How to Explain Mistakes

Usually we teach formal methods relying for a large part on one kind of reasoning technique about a formal model. For instance, we either use formal proof or we use model-checking. It would appear that it is already hard enough to learn one technique and having to cope with two puts just another burden on the students. This is not our experience. Especially model-checking is easily used to complement formal proof. It only relies on an intuitive operational understanding of a formal model. In this article we show how using model-checking, animation, and formal proof together can be used to improve understanding of formal models. We demonstrate how animation can help finding an explanation for a failing proof. We also demonstrate where animation or model-checking may not help and where proving may not help. For most part use of another tool pays off. Proof obligations present intentionally a static view of a system so that we focus on abstract properties of a model and not on its behaviour. By contrast model-checking provides a more dynamic view based on an operational interpretation. Both views are valuable aids to reasoning about a model.

[1]  Michael Leuschel,et al.  ProB gets Nauty: Effective Symmetry Reduction for B and Z Models , 2008, 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering.

[2]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[3]  Daniel C. Dennett How to Make Mistakes , 1995 .

[4]  Steve A. Schneider,et al.  ZB 2005: Formal Specification and Development in Z and B, 4th International Conference of B and Z Users, Guildford, UK, April 13-15, 2005, Proceedings , 2005, ZB.

[5]  Jean-Raymond Abrial,et al.  Refinement, Decomposition, and Instantiation of Discrete Models: Application to Event-B , 2007, Fundam. Informaticae.

[6]  Stefania Gnesi,et al.  FME 2003: Formal Methods: International Symposium of Formal Methods Europe, Pisa, Italy, September 8-14, 2003. Proceedings , 2003, Lecture Notes in Computer Science.

[7]  Thierry Servat,et al.  BRAMA: A New Graphic Animation Tool for B Models , 2007, B.

[8]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[9]  Jacques Julliand,et al.  B 2007: Formal Specification and Development in B, 7th International Conference of B Users, Besançon, France, January 17-19, 2007, Proceedings , 2006, B.

[10]  Michael J. Butler,et al.  An Open Extensible Tool Environment for Event-B , 2006, ICFEM.

[11]  Carroll Morgan,et al.  Programming from specifications (2nd ed.) , 1994 .

[12]  Michael J. Butler,et al.  Automatic Refinement Checking for B , 2005, ICFEM.

[13]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[14]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[15]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[16]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[17]  Michael Leuschel,et al.  Visualising Larger State Spaces in Pro B , 2005, ZB.

[18]  Steve Schneider The B-method - an introduction , 2001, The cornerstones of computing series.