Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:23:38ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2012-03-15T09:45:21Z2012-09-11T18:39:18Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/375This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3752012-03-15T09:45:21ZFormal modelling for Ada implementations: Tasking Event-BThis paper describes a formal modelling approach, where Ada code is automatically generated from the modelling artefacts. We introduce an implementation-level specification, Tasking Event-B, which is an extension to Event-B. Event-B is a formal method, that can be used to model safety-, and business-critical systems. The work may be of interest to a section of the Ada community who are interested in applying formal modelling techniques in their development process, and automatically generating Ada code from the model. We describe a streamlined process, where the abstract modelling artefacts map easily to Ada language constructs. Initial modelling takes place at a high level of abstraction. We then use refinement, decomposition, and finally implementation-level annotations, to generate Ada code. We provide a brief introduction to Event-B, before illustrating the new approach using small examples taken from a larger case study.Andrew EdmundsAbdolbaghi RezazadehMichael Butler2012-05-08T09:23:13Z2012-09-11T18:17:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/394This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3942012-05-08T09:23:13ZEvent-B code generation: type extension with theoriesThe Event-B method is a formal modelling approach; our interest is the final step, of generating code for concurrent programs, from Event-B. Our Tasking Event-B tool integrates Event-B to facilitate code generation. The theory plug-in allows mathematical extensions to be added to an Event-B development. When working at the implementation level we need to consider how to translate the newly added types and operators into code. In this paper, we augment the theory plug-in, by adding a Translation Rules section to the tool. This enables us to define translation rules that map Event-B formulas to code. We illustrate the approach using a small case study, where we add a theory of arrays, and specify translation rules for generating Ada code.Andrew EdmundsMichael ButlerIssam MaamriaRenato SilvaChris Lovell2012-05-10T15:27:44Z2012-05-10T15:27:44Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/397This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3972012-05-10T15:27:44ZEnsuring Extensibility within Code GenerationMaking the step from Event-B to code is a process that can be aided through automatic code generation. The code generation plug-in for Rodin is a new tool for translating Event-B models to concurrent programmes. However users of such a tool will likely require a diverse range of target languages and target platforms, for which we do not currently provide translations. Some of these languages may be subtly different to existing languages and only have modest differences between the translation rules, for example C and C++, whilst others may have more fundamental differences. As the translation from Event-B to executable code is non-trivial and to reduce the likelihood of error, we want to generalise as much of the translation as possible so that existing translation rules are re-used. Therefore significant effort is needed to ensure that such a translation tool is extensible to allow additional languages to be included with relative ease. Here we concentrate on translation from a previously defined intermediary language, called IL1, which Event-B translates to directly.Chris LovellAndy EdmundsRenato SilvaIssam MaamriaMichael Butler2012-05-08T09:25:39Z2012-05-08T09:25:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/396This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3962012-05-08T09:25:39ZTooling: Code Generation UpdateAndrew EdmundsChris LovellRenato SilvaIssam MaamriaMichael Butler2011-02-24T08:45:40Z2011-02-24T08:45:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/291This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2912011-02-24T08:45:40ZTasking Event-B: An Extension to Event-B for Generating Concurrent CodeAndrew EdmundsMichael Butler2011-10-05T12:32:28Z2011-10-29T18:22:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/348This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3482011-10-05T12:32:28ZGeneration of certifiably correct programs from formal modelsApplication of formal notations and verifications
techniques helps to deliver systems that are free from engineering defects. A code generator is an essential tool for formal development of real-world systems; it transforms models into runnable software quickly, consistently and reproducibly. Commonly, a code generator is a program constructed informally and producing an output that is not formally traced to an input. Industrial standards to the development of safety-critical systems, such as IEC 61508, require a justification for any tool used in a development: extensive prior experience or a formal certification. An extensive experience is often not an option as there are very few sufficiently mature modelling toolsets. The
certification of a code generator is a major effort increasing costs and development time. We propose an approach where a modeller places no trust whatsoever in the code generation stage but rather obtains software that is certifiable without any further effort. The essence of the approach is in the transformation of a formal model into runnable software that is demonstratively correct in respect to a given set of verification criteria, coming from a requirements document. A Hoare logic is used to embedded correctness criteria into the resultant program; the approach supports design-by-contract annotations to allow developer to mix formal and informal parts with a fair degree of rigour.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-02-01T09:32:10Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/197This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1972010-02-01T09:32:10ZTool Support for Event-B Code GenerationThe Event-B method is a formal approach to modelling systems, using refinement. Initial specification is done at a high level of abstraction; detail is added in refinement steps as the development proceeds toward implementation. In previous work we developed an approach to bridge the gap between abstract specifications and implementations using an implementation level specification notation. In this paper we present details of the tool support for our notation and some of our experiences using the tool.Andrew EdmundsMichael Butler2009-08-11T16:17:31Z2010-04-19T15:05:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/144This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1442009-08-11T16:17:31ZOn Event-B and Control Flow
Event-B is a general purpose formal development method
suitable for the design and detailed development of safety-critical systems. Being a data-driven formalism, it lacks any control flow constructs. This turns out to be a limitation for systems with rich control flow properties. In Event-B, control flow information has to be embedded into
guards and event actions and this results in an entanglement of control flow and functional specification with the additional downside of extra model variables. This paper proposes a method for extending Event-B models with an new viewpoint portraying control flow properties of a
model. The novelty of the work is in relying solely on theorem proving to demonstrate the consistency of control flow and main Event-B specification. The focus is placed on the practicality of working with such an extension and also on achieving proof economy. A detailed formal
treatment of the method is presented and illustrated with a case study. A proof of concept implementation for the RODIN platform is briefly discussed.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2011-09-27T12:02:46Z2011-09-27T12:02:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/346This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3462011-09-27T12:02:46ZA Formally Constructed Instruction Set Architecture Definition of the XCore MicroprocessorThe XCore microprocessor is an embedded device developed by XMOS Ltd of Bristol, UK. The processor is general-purpose and has therefore been deployed in a range of different markets, including audio, display, communications, robotics and motor control. The technology is re-used in multiple products, including the XS1-G4 (a four-core device that can run up to 32 real time tasks), and the XS1-L1 (a single core device that can run up to 8 real time tasks). The ISA contains a range of typical instructions such as control-flow, register-to-register calculation and memory access, but also provides support for efficient synchronized multi-threaded programming and parallelism with other devices via fast interconnects. Support for these features is integrated into the ISA of the XCore, in contrast to a conventional memory-mapped device approach. This greatly improves run-time performance, at the cost of introducing specialist instructions to the ISA, which comprises 176 instructions.
As part of a Bristol University Knowledge Transfer Secondment (KTS) (Grant EP/H500316/1), a formal model of the complete ISA was constructed in Event-B, using the Rodin toolset. This project applied and extended the Event-B and RODIN based techniques for Instruction Set Architecture (ISA) analysis, developed by Dr Stephen Wright during his doctoral research, to an industrial setting. To that end, XMOS Ltd hosted Dr Wright in the period October 2010 to October 2011.Stephen Wrightstephen.wright@bris.ac.uk2012-09-13T09:16:59Z2013-02-18T14:59:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/455This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4552012-09-13T09:16:59ZBuilding on the DEPLOY legacy: code generation and simulationThe RODIN, and DEPLOY projects have laid solid foundations for further theoretical, and practical (methodological and tooling) advances with Event-B; we investigated code generation for embedded, multi-tasking systems. This work describes activities from a follow-on project, ADVANCE; where our interest is co-simulation of cyber-physical systems. We are working to better understand the issues arising in a development when modelling with Event-B, and animating with ProB, in tandem with a multi-simulation strategy. With multi-simulation we aim to simulate various features of the environment separately, in order to exercise the deployable code. This paper has two contributions, the first is the extension of the code generation work of DEPLOY, where we add the ability to generate code from Event-B state-machine diagrams. The second describes how we may use code, generated from state-machines, to simulate the environment, and simulate concurrently executing state-machines, in a single task. We show how we can instrument the code to guide the simulation, by controlling the relative rate that non-deterministic transitions are traversed in the simulation.Andrew Edmundsae2@ecs.soton.ac.ukJohn ColleyJ.L.Colley@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2010-12-03T15:11:00Z2010-12-09T15:36:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/260This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2602010-12-03T15:11:00ZPresentation Slides - Tasking Event-B for Code GenerationAndrew Edmundsae2@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk