About
111
Publications
14,293
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
8,811
Citations
Publications
Publications (111)
This paper presents a solution to the ABZ-2018 case study.
Existing implementations of dynamic memory allocators (DMA) employ a large spectrum of policies and techniques. The formal specifications of these techniques are quite complicated in isolation and very complex when combined. Therefore, the formal reasoning on a specific DMA implementation is difficult for automatic tools and mostly single-use. This...
For many years, I have been interested in introducing students to the development of complex systems by means of modelling and refinement. To this end, I did not find anything better than presenting many examples of system developments. However, I figured out that my examples were not explicit enough on how (mechanical) proofs are performed. So, be...
This paper contains the informal presentation of a well known theorem on planar graphs: the theorem of Kuratowski (1930). This study is supposed to serve as an example for the proposed new discipline of Mathematical Engineering. The intend if this discipline is to show to informaticians, by means of examples, that there must exist important connect...
This paper describes the modeling, done using the Event-B notation, of the aircraft landing gear case study that is proposed in a special track of the ABZ'2014 Conference. In the course of our development, we discovered some problems in our initial modeling approach. This has led us to propose a second approach and then a third one. Each approach i...
We outline an approach to modelling and reasoning about hybrid systems with the Event-B method supported by the Rodin toolset. The approach uses continuous functions over real intervals to model the evolution of continuous values over time. Nondeterministic interval events are used to specify how continuous variables evolve within an operating mode...
This paper contains the development of hybrid systems with Event-B and the Rodin Platform. It follows the seminal approach introduced at the turn of the century in Action Systems. Many examples that have been entirely proved with the Rodin Platform illustrate our approach. We propose to complement the Event-B/Rodin Platform approach with the usage...
In this talk, we give an historical account of the development of the Rodin Platform during the last 10 years.
The very first paper on Z [1] was published in 1980 (at the time, the name Z was not “invented”), then the book on the B method [2] was published in 1996, and, finally, the book on Event-B [3] was published in 2010. So, 30 years separate Z from Event-B. It is thus clear that I spent a significant time of my scientific professional life working with...
Event-B has given developers the opportunity to construct models of complex systems that are correct-by-construction. However, there is no systematic approach, especially in terms of reuse, which could help with the construction of these models. We introduce the notion of design patterns within the framework of Event-B to shorten this gap. Our appr...
The purpose of this paper is to present some set-theoretic models of computation. This topic and its usefulness are clearly related to those presented in the book by Hoare and He: "Unifying Theories of Programming" [12]. However, we prefer to use here the term "computation" to that of "programming" as our purpose is not so much to unify various way...
This paper contains a further contribution to the handling of hybrid systems as presented in [3]. This time we insist on the usage of multiple methodologies involving not only refinements and proofs as in Event-B and the Rodin Platform, but also Matlab simulation, Animation, and Invariant discovery. We believe that a successful understanding of hyb...
This paper contains the development of hybrid systems in Event-B and the Rodin Platform. It follows the seminal approach introduced at the turn of the century in Action Systems. Many examples illustrate our approach.
Event-B is a formal method which is widely used in modelling safety critical systems. So far, the main properties of interest in Event-B are safety related. Even though some liveness properties, e,g, termination, are already within the scope of Event-B, more general liveness properties, e.g. progress or persistence, are currently unsupported. We pr...
The main destination of this paper is the industrial milieu. We are concerned with the difficulties encountered by industrial developers who are willing to apply "new" approaches to software engineering (since they always face the same problem for years: how to develop safe software) but are in fact disappointed by what is proposed to them. We try...
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling to...
We present here a case study developing a parallel program. The approach that we use combines refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to split the re...
A practical text suitable for an introductory or advanced course in formal methods, this book presents a mathematical approach to modelling and designing systems using an extension of the B formal method: Event-B. Based on the idea of refinement, the author's systematic approach allows the user to construct models gradually and to facilitate a syst...
With our growing reliance on computers, the total societal costs of their failures are hard to underestimate. Nowadays computers control critical systems from various domains such as aerospace, automotive, railway, business etc. Obviously, such systems must have a high degree of dependability -- a degree of trust that can be justifiably placed on t...
Event-B has given developers the opportunity to construct models of complex systems which are correct by construction. However, there is no systematic approach, especially in terms of reusing, which could help with the construction of these models. We introduce the notion of design patterns within the framework of Event-B to shorten this gap. Our a...
We present a formal development in Event-B of a distributed topol- ogy discovery algorithm. Distributed topology discovery is at the core of several routing algorithms and is the problem of each node in a network discovering and maintaining information on the network topology. One of the key challenges is specifying the problem itself. Our specific...
This paper presents simple ideas that offer suggestions on how to improve the situation of computerized system development. Gradually introducing some simple features will eventually result in a global improvement in the software development.
We present a formal development in Event-B of a distributed topology discovery algorithm. Distributed topology discovery is at the core of several routing algorithms and is the problem of each node in a network discovering and maintaining information on the network topology. One of the key challenges is specifying the problem itself. Our specificat...
This Festschrift volume, published in honor of Egon Börger, contains 14 papers from a Dagstuhl Seminar, which was organized as a "Festkolloquium" on the occasion of his 60th birthday in May 2006. Focusing on applied formal methods, the volume covers a wide range of applied research, spanning from theoretical and methodological foundations to practi...
In this document we propose an approach to support user-defined
extension of the mathematical language and theory of Event-B.
The proposal consists of considering three kinds of extension:
- Extensions of set-theoretic expressions or predicates: example extensions of this kind consist of adding the transitive closure of relations or various order...
1 The Master and Dog Paradigm Topology discovery is a distributed algorithm that is at the core of several routing algorithms, such as link-state routing. It is the problem of each node in the network discovering and maintening information on the network topology. The problem is challenging as the network can change rapidly, indeed more rapidly tha...
We investigate the idea of developing access control systems in Event-B by specifying separately the "insecure" target system and the security authorisation, then combining them together in order to construct a secure system. This is based on the work by Basin et. al. [6] where the chosen language is CSP-OZ. Moreover, in order to verify the secure...
We present here a case study developing a parallel program. The ap-proach that we use combines refinement and decomposition techniques. This in-volves in the first step to abstractly specify the aim of the program, then sub-sequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to separate...
Event-B is a formalism used for specifying and reasoning about complex discrete systems. The Rodin platform is a new tool
for specification, refinement and proof in Event-B. In this paper, we present a verified model of a tree-structured file system
which was carried out using Event-B and the Rodin platform. The model is focused on basic functiona...
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a
modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical
proof to verify consistency between refinement levels.
Motivation. Formal Methods users are given sophisticated languages and tools for constructing models of complex systems. But quite often
they lack some systematic methodological approaches which could help them. The goal of introducing design patterns within formal methods is precisely to bridge this gap.
A design pattern is a general reusable sol...
Event-B is the name of a mathematical (set-theoretic) approach used to develop complex discrete systems, be they computerized or not.
The Rodin platform is an open tool set devoted to supporting the development of such systems. It contains a modeling database surrounded by
various plug-ins: static checker, proof obligation generator, provers, mode...
We argue that formal modeling should be the starting point for any serious development of computer systems. This claim poses a challenge for modeling: at first it must cope with the constraints and scale of serious developments. Only then it is a suitable starting point. We present three techniques, refinement, decomposition, and instantiation, tha...
This paper gives a tutorial introduction to the ideas behind system development using the B-Method. Properly handled, the crucial relationship between requirements and formal model leads to systems that are correct by construction. Some industrial successes are outlined.
We survey here the key objectives and the structure of the Dagstuhl Seminar 06191, which was organized as Festkolloquium on the occasion of Egon B{"o}rgerââ¬â¢s 60th birthday, in May 2006 in Schloss Dagstuhl, Germany. @InProceedings{abrial_et_al:DSP:2006:665, author = {Jean-Raymond Abrial and Uwe Gl{"a}sser}, title = {06191 Summary -- Rigorous M...
From 07.05.06 to 12.05.06, the Dagstuhl Seminar 06191 ``Rigorous Methods for Software Construction and Analysis'' was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presen...
We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal mod- elling of complex systems is a dicult task. Even when theorem provers improve further and get more powerful, modelling will remain dicult. The reason...
This roadmap describes ways that researchers in four areas — speci- fication languages, program generation, correctness by construction, and programming languages — might help further the goal of verified software. It also describes what advances the “verified software” grand challenge might anticipate or demand from work in these areas. That is, t...
The B-method is designed to provide a homogeneous language and a methodology for the formal specification, design and implementation of real-life software systems. Therefore, the features of incremental construction and proof have been guiding principles in its development. A full account of the B-method and its theoretical foundations is to appear...
This chapter presents the modelling of a software controller in charge of managing the movements of trains on a track network. Some methodological aspects of this development are emphasized: the preliminary informal presentation of the requirements, the careful definition of a refinement strategy, the attention payed to the precise mathematical def...
It is claimed, as a provocative thesis, that high level programming languages and corresponding compilers might not be the
right tools to be used to construct large reliable software systems. An alternative is proposed which is based on the concept
of a System Development Database.
Two real projects using the B formal method are quickly presented. They show how some important parts of complex systems can be developed in such a way that the outcome is "correct by construction". A number of factors are then analyzed relating the pros, the cons, and the difficulties in applying this approach in Industry.
This roadmap describes ways that researchers in four areas---specification languages, program generation, correctness by construction, and programming languages---might help further the goal of verified software. It also describes what advances the "verified software" grand challenge might anticipate or demand from work in these areas. That is, the...
Among the many opportunities offered by computational semantics for probability, the challenge of probabilistic Event B (pEB) is one of the most attractive.
The B method itself is now almost 20 years old, and has been much improved and adapted over that time by the many projects to which it has been applied, and by its philosophy —right from the s...
This paper contains a completely formal (and mechanically proved) development of some algorithms dealing with a linked list supposed to be shared by various processes. These algorithms are executed in a highly concurrent fashion by an unknown number of such indepen- dent processes. These algorithms have been first presented in (MS96) by M.M. Michae...
The B method is a means for specifying, designing and coding software systems. The long-awaited B Book is the standard reference for everything concerning this method. It contains the mathematical basis on which it is founded, the precise definitions of the notations used, and a large number of examples illustrating its use in practice. J.-R. Abria...
Among the many opportunities offered by computational semantics for probability, the challenge of probabilistic Event B (pEB) is one of the most attractive. The B method itself is now almost 20 years old, and has been much improved and adapted over that time by the many projects to which it has been applied, and by its philosophy - right from the s...
In this article, I present an "event approach" used to formally develop sequential programs. It is based on the formalism of Action Systems [6] (and Guarded Commands [7]), which is is interesting because it involves a large number of pointer manipulations.
In this article, we first briefly present a proof assistant called the Predicate Prover, which essentially offers two functionalities:
(1) an automatic semi-decision procedure for First Order Predicate Calculus, and (2) a systematic translation of statements
written within Set Theory into equivalent ones in First Order Predicate Calculus. We then s...
Graph algorithms and graph-theoretical problems provide a challenging battle field for the incremental development of proved models. The B event-based approach implements the incremental and proved development of abstract models which are translated into algorithms; we focus our methodology on the minimum spanning tree problem and on Prim’s algorit...
In this paper, I present some ideas and principles underlying the realization of a new project called B#. This project follows the main ideas and principles already at work in B, but it also follows a number of older concepts
developed in Z. In B#, the intent is to have a formal system to be used to model complex system in general, not only softwar...
. The IEEE 1394 tree identify protocol illustrates the adequacy of the event-driven approach used together with the B Method. This approach provides a complete framework for developing mathematical models of distributed
algorithms. A specific development is made of a series of more and more refined models. Each model is made of a number of
static p...
In this paper, our intention is to explore the notion of definition in formal theories and, in particular, that of conditional definitions. We are also interested in analyzingthe consequences of the latter on the structure of corresponding proof systems. Finally, we shall investigate the various ways such proof systems can be simplified.
In this paper, we investigate the possibility to mechanize the proof of some real complex mathematical theorems in B [1]. For this, we propose a little structure language which allows one to encode mathematical structures and their accompanying theorems. A little tool is also proposed, which
translates this language into B, so that Atelier B, the t...
Colloque avec actes et comité de lecture. internationale.
In this article, we shall illustrate the use of a certain formal technique for developing distributed algorithms. By \formal technique" we mean one consisting in: (1) describing rigorously the problem at hand, (2) elabo-rating gradually a solution to it, and (3) mechanically verifying that the proposed solution is correct. This technique uses a, so...
ication. The competition should focus on the feasibility of the methods for programming complex (in particular distributed embedded) systems under industrial constraints. We thought about a workshop with the goal of bringing together { researchers representing the major formal methods and { representative potential industrial users of such methods...
In B, the expression of dynamic constraints is notoriously missing. In this paper, we make various proposals for introducing them.
They all express, in different complementary ways, how a system is allowed to evolve. Such descriptions are independent of
the proposed evolutions of the system, which are defined, as usual, by means of a number of oper...
We propose a formal technique of protocol specification and design by successive refinements. The key idea is that the protocol is first specified in a time-less fashion by concentrating its intended behavior on one step only, all other steps being just void: in other words, time does not exist yet and, of course, no distribution can take place bet...
This book, with the CD-ROM included, is the documentation of a unique collaborative effort in evaluating formal methods for usage under industrial constraints: the major techniques for formally supported specification, design, and verification of large programs and complex systems are applied to a non-trivial and non-academic problem which is typic...
Although we have in mind a particular approach of software construction which we have been developing and using for some years, our intention is not to describe a specific method here, it is only to give a number of guidelines and rules of thumb that we re-discover little by little and which can be used, we think, whatever the technical environment...
In this paper, we develop with great details a classical little example1 of refinement from initial specification down to final code. We insist on a few methodological points among which are the following:
the importance of a sound mathematical preamble,
the systematic usage of data refinement steps based on clear and intuitive technical decisions,...
This paper contains a formal framework within which logic, set theory and programming are presented together. These elements can be presented together because, in this work, we no longer regard a (procedural) programming notation (such as PASCAL) as a notation for expressing a computation; rather, we regard it as a mere extension to the conventiona...
In my view, the most interesting aspect of this
experiment with prototypes is its implications for software engineering:
everyone talks about prototypes today, but is anyone really producing
any? Or, amongst those who do produce prototypes, ...
This paper contains a formal framework within which logic, set theory
and programming are presented together. These elements can be presented
together because, in this work, we no longer regard a (procedural)
programming notation (such as PASCAL) as a notation for expressing a
computation; rather, we regard it as a mere extension to the
conventiona...
This paper is an exercise in program construction using Mathematics as a tool. The program which we undertake the construction of is a General Purpose Proof Checker. It is ‘general purpose’ in that it may take as input the axiomatization of a formal theory together with a proof written with this theory. As output it delivers a result which tells us...
The main thesis of this paper is that the analysis of concurrent programs (i.e. their specifications, their proofs of correctness, deadlockfreeness, etc.), can be done by using methods very similar to those used for analysing sequential programs.
This approach, which is certainly not new (for instance see (1),(5),(12), and (13) among others), is il...
This paper presents an elementary formal approach (or rather, a catalog of definitions) which provides a general framework for non-deterministic system specification : definitions are given for a system, a halting system, abstraction and implementation, and finally for the extension and refinement of a system. The notion of an invariant function is...
Since the early 90's (after the seminal article of R. Back ), the refinement of stuttering steps are performed by means of new actions (called here events) refining skip. It is shown in this article that such a refinement method is not always possible in the development of large systems. We shall instead use events refining some kind of non-determi...
In this short synthesis, we have shown that the theory of software construction exists and begins to be applied.
This theory has its own techniques which are quite different from those of the programming theory; in fact, we have not spoken of recursivity or algorithmics; on the other hand, we spoke of proofs.
The design of a software system might...
The subject mentioned in the title of this short article does not seem, at first glance, to be a genuine research subject. Although there are, from time to time, some famous break-downs of large computerized systems (as, for instance, recently at SBB in Zurich), it seems nevertheless that these systems are working nowadays in a satisfactory fashion...