On Fitting a Formal Method into Practice

The development of the Event-B formal method and the supporting tools Rodin and ProB was guided by practical experiences with the B-Method, the Z specification notation, VDM and similar practical formal methods. The case study discussed in this article -- a cruise control system -- is a serious test of industrial use. We report on where Event-B and its tools have succeeded, where they have not. We also report on advances that were inspired by the case study. Interestingly, the case study was not a pure formal methods problem. In addition to Event-B, it used Problem Frames for capturing requirements. The interaction between the two proved to be crucial for the success of the case study. The heart of the problem was tracing informal requirements from Problem Frames descriptions to formal Event-B models. To a large degree, this issue dictated the approach that had to be used for formal modelling. A dedicated record theory and dedicated tool support were required. The size of the formal models rather than complex individual formulas was the main challenge for tool support.

[1]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[2]  Michael J. Butler,et al.  Evaluation of a Guideline by Formal Modelling of Cruise Control System in Event-B , 2010, NASA Formal Methods.

[3]  Michael Leuschel,et al.  Constraint-based deadlock checking of high-level specifications , 2011, Theory Pract. Log. Program..

[4]  Michael Butler,et al.  Tool Support for Event-B Code Generation , 2010 .

[5]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[6]  Neil Evans,et al.  A Proposal for Records in Event-B , 2006, FM.

[7]  Michael Leuschel,et al.  Automated Property Verification for Large Scale B Models , 2009, FM.

[8]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[9]  Michael Leuschel,et al.  Under consideration for publication in Formal Aspects of Computing Automated Property Verification for Large Scale B Models with ProB , 2010 .

[10]  Alexei Iliasov,et al.  On Event-B and Control Flow , 2009 .

[11]  Colin F. Snook,et al.  UML-B: Formal modeling and design aided by UML , 2006, TSEM.

[12]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[13]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[14]  Stefan Pettersson,et al.  Analysis and Design of Hybrid Systems , 1999 .

[15]  Olaf Stursberg,et al.  Verification of a Cruise Control System using Counterexample-Guided Search , 2004 .

[16]  Michael Leuschel,et al.  Refinement-Animation for Event-B - Towards a Method of Validation , 2010, ASM.

[17]  Tobias Nipkow,et al.  FM 2006: Formal Methods, 14th International Symposium on Formal Methods, Hamilton, Canada, August 21-27, 2006, Proceedings , 2006, FM.

[18]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[19]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.