Advertisement

Automating Event-B invariant proofs by rippling and proof patching

  • Yuhui LinEmail author
  • Alan Bundy
  • Gudmund Grov
  • Ewen Maclean
Open Access
Original Article
  • 32 Downloads

Abstract

The use of formal method techniques can contribute to the production of more reliable and dependable systems. However, a common bottleneck for industrial adoption of such techniques is the needs for interactive proofs. We use a popular formal method, called Event-B, as our working domain, and set invariant preservation (INV) proofs as targets, because INV proofs can account for a significant proportion of the proofs requiring human interactions. We apply an inductive theorem proving technique, called rippling, for Event-B INV proofs. Rippling automates proofs using meta-level guidance. The guidance is in particular useful to develop proof patches to recover failed proof attempts. We are interested in the case when a missing lemma is required. We combine a scheme-based theory-exploration system, called IsaScheme [MRMDB10], with rippling to develop a proof patch via lemma discovery. We also develop two new proof patches to unfold operator definitions and to suggest case-splits, respectively. The combined use of rippling with these three proof patches as a proof method significantly improves the proof automation for our evaluation set.

Keywords

Formal verification Event-B Automated reasoning Rippling Lemma conjecturing 

Notes

Acknowledgements

This work is supported by EPSRC Grants EP/H024204/1, EP/E005713/1, EP/M018407/1 and EP/J001058/1.We warmly thank OmarMontano Rivas for his support on IsaScheme.We also thank anonymous referees for their helpful suggestions.

References

  1. ABH+10.
    Abrial, J.-R., Butler, M.J., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT12(6), 447–466 (2010)CrossRefGoogle Scholar
  2. Abr96.
    Abrial, J.-R.: The B Book: assigning programs to meanings. Cambridge University Press, Cambridge (1996)CrossRefzbMATHGoogle Scholar
  3. Abr07.
    Abrial J-R (2007) A system development process with Event-B and the Rodin platform. In: ICFEM, pp 1–3Google Scholar
  4. Abr10.
    Abrial, J.-R.: Modeling in Event-B: system and software engineering. Cambridge University Press, Cambridge (2010)CrossRefzbMATHGoogle Scholar
  5. AJ 1.
    Arthan R, Jones RB. Z in HOL in ProofPower. BCS FACS FACTS, 2005-1Google Scholar
  6. ASG99.
    Armando, A., Smaill, A., Green, I.: Automatic synthesis of recursive programs: the proof-planning paradigm. Autom Softw Eng6, 329–356 (1999)CrossRefGoogle Scholar
  7. BBHI05.
    Bundy A, Basin D, Hutter D, Ireland A (2005) Rippling: meta-level guidance for mathematical reasoning, volume 56 of Cambridge tracts in theoretical computer science. Cambridge University PressGoogle Scholar
  8. BFM11.
    Bryans JW, Fitzgerald JS, McCutcheon T (2011) Refinement-based techniques in the analysis of information flow policies for dynamic virtual organisations. In: Camarinha-Matos LM, Pereira-Klen A, Afsarmanesh H (eds) Adaptation and value creating collaborative networks. Springer, pp 314–321Google Scholar
  9. BH07.
    Butler M, Hallerstede S (2007) The Rodin formal modelling tool. In:BCS-FACS Google Scholar
  10. BP13.
    Blanchette JC, Paulson LC (2018) Hammering Away. A User’s Guide to Sledgehammer for Isabelle/HOL. http://isabelle.in.tum.de/dist/doc/sledgehammer.pdf
  11. Bun98.
    Bundy A (1998) A science of reasoning. In: International conference on automated reasoning with analytic tableaux and related methodsGoogle Scholar
  12. dep02.
    The Deploy project.http://www.deploy-project.eu/index.html. Accessed 2 Feb 2018
  13. DF03.
    Dixon L, Fleuriot JD (2003) IsaPlanner: a prototype proof planner in Isabelle. In: CADEGoogle Scholar
  14. DFGV12.
    Déharbe D, Fontaine P, Guyot Y, Voisin L (2012) SMT solvers for rodin. In: ABZ, pp 194–207Google Scholar
  15. Dix05.
    Dixon L (2005) A proof planning framework for Isabelle. Ph.D. thesis, School of Informatics, University of EdinburghGoogle Scholar
  16. Eve.
    Event-B and Rodin Documentation Wiki. Provers for Rodin.http://handbook.event-b.org/current/html/atelier_b_provers. Accessed 28 Feb 2015
  17. GKL13.
    Grov G, Kissinger A, Lin Y (2013) A graphical language for proof strategies. In:LPAR, pp 324–339. SpringerGoogle Scholar
  18. GL17.
    Grov G, Lin Y (2017) The Tinker tool for graphical tactic development. Int J Softw Tools Technol Transf 1–17Google Scholar
  19. Het16.
    Hetzl S (2016) Why does induction require cut? Accessed 13 Aug 2016Google Scholar
  20. HKJM13.
    Heras J, Komendantskaya E, Johansson M, Maclean E (2013) Proof-pattern recognition and lemma discovery in ACL2. In: Logic for programming, artificial intelligence, and reasoning. Springer, pp 389–406Google Scholar
  21. IB96.
    Ireland, A., Bundy, A.: Productive use of failure in inductive proof. J Autom Reason16(1–2), 79–111 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  22. IGB10.
    Ireland A, Grov G, Butler M (2010) Reasoned modelling critics: turning failed proofs into modelling guidance. In: ABZ, pp 189–202. SpringerGoogle Scholar
  23. JDB11.
    Johansson, M., Dixon, L., Bundy, A.: Conjecture synthesis for inductive theories. J Autom Reason47(3), 251–289 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  24. Jon90.
    Jones, C.B.: Systematic software development using VDM, 2nd edn. Prentice Hall, Upper Saddle River (1990)zbMATHGoogle Scholar
  25. JRSC14.
    Johansson M, Rosén D, Smallbone N, Claessen K (2014) Hipster: integrating theory exploration in a proof assistant.In: CoRR, arXiv:1405.3426
  26. Lam02.
    Lamport, L.: Specifying systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley Longman Publishing Co., Inc, Boston (2002)Google Scholar
  27. LBG12.
    Lin Y, Bundy A, Grov G (2012) The use of rippling to automate Event-B invariant preservation proofs. In: NASA formal methods, pp 231–236Google Scholar
  28. Lin15.
    Lin Y (2015) The use of rippling to automate Event-B invariant preservation proofs. Ph.D. thesisGoogle Scholar
  29. LLG16.
    Liang Y, Lin Y, Grov G (2016) `the Tinker' for Rodin. In: ABZ. Springer, pp 262–268Google Scholar
  30. LW88.
    Loomes M, Woodcock JCP (1988) Software engineering mathematics: formal methods demystifiedGoogle Scholar
  31. MRMDB10.
    Montano-RivasO, McCasland RL, Dixon L, Bundy A (2010) Scheme-based synthesis of inductive theories. In: MICAI, pp 348–361Google Scholar
  32. pap04.
    Paper source webpage for POPPA.http://www.sites.google.com/site/evalpoppa/. Accessed 4 Feb 2018
  33. Pau94.
    Paulson LC (1994) Isabelle: a generic theorem prover, volume 828 ofLNCS. SpringerGoogle Scholar
  34. Rod.
    Rodin Proof Tactics. Functional overriding in goal.http://wiki.event-b.org/index.php/Rodin_Proof_Tactics. Accessed 2 Feb 2018
  35. Sch12.
    Schmalz M (2012) Formalizing the logic of Event-B. Partial functions, definitional extensions, and automated theorem proving. Ph.D. thesis, ETH ZurichGoogle Scholar
  36. WD96.
    Woodcock, J., Davies, J.: Using Z: specification, refinement, and proof. Prentice Hall, London (1996)zbMATHGoogle Scholar
  37. Wri09.
    Wright S (2009) Formal construction of instruction set architectures. Ph.D. thesis, University of Bristol, UKGoogle Scholar

Copyright information

© The Author(s) 2018

OpenAccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Authors and Affiliations

  1. 1.School of InformaticsUniversity of EdinburghEdinburghUK
  2. 2.School of Computer ScienceUniversity of St AndrewsSt AndrewsUK
  3. 3.Norwegian Defence Research Establishment(FFI)KjellerNorway
  4. 4.School of Mathematical and Computer SciencesHeriot-Watt UniversityEdinburghUK

Personalised recommendations