Deploy Repository: No conditions. Results ordered -Date, Title. 2018-01-17T12:23:17ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2012-07-18T08:41:55Z2013-01-28T11:05:43Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/423This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4232012-07-18T08:41:55ZIndustrial deployment of system engineering methods providing high dependability and productivity. Alexander Romanovskyalexander.romanovsky@ncl.ac.ukMartyn Thomas2012-03-15T09:44:44Z2012-03-15T09:44:44Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/376This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3762012-03-15T09:44:44ZAn Collaborative FAQ Approach for Collecting Evidence on Formal Method Industrial UsageAfter several decades, formal methods are gaining ground in Industry. However, as pointed out by the results of Woodcock et al’s survey, formal methods still need significant additional effort in several areas, most notably in collecting evidence on the use of formal methods and tools in Industry. Such material is crucial for helping companies considering the adaption of formal methods in their decision and deployment process. This talk presents a practical approach for building a repository of evidence material. The main benefits of the proposed approach are first to make it possible to integrate information for many Industry pilots that have tested diverse formal methods. The secondary benefit is that the current implementation of the repository as a wiki of that project is simple yet efficient in managing access but also contribution rights. We highlight different usage scenarios both as passive user, from different roles in the organization, and as contributors, either to point out missing material or as provider of new material.Jean-Christophe Deprezjcd@cetic.beChristophe Ponsardchristophe.ponsard@cetic.be2012-05-08T09:23:13Z2012-09-11T18:17:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/394This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3942012-05-08T09:23:13ZEvent-B code generation: type extension with theoriesThe Event-B method is a formal modelling approach; our interest is the final step, of generating code for concurrent programs, from Event-B. Our Tasking Event-B tool integrates Event-B to facilitate code generation. The theory plug-in allows mathematical extensions to be added to an Event-B development. When working at the implementation level we need to consider how to translate the newly added types and operators into code. In this paper, we augment the theory plug-in, by adding a Translation Rules section to the tool. This enables us to define translation rules that map Event-B formulas to code. We illustrate the approach using a small case study, where we add a theory of arrays, and specify translation rules for generating Ada code.Andrew EdmundsMichael ButlerIssam MaamriaRenato SilvaChris Lovell2012-03-06T18:52:06Z2012-03-06T18:52:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/372This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3722012-03-06T18:52:06ZAugmenting formal development with use case reasoningState-based methods for correct-by-construction software development rely on a combination of safety constraints and refinement obligations to demonstrate design correctness. One prominent challenge, especially in an industrial setting, is ensuring that a design is adequate: requirements compliant and fit for purpose. The paper presents a technique for augmenting state-based, refinement-driven formal developments with reasoning about use case scenarios; in particular, it discusses a way for the derivation of formal verification conditions from a high-level, diagrammatic language of use cases, and the methodological role of use cases in a formal modelling process.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2012-02-13T10:23:32Z2012-02-13T10:23:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/368This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3682012-02-13T10:23:32ZComparing Models of Nondeterministic Expression EvaluationIan J. HayesAlan BurnsBrijesh DongolCliff B. Jones2012-07-26T15:19:17Z2012-07-26T15:22:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/445This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4452012-07-26T15:19:17ZDeployment of Formal Methods in Industry: the Legacy of the FP7 ICT DEPLOY Integrated ProjectThe work of the major EU-funded ICT DEPLOY Integrated Project (February 2008 – April 2012) on Industrial Deployment of Advanced System Engineering Methods for High Productivity and Dependability was driven by the tasks of achieving and evaluating industrial take-up, initially by DEPLOY industrial partners, of DEPLOY methods and tools, together with the necessary further research on methods and tools. Our previous SEN paper introduced the project. The project has been one of the most significant efforts focusing on understanding the issues researchers and engineers face during the deployment of formal methods. This paper briefly reports on the project legacy and provides pointers to the various sources of information produced by the projects.Romanovsky Alexanderalexander.romanovsky@ncl.ac.uk2012-04-27T14:42:34Z2012-04-27T14:42:34Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/386This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3862012-04-27T14:42:34ZDeveloping Mode-Rich Satellite Software by Refinement in Event-BOne of the guarantees that the designers of on-board satellite systems need to provide, so as to ensure their dependability, is that the mode transition scheme is implemented correctly, i.e. that the states of system components are consistent with the global system mode. There is still, however, a lack of scalable approaches to developing and verifying systems with complex mode transitions. This paper presents an approach to formal development of mode-rich systems by refinement in Event-B. We formalise the concepts of modes and mode transitions as well as deriving specification and refinement patterns which support correct-by-construction system development. The proposed approach is validated by a formal development of the Attitude and Orbit Control System (AOCS) undertaken within the ICT DEPLOY project. The experience gained in the course of developing of as complex an industrial-size system as AOCS shows that refinement in Event-B provides the engineers with a scalable formal technique that enables both mode-rich systems development and proof-based verification of their mode consistency.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiDubravka IlicTimo Latvala2012-06-29T07:54:52Z2012-06-29T07:54:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/408This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4082012-06-29T07:54:52ZFormal Goal-Oriented Development of Resilient Multi-Agent Systems in Event-BGoal-Oriented Development facilitates structuring complex requirements. To ensure resilience the designers should guarantee that the system achieves its goals despite changes, e.g., caused by failures of system components. In this paper we propose a formal goal-oriented approach to development of resilient MAS. We formalize the notion of goal and goal achievement in Event-B and propose the specification and refinement patterns that allow us to guarantee that the targeted goals are reached despite agent failures. We illustrate our approach by a case study – development of an autonomous multi-robotic system.Inna PereverzevaInna.Pereverzeva@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2012-06-29T07:54:42Z2012-06-29T07:54:42Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/407This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4072012-06-29T07:54:42ZFormal Modelling and Verification of Service-Oriented Systems in Probabilistic Event-BModelling and refinement in Event-B provides a scalable sup- port for the development of complex service-oriented systems. Refinement in Event-B supports a systematic service development by a gradual trans- formation of an abstract specification into a detailed service architecture. In this paper we aim at integrating quantitative assessment of desired quality of essential service attributes into formal modelling process. We propose an approach to creating and verifying a dynamic service architecture in Event- B. Such an architecture can be augmented with stochastic information and transformed into the corresponding continuous-time Markov chain represen- tation. By relying on probabilistic model-checking techniques, we allow for quantitative evaluation of quality of service attributes at early development stages. The approach is illustrated by a simple case study.Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2012-02-13T10:21:31Z2012-02-13T10:21:31Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/367This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3672012-02-13T10:21:31ZRefining rely-guarantee thinkingIan J. HayesCliff B. JonesRobert J. Colvin2012-03-15T09:45:38Z2012-03-15T09:45:38Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/373This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3732012-03-15T09:45:38Z From Event-B Models to Code: Sensing, Actuating, and the Environment The Event-B method is a formal approach for modelling systems in safety-, and business-critical, domains. We focus, in this paper, on multi-tasking, embedded control systems. Initially, system specification takes place at a high level of abstraction; detail is added in refinement steps as the development proceeds toward implementation. In previous work, we presented an approach for generating code, for concurrent programs, from Event-B. Translators generate program code for tasks that access data in a safe way, using shared objects. We did not distinguish between tasks of the environment and those of the controller. The work described in this paper offers improved modelling and code generation support, where we separate the environment from the controller. The events in the system can participate in actuating or sensing roles. In the resulting code, sensing and actuation can be simulated using a form of subroutine call; or additional information can be provided to allow a task to read/write directly from/to a specfied memory location.Andrew Edmunds12039Abdolbaghi Rezazadeh10385Michael Butler182012-02-13T10:30:08Z2012-02-13T10:30:08Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/370This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3702012-02-13T10:30:08ZComparing Models of Nondeterministic Expression EvaluationIan J. HayesAlan BurnsBrijesh DongolCliff B. Jones2011-09-02T08:43:33Z2012-05-18T14:19:02Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/330This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3302011-09-02T08:43:33ZProceedings of the 11th workshop on Automated Verification of Critical SystemsThis volume contains the proceedings of the 11th workshop on Automated Verification of Critical Systems that was hosted by Newcastle University and took place during September 12-14, 2011 in Newcastle upon Tyne, UK. The workshop is supported by DEPLOY.Jens BendispostoCliff JonesMichael LeuschelAlexander Romanovsky2011-09-04T11:57:29Z2011-09-04T11:57:29Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/329This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3292011-09-04T11:57:29ZQuantitative Verification of System Safety in Event-B
Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2011-11-16T09:32:55Z2011-11-16T09:32:55Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/356This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3562011-11-16T09:32:55ZConcurrent Scheduling of Event-B ModelsEvent-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be designed so that their application results in a correctness-preserving refinement step. For practical application, two patterns for schedule introduction are provided, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem.Pontus BoströmFredrik DegerlundKaisa SereMarina Waldén2011-05-06T13:17:45Z2011-05-06T13:17:45Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/303This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3032011-05-06T13:17:45ZTasking Event-B: An Extension to Event-B for Generating Concurrent CodeThe Event-B method is a formal approach for modelling systems in safety-, and business-critical, domains. Initially, system specification takes place at a high level of abstraction; detail is added in refinement steps as the development proceeds toward implementation. Our aim has been to develop a novel approach for generating code, for concurrent programs, from Event-B. We formulated the approach so that it integrates well with the existing Event-B methodology and tools. In this paper we introduce a tasking extension for Event-B, with Tasking and Shared Machines. We make use of refinement, decomposition, and the extension, to structure projects for code generation for multitasking implementations. During the modelling phase decomposition is performed; decomposition reduces modelling complexity and makes proof more tractable. The decomposed models are then extended with sufficient information to enable generation of code. A task body describes a task?s behaviour, mainly using imperative, programming-like constructs. Task priority and life-cycle (periodic, triggered, etc.) are also specified, but timing aspects are not modelled formally. We provide tool support in order to validate the practical aspects of the approach. Andrew EdmundsMichael Butler2011-08-02T12:57:38Z2011-08-02T12:57:38Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/319This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3192011-08-02T12:57:38ZCorrect-by-Construction Development of Fault Tolerant Systems (Tutorial at FM 2011)Ensuring system fault tolerance is one of the major concerns in developing critical industrial applications. The tutorial shows how to rigorously develop systems that are not only functionally correct but also fault tolerant. The material of the tutorial is built on the results of two EC projects, RODIN and DEPLOY, that created and validated in the industrial settings the RODIN platform - an Eclipse-based development environment supporting formal modelling in Event-B. The focus of the tutorial is on demonstrating how fault tolerance can be systematically specified and verified as an intrinsic part of the overall system behavior. The general principles are demonstrated by several industrial case studies based on our work with telecommunication, space and business information sectors. As part of the tutorial we will introduce and demonstrate a number of RODIN tools that support model structuring using modes, modules, and fault tolerance views, and facilitate fault tolerance modelling.
All materials of this tutorial are available on http://iliasov.org/fm2011/
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2012-06-29T07:54:30Z2012-06-29T07:54:30Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/406This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4062012-06-29T07:54:30ZDeriving Mode Logic for Fault-Tolerant Control SystemsYuliya ProkhorovaYuliya.Prokhorova@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiKimmo VarpaaniemiTimo Latvala2012-02-13T10:17:51Z2012-02-13T10:17:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/365This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3652012-02-13T10:17:51ZElucidating concurrent algorithms via layers of abstraction and reificationCliff B. JonesKen G. Pierce2011-08-02T10:47:15Z2011-08-02T10:47:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/317This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3172011-08-02T10:47:15ZFormal Approach to Ensuring Interoperability of Mobile AgentsLinas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-08-02T13:08:31Z2011-08-02T13:11:37Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/320This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3202011-08-02T13:08:31ZFormal Derivation of a Distributed Program in Event BAchieving high dependability of distributed systems remains
a major challenge due to complexity arising from concurrency and communication. There are a number of formal approaches to verification of properties of distributed algorithms. However, there is still a lack of methods that enable a transition from a verified formal model of communication to a program that faithfully implements it. In this paper we aim at bridging this gap by proposing a state-based formal approach to correct-by-construction development of distributed programs. In our approach we take a systems view, i.e., formally model not only application but also its environment. We decompose such an integrated specification to obtain the distributed program that should be deployed on the targeted network infrastructure. To illustrate our approach, we present a development of a distributed leader election protocol.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-10-05T12:32:28Z2011-10-29T18:22:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/348This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3482011-10-05T12:32:28ZGeneration of certifiably correct programs from formal modelsApplication of formal notations and verifications
techniques helps to deliver systems that are free from engineering defects. A code generator is an essential tool for formal development of real-world systems; it transforms models into runnable software quickly, consistently and reproducibly. Commonly, a code generator is a program constructed informally and producing an output that is not formally traced to an input. Industrial standards to the development of safety-critical systems, such as IEC 61508, require a justification for any tool used in a development: extensive prior experience or a formal certification. An extensive experience is often not an option as there are very few sufficiently mature modelling toolsets. The
certification of a code generator is a major effort increasing costs and development time. We propose an approach where a modeller places no trust whatsoever in the code generation stage but rather obtains software that is certifiable without any further effort. The essence of the approach is in the transformation of a formal model into runnable software that is demonstratively correct in respect to a given set of verification criteria, coming from a requirements document. A Hoare logic is used to embedded correctness criteria into the resultant program; the approach supports design-by-contract annotations to allow developer to mix formal and informal parts with a fair degree of rigour.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2011-09-04T11:57:36Z2011-09-04T11:57:36Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/328This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3282011-09-04T11:57:36ZQuantitative Reasoning about Dependability in Event-B: Probabilistic Model Checking Approach
Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2011-11-14T11:00:48Z2011-11-14T11:00:48Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/354This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3542011-11-14T11:00:48ZRequirements Modeling FrameworkIm August 2011 hat das Requirements Modeling Framework (RMF) als ein neues Eclipse-Projekt das Licht der Welt erblickt. RMF besteht aus einem Kern, der Daten im Requirements Exchange Format (RIF/ReqIf) verarbeiten kann, und einem GUI namens ProR, mit dem sich diese Daten komfortabel bearbeiten lassen. ProR stellt einen Extension Point zur Verf\"{u}gung, der die Integration mit anderen Werkzeugen erm\"{o}glicht.Michael JastramAndreas Graf2011-07-04T12:44:57Z2011-10-29T18:28:41Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/315This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3152011-07-04T12:44:57ZUse case scenarios as verification conditions: Event-B/Flow approachModel-oriented formalisms rely on a combination of safety
constraints and satisfaction of refinement obligations to demonstrate model correctness. We argue that for a significant class of models a substantial part of the desired model behaviour would not be covered by such correctness conditions, meaning that a formal development potentially ends with a correct model inadequate for its purpose. In this paper we present a method for augmenting Event-B specifications with additional proof obligations expressed in a visual, diagrammatic way. A case study illustrates how the method may be used to strengthen a model by translating use case scenarios from requirement documents into formal statements over a modelled system.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2011-09-04T11:57:40Z2011-09-04T11:57:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/327This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3272011-09-04T11:57:40ZTowards Probabilistic Modelling in Event-BAnton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2011-09-04T11:57:15Z2011-09-04T11:57:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/325This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3252011-09-04T11:57:15ZAugmenting Formal Development of Control Systems with Quantitative Reliability Assessment
Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2010-01-14T17:31:53Z2010-01-14T17:31:53Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/187This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1872010-01-14T17:31:53Z09381 Extended Abstracts Collection — Refinement Based Methods for the Construction of Dependable SystemsWith our growing reliance on computers, the total societal costs of their failures are hard to underestimate. Nowadays computers control critical systems from various domains such as aerospace, automotive, railway, business etc. Obviously, such systems must have a high degree of dependability — a degree of trust that can be justifiably placed on them. Although the currently operating systems do have an acceptable level of dependability, we believe that they development process is still rather immature and ad-hoc. The constantly growing system complexity poses an increasing challenge on the system developers and requires significant improvement on the existing developing practice. To address this problem, we investigated how to establish a set of refinement-based engineering methods that can provide the designers with a systematic methodology for development of complex systems.Jean-Raymond AbrialMichael ButlerRajev JoshiElena TroubitsynaJim C. P. Woodcock2011-01-31T17:19:46Z2011-01-31T17:19:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/282This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2822011-01-31T17:19:46ZSplitting Atoms with Rely/Guarantee Conditions Coupled with Data ReificationC. B. JonesK. G. Pierce2011-01-31T17:19:39Z2011-01-31T17:19:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/283This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2832011-01-31T17:19:39ZWhat Can the pi-calculus Tell Us About the Mondex Purse System?C. B. JonesK. G. Pierce2010-11-29T11:54:15Z2010-11-29T11:54:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/257This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2572010-11-29T11:54:15ZElucidating concurrent algorithms via layers of abstraction and reificationCliff B. JonesKen G. Pierce2010-10-21T10:03:34Z2010-10-21T10:05:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/248This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2482010-10-21T10:03:34ZFormal Analysis of BPMN Models Using Event-BJeremy W. Bryansjeremy.bryans@ncl.ac.ukWei Wei wei01.wei@sap.com2010-01-12T10:11:34Z2010-11-27T16:28:08Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/183This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1832010-01-12T10:11:34ZFrom problem frames to HJJCliff B JonesCliff.Jones@ncl.ac.uk2010-11-29T11:55:36Z2010-12-09T15:37:47Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/254This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2542010-11-29T11:55:36ZInsight, inspiration and collaborationC.B. JonesA.W. Roscoe2010-11-12T08:53:11Z2010-11-12T08:53:11Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/253This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2532010-11-12T08:53:11ZOn Fault Tolerance Reuse during RefinementComplex modern applications have to be developed to be dependable to meet their requirements and expectations of their users. An important part of this is their ability to deal with various threats (such as faults in the system environment, operator's mistakes, underlying hardware and software support problems). Development of modern applications is complicated by the need for systematic and rigorous integration of fault tolerance measures. The paper focuses on reuse of fault tolerance modelling. First, it introduces the idea of general modelling templates reflecting abstract views on system behaviour with respect to faults. These templates are used during system detalisation (re�finement) to capture the user's view on system external behaviour. Secondly, it proposes to use a library of concrete modelling patterns allowing developers to systematically integrate speci�c fault tolerance mechanisms (e.g. recovery blocks, checkpoints, exception handling) into the models. The proposed solutions are linked to the Event-B method and demonstrated using a case study.Ilya LopatkinIlya.Lopatkin@newcastle.ac.ukAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2010-11-29T11:54:32Z2010-11-29T11:54:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/256This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2562010-11-29T11:54:32ZReflections on the work of C.A.R. Hoare2010-11-29T11:55:32Z2010-12-09T15:37:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/255This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2552010-11-29T11:55:32ZThe role of auxiliary variables in the formal development of concurrent programsC. B. Jones2010-12-07T14:23:11Z2010-12-09T15:36:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/261This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2612010-12-07T14:23:11ZTutorial on the Flow plugin for Event-BAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-12-07T14:29:00Z2010-12-09T15:36:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/263This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2632010-12-07T14:29:00ZTutorial on the modularization plugin for Event-BAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-07-14T12:58:15Z2010-07-14T13:14:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/239This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2392010-07-14T12:58:15ZVerifying Mode Consistency for On-Board Satellite SoftwareSpace satellites are examples of complex embedded systems.
Dynamic behaviour of such systems is typically described in terms of operational modes that correspond to the different stages of a mission and states of the components. Components are susceptible to various faults that complicate the mode transition scheme. Yet the success of a mission depends on the correct implementation of mode changes. In this paper we propose a formal approach that ensures consistency of mode changes while developing a system architecture by refinement. The approach relies on recursive application of modelling and refinement patterns that enforce correctness while implementing the mode transition scheme. The proposed approach is exemplified by the development of an Attitude and Orbit Control System undertaken within the ICT DEPLOY project.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiPauli VäisänenPauli.Vaisanen@ssf.fiDubravka IlicTimo Latvala2009-12-12T16:28:19Z2010-04-19T15:05:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/163This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1632009-12-12T16:28:19ZPhD Thesis: Formal Construction of Instruction Set ArchitecturesThe Instruction Set Architecture (ISA) is that part of a computing machine visible for programming, including its native data types, instructions, registers, memory architecture, exception handling and external interfaces. The ISA also includes the specification of the machine’s native language: that is its instructions and their actions. This thesis proposes the use of the Event-B formal notation to construct a sequence of formal specifications applicable to a range of ISAs, by abstractly capturing their shared properties. Initial, very abstract, descriptions are refined by the incremental addition of greater detail, each increment providing a template for development of the next. The use of Event-B allows correctness, i.e. the preservation of the properties of the previous step, to be verified over successive refinements. This is achieved by the creation and proving of logical hypotheses, or proof obligations.
The process enables development of ISAs with predictable behaviour when executing both correct and erroneous programs, by identification of the precise preconditions required for successful execution of instructions, their resulting actions, and all possible error conditions. Application of property proving techniques allows for the formal verification of desirable properties.
A methodology is proposed for the incremental construction of the common elements of an ISA, and its features are discussed. The methodology is initially used to construct a generic description, which is then demonstrated by refinement to two representative ISAs capable of executing compiled C binary executables. The complete refinement process is demonstrated by the creation and testing of Virtual Machines automatically generated via novel translation tools.
Prior art has relied on the provision of single-layered descriptions of specific ISAs to enable formal verification of implementations, placing a burden of correctness on these specifications. This work contributes by the provision of a common context for correct derivation of these previously independant descriptions. The work introduces novel levels of abstraction to allow re-use on any sequential computing machine, provides a framework for the comparison of different ISAs relative to a single datum, and enables analysis of design options during the creation and extension of ISAs. Further contributions are the construction of multiple ISAs from a single abstract description, and the introduction of automatic source-code generation techniques to the Event-B method, which include features to assist in the development and test of useable ISAs.Stephen Wrightstephen.wright@bris.ac.uk2009-05-27T20:31:51Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/105This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1052009-05-27T20:31:51ZStructuring Specifications with ModesThe two dependability means considered in this paper are rigorous design and fault tolerance. It can be complex to rigorously design some classes of systems, including fault tolerant ones, therefore appropriate abstractions are needed to better support system modelling and analysis. The abstraction proposed in this paper for this purpose is the notion of operation mode. Modes are formalised and their relation to a state-based formalism in a refinement approach is established. The use of modes for fault tolerant systems is then discussed and a case study presented. Using modes in state-based modelling allows us to improve system structuring, the elicitation of system assumptions and expected functionality, as well as requirement traceability.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Fernando DottiFernando Luis Dotti <fernando.dotti@pucrs.br>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-05-27T20:48:29Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/106This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1062009-05-27T20:48:29ZTowards Automated Refinement: Patterns in Event B Formal modelling is indispensable for engineering highly dependable systems. However, a wider acceptance of formal methods is hindered by their insufficient usability and scalability. In this paper, we aim at assisting developers in rigorous modelling and design by increasing automation of development steps. We introduce a notion of refinement patterns – generic representations of typical correctness-preserving model transformations. Our definition of a refinement pattern contains a description of syntactic model transformations, as well as the pattern applicability conditions and proof obligations for verification of correctness preservation. This establishes a basis for building a tool supporting formal system development via pattern reuse and instantiation. We present a prototype of such a tool and some examples of refinement patterns for automated development in the Event B formalism.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-01-24T18:35:27Z2010-04-19T15:05:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/78This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/782009-01-24T18:35:27ZFrameworks for designing and implementing dependable systems using Coordinated Atomic Actions: A comparative study
Alfredo CapozuccaNicolas GuelfiPatrizio PelliccioneAlexander Romanovskyalexander.romanovsky@ncl.ac.ukAvelino Zorzo2010-01-12T10:11:26Z2010-01-12T10:11:26Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/181This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1812010-01-12T10:11:26ZAbstraction is all we've got: auxiliary variables considered harmful.Cliff B JonesCliff.Jones@ncl.ac.uk2010-01-12T10:11:20Z2010-01-12T10:11:20Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/180This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1802010-01-12T10:11:20ZAn outline of a proposed system that learns from experts how to discharge proof obligations automatically. Alan BundyGudmund GrovCliff B JonesCliff.Jones@ncl.ac.uk2010-01-12T10:11:11Z2010-11-27T16:19:08Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/184This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1842010-01-12T10:11:11ZElucidating concurrent algorithms via layers of abstraction and reification.Cliff B JonesCliff.Jones@ncl.ac.ukKen G Piercek.g.pierce@ncl.ac.uk2009-10-25T17:48:19Z2010-04-19T15:05:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/161This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1612009-10-25T17:48:19ZFormal Methods: Practice and ExperienceFormal methods use mathematical models for analysis and verification at any part of the program life-cycle. We describe the state of the art in the industrial use of formal methods, concentrating on their increasing use at the earlier stages of specification and design. We do this by reporting on a new survey of industrial use, comparing the situation in 2009 with the most significant surveys carried out over the last 20 years. We describe some of the highlights of our survey by presenting a series of industrial projects, and we draw some observations from these surveys and records of experience. Based on this, we discuss the issues surrounding the industrial adoption of formal methods. Finally, we look to the future and describe the development of a Verified Software Repository, part of the worldwide Verified Software Initiative. We introduce the initial projects being used to populate the repository, and describe the challenges they address.Jim WoodcockJim.Woodcock@cs.york.ac.ukPeter Gorm Larsenpgl@iha.dkJuan Bicarreguijuan.bicarregui@stfc.ac.ukJohn S. Fitzgeraldjohn.fitzgerald@ncl.ac.uk2009-06-06T10:52:07Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/110This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1102009-06-06T10:52:07ZFormal Modelling and Analysis of Business Information Applications with Fault Tolerant MiddlewareDistributed information systems are critical to the functioning of many businesses; designing them to be dependable is a challenging but important task. We report our experience in using formal methods to enhance processes and tools for development of business information software based on service-oriented architectures. In our work, which takes place in an industrial setting, we focus on the configuration of middleware, verifying application-level requirements in the presence of faults. In pilot studies provided by SAP, we used the Event-B formalism and the open Rodin tools platform to prove properties of models of business protocols and expose weaknesses of certain middleware configurations with respect to particular protocols. We then extended the approach to use models automatically generated from diagrammatic design tools, opening the possibility of seamless integration with current development environments.
Increased automation in the verification process, through
domain-specific models and theories, is a goal for future
work.
KEYWORDS: Verification, Fault Modelling, Service-
Oriented Architectures, Event-B, Tool SupportJeremy W. BryansJeremy.Bryans@ncl.ac.ukJohn S. FitzgeraldJohn.Fitzgerald@ncl.ac.ukAlexander RomanovskyA.Romanovsky@ncl.ac.ukAndreas RothAndreas/Roth@sap.com2010-01-12T10:11:30Z2010-01-12T10:11:30Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/179This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1792010-01-12T10:11:30ZLearning from experts to aid the automation of proof search.Alan BundyGudmund GrovCliff B JonesCliff.Jones@ncl.ac.uk2010-01-12T10:10:59Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/185This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1852010-01-12T10:10:59ZThe role of auxiliary variables in the formal development of concurrent programs.Cliff B JonesCliff.Jones@ncl.ac.uk2009-01-19T10:50:44Z2009-01-19T10:50:44Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/68This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/682009-01-19T10:50:44ZDEPLOY: Industrial Deployment of Advanced System Engineering Methods for High Productivity and DependabilityAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-01-20T09:35:06Z2009-01-20T09:35:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/69This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/692009-01-20T09:35:06ZSERENE '08: Proceedings of the 2008 RISE/EFTS Joint International Workshop on Software Engineering for Resilient Systems. Newcastle upon Tyne, United KingdomNicolas GuelfiHenry MucciniPatrizio PelliccioneAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-01-19T10:33:45Z2009-01-19T10:33:45Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/67This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/672009-01-19T10:33:45ZEngineering Fault Tolerant Systems (Special issue)Nicolas GuelfiHenry MucciniPatrizio PelliccioneAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2008-07-11T13:09:31Z2010-04-19T15:05:50Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/27This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/272008-07-11T13:09:31ZDEPLOY: Industrial Deployment of Advanced System Engineering Methods for High Productivity and DependabilityAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2008-05-16T14:51:33Z2008-05-16T14:51:33Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/24This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/242008-05-16T14:51:33ZTowards Rigorous Engineering of Resilient Pervasive SystemsWhile pervasive systems offer versatile computing environment, their complexity poses a significant challenge to their developers. Hence ensuring resilience
of pervasive systems is an important issue, which should be tackled by adopting rigorous design methods and systems approach. In this short paper we identify the key research directions in engineering pervasive resilient systems and our experience in rigorous development of a multi-agent application called Ambient Campus.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKaisa SereKaisa.Sere@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fi2010-01-12T10:10:40Z2010-01-12T10:10:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/182This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1822010-01-12T10:10:40ZA dynamic coalitions workbench: Final ReportJeremy W. Bryansjeremy.bryans@ncl.ac.ukJohn S. Fitzgeraldjohn.fitzgerald@ncl.ac.ukDavid GreatheadDavid.Greathead@ncl.ac.ukCliff B JonesCliff.Jones@ncl.ac.ukRichard PayneRichard.Payne@ncl.ac.uk2008-08-06T19:46:58Z2010-04-19T15:05:50Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/30This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/302008-08-06T19:46:58ZAnimation-based Validation of a Formal Model of Dynamic Virtual OrganisationsWe describe a study of the industrial use of animation in the analysis of a formal model of information flow in dynamic virtual organisations (VOs). A generic formal model of a VO structure composed of autonomous agents sharing information was developed using the Vienna Development Method (VDM). An exploratory environment was also developed in which the model was animated via an interpreter running an application-specific script developed with domain experts. A user interface encouraged interaction with the model without requiring exposure to the formalism. The use of the interface and model by domain experts was observed
and recorded before debrief, allowing us to draw conclusions about the suitability of formal models for exploring, in an industrial setting, the design of policies governing VOs.John S FitzgeraldJohn.Fitzgerald@ncl.ac.ukJeremy W BryansJeremy.Bryans@ncl.ac.ukDavid GreatheadDavid.Greathead@ncl.ac.ukClifff B JonesCliff.Jones@ncl.ac.ukRichard PayneRichard.Payne@ncl.ac.uk2009-01-19T10:05:52Z2009-01-19T10:05:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/65This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/652009-01-19T10:05:52ZDEPLOY: industrial deployment of advanced system engineering methods for high productivity and dependabilityAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2008-08-06T19:47:12Z2010-04-19T15:05:50Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/28This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/282008-08-06T19:47:12ZIncremental Development of a Distributed Real-Time Model of a Cardiac Pacing System using VDMThe construction of formal models of real-time distributed systems is a considerable practical challenge. We propose and illustrate a pragmatic incremental approach in which detail is progressively added to abstract system-level specifications of functional and timing properties via intermediate models that express system architecture, concurrency and timing behaviour. The approach is illustrated by developing a new formal model of the cardiac pacemaker system proposed as a “grand challenge” problem in 2007. The models are expressed using the Vienna Development Method (VDM) and are validated primarily by scenario-based tests, including the analysis of timed traces. We argue that the insight gained using this staged modelling approach will be valuable in the subsequent development of implementations, and in detecting potential bottlenecks within suggested implementation architectures.Hugo Daniel MacedoPeter Gorm LarsenJohn FitzgeraldJohn.Fitzgerald@ncl.ac.uk2010-01-12T10:11:16Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/177This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1772010-01-12T10:11:16ZReasoning about programes via operational semantics: Requirement for a support system. John R.D HughesCliff B JonesCliff.Jones@ncl.ac.uk2009-05-06T11:54:45Z2010-04-19T15:05:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/99This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/992009-05-06T11:54:45ZRefinement Patterns for Fault Tolerant SystemsThe paper puts forward the idea of using fault tolerance refinement patterns to assist system developers in disciplined application of software fault tolerance mechanisms in rigorous system design. Two patterns are proposed to support a correct introduction of recovery blocks and N-version programming into a system model; these are formally defined and their correctness proven. We also discuss several important issues involved in the use of these patterns in engineering systems, including tool support and pattern composition.design) as a major means for improving the quality of products.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2010-01-12T10:11:06Z2010-01-12T10:11:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/178This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1782010-01-12T10:11:06ZReflections on, and predictions for, support systems for the development of programs.Cliff B JonesCliff.Jones@ncl.ac.uk2011-01-31T17:18:49Z2011-01-31T17:18:49Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/274This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2742011-01-31T17:18:49ZSome interdisciplinary observations about getting the ``right'' specificationCliff B. Jones2010-01-12T10:10:28Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/176This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1762010-01-12T10:10:28ZSplitting atoms with rely/guarantee conditions coupled with data reification.Cliff B JonesCliff.Jones@ncl.ac.ukKen G Piercek.g.pierce@ncl.ac.uk2012-09-13T09:16:59Z2013-02-18T14:59:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/455This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4552012-09-13T09:16:59ZBuilding on the DEPLOY legacy: code generation and simulationThe RODIN, and DEPLOY projects have laid solid foundations for further theoretical, and practical (methodological and tooling) advances with Event-B; we investigated code generation for embedded, multi-tasking systems. This work describes activities from a follow-on project, ADVANCE; where our interest is co-simulation of cyber-physical systems. We are working to better understand the issues arising in a development when modelling with Event-B, and animating with ProB, in tandem with a multi-simulation strategy. With multi-simulation we aim to simulate various features of the environment separately, in order to exercise the deployable code. This paper has two contributions, the first is the extension of the code generation work of DEPLOY, where we add the ability to generate code from Event-B state-machine diagrams. The second describes how we may use code, generated from state-machines, to simulate the environment, and simulate concurrently executing state-machines, in a single task. We show how we can instrument the code to guide the simulation, by controlling the relative rate that non-deterministic transitions are traversed in the simulation.Andrew Edmundsae2@ecs.soton.ac.ukJohn ColleyJ.L.Colley@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2011-05-06T13:18:02Z2011-05-09T09:43:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/304This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3042011-05-06T13:18:02ZEvent-B Project Archives, for Tasking Event-B TutorialAndrew Edmundsae2@ecs.soton.ac.uk2011-09-04T11:57:43Z2011-09-04T11:57:43Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/326This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3262011-09-04T11:57:43ZFrom Formal Specification in Event-B to Probabilistic Reliability Assessment
Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2010-01-29T22:37:57Z2011-06-28T10:13:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/198This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1982010-01-29T22:37:57ZProceedings of the First Deploy Technical WorkshopThe second DEPLOY annual plenary meeting was held from 21st to 23rd of October in Aix-en-Provence, France. The main difference with respect to the first meeting has been a significant amount of time dedicated to technical presentations of papers. We invited all the academic and industrial partners to submit papers about the work they were carrying on inside the DEPLOY project. The accepted submissions have been then organized in five different sessions, each regarding a DEPLOY relevant
topic, plus one for short papers. The structure of this document reflects exactly the structure of the workshop, each of the parts represents a workshop session:
1. Event-B and Extensions
2. Code Generation
3. Event-B Metrics and Tools
4. Model Checking
5. Business Information Systems
6. Short PapersMazzara Manuel 2011-11-10T17:31:25Z2011-11-10T17:31:25Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/351This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3512011-11-10T17:31:25ZReasoning about Liveness in Event-BEvent-B is a formal method which is widely used in modelling safety critical systems. So far, the main properties of interest in Event-B are safety related. Even though some liveness properties, e.g., termination, are already within the scope of Event-B, more general liveness properties, e.g. progress or persistence, are currently unsupported. We present in this paper proof rules to reason about important classes of liveness properties. We
illustrate our proof rules by applying them to prove liveness properties of realistic examples. Our proof rules are based on several proof obligations that can be implemented in a tool support such as the Rodin platform.
Thai Son Hoanghtson@inf.ethz.chJean-Raymond Abrial2009-07-08T15:31:36Z2010-04-19T15:05:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/134This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1342009-07-08T15:31:36ZSpecifying Modal Systems using Event-BSeveral safety-critical systems, such as avionic, transportation and space systems, use the notion of operation modes. Operation modes are useful structuring units that facilitate design, specially if used with state-based formal methods. However, modelling abstractions to support the specification, analysis and correct construction of modal systems are still lacking. The contribution of this paper is twofold: (i) modal systems and modal systems refinement are discussed and formalized; (ii) the relation of a modal system specification with an Event-B model is discussed, showing how to demonstrate that the behaviour of an Event-B model can satisfy a modal system.Fernando DottiFernando Luis Dotti <fernando.dotti@pucrs.br>Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2009-10-14T10:25:46Z2010-04-19T15:05:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/159This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1592009-10-14T10:25:46ZSupporting Reuse in Event B Development: Modularisation ApproachRecently, Space Systems Finland has undertaken formal Event B development of a part of on-board software for the BepiColombo space mission. As a result, lack of modularization mechanisms in Event B has been identified as a serious obstacle to scalability. One of the main benefit of modularization is that it allows us to decompose system models into components that can be independently developed. It also helps to manage complexity of models that in the industrial setting are usually very large and difficult to comprehend. On the other hand, modularization enables reuse of formally developed components in the formal product line development. In this paper we propose a conservative extension of Event B formalism to support modularization. We demonstrate how our approach can support reuse in the formal development in the space domain.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiDubravka IlicTimo Latvala2011-01-18T14:05:51Z2011-01-18T14:05:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/268This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2682011-01-18T14:05:51ZTraining materials on the flow tool (release - Jan 2011) The Flows plugin is an extension of the Event B Rodin platform. Its purpose is to allow a modeller to verify a range of properties related to the order of event enabling in an Event B model. The tool offers a simple graphical notation and is meant to complement the core Event B development method.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>