#### DMCA

## Automatic refinement checking for B (2005)

### Cached

### Download Links

- [eprints.ecs.soton.ac.uk]
- [eprints.soton.ac.uk]
- [rodin.cs.ncl.ac.uk]
- [rodin.cs.ncl.ac.uk]
- [www.stups.uni-duesseldorf.de]
- DBLP

### Other Repositories/Bibliography

Venue: | Proceedings ICFEM’05, LNCS 3785 |

Citations: | 17 - 8 self |

### Citations

3192 | Model Checking
- Clarke, Grumberg, et al.
- 1996
(Show Context)
Citation Context ...y delaying the enumeration of variables as long as possible. ProB comprises various visualization facilities [18] to display the state space in a user-friendly way. ProB also contains a model checker =-=[9]-=- which tries to find a sequence of operations that, starting from an initial state, leads to a state which violates the invariant (or exhibits some other error, such as deadlocking, assertion violatio... |

747 |
The Theory and Practice of Concurrency
- Roscoe
- 1997
(Show Context)
Citation Context ...finement via semi-automatic proof (within Atelier-B [24], the B-Toolkit [19], and now also Click’n Prove[3]), there has been up to now no automatic refinement checker in the style of FDR [12] for CSP =-=[15, 21]-=-. The proof-based approach to refinement checking requires that a gluing invariant be provided. In contrast, with our automatic approach no gluing invariant needs ⋆ This research is being carried out ... |

235 | XSB as an efficient deductive database engine
- Sagonas, Swift, et al.
- 1994
(Show Context)
Citation Context ...he second implementation has been done in XSB Prolog. The code of the XSB refinement checker is almost identical, but instead of using a Prolog fact database it uses XSB’s efficient tabling mechanism =-=[22]-=-. As we will see later, this implementation is faster than the SICStus Prolog one, but the overhead of starting up a new XSB Prolog process and loading the states space is only worth the effort for la... |

195 |
The B-Book
- Abrial
(Show Context)
Citation Context ...ic Programming, Constraints. 1 Introduction The B-method is a well-established theory and methodology for the rigorous development of computer systems and programs. B was originally devised by Abrial =-=[1]-=- and has been applied to a wide range of safety-critical applications. B is based on the notion of abstract machine. The variables of an abstract machine are typed using set theoretic constructs such ... |

134 | ProB: A Model Checker for B
- Leuschel, Butler
- 2003
(Show Context)
Citation Context ...ing and present an algorithm which is at the heart of an automatic refinement checker. This new refinement checker has been implemented and integrated within the ProB validation tool for the B method =-=[16]-=-. At the heart of ProB is a fully automatic animator implemented mainly in SICStus Prolog. The undecidability of animating B is overcome in ProB by restricting animation to finite sets and integer ran... |

93 |
Data refinement refined
- He, Hoare, et al.
- 1986
(Show Context)
Citation Context ... be the abstract and concrete initial states respectively and AOP and COP stand for corresponding abstract and concrete operations. The usual relational definition of forward simulation is as follows =-=[14]-=-: – Every initial concrete state must be related to some initial abstract state: c ∈ CI =⇒ ∃a ∈ AI · c R a – If states are linked and the concrete one enables an operation, then the abstract state sho... |

87 |
Introducing dynamic constraints in b
- Abrial, Mussat
- 1998
(Show Context)
Citation Context ...precondition. ProB supports guards but not preconditions 4 . If we ignore precon4 The B syntax supported by ProB allows preconditions, but they are treated as guards. The more recent Event B approach =-=[4]-=- supports guards but not preconditions. 4sditions but allow for guards, then all B operations have a normal form defined by a predicate P relating before state v and after state v ′ as follows [1, Cha... |

67 | Infinite state model checking by abstract interpretation and program specialisation
- Leuschel, Massart
- 1999
(Show Context)
Citation Context ... Conclusion The idea of using (tabled) logic programming for verification is not new. The inspiration for the current refinement checker came from the earlier developed CTL model checker presented in =-=[17]-=-. Another related work is [5], which presents a bisimulation checker written in XSB Prolog. In future, we plan to extend the refinement checker to also allow on-the-fly expansion of the abstract state... |

37 | An approach to the design of distributed systems with B AMN
- Butler
- 1997
(Show Context)
Citation Context ...e these using the semi-automatic provers of those systems. If the proof obligations are all proven, every execution sequence performed by the refinement machine can be matched by the abstract machine =-=[8]-=-. Automatic refinement checkers work directly on the execution sequences and try to disprove refinement by finding traces that can be performed by the refinement machine but not by the specification. ... |

36 |
A single complete rule for data refinement
- Gardiner, Morgan
- 1993
(Show Context)
Citation Context ...tion of nondeterminism in operations so that forward simulation is sufficient in most cases. A single complete form of simulation can be defined by enriching the gluing structure. Gardiner and Morgan =-=[13]-=- have developed a single complete simulation rule by using a predicate transformer for the gluing structure. Such a predicate transformer characterises a function from sets of abstract states to sets ... |

33 | Combining CSP and B for specification and property verification
- Butler, Leuschel
- 2005
(Show Context)
Citation Context ...ver.mch* 0.07 s 14 Counter examples found: scheduler1.ref scheduler0.mch* 0.06 s 9 m1.ref m0.mch* 0.05 s 2 m2.ref m1.ref * 0.07 s 2 m3.ref m2.ref * 0.08 s 2 13sApplication to B and CSP In recent work =-=[7]-=- we have shown how to combine B and CSP for specification purposes (a specification is partly written in B and partly in CSP) or for property checking of B machines (the CSP is used as a temporal prop... |

32 | XMC: A Logic-Programming-Based Verification Toolset
- Ramakrishnan, Ramakrishnan, et al.
- 2000
(Show Context)
Citation Context ... implemented in [9]. All this opens up new possibilities for validation. 7 Related and Future Work, and Conclusion The idea of using (tabled) logic programming for verification is not new (see, e.g., =-=[18]-=-). The inspiration for the current refinement checker came from the earlier developed CTL model checker presented in [15]. Another related work is [3], which presents a bisimulation checker written in... |

31 |
D.: Click’n prove: Interactive proofs within set theory
- Abrial, Cansell
- 2003
(Show Context)
Citation Context ...hen be automatically translated into executable code. While there is tool support for proving refinement via semi-automatic proof (within Atelier-B [24], the B-Toolkit [19], and now also Click’n Prove=-=[3]-=-), there has been up to now no automatic refinement checker in the style of FDR [12] for CSP [15, 21]. The proof-based approach to refinement checking requires that a gluing invariant be provided. In ... |

18 | Communication B machines
- Treharne, Schneider
- 2002
(Show Context)
Citation Context ... from process algebra, especially CSP [15]. Although event traces are not part of the standard semantic definitions in B, many authors have made the link between B machines and event traces including =-=[8, 10, 23]-=-. For a B operation of the form X ←− op(Y ) ˆ=S, we regard execution of operation op with input value a resulting in output value b as corresponding to the occurrence of event op.a.b. An event trace i... |

17 | Symbolic Bisimulation using Tabled Constraint Logic Programming
- Mukund, Ramakrishnan, et al.
- 2000
(Show Context)
Citation Context ...(tabled) logic programming for verification is not new. The inspiration for the current refinement checker came from the earlier developed CTL model checker presented in [17]. Another related work is =-=[5]-=-, which presents a bisimulation checker written in XSB Prolog. In future, we plan to extend the refinement checker to also allow on-the-fly expansion of the abstract state space. We also wish to move ... |

14 |
Visualizing larger state spaces in ProB
- Leuschel, Turner
- 2005
(Show Context)
Citation Context ... by restricting animation to finite sets and integer ranges, while efficiency is achieved by delaying the enumeration of variables as long as possible. ProB comprises various visualization facilities =-=[18]-=- to display the state space in a user-friendly way. ProB also contains a model checker [9] which tries to find a sequence of operations that, starting from an initial state, leads to a state which vio... |

10 | Model checking object Petri nets in Prolog
- Farwer, Leuschel
- 2004
(Show Context)
Citation Context ...CSP process. We can also check whether a combined B/CSP specification is a refinement of another combined specification. One can even use other formalisms, such as Object Petri nets as implemented in =-=[11]-=-. All this opens up new possibilities for validation. 7 Related and Future Work, and Conclusion The idea of using (tabled) logic programming for verification is not new. The inspiration for the curren... |

7 |
Process refinement in
- Dunne, Conroy
(Show Context)
Citation Context ... from process algebra, especially CSP [15]. Although event traces are not part of the standard semantic definitions in B, many authors have made the link between B machines and event traces including =-=[8, 10, 23]-=-. For a B operation of the form X ←− op(Y ) ˆ=S, we regard execution of operation op with input value a resulting in output value b as corresponding to the occurrence of event op.a.b. An event trace i... |

6 |
Case study of a complete reactive system in Event-B: a mechanical press controller, tutorial 3 of ZB’2005
- Abrial
- 2005
(Show Context)
Citation Context ...ve conducted a series of experiments with various models. As well as using the scheduler example from Section 2, we have experimented with a much larger development of a mechanical by press by Abrial =-=[2]-=-. The development of the mechanical press started from a very abstract model and went through several refinements. The final model contained “about 20 sensors, 3 actuators, 5 clocks, 7 buttons, 3 oper... |

3 |
A comparison of refinement orderings and their associated simulation rules
- Bolton, Davies
- 2002
(Show Context)
Citation Context ... the actual time spent on compiling the CSP specification. 12s6 Extensions Singleton Failures We have extended our refinement checking algorithm to also check singleton failure refinement (see, e.g., =-=[6]-=-). A singleton failure trace is a pair consisting of a trace t as defined earlier and either the empty set or singleton set containing a single operation F (with arguments). The intuitive meaning of (... |

3 |
Checking Z data refinement using an animation tool
- Robinson
- 2002
(Show Context)
Citation Context ...r extension to our approach would be to check whether a gluing invariant provided by the user can be satisfied. This is the approach taken by Robinson for Z refinement using the Possum animation tool =-=[20]-=-. To improve the scalability we are also looking at symbolic state space reduction techniques. We have presented the first automatic refinement checker for B. The checker is implemented within ProB an... |

2 |
user and reference manuals
- Atelier
- 1997
(Show Context)
Citation Context ...dually refine it into an implementation, which can then be automatically translated into executable code. While there is tool support for proving refinement via semi-automatic proof (within Atelier-B =-=[24]-=-, the B-Toolkit [19], and now also Click’n Prove[3]), there has been up to now no automatic refinement checker in the style of FDR [12] for CSP [15, 21]. The proof-based approach to refinement checkin... |