Rodin: an open toolset for modelling and reasoning in Event-B

  • Jean-Raymond Abrial
  • Michael Butler
  • Stefan Hallerstede
  • Thai Son Hoang
  • Farhad Mehta
  • Laurent Voisin
VSTTE 2008

Abstract

Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods.

Keywords

Refinement Event-B Verification Tool support 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abrial J.-R. (1996) The B-Book: Assigning Programs to Meanings. Cambridge University Press, CambridgeMATHCrossRefGoogle Scholar
  2. 2.
    Abrial J.-R. (2010) Modelling in Event-B: System and Software Design. Cambridge University Press, CambridgeGoogle Scholar
  3. 3.
    Abrial J.-R., Butler M., Hallerstede S., Voisin L. (2006) An open extensible tool environment for Event-B. In: Liu Z., He J. (eds) ICFEM 2006, vol. 4260. Springer, Berlin, pp 588–605Google Scholar
  4. 4.
    Abrial, J.-R., Cansell, D.: Click’n’Prove: Interactive Proofs within Set Theory. In: Theorem Proving in Higher Order Logics. LNCS, vol. 2758, pp. 1–24 (2003)Google Scholar
  5. 5.
    Abrial J.-R., Hallerstede S. (2007) Refinement, decomposition, and instantiation of discrete models: application to Event-B. Fundam. Inf. 77(1–2): 1–28MATHMathSciNetGoogle Scholar
  6. 6.
    Back R.J.R. (1990) Refinement calculus. Part II. Parallel and reactive programs. In: de Bakker J.W., de Roever W.-P., Rozenberg G. (eds) Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science, vol. 430. Springer, Berlin, pp 67–93Google Scholar
  7. 7.
    Back R.J.R., von Wright J. (1990) Refinement calculus. Part I. Sequential nondeterministic programs. In: de Bakker J.W., de Roever W.P., Rozenberg G. (eds) Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science, vol. 430. Springer, Berlin, pp 42–66Google Scholar
  8. 8.
    Back R.-J. (1989) Refinement Calculus. II. Parallel and Reactive Programs. In: de Bakker J.W., de Roever W.P., Rozenberg G. (eds) Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science, vol. 430. Springer, Berlin, pp 67–93Google Scholar
  9. 9.
    Badeau, F., Amelot, A.: Using B as a high level programming language in an industrial project: Roissy VAL. In: Helen, T., Steve, K., Martin, H., Steve, S. (eds.) ZB 2005. LNCS, vol. 3455, pp. 334–354 (2005)Google Scholar
  10. 10.
    Balser M., Reif W., Schellhorn G., Stenzel K., Thums A. (2000) Formal system development with KIV. In: Maibaum T. (eds) Fundamental Approaches to Software Engineering. LNCS, vol. 1783. Springer, BerlinGoogle Scholar
  11. 11.
    Barnett, M., Chang, B.-Y., DeLine, R., Jacobs, B., Rustan, K., Leino, M.: Boogie: A Modular Reusable Verifier for Object- Oriented Programs. In: FMCO 2005, volume LNCS. Springer, Berlin (2005, to appear)Google Scholar
  12. 12.
    Barrett, C., Ranise, S., Stump, A., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB). http://www.SMT-LIB.org (2008)
  13. 13.
    Behm P., Burdy L., Meynadier J.-M. (1998) Well defined B. In: B ’98. Springer, London UK, pp 29–45Google Scholar
  14. 14.
    Bertot Y., Castéran P. (2004) Interactive theorem proving and program development: Coq’Art: the calculus of inductive constructions. Texts in Theoretical Computer Science. Springer, BerlinGoogle Scholar
  15. 15.
    Börger E., Stärk R. (2003) Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, BerlinMATHGoogle Scholar
  16. 16.
    Brucker A.D., Rittinger F., Wolff B. (2003) HOL-Z 2.0: A proof environment for Z-specifications. J. Universal Comput. Sci. 9(2): 152–172Google Scholar
  17. 17.
    Butler M.J. (1996) Stepwise refinement of communicating systems. Sci. Comput. Program. 27(2): 139–173MATHCrossRefGoogle Scholar
  18. 18.
    Clearsy. Atelier B tool homepage. http://www.atelierb.societe.com/
  19. 19.
    Detlefs D., Nelson G., Saxe J.B. (2005) Simplify: a theorem prover for program checking. J. ACM 52(3): 365–473CrossRefMathSciNetGoogle Scholar
  20. 20.
    Eclipse. Eclipse platform homepage. http://www.eclipse.org/
  21. 21.
    Filliâtre J.C. (2003) Verification of non-functional programs using interpretations in type theory. J. Funct. Program. 13(4): 709–745MATHCrossRefGoogle Scholar
  22. 22.
    Gamma E., Beck K. (2003) Contributing to Eclipse. Addison Wesley, ReadingGoogle Scholar
  23. 23.
    Hallerstede, S.: The Event-B Proof Obligation Generator. Technical report. ETH Zürich (2005)Google Scholar
  24. 24.
    Hallerstede S. (2007) Justifications for the Event-B modelling notation. In: Julliand J., Kouchnarenko O. (eds) B 2007. LNCS, vol. 4355. Springer, Berlin, pp 49–63Google Scholar
  25. 25.
    Hoos H.H., Stützle T. (2000) SATLIB: an online resource for research on SAT. In: Gent I.P., Maaren H.V., Walsh T. (eds) SAT 2000. IOS Press, Amsterdam, pp 283–292Google Scholar
  26. 26.
    Kaufmann M., Strother Moore J. (1997) An industrial strength theorem prover for a logic based on common lisp. IEEE Trans. Softw. Eng. 23(4): 203–213CrossRefGoogle Scholar
  27. 27.
    King, J.C.: A new approach to program testing. In: Proceedings of the International Conference on Reliable software, pp 228–233. ACM Press, New York (1975)Google Scholar
  28. 28.
    Lamport L. (2002) Specifying Systems, The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, ReadingGoogle Scholar
  29. 29.
    Långbacka, T., von Wright, J.: Refining reactive systems in HOL using action systems. In: Gunter, E.L., Felty, A.P. (eds.) Theorem Proving in Higher Order Logics, 10th International Conference, TPHOLs’97. Lecture Notes in Computer Science, vol. 1275, pp 183–197. Springer, Berlin (1997)Google Scholar
  30. 30.
    Leuschel, M., Butler, M.: ProB: A Model Checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) Proceedings FME 2003, Pisa, Italy, LNCS, vol. 2805, pp. 855–874. Springer, Berlin (2003)Google Scholar
  31. 31.
    Mehta, F.: Supporting proof in a reactive development environment. In: SEFM, pp. 103–112. IEEE Computer Society, USA (2007)Google Scholar
  32. 32.
    Mehta F. (2008) A practical approach to partiality—a proof based approach. In: Liu S., Maibaum T.S.E., Araki K. (eds) ICFEM. Lecture Notes in Computer Science, vol. 5256. Springer, Berlin, pp 238–257Google Scholar
  33. 33.
    Mehta, F.: Proofs for the Working Engineer. PhD thesis, ETH Zurich (2008)Google Scholar
  34. 34.
    Morgan, C., Hoang, T.S., Abrial, J.-R.: The challenge of probabilistic Event-B—extended abstract. In: Treharne, H., King, S., Henson, M.C., Schneider, S.A. (eds.) ZB 2005: Formal Specification and Development in Z and B, 4th International Conference of B and Z Users. Lecture Notes in Computer Science, vol. 3455, pp. 162–171. Springer, Berlin (2005)Google Scholar
  35. 35.
    Nipkow T. (2003) Structured Proofs in Isar/HOL. In: Geuvers H., Wiedijk F. (eds) Types for Proofs and Programs (TYPES 2002). LNCS, vol. 2646. Springer, Berlin, pp 259–278CrossRefGoogle Scholar
  36. 36.
    Paulson L.C. (1994) Isabelle: A Generic Theorem Prover. Lecture Notes in Computer Science, vol. 828. Springer, BerlinGoogle Scholar
  37. 37.
    Saaltink, M.: The Z/EVES system. In: Bowen, J.P., Hinchey, M.G., Till, D. (eds.) ZUM ’97: The Z Formal Specification Notation, 10th International Conference of Z Users. Lecture Notes in Computer Science, vol. 1212, pp. 72–85. Springer, Berlin (1997)Google Scholar
  38. 38.
    Snook C.F., Butler M.J. (2006) UML-B: Formal modeling and design aided by UML. ACM Trans. Softw. Eng. Methodol 15(1): 92–122CrossRefGoogle Scholar
  39. 39.
    Spivey J.M. (1992) The Z Notation: A Reference Manual, International Series in Computer Science, 2nd edn. Prentice-Hall, New YorkGoogle Scholar
  40. 40.
    Winterstein, D., Aspinall, D., Lüth, C.: Proof general/eclipse: A generic interface for interactive proof. In: IJCAI, pp. 1587–1588 (2005)Google Scholar

Copyright information

© Springer-Verlag 2010

Authors and Affiliations

  • Jean-Raymond Abrial
    • 1
  • Michael Butler
    • 2
  • Stefan Hallerstede
    • 3
  • Thai Son Hoang
    • 4
  • Farhad Mehta
    • 5
  • Laurent Voisin
    • 6
  1. 1.MarseilleFrance
  2. 2.University of SouthamptonHampshireUK
  3. 3.Heinrich-Heine-Universität DüsseldorfDüsseldorfGermany
  4. 4.ETH ZürichZurichSwitzerland
  5. 5.Systransis LtdZugSwitzerland
  6. 6.SysterelAix-En-ProvenceFrance

Personalised recommendations