Conference Paper

B to CSP Migration: Towards a Formal and Automated Model-Driven Engineering of Hardware/Software Co-design

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

This paper presents a migration approach from a class of hierarchical B models to CSP. The B models follow a so-called polling pattern, suitable for reactive systems, and are automatically translated into a set of communicating CSP processes with the same behaviour. The structure of the CSP model matches that of the B model and may be formally analysed using model checking. Selected CSP processes may then be further refined and synthesised to hardware, while the remaining modules would be mapped to software using B refinements. The translation proposed here paves the way for a model-based approach to hardware and software co-design employing complementary formal methods.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
Consistency checking in the CSP ∥ B approach verifies that an individual controller process, defined using a sequential non-divergent subset of CSP, never calls a B operation outside its precondition. Previously this was done by preprocessing the CSP process to perform a weakest precondition semantics proof. An embedding of the CSP traces model already exists in the PVS theorem prover, which makes use of 'uniform properties' to define valid traces. By including a state model we can extend the notion of uniform properties to define consistency. In this paper we give a framework which uses these semantic embeddings to eliminate the need for preprocessing. CSP ∥ B supports compositional verification, and the added benefit of this framework is that rely/guarantee style decomposition emerges naturally during a proof of consistency.
Conference Paper
Full-text available
The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the system's functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications. We provide a novel and intellectually satisfying formulation of security properties in a process algebraic framework, and show that these are preserved under refinement. We relate the results to a more familiar state-based (Z) specification methodology. There are efficient algorithms for verifying our security properties using model checking.
Conference Paper
Full-text available
This paper considers the issues involved in translating specifications de- scribed in the CSPkB formal method into Handel-C. There have previously been ap- proaches to translating CSP descriptions to Handel-C, and the work presented in this paper is part of a programme of work to extend it to include the B component of a CSPkB description. Handel-C is a suitable target language because of its capability of programming communication and state, and its compilation route to hardware. The paper presents two case studies that investigate aspects of the translation: a buffer case study, and an abstract arbiter case study. These investigations have exposed a number of issues relating to the translation of the B component, and have identified a range of options available, informing more recent work on the development of a style for CSPkB specifications particularly appropriate to translation to Handel-C.
Conference Paper
Full-text available
The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the system's functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications. We provide a novel and intellectually satisfying formulation of security properties in a process algebraic framework, and show that these are preserved under refinement. We relate the results to a more familiar state-based (Z) specification methodology. There are efficient algorithms for verifying our security properties using model checking.
Conference Paper
Full-text available
This article proposes a taxonomy of model transformation, based on the discussions of a working group on model transformation of the Dagstuhl seminar on Language Engineering for Model-Driven Software Development. This taxonomy can be used, among others, to help developers in deciding which model transformation language or tool is best suited to carry out a particular model transformation activity.
Article
Full-text available
This report summarises the results of the discussions of a working group on model transformation of the Dagstuhl Seminar on Language Engineering for Model-Driven Software Development. The main contribution is a taxonomy of model transformation. This taxonomy can be used to help developers in deciding which model transformation approach is best suited to deal with a particular problem. @InProceedings{mens_et_al:DSP:2005:11, author = {Tom Mens and Krzysztof Czarnecki and Pieter Van Gorp}, title = {04101 Discussion -- A Taxonomy of Model Transformations}, booktitle = {Language Engineering for Model-Driven Software Development}, year = {2005}, editor = {Jean Bezivin and Reiko Heckel}, number = {04101}, series = {Dagstuhl Seminar Proceedings}, ISSN = {1862-4405}, publisher = {Internationales Begegnungs- und Forschungszentrum f{"u}r Informatik (IBFI), Schloss Dagstuhl, Germany}, address = {Dagstuhl, Germany}, URL = {http://drops.dagstuhl.de/opus/volltexte/2005/11}, annote = {Keywords: taxonomy model transformations} }
Article
These notes present a coherent and comprehensive introduction to the theory and applications of Communicating Sequential Processes. Most of the illustrative examples have appeared earlier in PRG-22. The theory described in PRG-16 has been taken as the basis of a number of algebraic laws, which can be used for proofs of equivalence and can justify correctness-preserving transformations. A complete method for specifying processes and proving their correctness has been taken over from PRG-20 and PRG-23. Many of the concepts have been implemented in LISPKIT, as described in PRG-32.
Article
Tribute Foreword Introduction Part I. Mathematics: 1. Mathematical reasoning 2. Set notation 3. Mathematical objects Part II. Abstract Machines: 4. Introduction to abstract machines 5. Formal definition of abstract machines 6. Theory of abstract machines 7. Constructing large abstract machines 8. Examples of abstract machines Part III. Programming: 9. Sequencing and loop 10. Programming examples Part IV. Refinement: 11. Refinement 12. Constructing large software systems 13. Examples of refinement Appendixes Index.
Conference Paper
In this paper we define a combination of Object-Z and CSP called CSP-OZ. The basic idea is to define a CSP-semantics for every Object-Z class. Special care is taken to capture the characteristics of input and output parameters properly and to preserve the expected refinement rules. CSP-OZ is well suited for the specification and development of communicating distributed systems. It provides powerful techniques to model data-and control-aspects in a common framework. The language is easy to use for Z and Object-Z users.
Article
Circus specifications define both data and behavioural aspects of systems using a combination of Z and CSP constructs. Previously, a denotational semantics has been given to Circus; however, a shallow embedding of Circus in Z, in which the mapping from Circus constructs to their semantic representation as a Z specification, with yet another language being used as a meta-language, was not useful for proving properties like the refinement laws that justify the distinguishing development technique associated with Circus. This work presents a final reference for the Circus denotational semantics based on Hoare and He’s Unifying Theories of Programming (UTP); as such, it allows the proof of meta-theorems about Circus including the refinement laws in which we are interested. Its correspondence with the CSP semantics is illustrated with some examples. We also discuss the library of lemmas and theorems used in the proofs of the refinement laws. Finally, we give an account of the mechanisation of the Circus semantics and of the mechanical proofs of the refinement laws.
Conference Paper
In this paper, we describe an approach to the design of distributed systems with B AMN. The approach is based on the action-system formalism which provides a framework for developing state-based parallel reactive systems. More specifically, we use the so-called CSP approach to action systems in which interaction between subsystems is by synchronised message passing and there is no sharing of state. We show that the abstract machines of B may be regarded as action systems and show how reactive refinement and decomposition of action systems may be applied to abstract machines. The approach fits in closely with the stepwise refinement method of B.
Conference Paper
The complexity inherent to concurrent systems can turn their development into a very complex and error-prone task. The use of formal languages like CSP and tools that support them simplifies considerably the task of developing such systems. This process, however, usually aims at reaching an executable program: a translation between the specification language and a practical programming language is still needed and is usually rather problematic. In this paper we present a translation framework and a tool, csp2hc, that implements it. This framework provides an automatic translation from a subset of CSP to Handel-C, a programming language that is similar to standard C, but whose programs can be converted to produce files to program an FPGA.
Article
In this paper, we describe an approach to the design of distri buted systems with B AMN. The ap- proach is based on the action-system formalism which provides a framework for developing state-based parallel reactive systems. More specifically, we use the so- called CSP approach to action systems in which interaction between subsystems is by synchronised message passing and there is no sharing of state. We show that the abstract machines of B may be regarded as action systems and show how reactive refinement and decomposition of action systems may be applie d to abstract machines. The approach fits in closely with the stepwise refinement method of B. We illust rate the approach by the abstract specifi- cation of an email service as a single machine and it's subseq uent refinement into a store-and-forward network.
Conference Paper
Presents a formal method which combines the Z notation and value-passing CCS (Calculus of Communicating Systems) for specifying concurrent systems. In order to provide a sound theoretical basis for the method, the state-based semantics for value-passing CCS is given. The main characteristic of the semantics is its ability in describing the evolution of processes and transitions of states simultaneously. We also present a Hennessy-Milner logic based on that semantics, which enables us to express properties such as liveness and safety ascribed both to states and to actions
Article
This paper describes the tool csp2B, which provides a means of combining CSP-like descriptions with standard B specifications. The notation of CSP provides a convenient way of describing the order in which the operations of a B machine may occur. The function of the tool is to convert CSP-like specifications into standard machine-readable B specifications, which means that they may be animated and appropriate proof obligations may be generated. Use of csp2B means that abstract specifications and refinements may be specified purely using CSP or using a combination of CSP and B. The translation is justified in terms of an operational semantics.
Article
In this paper we define a combination of Object-Z and CSP called CSP-OZ. The basic idea is to define a CSP-semantics for every Object-Z class. Special care is taken to capture the characteristics of input and output parameters properly and to preserve the expected refinement rules. CSP-OZ is well suited for the specification and development of communicating distributed systems. It provides powerful techniques to model data- and control-aspects in a common framework. The language is easy to use for Z and Object-Z users. A shorter version of this paper appeared as [10]. Keywords Z, Object-Z, CSP, concurrent systems, combining FDTs, refinement. CONTENTS 1 Introduction 2 2 Illustrating Example 2 3 Syntax of CSP-OZ 7 4 The semantic model of CSP 10 5 A Failure-Divergence Semantics of CSP-OZ 11 6 Related Work 14 7 Conclusion and Future Work 15 Appendix 1 Proof of Theorem 1 19 Appendix 2 Validation of the Semantics of CSP-OZ 19 This research is supported by the German Ministry for Educat...
Automatic Generation of Verified Concurrent HardwareView Article
  • M V M Oliveira
  • J C P Woodcock
Modelling control systems in b: an industrial case study
  • D Déharbe
  • A M Moreira
  • P Muniz Silva
  • A Russo