Deploy Repository: No conditions. Results ordered Title. 2018-01-17T12:22:33ZEPrintshttp://deploy-eprints.ecs.soton.ac.uk/images/sitelogo.gifhttp://deploy-eprints.ecs.soton.ac.uk/2010-01-14T17:31:53Z2010-01-14T17:31:53Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/187This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1872010-01-14T17:31:53Z09381 Extended Abstracts Collection — Refinement Based Methods for the Construction of Dependable SystemsWith our growing reliance on computers, the total societal costs of their failures are hard to underestimate. Nowadays computers control critical systems from various domains such as aerospace, automotive, railway, business etc. Obviously, such systems must have a high degree of dependability — a degree of trust that can be justifiably placed on them. Although the currently operating systems do have an acceptable level of dependability, we believe that they development process is still rather immature and ad-hoc. The constantly growing system complexity poses an increasing challenge on the system developers and requires significant improvement on the existing developing practice. To address this problem, we investigated how to establish a set of refinement-based engineering methods that can provide the designers with a systematic methodology for development of complex systems.Jean-Raymond AbrialMichael ButlerRajev JoshiElena TroubitsynaJim C. P. Woodcock2010-10-29T09:04:41Z2010-10-29T09:04:41Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/252This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2522010-10-29T09:04:41ZA Basis for Feature-Oriented Modelling in Event-BFeature-oriented modelling is a well-known approach for Software Product
Line (SPL) development. It is a widely used method when developing groups of
related software. With an SPL approach, the development of a software product
is quicker, less expensive and of higher quality than a one-off development since
much effort is re-used. However, this approach is not common in formal methods
development, which is generally high cost and time consuming, yet crucial in
the development of critical systems. With the increase of more complex critical
systems, it becomes more important to apply formal methods to the development
cycle, and we propose a method that allows the application of SPL development
techniques to formal methods. This results in faster and cheaper development of
formal systems.
Our method combines Event-B [1] and feature models [2]. A feature in a
feature model represents a requirement of the product family and is formally
described in Event-B using special feature modelling patterns. A feature repre-
sented in Event-B is referred to as component. We develop composition rules,
which allow components to be composed. Special composition proof obligations
allow the verification of the composition.
The feature model is formed by features which may be associated with Event-
B components. A subset of features from the feature model can be selected to
form a feature model instance, thereby selecting several of these Event-B com-
ponents. These components are composed pair-wise, and composition POs can
be discharged to prove properties and to ensure consistency of the composition.
The final Event-B machine represents the formal specification which is associated
with the feature model instance and is obtained by composing these components.
The motivation of our work is to allow product line development for critical
systems. We use traditional product line methods, i.e. feature modelling, and
link it with the formal method Event-B.
Future work is focussed on amending feature diagrams to reflect Event-B
components more precisely. Refinement patterns will also be addressed.
Jennifer Sorgejhs06r@ecs.soton.ac.ukMichael Poppletonmrp@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2010-01-27T17:25:49Z2010-01-27T17:25:49Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/194This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1942010-01-27T17:25:49ZA Refinement-Based Correctness Proof of Symmetry Reduced Model CheckingEdd TurnerMichael ButlerMichael Leuschel2011-01-31T17:19:32Z2011-01-31T17:19:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/284This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2842011-01-31T17:19:32ZAI4FM: A New Project Seeking Challenges!Gudmund GrovCliff B. Jones2011-02-10T13:56:46Z2011-02-10T13:56:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/277This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2772011-02-10T13:56:46ZAI4FM: A New Project Seeking Challenges!Gudmund GrovCliff B. Jones2010-07-08T09:48:34Z2010-07-18T22:51:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/236This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2362010-07-08T09:48:34ZAn Approach of Requirements Tracing in Formal Refinement
Formal modeling of computing systems yields models that are intended to be correct with respect to the requirements that have been formalized.
The complexity of typical computing systems can be addressed by formal refinement introducing all the necessary details piecemeal.
We report on preliminary results that we have obtained for tracing informal natural-language requirements into formal models across refinement levels.
The approach uses the WRSPM reference model for requirements modeling, and Event-B for formal modeling and formal refinement.
The combined use of WRSPM and Event-B is facilitated by the rudimentary refinement notion of WRSPM,
which provides the foundation for tracing requirements to formal refinements.
We assume that requirements are evolving, meaning that we have to cope with frequent changes of the requirements model and the formal model.
Our approach is capable of dealing with frequent changes, making use of corresponding techniques already built into the Event-B method.Michael Jastrammichael@jastram.deStefan Hallerstedesth@ecs.soton.ac.ukMichael Leuschelleuschel@cs.uni-duesseldorf.deAryldo G Russo Jragrj@aes.com.br2010-02-04T10:31:55Z2010-02-04T10:31:55Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/202This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2022010-02-04T10:31:55ZAn EMF Framework for Event-BThe Rodin platform for Event-B formal modelling is based on a bespoke model repository. While this approach has some advantages it also means that the platform does not benefit from the host of emerging technologies and supporting packages that are freely available for open source modelling frameworks. The Eclipse Modelling Framework (EMF) has emerged as the de-facto standard package upon which to build any Eclipse based modelling tool. In order to make this support available for our Rodin tools we have now engineered a front-end EMF based representation of Event-B. Colin SnookFabian FritzAlexei Illisaov2010-03-22T10:47:57Z2010-04-19T15:06:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/213This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2132010-03-22T10:47:57ZAn Event-B model of the Attitude and Orbit Control SystemAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fi2011-02-24T08:59:48Z2011-02-24T08:59:48Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/295This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2952011-02-24T08:59:48ZApplying Event-B Atomicity Decomposition to a Multi Media ProtocolAsieh Salehi FathabadiMichael Butler2011-09-04T11:57:15Z2011-09-04T11:57:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/325This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3252011-09-04T11:57:15ZAugmenting Formal Development of Control Systems with Quantitative Reliability Assessment
Anton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2010-08-18T12:01:24Z2010-08-22T14:54:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/242This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2422010-08-18T12:01:24ZCollaborative Modelling and Co-simulation in the Development of Dependable Embedded SystemsThis paper presents initial results of research aimed at developing methods and tools for multidisciplinary collaborative development of dependable embedded systems. We focus on the construction and analysis by co-simulation of formal models that combine discrete-event specifications of computer-based controllers with continuous-time models of the environment with which they interact. Basic concepts of collaborative modelling and co-simulation are presented. A pragmatic realisation using the VDM and Bond Graph formalisms is described and illustrated by means of an example, which includes the modelling of both normal and faulty behaviour. Consideration of a larger-scale example from the personal transportation domain suggests the forms of support needed to explore the design space of collaborative models. Based on experience so far, challenges for future research in this area are identified.John S. Fitzgeraldjohn.fitzgerald@ncl.ac.ukPeter Gorm Larsenpgl@iha.dkKen G Piercek.g.pierce@ncl.ac.ukMarcel VerhoefMarcel.Verhoef@CHESS.NLSune Wolffswo@iha.dk2010-06-28T08:16:12Z2010-06-28T08:16:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/231This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2312010-06-28T08:16:12ZComparison of the AADL and Event-B
Model-Based Tool Chains for Designing
Embedded SystemsThis paper compares two model-based tool chains support-
ing the design of embedded systems. The first one relies on an architecture description language called AADL (Architecture Analysis and Design Language) specially targeting embedded system. The second one is based on a generic notation for system modelling called Event-B which is being deployed in the design of embedded systems, e.g. in the transportation sector. A number of tools supporting similar activities arehighlighted as well as the impact of the characteristics of the respective underlying languages on the global design activity.Christophe Ponsardcp@cetic.beRenaud De Landtsheerrdl@cetic.be2010-02-01T13:06:24Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/200This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2002010-02-01T13:06:24ZDecomposition Tool for Event-BTwo methods have been identified for Event-B model decomposition: shared variable and shared event. The purpose of this paper is to introduce the two approaches and the respective tool support in the Rodin platform. Besides alleviating the complexity for large systems and respective proofs, decomposition allows team development in parallel over the same model which is very attractive in the industrial environment.Renato SilvaCarine PascalT. Son HoangMichael Butler2010-01-03T13:06:18Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/167This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1672010-01-03T13:06:18ZDEPLOY Satellite (an Attitude and Orbit Control System) Specification, Version 15An executable "DEPLOY Satellite" specification in the form of Ada source code that has statement numbering comments. The presence of statement numbering comments is the only difference with respect to http://deploy-eprints.ecs.soton.ac.uk/166/.Pauli VäisänenPauli.Vaisanen@ssf.fiKimmo Varpaaniemi2010-01-03T12:42:29Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/166This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1662010-01-03T12:42:29ZDEPLOY Satellite (an Attitude and Orbit Control System) Specification, Version 15 without statement numberingAn executable "DEPLOY Satellite" specification in the form of Ada source code without any statement numbering comment. The absence of statement numbering comments is the only difference with respect to http://deploy-eprints.ecs.soton.ac.uk/167/.Pauli VäisänenPauli.Vaisanen@ssf.fiKimmo Varpaaniemi2011-07-01T10:55:19Z2011-07-01T10:55:19Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/314This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3142011-07-01T10:55:19ZDEPLOY Training Evaluation DocumentEvaluation of the effort needed for an engineer with no experience in formal methods to become a competent user of Event-B. A full report for what was presented in the DEPLOY Plenary Meeting in Zürich.Tuomas RäsänenLaura Nummila2010-12-16T19:11:10Z2011-06-10T10:05:07Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/266This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2662010-12-16T19:11:10ZDEPLOY Work Package 3 Attitude and Orbit Control System
Software Requirements Document (DEP-RP-SSF-R-005, Issue 1.0)This Software Requirements Document (SRD) identifies and documents the requirements of the
DEPLOY Work Package 3 (WP3) Attitude and Orbit Control System (AOCS) Software (SW).Kimmo Varpaaniemi2011-02-16T14:27:09Z2011-02-18T15:29:14Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/285This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2852011-02-16T14:27:09ZDeveloping a Consensus Algorithm using Stepwise RefinementWe give a formal development and proof of a known consensus algorithm using stepwise refinement. We begin with an abstract specification of the intended result of the algorithm. The algorithm is developed and proved correct over a number of refinement steps. The proof of correctness is performed concurrently with the development. The development and proof make use of key fault and failure assumptions. The stepwise refinement approach allows us to introduce and prove each property at the most appropriate stage in the development, before detail irrelevant to that property has been added to the model.
Finally we introduce an abstract model of a possible network on which
the algorithm could be executed.Jeremy W. Bryansjeremy.bryans@ncl.ac.uk2010-07-14T13:04:50Z2010-07-14T13:13:09Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/240This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2402010-07-14T13:04:50ZDeveloping Mode-Rich Satellite Software by Refinement in Event BTo ensure dependability of on-board satellite systems, the
designers should, in particular, guarantee correct implementation of the mode transition scheme, i.e., ensure that the states of the system components are consistent with the global system mode. However, there is still a lack of scalable approaches to formal verification of correctness of complex mode transitions. In this paper we present a formal development of an Attitude and Orbit Control System (AOCS) undertaken within the ICT DEPLOY project. AOCS is a complex mode-rich system, which has an intricate mode-transition scheme. We show that re�finement in Event B provides the engineers with a scalable formal technique that enables both development of mode-rich systems and proof-based verification of their mode consistency.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiDubravka IlicTimo Latvala2012-07-09T14:38:34Z2012-07-09T14:39:51Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/417This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4172012-07-09T14:38:34ZDevelopment of Rabin's Choice Coordination algorithm in Event-BEmre YilmazThai Son Hoanghtson@inf.ethz.ch2010-11-29T11:54:15Z2010-11-29T11:54:15Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/257This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2572010-11-29T11:54:15ZElucidating concurrent algorithms via layers of abstraction and reificationCliff B. JonesKen G. Pierce2010-03-08T17:12:38Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/209This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2092010-03-08T17:12:38ZEvaluation of a Guideline by Formal Modelling of Cruise Control System in Event-B Sanaz YeganefardMichael ButlerAbdolbaghi Rezazadeh2010-02-05T10:39:21Z2010-02-05T10:39:21Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/206This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2062010-02-05T10:39:21ZEvent-B Decomposition for Parallel ProgramsWe present here a case study developing a parallel program. The approach that we use combines refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to separate the resulting model into sub-models for different processes. These sub-models are later independently developed using refinement. Our approach aids the understanding of parallel programs and reduces the complexity in their proofs of correctness.Thai Son Hoanghtson@inf.ethz.chJean-Raymond Abrialjabrial@inf.ethz.ch2010-09-23T16:32:37Z2010-09-23T16:33:13Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/244This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2442010-09-23T16:32:37ZEvent-B Project BepiColombo_Models_v6.4A very limited model of BepiColombo SIXS/MIXS on-board software requirements. A part of an experiment on using Rodin Platform 1.3.1 with Modularisation Plugin 1.2.9.201008190448.Kimmo Varpaaniemi2010-01-03T13:18:28Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/168This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1682010-01-03T13:18:28ZEvent-B Project DepSatSpec015Model000An Event-B model of "DEPLOY Satellite (an Attitude and Orbit Control System) Specification, Version 15" (http://deploy-eprints.ecs.soton.ac.uk/167/). This model is complete with respect to events but has only a few of the invariants discounted in the source code.Kimmo Varpaaniemi2012-07-23T10:18:12Z2012-07-23T10:18:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/430This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4302012-07-23T10:18:12ZFeature-Oriented Modelling Using Event-BEvent-B is a formal method for specification and verification of reactive systems. Its Rodin toolkit provides comprehensive support for modelling, refinement and analysis using theorem proving, animation and model checking. There has always been a need to reuse existing models and their associated proofs when modelling related systems to save time and effort. Software product lines (SPLs) focus on the problem of reuse by providing ways to build software products having commonalities and managing variations within products of the same family. Feature modelling is a well know technique to manage variability and configure products within the SPLs. We have combined the two approaches to formally specify SPLs using Event-B. This will contribute the concept of formalism to SPLs and re-usability to Event-B. Existing feature modelling notations were adapted and extended to include refinement mechanism of Event-B. An Eclipse-based graphical feature modelling tool has been developed as a plug-in to the Rodin platform. We have modelled the `production cell' case-study in Event-B, an industrial metal processing plant, which has previously been specified in a number of formalisms. We have also highlighted future directions based on our experience with this framework so far. Ali GondalMike PoppletonMichael ButlerColin Snook2010-07-12T08:22:17Z2010-07-12T08:22:17Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/237This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2372010-07-12T08:22:17ZFormal Analysis of BPMN Models using Event-B The use of business process models has gone far beyond documentation
purposes. In the development of business applications, they can play
the role of an artifact on which high level properties can be
verified and design errors can be revealed in an effort to reduce
overhead at later software development and diagnosis stages. This
paper demonstrates how formal verification may add value to the
specification, design and development of business process models in
an industrial setting. The analysis of these models is achieved via
an algorithmic translation from the de-facto standard business
process modeling language BPMN to Event-B, a widely used formal
language supported by the Rodin platform which offers a range of
simulation and verification technologies.Jeremy BryansJeremy.Bryans@ncl.ac.ukWei Wei wei01.wei@sap.com2010-10-21T10:03:34Z2010-10-21T10:05:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/248This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2482010-10-21T10:03:34ZFormal Analysis of BPMN Models Using Event-BJeremy W. Bryansjeremy.bryans@ncl.ac.ukWei Wei wei01.wei@sap.com2010-01-12T10:11:34Z2010-11-27T16:28:08Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/183This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1832010-01-12T10:11:34ZFrom problem frames to HJJCliff B JonesCliff.Jones@ncl.ac.uk2010-06-01T11:07:02Z2010-06-01T11:07:02Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/228This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2282010-06-01T11:07:02ZHow to Interpret Failed Proofs in Event-BIn formal reasoning, modelling and proving activities are closely related. Models give rise to different proof obligations and information about failed proofs gives indications on how models should be improved. This document is an attempt to address the latter issue: to understand how to deal with unprovable obligations. We consider here proof obligations related to invariant preservation of an Event-B model: firstly, to understand the meaning of the proof obligations; secondly, to analyse various ways to fix the model accordingly. Our analysis is based on the concept of reachable states and inductive invariants.
Keywords: Event-B, invariant, inductive invariant, proof obligations, modelling and proving. Thai Son Hoanghtson@inf.ethz.ch2011-01-31T17:19:04Z2011-01-31T17:19:04Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/280This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2802011-01-31T17:19:04ZIdeas for a high-level proof strategy languageCliff B. JonesGudmund GrovAlan Bundy2011-02-03T09:41:40Z2011-02-03T09:41:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/276This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2762011-02-03T09:41:40ZIdeas for a high-level proof strategy languageCliff B. JonesGudmund GrovAlan Bundy2011-01-31T17:20:26Z2011-01-31T17:20:26Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/270This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2702011-01-31T17:20:26ZImproving Testing of Enterprise Systems by Model-based Testing on Graphical User InterfacesSoftware development and testing of Enterprise Resource Planning (ERP) systems demands dedicated methods to tackle its special features. As manual testing is not able to systematically test ERP systems due to the involved complexity, an efficient testing approach should be automatic. Since the underlying business processes of enterprise systems are realized at the level of the user interface (UI), system level testing is the dominant testing approach. The recent architectural shift to service-based enterprise systems demands to apply blackbox testing techniques. Model-based testing is a method that enables a high degree of automation for black-box testing, but the current research and practice usually does not address the UI. In this paper we describe the state of the art and state of the practice in order to motivate further research activities in this area.Sebastian WieczorekAlin Stefanescu2010-11-29T11:55:36Z2010-12-09T15:37:47Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/254This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2542010-11-29T11:55:36ZInsight, inspiration and collaborationC.B. JonesA.W. Roscoe2011-02-10T13:57:52Z2011-02-10T13:57:52Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/279This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2792011-02-10T13:57:52ZLearning from an expert's proof: AI4FMLeo FreitasCliff B. Jones2010-10-27T13:00:06Z2010-10-27T13:00:06Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/251This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2512010-10-27T13:00:06ZMathematical Extension in Event-B through the Rodin Theory Component Michael Butlermjb@ecs.soton.ac.ukIssam Maamria2011-01-31T17:20:28Z2011-01-31T17:20:28Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/269This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2692011-01-31T17:20:28ZModel-based testing in the enterprise software domain - past and future initiativesThe testing of enterprise software poses various challenges that require a lot of
effort using classical testing approaches. Model-based testing (MBT) showed its potential to improve this on several dimensions including better coverage and increased productivity both on system integration and UI-based scenario testing. In this talk we describe SAP’s recent history of MBT initiatives. A special focus is put on the identified industrial challenges, future directions inside SAP, and proposals for a global alignment of industry and academia.Sebastian WieczorekAlin Stefanescu2011-01-31T17:20:23Z2011-01-31T17:20:23Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/272This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2722011-01-31T17:20:23ZModel-driven Service Integration Testing - A Case StudyThis paper presents a case study for the modeling and model-based testing (MBT) of enterprise service choreographies. Our proposed MBT approach uses poprietary models called Message Choreography Models (MCM) as test models. The case study illustrates how MCM-based service integration testing allows to formalize design decisions and enables full integration into an existing industrial test infrastructure by using the concepts of domain specific languages and model transformations. Further, the MBT tools integrated into the testing framework have been compared based on one concrete use case.Sebastian WieczorekAlin StefanescuAndreas Roth2010-01-27T17:22:14Z2010-01-27T17:22:14Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/192This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1922010-01-27T17:22:14ZOn an Extensible Rule-based Prover for Event-BEvent-B is a formalism for discrete system modelling. The Rodin platform provides a toolset to carry out specification, refinement and proof in Event-B. The importance of proofs as part of formal modelling cannot be emphasised enough, and as such, it is imperative to provide effective tool support for it. An important aspect of this support is the extensibility of the prover, and more pressingly, how its soundness is preserved while allowing extensibility. Rodin has a limited support for adding rules as this requires (a) a deep understanding of the internal architecture and (b) knowledge of the Java language. Our approach attempts to provide support for user-defined proof rules. We initially focus on supporting rewrite rules to enhance the rewriting capabilities of Rodin. To achieve this objective, we introduce a theory construct distinct from contexts and machines. The theory construct provides a platform for the users to define rewrite rules both conditional and unconditional. As part of rule definition, users decide whether the rule is to be applied automatically or interactively. Each defined rule gives rise to proof obligations that serve to verify its conservativity. In this respect, it is required that validity and well-definedness are preserved by rules. After the conservativity of all rules contained in a theory is established, the theory can then be deployed and available to the proving activity. In order to apply rewrite rules, it is necessary to single out applicable rules to any given sequent. This is achieved through a pattern matching mechanism which is implemented as an extension to Rodin. Our approach has two advantages. Firstly, it offers a uniform mechanism to add proof rule without the need to write Java code. Secondly, it provides a means to verify added rules using proof obligations. Our work is still in progress, and research has to be carried out to (a) cover a larger set of rewrite and inference rules, and (b) provide guidelines to help the theory developer with deciding whether a given rule should be applied automatically. Issam MaamriaMichael ButlerAndrew EdmundsAbdolbaghi Rezazadeh2010-11-12T08:53:11Z2010-11-12T08:53:11Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/253This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2532010-11-12T08:53:11ZOn Fault Tolerance Reuse during RefinementComplex modern applications have to be developed to be dependable to meet their requirements and expectations of their users. An important part of this is their ability to deal with various threats (such as faults in the system environment, operator's mistakes, underlying hardware and software support problems). Development of modern applications is complicated by the need for systematic and rigorous integration of fault tolerance measures. The paper focuses on reuse of fault tolerance modelling. First, it introduces the idea of general modelling templates reflecting abstract views on system behaviour with respect to faults. These templates are used during system detalisation (re�finement) to capture the user's view on system external behaviour. Secondly, it proposes to use a library of concrete modelling patterns allowing developers to systematically integrate speci�c fault tolerance mechanisms (e.g. recovery blocks, checkpoints, exception handling) into the models. The proposed solutions are linked to the Event-B method and demonstrated using a case study.Ilya LopatkinIlya.Lopatkin@newcastle.ac.ukAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2010-02-16T12:51:17Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/207This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2072010-02-16T12:51:17ZPatterns for Modelling Time and Consistency in Business Information SystemsMaintaining semantic consistency of data is a significant problem in distributed information systems, particularly those on which a business may depend. Our current work aims to use Event-B and the Rodin tools to support the specification and design of such systems in a way that integrates well into existing development processes. This paper presents Event-B patterns that may be used to represent recovery from timebounded inconsistency and illustrates their use in a model derived from industrial applications.Jeremy W. Bryansjeremy.bryans@ncl.ac.ukJohn S. Fitzgeraldjohn.fitzgerald@ncl.ac.ukAlexander Romanovskyalexander.romanovsky@ncl.ac.ukA. Roth2010-12-03T11:16:09Z2010-12-09T15:37:03Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/259This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2592010-12-03T11:16:09ZPatterns for Refinement AutomationFormal modelling is indispensable for engineering highly dependable systems. However, a wider acceptance of formal methods is hindered by their insufficient usability and scalability. In this paper, we aim at assisting developers in rigorous modelling and design by increasing automation of development steps. We introduce a notion of refinement patterns – generic representations of typical correctness-preserving model transformations. Our definition of a refinement pattern contains a description of syntactic model transformations, as well as the pattern applicability conditions and proof obligations for verifying correctness preservation. This work establishes a basis for building a tool that would support formal system development via pattern reuse and instantiation. We present a prototype of such a tool and some examples of refinement patterns for automated development in the Event B formalism.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-01-31T17:20:19Z2011-01-31T17:20:19Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/273This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2732011-01-31T17:20:19ZProc. of 3rd Workshop on Model-based Testing in Practice (MOTIP'10)2010-10-26T06:07:54Z2010-10-26T06:07:54Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/245This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2452010-10-26T06:07:54ZProR, an Open Source Platform for Requirements Engineering based on RIFProper tool support in requirements engineering is important. A number of proprietary solutions are available in the market place, but few open solutions, and none that are widespread at this time. In this paper, we introduce ProR, an open platform for requirements engineering.
The project was initiated by the EU FP7 Project ``Deploy'', which has the goal to make major advances in engineering methods for dependable systems through the deployment of formal engineering methods. Rather than building a project-specific solution, we decided to develop an extensible, general purpose platform.
We based the tool's data model on the Requirements Interchange Format (RIF / ReqIF), a standard driven by the automotive industry. This gives us interoperability with a number of existing tools. The tool is based on the Eclipse Platform and uses the Eclipse Modeling Framework (EMF). We managed to establish a cooperation with the ITEA-Project ``Verde'', which supplied the implementation of the RIF data model.
In this paper, we will introduce the tool, describe its architecture, and present a small case study. ProR is still under development, and we welcome contributors and are very interested in potential users to validate our approach. Please visit www.pror.org for more information, and to download the current development version.Michael Jastrammichael@jastram.de2010-01-27T17:24:07Z2010-01-27T17:24:07Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/193This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1932010-01-27T17:24:07ZReasoned Modelling Critics: Turning Failed Proofs into Modelling GuidanceAndrew IrelandGudmund GrovMichael Butler2010-11-29T11:54:32Z2010-11-29T11:54:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/256This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2562010-11-29T11:54:32ZReflections on the work of C.A.R. Hoare2011-01-31T17:20:14Z2011-01-31T17:22:36Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/275This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2752011-01-31T17:20:14ZReflections on the work of C.A.R. HoareCliff B. JonesCliff.Jones@ncl.ac.ukA.W. RoscoeKenneth R. Wood2011-02-24T08:57:09Z2011-02-24T08:57:09Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/294This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2942011-02-24T08:57:09ZRewriting and Well-Definedness within a Proof System Issam MaamriaMichael Butler2010-12-22T15:10:08Z2010-12-22T15:10:08Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/267This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2672010-12-22T15:10:08ZRodin: An Open Toolset for Modelling and Reasoning in Event-BEvent-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods. Jean-Raymond AbrialMichael ButlerStefan HallerstedeThai Son HoangFarhad MehtaLaurent Voisin2011-01-31T17:19:22Z2011-01-31T17:19:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/281This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2812011-01-31T17:19:22ZSemantic Models for a Logic of Partial FunctionsC. B. JonesM. J. Lovert2012-05-16T08:21:11Z2012-05-18T14:16:58Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/399This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3992012-05-16T08:21:11ZShared Event Composition/Decomposition in Event-BThe construction of specifications is often a combination of smaller sub-components. Composition and decomposition are techniques that support reuse and allow us to formally combine sub-components through refinement steps while reusing their properties. Sub-components can result from a design or architectural goal and a refinement framework should allow further parallel development over the sub-components. We propose the definition of composition and decomposition in the Event-B formalism following a shared event approach where sub-components interact via synchronisation over shared events and shared states are not allow. We define the necessary proof obligations to ensure a valid composition or decomposition. We also show that shared event composition preserves refinement proofs for sub-components, that is, in order to maintain refinement of compositions, it is sufficient to prove refinement between corresponding subcomponents. A case study applying these two techniques is illustrated using Rodin, the Event-B toolset.Renato Silvaras07r@ecs.soton.ac.ukMichael Butlermjb@ecs.soton.ac.uk2010-12-15T16:59:46Z2010-12-15T16:59:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/264This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2642010-12-15T16:59:46ZSlides on Event-B used for Deploy Associate TrainingMichael Butler2010-10-26T06:06:50Z2010-10-26T06:08:56Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/249This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2492010-10-26T06:06:50ZSpecification Metrics for Event-B DevelopmentsIn this paper we define several metrics for Event-B specifications in order to as-sess the maintainability of a rigorous system in its early development stage. We perform measurements of physical features of the specification. Moreover, we derive metrics like difficulty of constructing a specification or effort needed for its creation. The specification is investigated in the perspective of its syntactical characteristics. We base our metrics on the Event-B language primitives, namely operators and operands that we regard meaningful for our measurement model. We also use statistics about proof obligations in our metrics, as we consider the proving activity as a vital element in the process of creating a specification.
Presented metrics are applied to a number of Event-B specifications, both their dynamic and static parts. They are examined in order to empirically con-firm appropriateness for management purposes. Obtained results are analysed in a perspective of an abstract specification and its consecutive refinements.Marta Olszewskamplaska@abo.fiKaisa SereKaisa.Sere@abo.fi2011-01-31T17:19:46Z2011-01-31T17:19:46Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/282This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2822011-01-31T17:19:46ZSplitting Atoms with Rely/Guarantee Conditions Coupled with Data ReificationC. B. JonesK. G. Pierce2010-03-19T10:47:28Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/211This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2112010-03-19T10:47:28ZStarting B Specifications from Use CasesThe B method is gaining visibility in formal methods com- munity due to excellent support for refinement. However, the traceability between the requirements and the formal model is still an issue of this method. On the other hand, use cases have become the informal industry standard for mapping functional requirements, describing the system's behavior using natural language. In this paper we show how controlled use cases can be used as a guideline for starting B specifications. In other words, our approach presents how a transaction, which is defined as an atomic part of the use case scenario, can be mapped as a B operation, providing a practical way to establish traceability between functional re- quirements and formal models.Aryldo G Russo Jragrj@aes.com.brThiago de Sousa2010-01-11T08:48:50Z2010-04-19T15:05:59Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/172This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1722010-01-11T08:48:50ZSupporting Reuse in Event B Development: Modularisation Approach
Recently, Space Systems Finland has undertaken formal Event B development of a part of on-board software for the BepiColombo space mission. As a result, lack of modularization mechanisms in Event B has been identified as a serious obstacle to scalability. One of the main benifits of modularization is that it allows us to decompose system models into components that can be independently developed. It also helps to manage complexity of models that in the industrial setting are usually very large and difficult to comprehend. On the other hand, modularization enables reuse of formally developed components in the formal product line development. In this paper we propose a conservative extension of Event B formalism to support modularization. We demonstrate how our approach can support reuse in the formal development in the space domain.
Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiDubravka IlicTimo Latvala2010-03-22T15:47:25Z2010-04-19T15:06:01Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/214This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2142010-03-22T15:47:25ZSystem Architecture, Dependability and ModesThe mode, defining the specific type of functional behaviour that a system exhibits during its operation, is an
important architectural level concept, which has a significant impact on system design, verification and dependability. The notions of modes and mode changes are widely used by the industrial engineers to structure reasoning about different conditions of system functioning. Even though there has been some work on developing modal systems, we still lack a general understanding of how to architect, verify and ensure dependability of such systems. In our work we rely on formal modelling and verification to study intricate relationships between fault tolerance, operation modes and architectural design.Linas LaibinisLinas.Laibinis@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Alexander Romanovskyalexander.romanovsky@ncl.ac.uk2011-02-10T13:57:22Z2011-02-10T13:57:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/278This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2782011-02-10T13:57:22ZThe AI4FM approach for automation within formal methodsGudmund GrovAlan BundyCliff B. JonesAndrew Ireland2010-11-29T11:55:32Z2010-12-09T15:37:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/255This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2552010-11-29T11:55:32ZThe role of auxiliary variables in the formal development of concurrent programsC. B. Jones2012-07-23T10:20:34Z2012-07-23T10:20:34Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/431This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/4312012-07-23T10:20:34ZTIMING DIAGRAMS REQUIREMENTS MODELING USING EVENT-B FORMAL METHODS Timing diagrams provide an intuitive graphical specification for time constraints and causal dependencies between a system?s objects. Such a view can provide useful insight during Requirements Engineering (RE). Formal Modeling techniques allow abstract system level models to be explored in revealing detail and provide feedback via verification and validation methods such as proofs of consistency, model checking and animation. Here, we bring these two modelling approaches together. In particular we present techniques to extend a graphical modeling capability for formal modeling into the real-time domain by developing a Timing diagram view for the Event-B formal method and its graphical front-end, UML-B. Translation schemes to Event-B and UML-B are proposed and presented. A case study of a lift system is used to demonstrate the translation in practice.Tossaporn JoochimColin SnookMike PoppletonAndrew Gravell2010-02-01T09:32:10Z2010-04-19T15:06:00Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/197This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/1972010-02-01T09:32:10ZTool Support for Event-B Code GenerationThe Event-B method is a formal approach to modelling systems, using refinement. Initial specification is done at a high level of abstraction; detail is added in refinement steps as the development proceeds toward implementation. In previous work we developed an approach to bridge the gap between abstract specifications and implementations using an implementation level specification notation. In this paper we present details of the tool support for our notation and some of our experiences using the tool.Andrew EdmundsMichael Butler2010-10-26T06:06:20Z2010-10-26T06:06:20Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/250This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2502010-10-26T06:06:20ZTowards Event-B Specification MetricsIn this paper we describe our ongoing research on Event-B specification metrics. We focus on the physical features of specification, such as its vocabulary or length for the Event-B machines. We base our metrics on the syntactic properties of the Event-B language, namely operators and operands that we consider meaningful for our measurement model. Presented metrics are applied for a number of Event-B machines. Obtained results can be analysed in a perspective of an abstract machine and its refinements.Marta Olszewskamplaska@abo.fiKaisa SereKaisa.Sere@abo.fi2011-09-04T11:57:40Z2011-09-04T11:57:40Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/327This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/3272011-09-04T11:57:40ZTowards Probabilistic Modelling in Event-BAnton TarasyukAnton.Tarasyuk@abo.fiElena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fi2010-12-07T14:23:11Z2010-12-09T15:36:32Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/261This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2612010-12-07T14:23:11ZTutorial on the Flow plugin for Event-BAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-12-07T14:29:00Z2010-12-09T15:36:12Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/263This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2632010-12-07T14:29:00ZTutorial on the modularization plugin for Event-BAlexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>2010-07-14T12:58:15Z2010-07-14T13:14:22Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/239This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2392010-07-14T12:58:15ZVerifying Mode Consistency for On-Board Satellite SoftwareSpace satellites are examples of complex embedded systems.
Dynamic behaviour of such systems is typically described in terms of operational modes that correspond to the different stages of a mission and states of the components. Components are susceptible to various faults that complicate the mode transition scheme. Yet the success of a mission depends on the correct implementation of mode changes. In this paper we propose a formal approach that ensures consistency of mode changes while developing a system architecture by refinement. The approach relies on recursive application of modelling and refinement patterns that enforce correctness while implementing the mode transition scheme. The proposed approach is exemplified by the development of an Attitude and Orbit Control System undertaken within the ICT DEPLOY project.Alexei Iliasov"Alexei Iliasov" <Alexei.Iliasov@newcastle.ac.uk>Elena TroubitsynaElena.Troubitsyna@abo.fiLinas LaibinisLinas.Laibinis@abo.fiAlexander Romanovskyalexander.romanovsky@ncl.ac.ukKimmo VarpaaniemiPauli VäisänenPauli.Vaisanen@ssf.fiDubravka IlicTimo Latvala2011-01-31T17:19:39Z2011-01-31T17:19:39Zhttp://deploy-eprints.ecs.soton.ac.uk/id/eprint/283This item is in the repository with the URL: http://deploy-eprints.ecs.soton.ac.uk/id/eprint/2832011-01-31T17:19:39ZWhat Can the pi-calculus Tell Us About the Mondex Purse System?C. B. JonesK. G. Pierce