Skip to main content
Download PDF

Automating Event-B invariant proofs by rippling and proof patching

Formal Aspects of Computing volume 31pages 95–129 (2019)Cite this article

Abstract

The use of formal method techniques can contribute to the production of more reliable and dependable systems. However, a common bottleneck for industrial adoption of such techniques is the needs for interactive proofs. We use a popular formal method, called Event-B, as our working domain, and set invariant preservation (INV) proofs as targets, because INV proofs can account for a significant proportion of the proofs requiring human interactions. We apply an inductive theorem proving technique, called rippling, for Event-B INV proofs. Rippling automates proofs using meta-level guidance. The guidance is in particular useful to develop proof patches to recover failed proof attempts. We are interested in the case when a missing lemma is required. We combine a scheme-based theory-exploration system, called IsaScheme [MRMDB10], with rippling to develop a proof patch via lemma discovery. We also develop two new proof patches to unfold operator definitions and to suggest case-splits, respectively. The combined use of rippling with these three proof patches as a proof method significantly improves the proof automation for our evaluation set.

References

  1. Abrial, J.-R., Butler, M.J., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT12(6), 447–466 (2010)

    Article  Google Scholar 

  2. Abrial, J.-R.: The B Book: assigning programs to meanings. Cambridge University Press, Cambridge (1996)

    Book  MATH  Google Scholar 

  3. Abrial J-R (2007) A system development process with Event-B and the Rodin platform. In: ICFEM, pp 1–3

  4. Abrial, J.-R.: Modeling in Event-B: system and software engineering. Cambridge University Press, Cambridge (2010)

    Book  MATH  Google Scholar 

  5. Arthan R, Jones RB. Z in HOL in ProofPower. BCS FACS FACTS, 2005-1

  6. Armando, A., Smaill, A., Green, I.: Automatic synthesis of recursive programs: the proof-planning paradigm. Autom Softw Eng6, 329–356 (1999)

    Article  Google Scholar 

  7. Bundy A, Basin D, Hutter D, Ireland A (2005) Rippling: meta-level guidance for mathematical reasoning, volume 56 of Cambridge tracts in theoretical computer science. Cambridge University Press

  8. Bryans JW, Fitzgerald JS, McCutcheon T (2011) Refinement-based techniques in the analysis of information flow policies for dynamic virtual organisations. In: Camarinha-Matos LM, Pereira-Klen A, Afsarmanesh H (eds) Adaptation and value creating collaborative networks. Springer, pp 314–321

  9. Butler M, Hallerstede S (2007) The Rodin formal modelling tool. In:BCS-FACS

  10. Blanchette JC, Paulson LC (2018) Hammering Away. A User’s Guide to Sledgehammer for Isabelle/HOL. http://isabelle.in.tum.de/dist/doc/sledgehammer.pdf

  11. Bundy A (1998) A science of reasoning. In: International conference on automated reasoning with analytic tableaux and related methods

  12. The Deploy project.http://www.deploy-project.eu/index.html. Accessed 2 Feb 2018

  13. Dixon L, Fleuriot JD (2003) IsaPlanner: a prototype proof planner in Isabelle. In: CADE

  14. Déharbe D, Fontaine P, Guyot Y, Voisin L (2012) SMT solvers for rodin. In: ABZ, pp 194–207

  15. Dixon L (2005) A proof planning framework for Isabelle. Ph.D. thesis, School of Informatics, University of Edinburgh

  16. Event-B and Rodin Documentation Wiki. Provers for Rodin.http://handbook.event-b.org/current/html/atelier_b_provers. Accessed 28 Feb 2015

  17. Grov G, Kissinger A, Lin Y (2013) A graphical language for proof strategies. In:LPAR, pp 324–339. Springer

  18. Grov G, Lin Y (2017) The Tinker tool for graphical tactic development. Int J Softw Tools Technol Transf 1–17

  19. Hetzl S (2016) Why does induction require cut? Accessed 13 Aug 2016

  20. Heras J, Komendantskaya E, Johansson M, Maclean E (2013) Proof-pattern recognition and lemma discovery in ACL2. In: Logic for programming, artificial intelligence, and reasoning. Springer, pp 389–406

  21. Ireland, A., Bundy, A.: Productive use of failure in inductive proof. J Autom Reason16(1–2), 79–111 (1996)

    MathSciNet  Article  MATH  Google Scholar 

  22. Ireland A, Grov G, Butler M (2010) Reasoned modelling critics: turning failed proofs into modelling guidance. In: ABZ, pp 189–202. Springer

  23. Johansson, M., Dixon, L., Bundy, A.: Conjecture synthesis for inductive theories. J Autom Reason47(3), 251–289 (2011)

    MathSciNet  Article  MATH  Google Scholar 

  24. Jones, C.B.: Systematic software development using VDM, 2nd edn. Prentice Hall, Upper Saddle River (1990)

    MATH  Google Scholar 

  25. Johansson M, Rosén D, Smallbone N, Claessen K (2014) Hipster: integrating theory exploration in a proof assistant.In: CoRR, arXiv:1405.3426

  26. Lamport, L.: Specifying systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley Longman Publishing Co., Inc, Boston (2002)

    Google Scholar 

  27. Lin Y, Bundy A, Grov G (2012) The use of rippling to automate Event-B invariant preservation proofs. In: NASA formal methods, pp 231–236

  28. Lin Y (2015) The use of rippling to automate Event-B invariant preservation proofs. Ph.D. thesis

  29. Liang Y, Lin Y, Grov G (2016) `the Tinker' for Rodin. In: ABZ. Springer, pp 262–268

  30. Loomes M, Woodcock JCP (1988) Software engineering mathematics: formal methods demystified

  31. Montano-RivasO, McCasland RL, Dixon L, Bundy A (2010) Scheme-based synthesis of inductive theories. In: MICAI, pp 348–361

  32. Paper source webpage for POPPA.http://www.sites.google.com/site/evalpoppa/. Accessed 4 Feb 2018

  33. Paulson LC (1994) Isabelle: a generic theorem prover, volume 828 ofLNCS. Springer

  34. Rodin Proof Tactics. Functional overriding in goal.http://wiki.event-b.org/index.php/Rodin_Proof_Tactics. Accessed 2 Feb 2018

  35. Schmalz M (2012) Formalizing the logic of Event-B. Partial functions, definitional extensions, and automated theorem proving. Ph.D. thesis, ETH Zurich

  36. Woodcock, J., Davies, J.: Using Z: specification, refinement, and proof. Prentice Hall, London (1996)

    MATH  Google Scholar 

  37. Wright S (2009) Formal construction of instruction set architectures. Ph.D. thesis, University of Bristol, UK

Download references

Acknowledgements

This work is supported by EPSRC Grants EP/H024204/1, EP/E005713/1, EP/M018407/1 and EP/J001058/1.We warmly thank OmarMontano Rivas for his support on IsaScheme.We also thank anonymous referees for their helpful suggestions.

Author information

Authors and Affiliations

  1. School of Informatics, University of Edinburgh, Edinburgh, UK

    Yuhui Lin, Alan Bundy & Ewen Maclean

  2. School of Computer Science, University of St Andrews, St Andrews, UK

    Yuhui Lin

  3. Norwegian Defence Research Establishment(FFI), Kjeller, Norway

    Gudmund Grov

  4. School of Mathematical and Computer Sciences, Heriot-Watt University, Edinburgh, UK

    Yuhui Lin & Gudmund Grov

Authors
  1. Yuhui Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alan Bundy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gudmund Grov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ewen Maclean
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuhui Lin.

Additional information

Communicated by Michael Butler

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

OpenAccess This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Lin, Y., Bundy, A., Grov, G. et al. Automating Event-B invariant proofs by rippling and proof patching. Form Asp Comp 31, 95–129 (2019). https://doi.org/10.1007/s00165-018-00476-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-018-00476-7

Keywords

  • Formal verification
  • Event-B
  • Automated reasoning
  • Rippling
  • Lemma conjecturing