Code generation for Event-B

Event-B is a modelling language and a formal methods approach for correct construction of software. This paper presents our work on code generation for Event-B, including the definition of a syntactic translation from Event-B to JML-annotated Java programs, the implementation of the translation as the EventB2Java tool, and two case studies on the use of EventB2Java. The first case study is on implementing an Android application with the aid of the EventB2Java tool, and the second on testing an Event-B specification of the Tokeneer security-critical system. Additionally, we have benchmarked our EventB2Java tool against two other Java code generators for Event-B.

[1]  Leonidas Tsiopoulos,et al.  VHDL Code Generation from Formal Event-B Models , 2011, 2011 14th Euromicro Conference on Digital System Design.

[2]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[3]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[4]  Kaisa Sere,et al.  Stepwise Refinement of Action Systems , 1991, Struct. Program..

[5]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[6]  Daniel M. Zimmerman,et al.  JMLUnit: The Next Generation , 2010, FoVeOOS.

[7]  Michael Butler,et al.  Tool Support for Event-B Code Generation , 2010 .

[8]  Viera K. Proulx,et al.  Unit testing in Java , 2009, ITiCSE '09.

[9]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[10]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[11]  Néstor Cataño,et al.  CHASE: A Static Checker for JML's Assignable Clause , 2002, VMCAI.

[12]  Carroll Morgan,et al.  The specification statement , 1988, TOPL.

[13]  Jean-Louis Boulanger ABTOOLS: another B tool , 2003, Third International Conference on Application of Concurrency to System Design, 2003. Proceedings..

[14]  Camilo Rueda,et al.  Teaching Formal Methods for the Unconquered Territory , 2009, TFM.

[15]  K. Rustan M. Leino,et al.  The EventB2Dafny Rodin plug-in , 2012, 2012 Second International Workshop on Developing Tools as Plug-Ins (TOPI).

[16]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[17]  Néstor Cataño,et al.  Executing JML specifications of Java card applications: a case study , 2009, SAC '09.

[18]  Fabrice Bouquet,et al.  JML2B: Checking JML Specifications with B Machines , 2007, B.

[19]  Dominique Méry,et al.  Automatic code generation from event-B models , 2011, SoICT '11.

[20]  David Déharbe Integration of SMT-solvers in B and Event-B development environments , 2013, Sci. Comput. Program..

[21]  Tim Wahls,et al.  jmle: A Tool for Executing JML Specifications Via Constraint Programming , 2006, FMICS/PDMC.

[22]  Jean-Raymond Abrial,et al.  Refinement, Decomposition, and Instantiation of Discrete Models: Application to Event-B , 2007, Fundam. Informaticae.

[23]  Eduardo Valido-Cabrera Software reliability methods , 2006 .

[24]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[25]  Camilo Rueda,et al.  Matelas: A Predicate Calculus Common Formal Definition for Social Networking , 2010, ASM.

[26]  Boris Beizer,et al.  Black Box Testing: Techniques for Functional Testing of Software and Systems , 1996, IEEE Software.

[27]  Kriangsak Damchoom,et al.  An incremental refinement approach to a development of a flash-based file system in Event-B , 2010 .

[28]  Terence Parr The Definitive ANTLR Reference: Building Domain-Specific Languages , 2007 .

[29]  G. S. Graham A New Solution of Dijkstra ' s Concurrent Programming Problem , 2022 .

[30]  Qi Wang,et al.  Translating Event-B Machines to Database Applications , 2014, SEFM.

[31]  Stephen Wright,et al.  Automatic Generation of C from Event-B , 2009 .

[32]  Slim Abdennadher,et al.  JACK: A Java Constraint Kit , 1999, Electron. Notes Theor. Comput. Sci..

[33]  Lilian Burdy,et al.  Jack: Java applet correctness kit , 2002 .

[34]  Stephan Merz,et al.  Model Checking , 2000 .

[35]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[36]  Cliff B. Jones,et al.  Rigorous Development of Complex Fault-Tolerant Systems [FP6 IST-511599 RODIN project] , 2006, RODIN Book.

[37]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[38]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[39]  Andy J. Wellings,et al.  Safety-critical Java programs from Circus models , 2013, Real-Time Systems.

[40]  Joseph M. Morris,et al.  A Theoretical Basis for Stepwise Refinement and the Programming Calculus , 1987, Sci. Comput. Program..

[41]  K. Rustan M. Leino,et al.  The Dafny Integrated Development Environment , 2014, F-IDE.

[42]  Michael J. Butler,et al.  Decomposition Structures for Event-B , 2009, IFM.

[43]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[44]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[45]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[46]  Bonnie Lee Appleton Patterns and Software: Essential Concepts and Terminology , 1997 .

[47]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[48]  K. Rustan M. Leino,et al.  The boogie verification debugger , 2011, ICSE 2011.

[49]  Andy J. Wellings Concurrent and real-time programming in Java , 2004 .

[50]  Ricardo Rodrigues,et al.  JFly: A JML-Based Strategy for Incorporating Formal Specifications into the Software Development Process , 2009 .

[51]  Néstor Cataño,et al.  Translating event-B to JML-specified Java programs , 2014, SAC.

[52]  K. Rustan M. Leino,et al.  Getting Started with Dafny: A Guide , 2012, Software Safety and Security.

[53]  Michael Butler,et al.  Rigorous Development of Complex Fault-Tolerant Systems , 2006 .

[54]  Jean-Pierre Jacquot,et al.  The Case for Using Simulation to Validate Event-B Specifications , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[55]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[56]  Fabrice Bouquet,et al.  Checking JML Specifications with B Machines , 2005, ZB.

[57]  Andrew Glover,et al.  Continuous Integration: Improving Software Quality and Reducing Risk (The Addison-Wesley Signature Series) , 2007 .

[58]  Camilo Rueda,et al.  Translating B and Event‐B Machines to Java and JML , 2014 .

[59]  Shuvendu K. Lahiri,et al.  Zap: Automated Theorem Proving for Software Analysis , 2005, LPAR.

[60]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[61]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[62]  Camilo Rueda,et al.  A Machine-Checked Proof for a Translation of Event-B Machines to JML , 2013, ArXiv.

[63]  J.-L. Boulanger B/HDL: design of safety circuit , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[64]  Michael Butler,et al.  Tasking Event-B: An Extension to Event-B for Generating Concurrent Code , 2011 .

[65]  Ralph-Johan Back,et al.  Refinement Calculus, Part I: Sequential Nondeterministic Programs , 1989, REX Workshop.

[66]  Marie-Claude Gaudel,et al.  Software testing based on formal specifications: a theory and a tool , 1991, Softw. Eng. J..

[67]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[68]  Fabrice Bouquet,et al.  Instantiation of Parameterized Data Structures for Model-Based Testing , 2007, B.

[69]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[70]  Michael Butler,et al.  Specification and refinement of discrete timing properties in Event-B , 2011 .

[71]  Kunihiko Miyazaki,et al.  Code Generation for Event-B , 2014, IFM.

[72]  Jonathan P. Bowen,et al.  Safety-critical systems, formal methods and standards , 1993, Softw. Eng. J..

[73]  Zongyuan Yang,et al.  Strategies of Modeling from VDM-SL to JML , 2008, 2008 International Conference on Advanced Language Processing and Web Information Technology.

[74]  Jeannette M. Wing What is a specification language ? , 2001 .

[75]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[76]  Mohammad Reza Sarshogh Extending Event-B with discrete timing properties , 2013 .

[77]  Camilo Rueda,et al.  Translating B machines to JML specifications , 2012, SAC '12.

[78]  Ken Robinson The B Method and the B Toolkit , 1997, AMAST.

[79]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[80]  Rex Black Managing the Testing Process , 1999 .

[81]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[82]  Sigrid Eldh Software Testing Techniques , 2007 .

[83]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[84]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[85]  David R. Cok,et al.  OpenJML: JML for Java 7 by Extending OpenJDK , 2011, NASA Formal Methods.

[86]  Claude Marché,et al.  Discharging Proof Obligations from Atelier B Using Multiple Automated Provers , 2012, ABZ.

[87]  Jonathan P. Bowen,et al.  Formal Methods , 2010, Computing Handbook, 3rd ed..

[88]  Michael J. Butler,et al.  Specification and refinement of discrete timing properties in Event-B , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..