Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:23:42ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2013-11-20T12:45:52Z2013-11-20T12:45:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/464This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4642013-11-20T12:45:52ZMathematical Language of Event-B ProofsThis model proves correct the optimisation implemented in Rodin 3.0 for storing the mathematical language in which proofs are written.
See http://wiki.event-b.org/index.php/Language_of_an_Event-B_Component for more details on the context of this model.Laurent Voisinlaurent.voisin@systerel.fr2012-07-18T12:48:03Z2012-09-11T18:38:26Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/424This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4242012-07-18T12:48:03ZSMT Solvers for RodinFormal development in Event-B generally requires the validation of a large number of proof obligations. Some automatic tools exist to automatically discharge a significant part of them, thus augmenting the efficiency of the formal development. We here investigate the use of SMT (Satisfiability Modulo Theories) solvers in addition to the traditional tools, and detail the techniques used for the cooperation between the Rodin platform and SMT solvers.
Our contribution is the definition of two approaches to use SMT solvers, their implementation in a Rodin plug-in, and an experimental evaluation on a large sample of industrial and academic projects. Adding SMT solvers to Atelier B provers reduces to one fourth the number of sequents that need to be proved interactively.David Déharbedavid@dimap.ufrn.brPascal FontainePascal.Fontaine@inria.frYoann Guyotyoann.guyot@systerel.frLaurent Voisinlaurent.voisin@systerel.fr2011-10-05T12:32:28Z2011-10-29T18:22:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/348This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3482011-10-05T12:32:28ZGeneration of certifiably correct programs from formal modelsApplication of formal notations and verifications
techniques helps to deliver systems that are free from engineering defects. A code generator is an essential tool for formal development of real-world systems; it transforms models into runnable software quickly, consistently and reproducibly. Commonly, a code generator is a program constructed informally and producing an output that is not formally traced to an input. Industrial standards to the development of safety-critical systems, such as IEC 61508, require a justification for any tool used in a development: extensive prior experience or a formal certification. An extensive experience is often not an option as there are very few sufficiently mature modelling toolsets. The
certification of a code generator is a major effort increasing costs and development time. We propose an approach where a modeller places no trust whatsoever in the code generation stage but rather obtains software that is certifiable without any further effort. The essence of the approach is in the transformation of a formal model into runnable software that is demonstratively correct in respect to a given set of verification criteria, coming from a requirements document. A Hoare logic is used to embedded correctness criteria into the resultant program; the approach supports design-by-contract annotations to allow developer to mix formal and informal parts with a fair degree of rigour.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2011-02-24T08:57:09Z2011-02-24T08:57:09Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/294This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2942011-02-24T08:57:09ZRewriting and Well-Definedness within a Proof System Issam MaamriaMichael Butler2010-10-27T13:00:06Z2010-10-27T13:00:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/251This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2512010-10-27T13:00:06ZMathematical Extension in Event-B through the Rodin Theory Component Michael Butlermjb@ecs.soton.ac.ukIssam Maamria2010-01-27T17:22:14Z2010-01-27T17:22:14Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/192This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1922010-01-27T17:22:14ZOn an Extensible Rule-based Prover for Event-BEvent-B is a formalism for discrete system modelling. The Rodin platform provides a toolset to carry out specification, refinement and proof in Event-B. The importance of proofs as part of formal modelling cannot be emphasised enough, and as such, it is imperative to provide effective tool support for it. An important aspect of this support is the extensibility of the prover, and more pressingly, how its soundness is preserved while allowing extensibility. Rodin has a limited support for adding rules as this requires (a) a deep understanding of the internal architecture and (b) knowledge of the Java language. Our approach attempts to provide support for user-defined proof rules. We initially focus on supporting rewrite rules to enhance the rewriting capabilities of Rodin. To achieve this objective, we introduce a theory construct distinct from contexts and machines. The theory construct provides a platform for the users to define rewrite rules both conditional and unconditional. As part of rule definition, users decide whether the rule is to be applied automatically or interactively. Each defined rule gives rise to proof obligations that serve to verify its conservativity. In this respect, it is required that validity and well-definedness are preserved by rules. After the conservativity of all rules contained in a theory is established, the theory can then be deployed and available to the proving activity. In order to apply rewrite rules, it is necessary to single out applicable rules to any given sequent. This is achieved through a pattern matching mechanism which is implemented as an extension to Rodin. Our approach has two advantages. Firstly, it offers a uniform mechanism to add proof rule without the need to write Java code. Secondly, it provides a means to verify added rules using proof obligations. Our work is still in progress, and research has to be carried out to (a) cover a larger set of rewrite and inference rules, and (b) provide guidelines to help the theory developer with deciding whether a given rule should be applied automatically. Issam MaamriaMichael ButlerAndrew EdmundsAbdolbaghi Rezazadeh2010-01-12T10:11:20Z2010-01-12T10:11:20Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/180This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1802010-01-12T10:11:20ZAn outline of a proposed system that learns from experts how to discharge proof obligations automatically. Alan BundyGudmund GrovCliff B JonesCliff.Jones@ncl.ac.uk2010-01-12T10:11:30Z2010-01-12T10:11:30Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/179This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1792010-01-12T10:11:30ZLearning from experts to aid the automation of proof search.Alan BundyGudmund GrovCliff B JonesCliff.Jones@ncl.ac.uk2008-08-06T19:47:20Z2010-04-19T15:05:50Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/29This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/292008-08-06T19:47:20ZThe connection between two ways of reasoning about partial functionsUndefined terms involving the application of partial functions and operators are common in program specifications and in discharging proof obligations that arise in design. One way of reasoning about partial functions with classical First-order Predicate Calculus (FoPC) is to use a non-strict equality notion so as to insulate logical operators from undefined operands. An alternative approach is to work only with strict (weak) equality but use an alternative Logic of Partial Functions (LPF)—a logic in which the “Law of the Excluded Middle” does not hold. This paper explores the relationships between the theorems that can be proved in the two approaches. The main result is that theorems in LPF using weak equality can be straightforwardly translated into ones that are true in FoPC; translation in the other direction results, in general, in more complicated expressions but in many cases these can be readily simplified. Such results are important if the laudable move towards interworking of formal methods tools is to be sound.John S FitzgeraldJohn.Fitzgerald@ncl.ac.ukCliff B JonesCliff.Jones@ncl.ac.uk2008-11-04T09:16:45Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/46This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/462008-11-04T09:16:45ZLa validation de modèles Event-B avec le plug-in ProB pour RODINThe B-method, as well as its offspring Event-B, are both formal methods used for the development of critical computer systems whose correctness has to be formally established.
Event-B now spurs the Rodin platform, which is based on Eclipse and can be extended via plug-ins. In this paper, we present two such plug-ins; one for animation and one for interactive proof support, called a disprover. Both plug-ins are based on the ProB tool as well as a translation of Event-B to classical B.
With our new plug-ins, Rodin has now become a platform where a user can animate, prove and disprove formal models in an integrated fashion.
Jens BendispostoMichael Leuschelleuschel@cs.uni-duesseldorf.deOlivier LigotMireille Samia2010-01-12T10:11:06Z2010-01-12T10:11:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/178This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1782010-01-12T10:11:06ZReflections on, and predictions for, support systems for the development of programs.Cliff B JonesCliff.Jones@ncl.ac.uk2011-09-27T12:02:46Z2011-09-27T12:02:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/346This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3462011-09-27T12:02:46ZA Formally Constructed Instruction Set Architecture Definition of the XCore MicroprocessorThe XCore microprocessor is an embedded device developed by XMOS Ltd of Bristol, UK. The processor is general-purpose and has therefore been deployed in a range of different markets, including audio, display, communications, robotics and motor control. The technology is re-used in multiple products, including the XS1-G4 (a four-core device that can run up to 32 real time tasks), and the XS1-L1 (a single core device that can run up to 8 real time tasks). The ISA contains a range of typical instructions such as control-flow, register-to-register calculation and memory access, but also provides support for efficient synchronized multi-threaded programming and parallelism with other devices via fast interconnects. Support for these features is integrated into the ISA of the XCore, in contrast to a conventional memory-mapped device approach. This greatly improves run-time performance, at the cost of introducing specialist instructions to the ISA, which comprises 176 instructions.
As part of a Bristol University Knowledge Transfer Secondment (KTS) (Grant EP/H500316/1), a formal model of the complete ISA was constructed in Event-B, using the Rodin toolset. This project applied and extended the Event-B and RODIN based techniques for Instruction Set Architecture (ISA) analysis, developed by Dr Stephen Wright during his doctoral research, to an industrial setting. To that end, XMOS Ltd hosted Dr Wright in the period October 2010 to October 2011.Stephen Wrightstephen.wright@bris.ac.uk2011-12-16T11:29:54Z2012-03-01T11:02:55Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/361This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3612011-12-16T11:29:54ZTranslation from Set-Theory to Predicate CalculusThe mathematical language event-B contains powerful syntactic constructs to reason about functions, relations and some other sets. Automatic provers on the other side prefer to work on the smallest syntactic subset of the language that is still expressive.
This document describes a translation which:
• removes most set-theoretic constructs of a predicate.
• separates arithmetic and set-theoretic constructs from each other.
• simplifies predicates.Matthias KonradLaurent Voisinlaurent.voisin@systerel.fr