Helen Treharne

ZB 2002:Formal Specification and Development in Z and B

Alloy: A Logical Modelling Language.- An Outline Pattern Language for Z: Five Illustrations and Two Tables.- Patterns to Guide Practical Refactoring: Examples Targetting Promotion in Z.- Reuse of Specification Patterns with the B Method.- Composing Specifications Using Communication.- When Concurrent Control Meets Functional Requirements, or Z + Petri-Nets.- How to Diagnose a Modern Car with a Formal B Model?.- Parallel Hardware Design in B.- Operation Refinement and Monotonicity in the Schema Calculus.- Using Coupled Simulations in Non-atomic Refinement.- An Analysis of Forward Simulation Data Refinement.- B#: Toward a Synthesis between Z and B.- Introducing Backward Refinement into B.- Expression Transformers in B-GSL.- Probabilistic Termination in B.- Probabilistic Invariants for Probabilistic Machines.- Proving Temporal Properties of Z Specifications Using Abstraction.- Compositional Verification for Object-Z.- Timed CSP and Object-Z.- Object Orientation without Extending Z.- Comparison of Formalisation Approaches of UML Class Constructs in Z and Object-Z.- Towards Practical Proofs of Class Correctness.- Automatically Generating Information from a Z Specification to Support the Classification Tree Method.- Refinement Preserves PLTL Properties.- Proving Event Ordering Properties for Information Systems.- ZML: XML Support for Standard Z.- Formal Derivation of Spanning Trees Algorithms.- Using B Refinement to Analyse Compensating Business Processes.- A Formal Specification in B of a Medical Decision Support System.- Extending B with Control Flow Breaks.- Towards Dynamic Population Management of Abstract Machines in the B Method.

Using a Process Algebra to Control B Operations

The B-Method is a state-based formal method that describes system behaviour in terms of MACHINES whose state changes under OPERATIONS. The process algebra CSP is an event-based formalism that enables descriptions of patterns of system behaviour. This paper is concerned with the combination of these complementary views, in which CSP is used to describe the control executive for a B Abstract System. We discuss consistency between the two views and how it can be formally established. A typical avionics system motivates the work. Its specification and control executive are presented in the paper. The relationship with other approaches is also discussed.

Communicating B Machines

This paper describes a way of using the process algebra CSP to enable controlled interaction between B machines. This approach supports compositional verification: each of the controlled machines, and the combination of controller processes, can be analysed and verified separately in such a way as to guarantee correctness of the combined communicating system. Reasoning about controlled machines separately is possible due to the introduction of guards and assertions into description of the controller processes in order to capture assumptions about other controlled machines and provide guarantees to the rest of the system. The verification process can be completely supported by different tools. The use of separate controller processes facilitates the iterative development and analysis of complex control flows within the system. The approach is motivated and illustrated with a non-trivial running example.

How to Drive a B Machine

The B-Method is a state-based formal method that describes behaviour in terms of MACHINES whose states change under OPERATIONS. The process algebra CSP is an event-based formalism that enables descriptions of patterns of system behaviour. We present a combination of the two views where a CSP process acts as a control executive and its events simply drive corresponding OPERATIONS. We define consistency between the two views in terms of existing semantic models. We identify proof conditions which are strong enough to ensure consistency and thus guarantee safety and liveness properties.

Verifying controlled components

Recent work on combining CSP and B has provided ways of describing systems comprised of components described in both B (to express requirements on state) and CSP (to express interactive and controller behaviour). This approach is driven by the desire to exploit existing tool support for both CSP and B, and by the need for compositional proof techniques. This paper is concerned with the theory underpinning the approach, and proves a number of results for the development and verification of systems described using a combination of CSP and B. In particular, new results are obtained for the use of the hiding operator, which is essential for abstraction. The paper provides theorems which enable results obtained (possibly with tools) on the CSP part of the description to be lifted to the combination. Also, a better understanding of the interaction between CSP controllers and B machines in terms of non-discriminating and open behaviour on channels is introduced, and applied to the deadlock-freedom theorem. The results are illustrated with a toy lift controller running example.

Composing specifications using communication

This paper develops a case study using the process algebra CSP to enable controlled interaction between B machines. This illustrates how B machines are essential components within a combined communicating system. The development steps used to build the case study are new: they are applications of theoretical results which allow us to focus on the external interface of a combined communicating system, compositionally verify it, and show that it is a refinement of a more abstract specification described in CSP. This allows safety and liveness properties to be established for combinations of communicating B machines.

Supplementing a UML Development Process with B

This paper discusses our experiences of using UML and B together through an illustrative case study. Our approach to using UML and B centers around stereotyping UML classes in order to identify which classes should be modelled in B. We discuss the tensions between the notations, and the compromises that need to be reached in order for B to supplement a UML development. The case study begins from the initial conception of a library system and its use case view in order to demonstrate how the classes were identified.

Test Case Preparation Using a Prototype

This paper reports on the preparation of test cases using a prototype within the context of a formal development. It describes an approach to building a prototype using an example. It discusses how a prototype contributes to the testing activity as part of a lifecycle based on the use of formal methods. The results of applying the approach to an embedded avionics case study are also presented.

How to verify dynamic properties of information systems

EB/sup 3/ is an established formal technique, based on process algebra, for specifying Information Systems (IS) that have both complex state and event based features; as yet, EB/sup 3/ has no tool support. Another formal technique called CSP /spl par/ B uses two existing analysis tools, FDR and the B-Toolkit, to support the verification of state/event based systems. However the CSP /spl par/ B approach has never been applied to this specialised domain. In this paper we use a specification pattern of EB/sup 3/ to motivate a new style of specification in CSP /spl par/ B appropriate for IS. We demonstrate this using an example system and show that the verification of its dynamic properties is now amenable to tool support.