

Research Collection. Reusable mathematical models. Master Thesis. ETH Library. Author(s): Widmer, Tobias K. Publication Date: 2004

Implementation of Lexical Analysis

Week 8: The fundamentals of graph theory; Planar Graphs 25 and 27 October, 2017

Verification and Validation

Verification and Validation

Implementation of Lexical Analysis

Automated Requirements-Based Testing

Discharching Event-B Proof Obligations

Transcription:

2IW80 Software specification and architecture Formal specification in Event-B Alexander Serebrenik, Ulyana Tikhonova

Outline Introduction into formal specification Mathematical notation of Event-B Event-B UML-B / SET / W&I 2

Resources Summary of the Event-B notation: http://wiki.event-b.org/images/eventb-summary.pdf Tutorials http://handbook.event-b.org/current/html/index.html http://handbook.eventb.org/current/html/mathematical_notation.html Modeling in Event-B: System and Software Engineering by Jean-Raymond Abrial Repository of Event-B examples: http://www.stups.uniduesseldorf.de/bmotionstudio/index.php/user_guide/exa mples / SET / W&I 3

Formal specification and formal analysis Formal = mathematical Mathematical notation Theory behind the notation Validation Are we cooking the right product? Verification Are we cooking it right? / SET / W&I 4

Formal methods as a specification technique? Unambiguous? Realistic? Verifiable? Evolvable? / SET / W&I 6

Event-B Z, B method, Event-B Event-B formalism uses set theory and logic has an extensive tool support relatively simple, but not very expressive / SET / W&I 7

Outline Introduction into formal specification Mathematical notation of Event-B Event-B UML-B / SET / W&I 8

Predicates Logical primitives:, Logical operators:,,, Quantifiers: x 1, x n P(x 1, x n ) x 1, x n P(x 1, x n ) Equality and inequality: =, / SET / W&I 9

Sets Predefined sets: N, Z, BOOL Interval: m..n Sets: {expr 1,, expr n } { x P E } { x x 1..10 x ^ 2 } partition(s, {expr 1 },, {expr n }) partition(course_2iw80, {Tuesday}, {Thursday}) / SET / W&I 11

Sets Membership: a1 S, a4 S Subsets: {a1, a2} S, {b1, b2} S Operations on sets: S T, S T, S T Power sets: P(S) P(S) / SET / W&I 12

Is it true or false? { 2..2} \ {0} { x, y x Z y Z x y = 12 x } a. b. / SET / W&I 13

Relations Cartesian product A B Pair: a1 b2 Relations: A B, Domain and range: dom(r), ran(r) Relational image r[{a1, a3}] is {b1,b2,b4} / SET / W&I 16

Functions Functions: A B, A B, / SET / W&I 17

Outline Introduction into formal specification Mathematical notation of Event-B Event-B UML-B / SET / W&I 18

File system example In the file system, users can create new files, execute, display (on different output devices) and delete existing files. There is a special type of delete, which removes the file permanently from the file system. The file system makes use of an access right system which specifies who the owner of each file is and what operations are allowed by which users. The owner of each file may change the access rights to the file and give or take other people s permissions to access the file. In addition to the person who creates the file, the administrator is considered the owner of all files. Identify sets and relations / SET / W&I 19

What are the sets? In the file system, users can create new files, execute, display (on different output devices) and delete existing files. There is a special type of delete, which removes the file permanently from the file system. The file system makes use of an access right system which specifies who the owner of each file is and what operations are allowed by which users. The owner of each file may change the access rights to the file and give or take other people s permissions to access the file. In addition to the person who creates the file, the administrator is considered the owner of all files. User, File, Operation / SET / W&I 20

Sets and subsets User, File, Operation existing_files File opened_files existing_files current_user User partition(operation, {Execute}, {Display}, {Delete}, {Delete_permanently}) User current_user File existing_files opened_files / SET / W&I 21

What are the relations? In the file system, users can create new files, execute, display (on different output devices) and delete existing files. There is a special type of delete, which removes the file permanently from the file system. The file system makes use of an access right system which specifies who the owner of each file is and what operations are allowed by which users. The owner of each file may change the access rights to the file and give or take other people s permissions to access the file. In addition to the person who creates the file, the administrator is considered the owner of all files. owner existing_files User access User (Operation existing_files) / SET / W&I 22

Relations owner existing_files User access User (Operation existing_files) Operation User access Operation existing_files owner existing_files / SET / W&I 23

Other possibilities sets User, File existing_files File owner existing_files P(User) access_display existing_files P(User) access_execute existing_files P(User) access_delete existing_files P(User) access_delete_permanently existing_files P(User) / SET / W&I 24

Access control invariant existing_files File opened_files existing_files current_user User access User (Operation existing_files) opened { file Display file access[{current_user}] file } / SET / W&I 25

File system specified in Event-B / SET / W&I 26

File system specified in Event-B deterministic assignment / SET / W&I 27 some User (nondeterministic assignment)

File system specified in Event-B: verification inv6: opened { file Display file access[{current_user}] file } / SET / W&I 28

File system specified in Event-B: verification New guard: grd2 inv6: opened { file Display file access[{current_user}] file } / SET / W&I 29

Specification in Event-B: context component Context Sets data types Constants Axioms MANDATORY: types of constants properties that are assumed to be true / SET / W&I 30

Specification in Event-B: machine component Machine sees a context Variables whose values are changed by events Invariants MANDATORY: types of variables properties that need to be checked Events parameters (ANY) guards (WHERE) actions (THEN), executed in parallel / SET / W&I 31

Exercise for you: create file and delete file sets File, User, Operation existing_files File opened_files existing_files current_user User owner existing_files User access User (Operation existing_files) / SET / W&I 32

Create file / SET / W&I 33

Delete file Is it correct? / SET / W&I 34

Delete file: verification problems / SET / W&I 35

Delete file: improved version Domain and range restrictions / SET / W&I 36

Exercise for you: delete file permanently recycle_bin / SET / W&I 37

Exercise for you: delete file permanently recycle_bin File recycle_bin existing_files = What events need to be changed? / SET / W&I 38

Exercise for you: change access rights Is it correct? Relational override: r1 r2 = {x y x y r1 x dom(r2)} r2 / SET / W&I 39

Change access right: verification problems How would you repair this? inv6: opened { file Display file access[{current_user}] file } / SET / W&I 40

Change access right: how to repair? inv6: opened { file Display file access[{current_user}] file } Can the access rights to the file be changed when this file is opened? Or: to change access right to a file, this file should be closed Does an owner have the access to display files that he/she owns? Shall we add this to our invariants and guards? / SET / W&I 41

Rodin platform Event-B editor Write your specification Proof obligations Generated automatically for each pair from Invariants Events Discharged by automatic provers Model checking Animation of machines Execute your specification Graphical visualization / SET / W&I 42

Outline Introduction into formal specification Mathematical notation of Event-B Event-B UML-B / SET / W&I 44

UML-B Draw UML diagrams Class diagrams State machine diagrams Generate Event-B specification iuml-b plug-in http://wiki.event-b.org/index.php/iuml-b https://www.youtube.com/watch?v=nz7zpl2jtam / SET / W&I 45

State machine diagrams in iuml-b / SET / W&I 46

Generated Event-B specification Event-B is generated from the state machine! / SET / W&I 47

Generated Event-B specification / SET / W&I 48

Nested state machine / SET / W&I 49

State invariant Added manually / SET / W&I 50

Animate state machine diagram / SET / W&I 51

What is behind your state machine animation? / SET / W&I 52

UML vs. formal specification Using UML we can: a. Draw pictures b. Analyze the system c. Communicate with developers and customers d. Design the system e. Generate source code / SET / W&I 53

UML vs. formal specification Using formal specification we can: a. Draw pictures b. Analyze the system c. Communicate with developers and customers d. Design the system e. Generate source code / SET / W&I 54

Formal methods as a specification technique? Unambiguous? Realistic? Verifiable? Evolvable? / SET / W&I 55

Formal methods as a specification technique? Unambiguous? yes, formal notation and formal theory Realistic? might require a lot of effort on modeling a correct system Verifiable? yes, formal methods Evolvable? real-life systems: a lot of details huge formal specifications, which are hard to maintain / SET / W&I 56

Brief recapitulation / SET / W&I 57

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback