Handling B models in the PERF integrated verification framework: Formalised and certified embedding

Abstract The design of complex systems involves several design models supporting different analysis techniques for validation and verification purposes. These activities lead to the definition of heterogeneous modelling languages and analysis techniques. In this setting, meeting certification standards becomes a key issue in system engineering. Reducing heterogeneity due to the presence of different modelling languages can be addressed by providing an integrated framework in which modelling languages and techniques are formalised. In such a framework, checking the global correctness of heterogeneous models of a complex critical system becomes possible in many cases. The work presented in this paper addresses the problem of integrated verification of system design models in the context of transportation systems, in particular railway systems. It has been achieved in context of the B-PERFect project of RATP (Parisian Public Transport Operator and Maintainer) aiming at applying formal verification using the PERF approach on the integrated safety-critical models of embedded software related to railway domain expressed in a single unifying modelling language: HLL. This paper addresses the particular case of the B method. It presents a certified translation of B formal models to HLL models. The proposed approach uses Isabelle/HOL as a unified logical framework to describe the formal semantics and to formalise the transformation relation between both modelling languages. The developed Isabelle/HOL models are proved in order to guarantee the correctness of our translation process. Moreover, we have also used weak-bisimulation relation to check the correctness of each translation step. We also show that, when models are translated into this unified modelling language, it becomes possible to handle the verification of properties expressed across different models. The overall approach is illustrated through a case study issued from a railway software system: on-board localisation function. Furthermore, it discusses the integrated verification at system level.

[1]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[2]  Ahmed Hammad,et al.  Java Card Code Generation from B Specifications , 2003, ICFEM.

[3]  Amir Pnueli,et al.  Translation Validation: From SIGNAL to C , 1999, Correct System Design.

[4]  Thierry Servat,et al.  BRAMA: A New Graphic Animation Tool for B Models , 2007, B.

[5]  Dominique Méry,et al.  Real-Time Animation for Formal Specification , 2010, CSDM.

[6]  Sabine Glesner,et al.  A Formal Correctness Proof for Code Generation from SSA Form in Isabelle/HOL , 2004, GI Jahrestagung.

[7]  Timothy Bourke,et al.  A formally verified compiler for Lustre , 2017, PLDI.

[8]  Pierre Jouvelot,et al.  In and Out of SSA : a Denotational Specification , 2009 .

[9]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[10]  Hanspeter Mössenböck,et al.  Single-pass generation of static single-assignment form for structured languages , 1994, TOPL.

[11]  Jan Olaf Blech,et al.  A Certifying Code Generation Phase , 2007, COCV@ETAPS.

[12]  Abderrahmane Feliachi,et al.  Formal verification of system-level safety properties on railway software , 2016 .

[13]  Marc Pouzet,et al.  Clock-directed Modular Code Generation from Synchronous Block Diagrams , 2007 .

[14]  Pierre Chartier Formalisation of B in Isabelle/HOL , 1998, B.

[15]  Amel Mammar,et al.  From a B formal specification to an executable code: application to the relational database domain , 2006, Inf. Softw. Technol..

[16]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[17]  David Déharbe,et al.  LLVM-Based Code Generation for B , 2014, SBMF.

[18]  Daniel Dollé,et al.  B in Large-Scale Projects: The Canarsie Line CBTC Experience , 2007, B.

[19]  Armin Biere,et al.  A survey of recent advances in SAT-based formal verification , 2005, International Journal on Software Tools for Technology Transfer.

[20]  Jean-Pierre Jacquot,et al.  JeB: Safe Simulation of Event-B Models in JavaScript , 2013, 2013 20th Asia-Pacific Software Engineering Conference (APSEC).

[21]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[22]  Julien Ordioni,et al.  HLL v.2.7 Modelling Language Specification , 2018 .

[23]  Klaus Schneider,et al.  Embedding imperative synchronous languages in interactive theorem provers , 2001, Proceedings Second International Conference on Application of Concurrency to System Design.

[24]  Paul Le Guernic,et al.  Modular translation validation of a full-sized synchronous compiler using off-the-shelf verification tools , 2015, SCOPES.

[25]  Sylvain Boulmé,et al.  Adaptable Translator of B Specifications to Embedded C Programs , 2003, FME.

[26]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[27]  Abderrahmane Feliachi,et al.  The PERF Approach for Formal Verification , 2016, RSSRail.

[28]  Nicolas Halbwachs,et al.  Synchronous Observers and the Verification of Reactive Systems , 1993, AMAST.

[29]  Sylvain Boulmé,et al.  Adaptabilité et validation de la traduction de B vers C. Points de vue et résultats du projet BOM , 2004, Tech. Sci. Informatiques.

[30]  Davide Sangiorgi,et al.  On the bisimulation proof method , 1998, Mathematical Structures in Computer Science.

[31]  Markus Wenzel,et al.  Isabelle, Isar - a versatile environment for human readable formal proof documents , 2002 .

[32]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[33]  Howard P. Haughton,et al.  A Strategy for the Production of Verifiable Code Using the B Method , 1994, FME.

[34]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[35]  Camilo Rueda,et al.  Translating B machines to JML specifications , 2012, SAC '12.

[36]  Ofer Strichman,et al.  Translation Validation: From Simulink to C , 2009, CAV.

[37]  Mamoun Filali,et al.  A comparative study of two formal semantics of the SIGNAL language , 2013, Frontiers of Computer Science.

[38]  Paul Benoit,et al.  Météor: A Successful Application of B in a Large Project , 1999, World Congress on Formal Methods.

[39]  Yamine Aït Ameur,et al.  Certified Embedding of B Models in an Integrated Verification Framework , 2019, 2019 International Symposium on Theoretical Aspects of Software Engineering (TASE).

[40]  Yoann Fonteneau,et al.  Formal Verification of Industrial Critical Software , 2015, FMICS.

[41]  Florence Maraninchi,et al.  Automatic translation of C/C++ parallel code into synchronous formalism using an SSA intermediate form , 2009, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[42]  César A. Muñoz,et al.  Software Validation via Model Animation , 2015, TAP@STAF.

[43]  Frédéric Badeau,et al.  Using B as a High Level Programming Language in an Industrial Project: Roissy VAL , 2005, ZB.

[44]  Atif Mashkoor,et al.  Validation of formal specifications through transformation and animation , 2016, Requirements Engineering.

[45]  Yamine Aït Ameur,et al.  B-PERFect - Applying the PERF Approach to B Based System Developments , 2017, RSSRail.

[46]  Gert Smolka,et al.  A Linear First-Order Functional Intermediate Language for Verified Compilers , 2015, ITP.

[47]  Martin Strecker,et al.  Formal Verification of a Java Compiler in Isabelle , 2002, CADE.

[48]  Arnaud Dieumegard,et al.  Correct‐by‐construction specification to verified code , 2018, J. Softw. Evol. Process..

[49]  Catherine Dubois,et al.  Why Would You Trust B , 2009 .