Code generation for Event-B

  • Víctor Rivera
  • Néstor Cataño
  • Tim Wahls
  • Camilo Rueda
Regular Paper
First Online:

Abstract

Event-B is a modelling language and a formal methods approach for correct construction of software. This paper presents our work on code generation for Event-B, including the definition of a syntactic translation from Event-B to JML-annotated Java programs, the implementation of the translation as the EventB2Java tool, and two case studies on the use of EventB2Java. The first case study is on implementing an Android application with the aid of the EventB2Java tool, and the second on testing an Event-B specification of the Tokeneer security-critical system. Additionally, we have benchmarked our EventB2Java tool against two other Java code generators for Event-B.

Keywords

Android Code generation Event-B  Formal methods  Java JML EventB2Java Rodin  Tokeneer 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Abrial, J.-R.: Sequential program development: teaching resources (2009). http://deploy-eprints.ecs.soton.ac.uk/122/1/sld.ch15%2Cseq.pdf. Accessed March 2015
  2. 2.
    Abrial, J.-R.: Modeling in Event-B: System and Software Design. Cambridge University Press, New York (2010)CrossRefMATHGoogle Scholar
  3. 3.
    Abrial, J.-R., Butler, M., Hallerstede, S., Son Hoang, T., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Softw. Tools Technol. Transf. 12(6), 447–466 (2010)CrossRefGoogle Scholar
  4. 4.
    Abrial, J.-R., Hallerstede, S.: Refinement, decomposition and instantiation of discrete models: application to Event-B. Fundamentae Informatica 77(1,2), 1–24 (2007)MathSciNetMATHGoogle Scholar
  5. 5.
    Abrial, J.-R., Schuman, S., Meyer, B.: Specification language. In: McKeag, R., Macnaghten, A. (eds.) On the Construction of Programs, pp. 343–410. Cambridge University Press, Cambridge, UK (1980)Google Scholar
  6. 6.
    Back, R., Sere, K.: Stepwise refinement of action systems. Struct. Progr. 12, 17–30 (1991)Google Scholar
  7. 7.
    Barnes, J.: High Integrity Software: The SPARK Approach to Safety and Security. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)Google Scholar
  8. 8.
    Bernot, G., Gaudel, M., Marre, B.: Software testing based on formal specifications: a theory and a tool. Softw. Eng. J. 6(6), 387–405 (1991)CrossRefGoogle Scholar
  9. 9.
    Black, R.: Managing the Testing Process. Wiley Publishing Inc, Hoboken, NJ (2009)Google Scholar
  10. 10.
    Bouquet, F., Couchot, J., Dadeau, F., Giorgetti, A.: Instantiation of Parameterized Data Structures for Model-Based Testing. In: B’2007, the 7th International B Conference, vol. 4355 of LNCS, pp. 96–110. Springer (2007)Google Scholar
  11. 11.
    Bouquet, F., Dadeau, F., Groslambert, J.: Checking JML specifications with B machines. In: Proceedings of Formal Specification and Development in Z and B, vol. 3455 of Lecture Notes in Computer Science, pp. 435–454, Guildford, U.K. Springer (2005)Google Scholar
  12. 12.
    Bouquet, F., Dadeau, F., Groslambert, J.: JML2B: Checking JML specifications with B machines. In: Proceedings of B: Formal Specification and Development in B, vol. 4355 of Lecture Notes in Computer Science, pp. 285–288. Springer, Berlin/Heidelberg, Besanc̃on, France (2006)Google Scholar
  13. 13.
    Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, K., Poll, E.: An overview of JML tools and applications. Int. J. Softw. Tools Technol. Transf. 7(3), 212–232 (2005)CrossRefGoogle Scholar
  14. 14.
    Butler, M.: Decomposition Structures for Event-B. In: Proceedings of the 7th International Conference on Integrated Formal Methods, IFM ’09, pp. 20–38, Berlin, Heidelberg. Springer (2009)Google Scholar
  15. 15.
    Cataño, N., Rueda, C., Wahls, T.: A machine-checked proof for a translation of Event-B machines to JML. ArXiv e-prints (2013)Google Scholar
  16. 16.
    Cataño, N., Huisman, M.: Chase: a static checker for JML’s assignable clause. In: Zuck, L., Attie, P., Cortesi, A., Mukhopadhyay, S. (eds.) Verification, Model Checking, and Abstract Interpretation, vol. 2575 of Lecture Notes in Computer Science, pp. 26–40, New York, NY, USA. Springer (2003)Google Scholar
  17. 17.
    Cataño, N., Rueda, C.: Teaching formal methods for the unconquered territory. In: 2nd International Formal Methods Europe Conference on Teaching Formal Methods, Lecture Notes in Computer Science, The Netherlands. Springer (2009)Google Scholar
  18. 18.
    Cataño, N., Rueda, C.: Matelas: A Predicate Calculus Common Formal Definition for Social Networking. In: Frappier, M. (ed.) Proceedings of ABZ 2010, vol. 5977 of Lecture Notes in Computer Science, pp. 259–272, Québec, Canada. Springer, Berlin (2010)Google Scholar
  19. 19.
    Cataño, N., Wahls, T., Rueda, C., Rivera, V., Yu, D.: Translating B machines to JML specifications. In: 27th ACM Symposium on Applied Computing, Software Verification and Testing track (SAC-SVT), Trento, Italy. ACM (2012)Google Scholar
  20. 20.
    Cataño, N., Pestana, J., Rodrigues, R.: JFly: a JML-based strategy for incorporating formal specifications into the software development process. In: Barbosa, L., Correia, M.P. (eds.) Portuguese forum of Informatics (INFORUM). Braga, Portugal (2010)Google Scholar
  21. 21.
    Cavalcanti, A., Zeyda, F., Wellings, A., Woodcock, J., Wei, K.: Safety-critical Java programs from Circus models. Real-Time Syst. 49(5), 614–667 (2013)CrossRefMATHGoogle Scholar
  22. 22.
    Cok, D.: OpenJML: JML for Java 7 by Extending OpenJDK. In: NASA Formal Methods Symposium, pp. 472–479 (2011)Google Scholar
  23. 23.
    Damchoom, K.: An incremental refinement approach to a development of a flash-based file system in Event-B. Ph.D. thesis, University of Southampton (2010)Google Scholar
  24. 24.
    Edmunds, A., Butler, M.: Tool support for Event-B code generation. In: Workshop on Tool Building in Formal Methods, Québec, Canada. Wiley and Sons (2010)Google Scholar
  25. 25.
    Edmunds, A., Butler, M.: Tasking Event-B: an extension to Event-B for generating concurrent code. In: PLACES (2011)Google Scholar
  26. 26.
    Edmunds, A., Rezazedah, A.: Development of a heating controller system (2011). http://wiki.event-b.org/index.php/Development_of_a_Heating_Controller_System. Accessed March 2015
  27. 27.
    Filliâtre, J., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermann, H. (eds.) Conference on Computer-Aided Verification, vol. 4590 of Lecture Notes in Computer Science, pp. 173–177 (2007)Google Scholar
  28. 28.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley Longman Publishing Co., Inc., Boston (1995)MATHGoogle Scholar
  29. 29.
    Jin, D., Yang, Z.: Strategies of modeling from VDM-SL to JML. In: International Conference on Advanced Language Processing and Web Information Technology, pp. 320–323, Liaoning, China. IEEE Computer Society (2008)Google Scholar
  30. 30.
    Jones, C.: Systematic Software Development Using VDM. International Series in Computer Science, 2nd edn. Prentice Hall (1990)Google Scholar
  31. 31.
    The KeY Project, Integrated Deductive Software Design. http://www.key-project.org/. Accessed March 2015
  32. 32.
    Lamport, L.: A new solution of Dijkstra’s concurrent programming problem. Commun. ACM 17(8), 453–455 (1974)MathSciNetCrossRefMATHGoogle Scholar
  33. 33.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: a behavioral interface specification language for Java. ACM SIGSOFT 31(3), 1–38 (2006)CrossRefGoogle Scholar
  34. 34.
    Leuchel, M., Butler, M.: ProB: a model checker for B. In: Formal Methods Europe: Formal Methods, Lecture Notes in Computer Science, Pisa, Italy. Springer (2003)Google Scholar
  35. 35.
    Link, J.: Unit Testing in Java. M. Kaufmann (2003)Google Scholar
  36. 36.
    Locke, D., Andersen, B., Brosgoal, B., Fulton, M., Henties, T., Hunt, J., Nielsen, J., Schoeberl, M., Tokar, J., Vitek, J., Weillings, A.: Safety Critical Java Specification, version 0.78. Technical report, The Open Group (2010). http://jcp.org/aboutJava/communityprocess/edr/jsr302/index.html. Accessed March 2015
  37. 37.
    Méry, D., Singh, N.K.: Automatic code generation from Event-B models. In: Proceedings of the Second Symposium on Information and Communication Technology, SoICT. ACM (2011)Google Scholar
  38. 38.
    Meyer, B.: Applying “Design by Contract”. Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  39. 39.
    De Moura, L., Bjorner, N.: Z3: an efficient solver (2010). http://research.microsoft.com/en-us/um/redmond/projects/z3/. Accessed March 2015
  40. 40.
    Nielsen, J.: Usability Engineering. AP Professional, San Diego (1993)MATHGoogle Scholar
  41. 41.
    Ostroumov, S., Tsiopoulos, L.: VHDL code generation from formal Event-B models. In: Proceedings of the 14th Euromicro Conference on Digital System Design, Euromicro Conference on Digital System Design, pp. 127–134. IEEE Computer Society, Washington, DC (2011)Google Scholar
  42. 42.
    Padidar, S.: A study in the use of Event-B for system development from a software engineering viewpoint. Master’s thesis, University of Edinburgh (2010)Google Scholar
  43. 43.
    Rivera, V., Cataño, N.: The Social-Event Planner (2012). http://poporo.uma.pt/favas/Social-Event_Planner.html. Accessed March 2015
  44. 44.
    Rivera, V., Cataño, N.: Translating Event-B to JML-specified Java programs. In: ACM Symposium on Applied Computing, Software Verification and Testing track (SAC-SVT), South Korea (2014)Google Scholar
  45. 45.
    Sarshogh, M., Butler, M.: Specification and refinement of discrete timing properties in Event-B. Electron Commun. Eur. Assoc. Softw. Sci. Technol. 46 (2011)Google Scholar
  46. 46.
    Sarshogh, M., Butler, M.: Extending Event-B with discrete timing properties (2012). http://deploy-eprints.ecs.soton.ac.uk/401/1/Journal.pdf. Accessed March 2015
  47. 47.
    State-Machines and Code Generation (2012). http://wiki.event-b.org/index.php/State-Machines_and_Code_Generation. Accessed Aug 2013
  48. 48.
    Toom, A., Naks, T., Pantel, M., Gandriau, M., Indrawati: Gene-Auto: an Automatic code generator for a safe subset of Simulink/Stateflow and Scicos. In: Akadeemia, I.B., Krates, O.Ü., University of Toulouse IRIT-ENSEEIHT, F. Alyotech CRIL Technologies, Tallinn University of Technology (eds.) Embedded Real Time Software (2008)Google Scholar
  49. 49.
    Wellings, A.: Concurrent and Real-Time Programming in Java. Wiley & Sons, Hoboken, NJ (2004)Google Scholar
  50. 50.
    Woodcock, J., Davies, J.: Using Z: specification, refinement, and proof. In: International Series in Computer Science. Prentice-Hall Inc. (1996)Google Scholar
  51. 51.
    Wright, S.: Automatic Generation of C from Event-B. In: Workshop on Integration of Model-based Formal Methods and Tools, Nantes, France. Springer (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Víctor Rivera
    • 1
  • Néstor Cataño
    • 2
  • Tim Wahls
    • 3
  • Camilo Rueda
    • 2
  1. 1.The Software Engineering LabThe Innopolis UniversityKazanRussia
  2. 2.Department of Computer SciencePontificia Universidad JaverianaCaliColombia
  3. 3.Department of Mathematics and Computer ScienceDickinson CollegeCarlisleUSA

Personalised recommendations