Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:23:27ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2012-09-20T12:48:47Z2013-02-18T14:59:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/456This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4562012-09-20T12:48:47ZMore AbstractionBased on 10+ years of formal modelling in industry, I advocate the use
of domain theories and modelling patterns in system modelling.
When modelling a system, one has to somehow encode some domain data
structures
into some mathematical notation (e.g., set-theory for Event-B). This
encoding is not trivial, except for very simple case studies. Inlining this
encoding within a model makes it difficult to read and consequently difficult
to prove. It is much better to separate the encoding in a separate file
(i.e., a theory) which will describe the data structure, provide operators for
updating it together with proof rules for reasoning about them. The model is
then free from clutter and can be expressed at the same level of discourse as
domain experts.
I think that AI could provide significant benefits by detecting when a model
is not at the correct level of discourse and contains too much encoding. This
could be detected by inspecting the model and assessing its intrinsic
complexity. This would be particularly useful for beginners who usually have
difficulty to separate concerns.
Another use of AI is to implement refinement plans (see paper by Grov, Ireland
and Llano presented at ABZ 2012). In this setting, a failing proof is
analysed with respect to some refinement patterns and the tool suggests
amendment to the model that would allow to fix its proof. I think that it
would be much more valuable if the refinement patterns would be in the form of
generic models. The tool would then propose to instantiate the generic
pattern and suggest ways to instantiate it (e.g., provide actual parameters).
This would reuse not only the pattern but also its associated proof. The user
would only have to prove that the actual parameters fulfill the pattern
pre-conditions.
More generally, AI could be used to mine existing models to extract generic
patterns from them. This would allow to build a library of recurring
patterns. As for refinement plans, AI could also be used for guiding users
within the library and help them select the appropriate patterns with respect
to their modelling needs.
In conclusion, using both theories and generic model patterns makes models
more easy to develop, read and prove, by allowing better reuse. AI could be
of great help in assisting users for making the better use of these tools.Laurent Voisin2012-03-23T09:32:25Z2012-03-23T09:32:25Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/383This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3832012-03-23T09:32:25ZRefinement-Preserving Translation from Event-B to Register-Voice Interactive SystemsThe state-based formal method Event-B relies on the concept
of correct stepwise development, ensured by discharging corresponding
proof obligations. The register-voice interactive systems (rv-IS) formalism
is a recent approach for developing software systems using both
structural state-based as well as interaction-based composition operators.
One of the most interesting feature of the rv-IS formalism is the
structuring of the components interactions. In order to study whether a
more structured (rv-IS inspired) interaction approach can significantly
ease the proof obligation effort needed for correct development in Event-
B, we need to devise a way of integrating these formalisms. In this paper
we propose a refinement-based translation from Event-B to rv-IS, exemplified with a file transfer protocol modelled in both formalisms.Denisa DiaconescuIoana LeusteanLuigia PetreKaisa SereKaisa.Sere@abo.fiGheorghe Stefanescu2012-07-16T18:29:48Z2012-09-11T18:37:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/422This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4222012-07-16T18:29:48ZExternal and internal choice with event groups in Event-BMichael Butler2012-06-29T07:55:23Z2012-06-29T07:55:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/411This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4112012-06-29T07:55:23ZFormal development and assessment of a reconfigurable on-board satellite systemAnton TarasyukAnton.Tarasyuk@abo.fiInna PereverzevaInna.Pereverzeva@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiTimo LatvalaLaura Nummila2012-06-29T07:55:06Z2012-06-29T07:55:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/409This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4092012-06-29T07:55:06ZFormal Development of Critical Multi-Agent Systems: A Refinement ApproachInna PereverzevaInna.Pereverzeva@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2012-06-29T07:54:52Z2012-06-29T07:54:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/408This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4082012-06-29T07:54:52ZFormal Goal-Oriented Development of Resilient Multi-Agent Systems in Event-BGoal-Oriented Development facilitates structuring complex requirements. To ensure resilience the designers should guarantee that the system achieves its goals despite changes, e.g., caused by failures of system components. In this paper we propose a formal goal-oriented approach to development of resilient MAS. We formalize the notion of goal and goal achievement in Event-B and propose the specification and refinement patterns that allow us to guarantee that the targeted goals are reached despite agent failures. We illustrate our approach by a case study – development of an autonomous multi-robotic system.Inna PereverzevaInna.Pereverzeva@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2012-06-29T07:54:42Z2012-06-29T07:54:42Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/407This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4072012-06-29T07:54:42ZFormal Modelling and Verification of Service-Oriented Systems in Probabilistic Event-BModelling and refinement in Event-B provides a scalable sup- port for the development of complex service-oriented systems. Refinement in Event-B supports a systematic service development by a gradual trans- formation of an abstract specification into a detailed service architecture. In this paper we aim at integrating quantitative assessment of desired quality of essential service attributes into formal modelling process. We propose an approach to creating and verifying a dynamic service architecture in Event- B. Such an architecture can be augmented with stochastic information and transformed into the corresponding continuous-time Markov chain represen- tation. By relying on probabilistic model-checking techniques, we allow for quantitative evaluation of quality of service attributes at early development stages. The approach is illustrated by a simple case study.Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2012-05-16T08:20:52Z2012-05-18T14:17:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/398This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3982012-05-16T08:20:52ZTowards the Composition of Specifications in Event-BThe development of a system can start with the creation of a specification. Following this viewpoint, we claim that often a specification can be constructed from the combination of specifications which can be seen as composition. Event-B is a formal method that allows modelling and refinement of systems. The combination, reuse and validation of component specifications are not currently supported in Event-B. We extend the Event-B formalism using shared event composition as an option for developing (distributed) systems. Refinement is used in the development of specifications using composed machines and we prove that properties and proof obligations of specifications can be reused to ensure valid composed specifications. The main contributions of this work are the Event-B extension to support shared event composition and refinement including the proof obligations for a composed machine.Renato Silvaras07r@ecs.soton.ac.uk2012-07-09T14:43:12Z2012-07-09T14:43:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/418This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4182012-07-09T14:43:12ZDevelopment of Control Systems Guided by Models of Their EnvironmentSimon HudonThai Son Hoanghtson@inf.ethz.ch2012-01-23T13:10:15Z2012-01-23T13:10:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/363This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3632012-01-23T13:10:15ZDeveloping a Consensus Algorithm Using Stepwise Refinement
Consensus problems arise in any area of computing where distributed
processes must come to a joint decision. Although solutions to
consensus problems have similar aims, they vary according to the
processor faults and network
properties that must be taken into account, and modifying these
assumptions will lead to different algorithms.
Reasoning about consensus
protocols is subtle, and correctness proofs are often informal.
This paper gives a fully formal development and proof of a known
consensus algorithm using the stepwise refinement method Event-B.
This allows us to manage the complexity of the proof process by
factoring the proof of correctness into a number of refinement steps,
and to carry out the proof task concurrently with the development.
During the development the processor faults and network properties on which
the development steps rely are identified. The research outlined here
is motivated by the observation that making different choices at these
points may lead to alternative algorithms and proofs, leading to a
refinement tree of algorithms with partially shared proofs.Jeremy W. Bryansjeremy.bryans@ncl.ac.uk2012-07-23T09:55:40Z2012-07-23T09:55:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/428This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4282012-07-23T09:55:40ZRefining Nodes and Edges of State MachinesState machines are hierarchical automata that are widely used to structure complex behavioural specifications. We develop two notions of refinement of state machines, node refinement and edge refinement. We compare the two notions by means of examples and argue that, by adopting simple conventions, they can be combined into one method of refinement. In the combined method, node refinement can be used to develop architectural aspects of a model and edge refinement to develop algorithmic aspects. The two notions of refinement are grounded in previous work. Event-B is used as the foundation for our refinement theory and UML-B state machine refinement influences the style of node refinement. Hence we propose a method with direct proof of state machine refinement avoiding the detour via Event-B that is needed by UML-B.Stefan HallerstedeColin Snook2012-07-09T14:52:39Z2012-07-09T14:52:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/419This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4192012-07-09T14:52:39ZAutomated Analysis of Non-Interference Security by RefinementThai Son Hoanghtson@inf.ethz.chAnnabelle McIverLarrisa MeinickeAnthony SloaneEnrico Susatyo2011-11-16T09:32:55Z2011-11-16T09:32:55Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/356This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3562011-11-16T09:32:55ZConcurrent Scheduling of Event-B ModelsEvent-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be designed so that their application results in a correctness-preserving refinement step. For practical application, two patterns for schedule introduction are provided, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem.Pontus BoströmFredrik DegerlundKaisa SereMarina Waldén2012-07-23T09:55:11Z2012-07-23T09:55:11Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/429This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4292012-07-23T09:55:11ZModelling Control Process and Control Mode with Synchronising Orthogonal State MachinesIn this short paper we describe early work on a case study concerning a power window control unit. We use UML-B state machines to simultaneously model both the cyclic processing schedule and the mode of control behaviour. We find this a useful way to visualise the model, particularly when the state machines are animated via the Pro-B animator. We verify the state machines using the Event-B proof tools. We envisage new developments to the UML-B tool set to improve support for this modelling technique. The motivation for this simple but powerful form of modelling is the immediate benefit and low cost of entry making industrial adoption of formal models more attractive to industry.Colin Snook2011-02-24T08:47:41Z2011-02-24T08:47:41Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/292This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2922011-02-24T08:47:41ZApplying Atomicity and Model Decomposition to a Space Craft System in Event-BAsieh Salehi FathabadiAbdolbaghi RezazadehMichael Butler2011-08-02T12:57:38Z2011-08-02T12:57:38Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/319This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3192011-08-02T12:57:38ZCorrect-by-Construction Development of Fault Tolerant Systems (Tutorial at FM 2011)Ensuring system fault tolerance is one of the major concerns in developing critical industrial applications. The tutorial shows how to rigorously develop systems that are not only functionally correct but also fault tolerant. The material of the tutorial is built on the results of two EC projects, RODIN and DEPLOY, that created and validated in the industrial settings the RODIN platform - an Eclipse-based development environment supporting formal modelling in Event-B. The focus of the tutorial is on demonstrating how fault tolerance can be systematically specified and verified as an intrinsic part of the overall system behavior. The general principles are demonstrated by several industrial case studies based on our work with telecommunication, space and business information sectors. As part of the tutorial we will introduce and demonstrate a number of RODIN tools that support model structuring using modes, modules, and fault tolerance views, and facilitate fault tolerance modelling.
All materials of this tutorial are available on http://iliasov.org/fm2011/
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2012-06-29T07:54:19Z2012-06-29T07:54:19Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/405This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4052012-06-29T07:54:19ZDerivation and Formal Verification of a Mode Logic for Layered Control SystemsModes are widely used to structure the behaviour of control systems. For many such systems, derivation and verification of a mode logic is challenging due to a large number of modes and complex mode transitions. In this paper we propose an approach to deriving, formalising and verifying consistency of a mode logic for fault tolerant control systems. We demonstrate how to use Failure Modes and Effects Analysis (FMEA) to systematically derive the fault tolerance part of the mode logic. To tackle the problem of mode consistency, we propose a formalisation of the mode logic and mode consistency conditions for layered systems with reconfigurable components. We use our formalisation to develop and verify a mode-rich system by refinement in Event-B.Yuliya ProkhorovaYuliya.Prokhorova@abo.fiLinas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiKimmo VarpaaniemiTimo Latvala2012-06-29T07:54:30Z2012-06-29T07:54:30Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/406This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4062012-06-29T07:54:30ZDeriving Mode Logic for Fault-Tolerant Control SystemsYuliya ProkhorovaYuliya.Prokhorova@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiKimmo VarpaaniemiTimo Latvala2011-08-02T10:47:15Z2011-08-02T10:47:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/317This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3172011-08-02T10:47:15ZFormal Approach to Ensuring Interoperability of Mobile AgentsLinas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-08-02T13:08:31Z2011-08-02T13:11:37Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/320This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3202011-08-02T13:08:31ZFormal Derivation of a Distributed Program in Event BAchieving high dependability of distributed systems remains
a major challenge due to complexity arising from concurrency and communication. There are a number of formal approaches to verification of properties of distributed algorithms. However, there is still a lack of methods that enable a transition from a verified formal model of communication to a program that faithfully implements it. In this paper we aim at bridging this gap by proposing a state-based formal approach to correct-by-construction development of distributed programs. In our approach we take a systems view, i.e., formally model not only application but also its environment. We decompose such an integrated specification to obtain the distributed program that should be deployed on the targeted network infrastructure. To illustrate our approach, we present a development of a distributed leader election protocol.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-08-02T10:53:00Z2011-08-02T13:15:03Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/318This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3182011-08-02T10:53:00ZFormal Stepwise Development of Scalable and Reliable Multiagent SystemsThis chapter considers the coordination aspect of large-scale dynamically-reconfigurable multi-agent systems in which agents cooperate to achieve a common goal. The agents reside on distributed nodes and collectively represent a distributed system capable of executing tasks that cannot be effectively executed by an individual node. The two key requirements to be met when designing such a system are scalability and reliability. Scalability ensures that a large number of agents can participate in computation
without overwhelming the system management facilities and thus allows agents to join and leave the system without affecting its performance. Meeting the reliability requirement guarantees that the system has enough redundancy to transparently tolerate a number of node crashes and agent failures, and is therefore free from single points of failures. The Event B formal method is used to validate the design formally and to ensure system scalability and reliability.Denis GrotsevAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2012-07-23T12:29:58Z2012-07-23T12:29:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/444This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4442012-07-23T12:29:58ZVerification of UML models by translation to UML-BUML-B is a `UML like' notation based on the Event-B formalism which allows models to be progressively detailed through refinements that are proven to be consistent and to satisfy safety invariants using the Rodin platform and its automatic proof tools. UML, on the other hand, encourages large models to be expressed in a single, detailed level and relies on simulation and model testing techniques for verification. The advantage of proof over model-testing is that the proof is valid for all instantiations of the model whereas a simulation must choose a typical instantiation. In the INESS project we take an extant UML model of a railway interlocking system and explore methodical ways to translate it into UML-B in such a way as to facilitate proof that the model satisfies certain safety properties which are expressed as invariants. We describe the translation attempted so far and insights that we have gained from attempting to prove a safety property. We propose some possible improvements to the translation which we believe will make the proof easier. Colin SnookVitaly SavicksMichael Butler2011-02-16T14:27:09Z2011-02-18T15:29:14Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/285This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2852011-02-16T14:27:09ZDeveloping a Consensus Algorithm using Stepwise RefinementWe give a formal development and proof of a known consensus algorithm using stepwise refinement. We begin with an abstract specification of the intended result of the algorithm. The algorithm is developed and proved correct over a number of refinement steps. The proof of correctness is performed concurrently with the development. The development and proof make use of key fault and failure assumptions. The stepwise refinement approach allows us to introduce and prove each property at the most appropriate stage in the development, before detail irrelevant to that property has been added to the model.
Finally we introduce an abstract model of a possible network on which
the algorithm could be executed.Jeremy W. Bryansjeremy.bryans@ncl.ac.uk2012-05-16T08:21:11Z2012-05-18T14:16:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/399This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3992012-05-16T08:21:11ZShared Event Composition/Decomposition in Event-BThe construction of specifications is often a combination of smaller sub-components. Composition and decomposition are techniques that support reuse and allow us to formally combine sub-components through refinement steps while reusing their properties. Sub-components can result from a design or architectural goal and a refinement framework should allow further parallel development over the sub-components. We propose the definition of composition and decomposition in the Event-B formalism following a shared event approach where sub-components interact via synchronisation over shared events and shared states are not allow. We define the necessary proof obligations to ensure a valid composition or decomposition. We also show that shared event composition preserves refinement proofs for sub-components, that is, in order to maintain refinement of compositions, it is sufficient to prove refinement between corresponding subcomponents. A case study applying these two techniques is illustrated using Rodin, the Event-B toolset.Renato Silvaras07r@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2011-02-24T08:59:48Z2011-02-24T08:59:48Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/295This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2952011-02-24T08:59:48ZApplying Event-B Atomicity Decomposition to a Multi Media ProtocolAsieh Salehi FathabadiMichael Butler2010-03-22T15:47:25Z2010-04-19T15:06:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/214This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2142010-03-22T15:47:25ZSystem Architecture, Dependability and ModesThe mode, defining the specific type of functional behaviour that a system exhibits during its operation, is an
important architectural level concept, which has a significant impact on system design, verification and dependability. The notions of modes and mode changes are widely used by the industrial engineers to structure reasoning about different conditions of system functioning. Even though there has been some work on developing modal systems, we still lack a general understanding of how to architect, verify and ensure dependability of such systems. In our work we rely on formal modelling and verification to study intricate relationships between fault tolerance, operation modes and architectural design.Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2010-02-01T13:06:24Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/200This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2002010-02-01T13:06:24ZDecomposition Tool for Event-BTwo methods have been identified for Event-B model decomposition: shared variable and shared event. The purpose of this paper is to introduce the two approaches and the respective tool support in the Rodin platform. Besides alleviating the complexity for large systems and respective proofs, decomposition allows team development in parallel over the same model which is very attractive in the industrial environment.Renato SilvaCarine PascalT. Son HoangMichael Butler2010-03-22T10:47:57Z2010-04-19T15:06:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/213This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2132010-03-22T10:47:57ZAn Event-B model of the Attitude and Orbit Control SystemAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fi2010-02-16T12:51:17Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/207This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2072010-02-16T12:51:17ZPatterns for Modelling Time and Consistency in Business Information SystemsMaintaining semantic consistency of data is a significant problem in distributed information systems, particularly those on which a business may depend. Our current work aims to use Event-B and the Rodin tools to support the specification and design of such systems in a way that integrates well into existing development processes. This paper presents Event-B patterns that may be used to represent recovery from timebounded inconsistency and illustrates their use in a model derived from industrial applications.Jeremy W. Bryansjeremy.bryans@ncl.ac.ukJohn S. Fitzgeraldjohn.fitzgerald@ncl.ac.ukAlexander Romanovskyalexander.romanovsky@ncl.ac.ukA. Roth2010-01-11T08:48:50Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/172This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1722010-01-11T08:48:50ZSupporting Reuse in Event B Development: Modularisation Approach
Recently, Space Systems Finland has undertaken formal Event B development of a part of on-board software for the BepiColombo space mission. As a result, lack of modularization mechanisms in Event B has been identified as a serious obstacle to scalability. One of the main benifits of modularization is that it allows us to decompose system models into components that can be independently developed. It also helps to manage complexity of models that in the industrial setting are usually very large and difficult to comprehend. On the other hand, modularization enables reuse of formally developed components in the formal product line development. In this paper we propose a conservative extension of Event B formalism to support modularization. We demonstrate how our approach can support reuse in the formal development in the space domain.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiDubravka IlicTimo Latvala2012-07-23T11:05:24Z2012-07-23T11:05:24Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/434This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4342012-07-23T11:05:24ZLanguage and tool support for class and state machine refinement in UML-BUML-B is a ?UML-like? graphical front end for Event-B that provides support for object-oriented modelling concepts. In particular, UML-B supports class diagrams and state machines, concepts that are not explicitly supported in plain Event-B. In Event-B, refinement is used to relate system models at different abstraction levels. The same abstraction-refinement concepts can also be applied in UML-B. This paper introduces the notions of refined classes and refined state machines to enable refinement of classes and state machines in UML-B. Together with these notions, a technique for moving an event between classes to facilitate abstraction is also introduced. Our work makes explicit the structures of class and state machine refinement in UML-B. The UML-B drawing tool and Event-B translator are extended to support the new refinement concepts. A case study of an auto teller machine (ATM) is presented to demonstrate application and effectiveness of refined classes and refined state machines.Mar Yah SaidMichael ButlerColin Snook2009-05-27T20:31:51Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/105This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1052009-05-27T20:31:51ZStructuring Specifications with ModesThe two dependability means considered in this paper are rigorous design and fault tolerance. It can be complex to rigorously design some classes of systems, including fault tolerant ones, therefore appropriate abstractions are needed to better support system modelling and analysis. The abstraction proposed in this paper for this purpose is the notion of operation mode. Modes are formalised and their relation to a state-based formalism in a refinement approach is established. The use of modes for fault tolerant systems is then discussed and a case study presented. Using modes in state-based modelling allows us to improve system structuring, the elicitation of system assumptions and expected functionality, as well as requirement traceability.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Fernando DottiFernando Luis Dotti <fernando.dotti@pucrs.br>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-04-20T09:10:23Z2009-04-20T09:10:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/94This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/942009-04-20T09:10:23ZFault Tolerant Middleware for Agent Systems: A Refinement ApproachAgent technology offers a number of advantages over traditional distributed systems, such as asynchronous communication, anonymity of individual agents and ability to change operational context. However, it is notoriously difficult to ensure dependability of agent systems. In this paper we present a formal approach for the top-down development of fault tolerant middleware for agent systems. We demonstrate how to develop the middleware that besides providing agent coordination is also able to cope with their failures. We focus on handling agent crushes and transient faults caused by volatile communication environment. We argue that formal development of middleware with integrated fault tolerance mechanisms has potential to enhance dependability of an agent system.Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-05-28T15:30:52Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/107This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1072009-05-28T15:30:52ZUsing Event-B Refinement to Verify a Control StrategyIn this paper we outline some on-going research on approximating continuous
behaviour in Event-B in order to model and reason about a control system.
We make a distinction between a control goal and a control strategy.
We outline how both can be modelled and how refinement can be used to
prove that a strategy satisfies a goal.Michael Butlermjb@ecs.soton.ac.uk2012-07-23T11:02:33Z2012-07-23T11:02:33Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/433This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4332012-07-23T11:02:33ZClass and State Machine Refinement in UML-B UML-B is a ’UML-like’ graphical front end for Event-B. It adds support for object oriented modeling concepts while visually retaining the Event-B
modeling concepts. In the continuity of the work on UML-B, we strengthen its
refinement concepts. Development in Event-B is done through refinements of an
abstract model. Since Event-B is reflected in UML-B, the abstraction-refinement
concepts must also be catered for in UML-B. UML-B introduced the new concept of refinement, where model complexity is managed by introducing more
detailed versions of a machine. We extend this refinement concept by introducing
the notion of refined classes and refined state machines. A refined class is one that
refines a more abstract class and a refined state machine is one that refines a more
abstract state machine. The UML-B drawing tool and Event-B translator are extended to support the refinement concepts. A case study of an auto teller machine
(ATM) is presented to demonstrate the notion of refined classes and refined state
machines.Mar Yah SaidMichael ButlerColin Snook2008-12-04T11:14:56Z2008-12-04T11:14:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/51This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/512008-12-04T11:14:56ZDecomposition Structures for Event-BMichael Butler2009-05-28T16:20:05Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/108This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1082009-05-28T16:20:05ZTowards a Cookbook for Modelling and Refinement of Control ProblemsMichael Butlermjb@ecs.soton.ac.uk2009-04-01T16:20:41Z2009-04-03T08:47:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/89This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/892009-04-01T16:20:41ZMethods, Models and Tools for Fault ToleranceMichael ButlerCliff B JonesCliff.Jones@ncl.ac.ukAlexander Romanovskyalexander.romanovsky@ncl.ac.ukElena TroubitsynaElena.Troubitsyna@abo.fi2009-09-22T07:20:12Z2010-04-19T15:05:57Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/153This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1532009-09-22T07:20:12ZModal Systems: Specification, Refinement and Realisation
Operation modes are useful structuring units that facilitate design of several safety-critical systems such as such as avionic, transportation and space systems. Although some support to the construction of modal systems can be found in the literature, modelling abstractions for the formal specification, analysis and correct construction of modal systems are still lacking. This paper discusses existing support for the construction of modal systems and proposes both a formalisation and a refinement notion for modal systems. A modal system, specified using the proposed abstractions, can be realised using different specification languages. Complementing the contribution, we define the requirements for an Event-B model to realise a modal system specification. A case study illustrates the proposed approach.
Fernando DottiFernando Luis Dotti <fernando.dotti@pucrs.br>Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Leila RiberiroAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-04-01T16:27:01Z2010-04-19T15:05:53Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/90This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/902009-04-01T16:27:01ZStep-wise Development of Resilient Ambient Campus ScenariosThis paper puts forward a new approach to developing resilient ambient applications. In its core is a novel rigorous development method supported by a formal theory that enables us to produce a well-structured step-wise design and to ensure disciplined integration of error
recovery measures into the resulting implementation. The development method, called AgentB, uses the idea of modelling database to support a coherent development of and reasoning about several model views, including the variable, event, role, agent and protocol views. This helps system developers in separating various modelling concerns and makes it easier for future tool developers to design a toolset supporting this development. Fault tolerance is systematically introduced during the development of various model views. The approach is demonstrated through the development of several application scenarios within an ambient campus case study conducted at Newcastle University (UK) as part of the FP6 RODIN project.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Budi AriefAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2008-11-12T18:08:57Z2010-04-19T15:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/49This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/492008-11-12T18:08:57ZIncremental Design of Distributed Systems with Event-BMichael Butler2008-10-07T16:14:32Z2010-04-19T15:05:50Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/33This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/332008-10-07T16:14:32ZFormal Refinement AutomationLinas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2008-01-07T11:30:06Z2010-04-19T15:05:49Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/9This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/92008-01-07T11:30:06ZRedevelopment of an Industrial Case Study Using Event-B and RodinCDIS is a commercial air traffic information system that was developed using formal methods 15 years ago by Praxis, and it is still in operation today. This system is an example of an industrial scale system that has been developed using formal methods. In particular, the functional requirements of the system were specified using VVSL -- a variant of VDM. A subset of the original specification has been chosen to be reconstructed on the Rodin platform based on the new Event-B formalism. The goal of our reconstruction was to overcome three key difficulties of the original formalisation, namely the difficulty of comprehending the original specification, the lack of any mechanical proof of the consistency of the specification and the difficulty of dealing with distribution and atomicity refinement. In this paper we elucidate how a new formal notation and tool can help to overcome these difficulties.Abdolbaghi RezazadehMichael ButlerNeil Evans2010-05-21T13:00:15Z2010-05-24T07:54:18Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/227This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2272010-05-21T13:00:15ZA Lecture on modularisation method and plugin: Introduction and Parking Lot Case Studytraining material on modularisation in Event-BAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-08-19T10:18:37Z2010-08-26T16:20:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/243This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2432010-08-19T10:18:37ZAn Incremental Refinement Approach to a Development of Flash
File System in Event-BKriangsak Damchoomkd06r@ecs.soton.ac.uk2009-06-20T09:49:55Z2010-04-19T15:05:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/125This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1252009-06-20T09:49:55ZApplying Event and Machine Decomposition to a Flash-Based Filestore in Event-BEvent-B is a formal method used for specifying and reasoning about
systems. Rodin is a toolset for developing system models in
Event-B. Our experiment which is outlined in this paper is aimed
at applying Event-B and Rodin to a flash-based filestore.
Refinement is a useful mechanism that allows developers to sharpen models step by step. Two uses of refinement, feature augmentation and structural refinement, were employed in our development. Event decomposition and machine decomposition are techniques on which we focus in this work. We present an outline of a verified refinement chain for the flash filestore. We also
outline evidence of the applicability of the method and tool
together with some guidelines.
Kriangsak Damchoomkd06r@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2012-03-30T14:10:28Z2012-03-30T14:10:28Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/385This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3852012-03-30T14:10:28ZAugmenting Event-B Modelling with Real-Time VerificationAbstract—A large number of dependable embedded systems
have stringent real-time requirements imposed on them. Analysis of their real-time behaviour is usually conducted at the implementation level. However, it is desirable to obtain an evaluation of real-time properties early at the development cycle, i.e., at the modelling stage. In this paper we present an approach to augmenting Event-B modelling with verification of real-time properties in Uppaal. We show how to extract a process-based view from an Event-B model that together with introducing time constraints allows us to obtain a timed automata model – an input model of Uppaal. We illustrate the approach by development and verification of the data processing software of the BepiColombo Mission.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukTimo Latvala2012-07-09T14:55:43Z2012-07-09T14:55:43Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/421This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4212012-07-09T14:55:43ZDeveloping Control Systems with Some Fragile EnvironmentThai Son Hoanghtson@inf.ethz.chSimon Hudon2011-02-16T14:27:02Z2011-02-16T14:27:02Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/286This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2862011-02-16T14:27:02ZDevelpoment of the Floodset algorithmAssociated with and described in archive number 285Jeremy W. Bryansjeremy.bryans@ncl.ac.uk2010-01-11T13:51:00Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/186This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1862010-01-11T13:51:00ZRefinement-Animation for Event-B - Towards a Method of ValidationWe provide a detailed description of refinement in Event-B, both as a contribution in itself and as a foundation for the approach to simultaneous animation of multiple levels of refinement that we propose.
We present an algorithm for simultaneous multi-level animation of refinement, and show how
it can be used to detect a variety of errors that occur frequently when using refinement.
The algorithm has been implemented in ProB and we applied it to several case studies, showing that multi-level animation is tractable also on larger models.Stefan HallerstedeMichael Leuschelleuschel@cs.uni-duesseldorf.deDaniel Plaggeplagge@cs.uni-duesseldorf.de