Dominique Méry

Formal derivation of spanning trees algorithms

Graphs algorithms and graph-theoretical problems provide a challenging battle field for the incremental development of proved models. The B event-based approach implements the incremental and proved development of abstract models which are translated into algorithms; we focus our methodology on the minimum spanning tree problem and on Prims algorithm. The correctness of the resulting solution is based on properties over trees and we show how the greedy strategy is efficient in this case. We compare properties proven mechanically to the properties found in a classical algorithms textbook.

Incremental Proof of the Producer/Consumer Property for the PCI Protocol

We present an incremental proof of the producer/consumer property for the PCI protocol. In the incremental proof, a corrected model of the multibus PCI 2.1 protocol is shown to be a refinement of the producer/consumer property. Multi-bus PCI must be corrected because the original PCI specification violates the producer/consumer property. The final model of PCI includes transaction types and reordering along with the completion mechanism for delayed PCI transactions. Verification results include multiple concurrent sessions of the producer/consumer property in a family of topologically isomorphic network configurations. The remaining configurations are identified and left for future work. In contrast to previous case studies involving this problem [13,15], the incremental proof provides structure which simplifies otherwise difficult monolithic proof attempts.

Crocos: An Integrated Environment for Interactive Verification of SDL Specifications

We are interested by proofs of concurrent programs properties, such as invariance and eventuality. They are connected with execution of a program, and, in order to discuss them, we introduce an operational model of the language and show that the deductive system is consistent with respect to it. The studied language is a selected subset of the SDL language. A system for computer-aided reasoning on programs is derived as follows: we implement the deductive system in Isabelle [24] and then integrate it into a programming environment developed under Concerto namely Crocos [19]. The prover proceeds in an interactive way in which the users intervention may be required at several stages of the proof derivation.

A Stuttering Closed Temporal Logic for Modular Reasoning about Concurrent Programs

A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under W-stuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarser-grained program by a finer-grained one, turn out to be easily practicable in the setting of the new temporal logic.

A Proof Environment for Concurrent Programs

Unity [CM88, Mer92, Kna90], as action systems approach [BS91], is a formal method that attempts to decouple a program from its implementation. Therefore, Unity separates logical behaviour from implementation, it provides predicates for specifications, and proof rules for deriving specifications directly from the program text. This type of proof strategy is often clearer and more succinct than argument about a programs operational behaviour. Our research fits into Unitys methodology. Its aims to develop a proof environment suitable for mechanical proof of concurrent programs. This proof is based on Unity [CM88], and may be used to specify and verify both safety and liveness properties. Our verification method is based on theorem proving, so that an axiomatization of the operational semantics is needed. We use Dijkstras wp-calculus to formalize the Unity logic, so we can always derive a sound relationship between the operational semantics of a given Unity specification and the axiomatic one from which theorems in our logic will be derived.

Proof-Oriented Fault-Tolerant Systems Engineering: Rationales, Experiments and Open Issues

Proving system properties such as fail-safety is a challenge for systems engineering since industrial automation is nowadays embedding intensive on-site and remote infotronics components engineered with increasing intuitive ease-of-use techniques. Since a formal proof of the complete safe-behaviour of the resulting ad-hoc system is not possible, this paper argues that Proof Oriented Systems Engineering formal techniques should bridge the gap with Fault Tolerant Systems Engineering practical techniques in order to mathematically check the proof of fail-safety. Rationales, experiments and open issues are addressed on combining the formal B event-based method using the B proof assistant with a technical-safety modelling formalized-framework.

On using temporal logic for refinement and compositional verification of concurrent systems

A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under w-stuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarser-grained program by a finer-grained one, are easily practicable in the setting of the new temporal logic.

Formal Engineering Methods for Modelling and Verification of Control Systems

Abstract This paper highlights the benefits of formal methods to improve the quality and efficiency of process control engineering, according to two key aspects: the definition of a formal engineering framework which allows the re-usability of specifications at a high level of abstraction and the ability to prove some properties of the process control models. An introductory example presents a formal structuring framework using the B method and highlights the main temporal requirements for modelling and proving control systems in this framework. Taking into account these temporal modalities requires an extension of the B model. An attempt using TLA is suggested and discussed.

On Using a Composition Principle to Design Parallel Programs

We briefly present a rigorous and modular method, we are developing to design concurrent systems starting from their desired properties. This method is based on a mechanization of Manna-Pnueli’s modular validity concept and on a modular temporal language in which properties are invariant under stuttering[1], A compositional proof system is established to support both specification verification and modular program construction. Each program is developed together with the proof that it meets its specification. A refinement relation is denned by using rules in backward, while the proof is constructed by using the same rules in forward. Constrained by a limited space, we focus attention on the underlying concepts and leave a complete presentation of the proof systems (soundness, relative completeness, modular completeness, and adaptation completeness) in a future paper.

FORMAL SPECIFICATION OF SAFE MANUFACTURING MACHINES USING THE B METHOD: APPLICATION TO A MECHANICAL PRESS

This paper deals with the development of manufacturing machinery subjected to strong dependability and safety properties. In this context, IEC 61508 standard recommends the use of formal methods to control the complexity of software intensive applications. This paper focuses on model refinement to ensure safety requirements traceability. A mechanical press case study illustrates a way to bridge the gap for using the B method within such an automation-oriented context.