Interpreting Invariant Composition in the B Method Using the Spec# Ownership Relation: A Way to Explain and Relax B Restrictions

  • Sylvain Boulmé
  • Marie-Laure Potet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4355)


In the B method, the invariant of a component cannot be violated outside its own operations. This approach has a great advantage: the users of a component can assume its invariant without having to prove it. But, B users must deal with important architecture restrictions that ensure the soundness of reasonings involving invariants. Moreover, understanding how these restrictions ensure soundness is not trivial. This paper studies a meta-model of invariant composition, inspired from the Spec# approach. Basically, in this model, invariant violations are monitored using ghost variables. The consistency of assumptions about invariants is controlled by very simple proof obligations. Hence, this model provides a simple framework to understand B composition rules and to study some conservative extensions of B authorizing more architectures and providing more control on components initialization.


Smart Card Static Ownership Generalize Substitution Local Operation Proof Obligation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.R.: The B-Book. Cambridge University Press, Cambridge (1996)MATHCrossRefGoogle Scholar
  2. 2.
    Behm, P., et al.: Météor: A Successful Application of B in a Large Project. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 348–387. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Badeau, F., Amelot, A.: Using B in a High Level Programming Language in an Industrial Project: Roissy VAL. In: Treharne, H., King, S., C. Henson, M., Schneider, S. (eds.) ZB 2005. LNCS, vol. 3455, Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Büchi, M., Back, R.: Compositional Symmetric Sharing in B. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6), 27–56 (2004)CrossRefGoogle Scholar
  7. 7.
    Barnett, M., Naumann, D.A.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    ClearSy. Le Langage B. Manuel de reference, version 1.8.5. ClearSy (2002)Google Scholar
  9. 9.
    Dollé, D., Essamé, D., Falampin, J.: B à Siemens Transportation Systems- Une expérience industrielle. In: Développement rigoureux de logiciel avec la méthode B, vol. 22, Technique et Science Informatiques (2003)Google Scholar
  10. 10.
    Dijkstra, E.W.: A discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)MATHGoogle Scholar
  11. 11.
    Gries, D., Prins, J.: A New Notion of Encapsulation. In: Proc. of Symp. on Languages Issues in Programming Environments, SIGLPAN (1985)Google Scholar
  12. 12.
    Habrias, H.: Spécification formelle avec B. Hermès Science (2001)Google Scholar
  13. 13.
    Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1, 271–281 (1972)MATHCrossRefGoogle Scholar
  14. 14.
    Leavens, G., Baker, A., Ruby, C.: JML: A notation for detailed design. In: Behavioral Specifications of Businesses and Systems, Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  15. 15.
    Leavens, G., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical report, TR 98-06i, Iowa State University (2000)Google Scholar
  16. 16.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–516. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Lanet, J.-L., Requet, A.: Formal Proof of Smart Card Applets Correctness. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Meyer, B.: Object-Oriented Construction. Prentice-Hall, Englewood Cliffs (1988)Google Scholar
  19. 19.
    Morgan, C., Gardiner, P.H.B.: Data Refinement by Calculation. Acta Informatica 27(6), 481–503 (1990)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Sun Microsystems. Java CardTM 2.2 Off-Card Verifier. Tech. report, Sun microsystems, 901 San Antonio Road, Palo Alto, CA 94303 USA (June 2002)Google Scholar
  21. 21.
    Müller, P., Poetzsch-Heffer, A., Leavens, G.T.: Modular Invariants for Layered Object Structures. Science of Computer Programming (2006)Google Scholar
  22. 22.
    Naumann, D.A., Barnett, M.: Towards imperative modules: Reasoning about invariants and sharing of mutable state. In: LICS 2004, IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  23. 23.
    Potet, M.-L.: Spécifications et développements formels: Etude des aspects compositionnels dans la méthode B. Habilitation à  diriger des  recherches, Institut National Polytechnique de Grenoble (décembre 5, 2002)Google Scholar
  24. 24.
    Sabatier, D., Lartigue, P.: The Use of the B method for the Design and the Validation of the Transaction Mechanism for smart Card Applications. Formal Methods in System Design 17(3), 245–272 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sylvain Boulmé
    • 1
  • Marie-Laure Potet
    • 1
  1. 1.LSR-IMAGGrenobleFrance

Personalised recommendations