This paper investigates the application of the B method beyond the classical algorithmic level provided by the B0 sub-language, and presents refinements of B models at a level of precision equivalent to assembly language. We claim and justify that this extension provides a more reliable software development process as it bypasses two of the less trustable steps in the application of the B method: code synthesis and compilation. The results presented in the paper have a value as a proof of concept and may be used as a basis to establish an agenda for the development of an approach to build verifying compilers [Hoare, C. A. R., The verifying compiler, a grand challenge for computing research, in: VMCAI, 2005, pp. 78–78] based on the B method.
All content in this area was uploaded by David Déharbe
Content may be subject to copyright.
A preview of the PDF is not available
... Esses trabalhos usam o método B ou Event-B (ABRIAL et al., 2006 ). Um modelo formal , chamado MIDAS (Microprocessor Instruction and Data Abstraction System) DANTAS et al., 2009; DÉHARBE, 2012 ) e a nossa experiência desenvolvendo ferramentas de verificação B (MARINHO et al., 2008; GURGEL et al., 2010; DÉHARBE, 2014). O próximo capítulo resume as principais considerações do trabalho e apresenta os trabalhos futuros. ...
Assembly code synthesis is a process that requires rigorous care. Typically,
this process in mature translators and compilers is relatively safe, though some
errors have occasionally been identified. In a more restricted context, the translators
used in the smaller communities and developed constantly have been more
susceptible to these kind of errors. Considering this context, two translation and
verification approaches using the B method have been presented. The first approach
considers the B component translation to assembly code for a specific
platform by using a formal model of the instruction set, which also allows to debug
and to check program properties. This approach can formally ensure the
semantic consistency of the translation, although the verification process is difficult
and time-consuming. This verification effort was somewhat relieved by the development
of BEval, a tool which has made better use of the verification techniques. After applying
the automatic verification process using the Atelier B tool, BEval was
still able to solve, in the certain models, many of the remaining proof obligations, reaching
up to 88 \% of total obligations. However, the verification process of this translation
approach is still complex, requiring several manual interactions. In
order to make a translation more efficient and also safe, a second approach for
the translating B to virtual machine code was developed. This second approach
used the developed translator B2LLVM and applied the automatic generation of
tests to check the consistency of the program specifications and their respective assembly
code. This translator also supported the code coverage evaluation and the
insertion of the traceability annotations. Thus, this study has significantly contributed
to developing B translation to assembly code, providing rigorous support
for the verification of the translation.
Currently, the B2LLVM outweighs 20,9% the percentage of translatable test samples based on grammar compared to the C4B industrial translator. Furthermore, the generated code by B2LLVM has important advantages in the ample capacity of verification, integration and optimization.
... Tools with a sound formal basis such as JML [28] and Spec# [29] allow effective verification based upon pre-and postconditions. Dantas et al. [30] show how the B-method can be extended to support a new low-level language, at the level of abstraction of an assembly language. This helps bridge the gap between the formal language and programming constructs, giving a better guarantee of program correctness. ...
This paper reports upon ten years of experience in the development and application of model-driven technology. The technology in question was inspired by work on formal methods: in particular, by the B toolkit. It was used in the development of a number of information systems, all of which were successfully deployed in real world situations. The paper reports upon three systems: one that informed the design of the technology, one that was used by an internal customer, and one that is currently in use outside the development organisation. It records a number of lessons regarding the application of model-driven techniques.
A compiler may be specified as a set of theorems, each describing how a construct in the programming language is translated into a sequence of machine instructions. The machine may be specified as an interpreter written in the programming language itself. Using refinement algebra, it can then be verified that interpreting a compiled program is the same or better than executing the original source program. The compiling specification is very similar to a logic program and thus a prototype compiler (and interpreter) may easily be produced in a language such as Prolog. A subset of the occam programming language and the transputer instruction set are used to illustrate the approach. An advantage of the method is that new programming constructs can be added without necessarily affecting existing development work.
I propose a set of criteria which distinguish a grand challenge in science or engineering from the many other kinds of short-term or long-term research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, I revive an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it.
The ideas of program verification date back to Turing and von Neumann, who introduced the concept of an assertion as the specification of an interface between parts of a program. The idea of mechanical theorem proving dates back to Leibniz; it has been explored in practice on modern computers by McCarthy, Milner, and many others since. A proposal for ’a program verifier’, combining these two technologies, was the subject of a Doctoral dissertation by James C. King, submitted at the Carnegie Institute of Technology in 1969.
Early attempts at automatic program verification were premature. But much progress has been made in the last thirty five years, both in hardware capacity and in the software technologies for verification. I suggest that the renewed challenge of an automatic verifying compiler could provide a focus for interaction, cross-fertilisation, advancement and experimental evaluation of all the technologies of interest in this conference.
Perhaps by concerted international effort, we may be able to meet this challenge, only fifty years after it was proposed by Jim King. We only have fifteen years left to do it.
In this article, we first briefly present a proof assistant called the Predicate Prover, which essentially offers two functionalities:
(1) an automatic semi-decision procedure for First Order Predicate Calculus, and (2) a systematic translation of statements
written within Set Theory into equivalent ones in First Order Predicate Calculus. We then show that the automatic usage of
this proof assistant is limited by several factors. We finally present (and this is the main part of this article) the principles
that we have used in the construction of a proactive interface aiming at circumventing these limitations. Such principles are based on our practical experience in doing many
interactive proofs (within Set Theory).
The B method is a means for specifying, designing and coding software systems. The long-awaited B Book is the standard reference for everything concerning this method. It contains the mathematical basis on which it is founded, the precise definitions of the notations used, and a large number of examples illustrating its use in practice. J.-R. Abrial, the inventor of B, has written the book in such a way that it can be used for self-study or for reference. It is in four parts, the first dealing with the mathematical foundations, including a systematic construction of predicate logic and set theory, and the definition of the various mathematical structures that are needed to formalize software systems; the author places special emphasis on the notion of proof. The second part contains a presentation of the Generalized Substitution Language and of the Abstract Machine Notation, which are both used to specify software systems; the author gives examples to show how large specifications can be constructed systematically. The next part introduces the two basic programming features of sequencing and loop, with examples showing how to construct small algorithms. The last part covers the very important notion of refinement. It shows how to construct large software systems by means of layered architectures of modules. It culminates with the presentation of several examples of complete development with a special emphasis on the methodological approach. Finally, appendices give summaries of all the logical and mathematical definitions, and of all the rules and proof obligations. With the appearance of The B Book, formal methods practitioners, computer scientists, and systems developers at last will have access to the definitive account of what will become one of the standard approaches to the construction of software systems.