Abstract
This article deals with the use of two verification approaches: theorem proving and model checking. We focus on the Event-B method by using its associated theorem proving tool (Click_n_Prove), and on the language TLA+ by using its model checker TLC. By considering the limitation of the Event-B method to invariance properties, we propose to apply the language TLA+ to verify liveness properties on a software behavior. We extend first the expressivity and the semantics of a B model (called temporal B model) to deal with the specification of fairness and eventuality properties. Second, we give transformation rules from a temporal B model into a TLA+ module. We present in particular, our prototype system called B2TLA+, that we have developed to support this transformation; then we can verify these properties thanks to the model checker TLC on finite state systems. For the verification of infinite-state systems, we propose the use of the predicate diagrams. We illustrate our approach on a case study of a parcel sorting system.
- Abrial, J.-R. 1996. Extending B without changing it (for developing distributed systems). In Proceedings of the 1st Conference on the B Method, H. Habrias, Ed. 169--191.Google Scholar
- Abrial, J.-R. 2000. Event driven circuit construction. MATISSE project.Google Scholar
- Abrial, J.-R. and Cansell, D. 2007. Click’n’prove within set theory. In Theorem Proving in Higher Order Logics Lecture Notes in Computer Science, vol. 2758.Google Scholar
- Abrial, J.-R. and Laffitte, G. 1996. Higher-order mathematics in B. In Proceedings of the 2nd International Conference of B and Z Users on Formal Specification and Development in Z and B. Google Scholar
Digital Library
- Abrial, J.-R. and Mussat, L. 1997. Specification and design of a transmission protocol by successive refinements using B. In Mathematical Methods in Program Development, M. Broy and B. Schieder Eds., NATO ASI Series F: Computer ans Systems Sciences, vol. 158. Springer, 129--200.Google Scholar
- Abrial, J.-R. and Mussat, L. 1998. Introducing dynamic constraints in B. In Proceedings of the 2nd International B Conference, D. Bert Ed., Lecture Notes in Computer Science, vol. 1393, Springer, 83--128. Google Scholar
Digital Library
- Archer, M., Vito, B., and Munoz, C. 2003. Developing user strategies in pvs: A tutorial. In Proceedings of the STRATA.Google Scholar
- Arkoudas, K., Khurshid, S., Marinov, D., and Rinard, M. 2003. Integrating model-checking and theorem-proving for relational reasoning. In Proceedings of the 7th International Seminar on Relational Methods in Computer Science, Lecture Notes in Computer Science, vol. 3015, Springer, 21--33.Google Scholar
- Back, R.-J. 1990. Refinement calculus, part II: Parallel and reactive programs. In Stepwise Refinement of Distributed Systems. Lecture Notes in Computer Science, vol. 430, Springer-Verlag. Google Scholar
Digital Library
- Back, R.-J. and Sere, K. 1989. Stepwise refinement of action systems. In Mathematics of Program Construction. Springer, 115--138. Google Scholar
Digital Library
- Back, R.-J. and von Wright, J. 1998. Refinement Calculus: A Systematic Introduction. Graduate Texts in Computer Science. Springer-Verlag. Google Scholar
Digital Library
- Barradas, H.-R. and Bert, D. 2002. Specification and proof of liveness properties under fairness assumptions in B event systems. In Proceedings of the International Conference on Integrated Formal Methods 360--379. Google Scholar
Digital Library
- Bellegarde, F., Chouali, S., and Julliand, J. 2002. Verification of dynamic constraints for B event systems under fairness assumptions. In Proceedings of the 2nd International Conference of B and Z Users. Lecture Notes in Computer Science, vol. 2272, Springer-Verlag. Google Scholar
Digital Library
- Bert, D. and Cave, F. 2000. Construction of finite labelled transistion systems from B abstract systems. In Proceedings of the International Conference on Integrated Formal Methods. 235--254. Google Scholar
Digital Library
- Cansell, D., Mery, D., and Merz, S. 2001a. Diagram refinements for the design of reactive systems. J. Univ. Comput. Sci. 7, 2, 159--174.Google Scholar
- Cansell, D., Mery, D., and Merz, S. 2001b. Formal analysis of a self-stabilizing algorithm using predicate diagrams. In Proceedings of the Workshop on Integrating Diagrammatic and Formal Specification Techniques.Google Scholar
- Chandy, K.-M. and Misra, J. 1989. Parallel Program Design. Addison-Wesley. Google Scholar
Digital Library
- Clarke, E., Grumberg, O., and Peled, D. 1999. Model-Checking. MIT Press. Google Scholar
Digital Library
- Clarke, E. M. 1994. Automatic verification of finite-state concurrent systems. In Application and Theory of Petri Nets. Google Scholar
Digital Library
- Clarke, E. M. 1997. Temporal logic model-checking (abstract). In Proceedings of the International Symposium on Logic Programming. Google Scholar
Digital Library
- Clarke, E. M., Emerson, E. A., and Sistla, A. P. 1986. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Prog. Lang. Syst. 8, 244--263. Google Scholar
Digital Library
- Clarke, E. M., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2001. Progress on the state explosion problem in model-checking. In Informatics---10 Years Back, 10 Years Ahead. Lecture Notes in Computer Science. vol. 2000, 176--194. Google Scholar
Digital Library
- Clearsy. 2004. B4free. Technical Note Version B3.7, Aix-en-Provence(F).Google Scholar
- Dijkstra, E. 1975. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18, 8, 453--457. Google Scholar
Digital Library
- Dijkstra, E. 1976. A Discipline of Programming. Prentice-Hall, Englewood Cliffs, N. J., Chapter 14. Google Scholar
Digital Library
- Dijkstra, E. and Schweten, C. 1990. Predicate Calculus and Program Semantics. Springer. Google Scholar
Digital Library
- Dijkstra, R.-M. 1995. An experiment with the use of predicate transformers in UNITY. Inf. Process. Lett. 53, 6, 329--332. Google Scholar
Digital Library
- Fejoz, L., Mery, D., and Merz, S. 2005. DIXIT: A graphical toolkit for predicate abstractions. In Proceedings of the International Workshop on Automated Verification of Infinite-State Systems.Google Scholar
- Hoare, C. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10, 576--585. Google Scholar
Digital Library
- Holzmann, G. 2003. Trends in software verification. In Proceedings of the Formal Methods Europe Conference.Google Scholar
Cross Ref
- Julliand, J., Masson, P.-A., and Mountassir, H. 1999. Modular verification of dynamic properties for reactive systems. In Proceedings of the International Conference on Integrated Formal Methods. 89--108. Google Scholar
Digital Library
- Kaltenbach, M. 1994. Model-checking for UNITY. Tech. rep. CS-TR-94-31, University of Texas at Austin, Department of Computer Sciences. Google Scholar
Digital Library
- Kaufmann, M. and Moore, J. 2004. Some key research problems in automated theorem-proving for hardware and software verification. Proc. RAMSAC 98, 181--196.Google Scholar
- Lamport, L. 1994. The temporal logic of actions. ACM Trans. Prog. Lang. Syst. 16, 3, 872--923. Google Scholar
Digital Library
- Lamport, L. 2002. Specifying Systems, The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley. Google Scholar
Digital Library
- Lamport, L. and Yu, Y. 2003. Tlc: The tla+ model checker. Tech. rep., Microsoft Research.Google Scholar
- Leuschel, M. and Butler, M. 2003. ProB: A model checker for B. In Proceedings of the International Symposium of Formal Methods. Lecture Notes in Computer Science, vol. 2805, Springer, 855--874.Google Scholar
Cross Ref
- Manna, Z. and Pnueli, A. 1992. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer. Google Scholar
Digital Library
- Manna, Z., et al. 1994. STeP: The Stanford Temporal Prover. Tech. rep. CS-TR-94-1518, Stanford University, Department of Computer Science. June. ftp://elib.stanford.edu/pub/reports/cs/tr/94/1518/CS-TR-94-1518.ps. Google Scholar
Digital Library
- Masson, P.-A., Mountassir, H., and Julliand, J. 2000. Modular verification for a class of PLTL properties. In Proceedings of the International Conference on Integrated Formal Methods. 398--419. Google Scholar
Digital Library
- Méry, D. and Mokkedem, A. 1992. Crocos: An integrated environment for interactive verification of SDL specifications. In Proceedings of the 4th International Computer Aided Verification Conference. 343--356. Google Scholar
Digital Library
- Méry, D. and Petin, J.-F. 1998. Formal engineering methods for modelling and verification of control systems. In Proceedings of the 9th Symposium On Information Control in Manufacturing (INCOM’98). G. Morel and F. Vernadat Eds.Google Scholar
- Mosbahi, O. 2008. A formal development approach of automated systems. PhD thesis, LORIA-Campus Scientifique, France.Google Scholar
- Pnueli, A. 1977. The temporal logic of programs. In Proceedings of the 18th Annual Symposium on Foundations of Computer Science. 46--57. Google Scholar
Digital Library
- Shankar, N. 2000. Combining theorem-proving and model-checking through symbolic analysis. In Proceedings of the 11th International Coference on Concurrency Theory. Lecture Notes in Computer Science, vol. 1877, Springer, 1--16. Google Scholar
Digital Library
- Spivey, J.-M. 1988. Understanding Z, A Specification Language and its Formal Semantics. Tracts in Theoretical Computer Science 3. Cambridge University Press. Google Scholar
Digital Library
Index Terms
Combining Formal Methods for the Development of Reactive Systems
Recommendations
A formal approach for the development of reactive systems
Context: This paper deals with the development and verification of liveness properties on reactive systems using the Event-B method. By considering the limitation of the Event-B method to invariance properties, we propose to apply the language TLA^+ to ...
Combining formal methods for the development of reactive systems
This paper deals with the use of two verification approaches: theorem proving and model checking. We focus on the Event-B method by using its associated theorem proving tool (Click_n_Prove), and on the language TLA +< small>< sup> by using its model ...
Verifying security properties of internet protocol stacks: The split verification approach
We propose a novel method to construct user-space internet protocol stacks whose security properties can be formally explored and verified. The proposed method allows construction of protocol stacks using a C++ subset. We define a formal state-...






Comments