Jean-Paul Bodeveix

A state/event temporal deontic logic

This paper studies a logic that combines deontic and temporal aspects. We first present a state/event temporal formalism and define a deontic extension of it. Then, we study the interaction between the temporal dimension and the deontic dimension. We present some logical properties, concerning formulas where deontic and temporal operators are nested, and discuss their intuitive meaning. We focus more particularly on the properties of obligation with deadline and define a specific operator to express this notion.

Security policy compliance with violation management

A security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the information system enforces its associated security policy if and only if actions executed in this system are permitted by the policy (if the policy is closed) or not prohibited (if the policy is open) and every obligatory actions are actually executed in the system (no violation of obligations). In this paper, we investigate a more sophisticated approach in which an information system specification is compliant with its security policy even though some security requirements may be violated. Our proposal is to consider that this is acceptable when the security policy specifies additional requirements that apply in case of violation of other security requirements. In this case, we formally define conditions to be satisfied by an information system to comply with its security policy. We then present a proof-based approach to check if these conditions are enforced.

FMona: A Tool for Expressing Validation Techniques over Infinite State Systems

In this paper, we present a generic tool, called FMona, for expressing validation methods. we illustrate its use through the expression of the abstraction technique and its application to infinite or parameterized space problems. After a review of the basic results concerning transition systems, we show how abstraction can be expressed within FMona and used to build a reduced system with decidable properties. The FMona tool is used to express the validation steps leading to synthesis of a finite abstract system;then SMV and/or Mona validate its properties.

Type Synthesis in B and the Translation of B to PVS

In this paper, we study the design of a typed functional semantics for B. Our aim is to reuse the well known logical frameworks based on higher order logic, e.g., Isabelle, Coq and PVS as proving environments for B. We consider type synthesis for B and study a semantics and some of its composition mechanisms by translation to PVS.

Formal methods meet domain specific languages

In this paper, we relate an experiment whose aim is to study how to combine two existing approaches for ensuring software correctness: Domain Specific Languages (DSLs) and formal methods. As examples, we consider the Bossa DSL and the B formal method. Bossa is dedicated to the development of process schedulers and has been used in the context of Linux and Chorus. B is a refinement based formal method which has especially been used in the domain of railway systems. In this paper, we use B to express the correctness of a Bossa specification. Furthermore, we show how B can be used as an alternative to the existing Bossa tools for the production of certified schedulers.

Towards formalising AADL in Proof Assistants

This paper presents first steps towards a formalisation of the Architecture Analysis and Design Language, mainly concentrating on a representation of its data model. For this, we contrast two approaches: one set-based (using the B modelling framework) and one in a higher-order logic (using the Isabelle proof assistant). We illustrate a transformation on a simplified part of the AADL metamodel concerning flows.

Verification of a scheduler in B through a timed automata specification

This paper proposes a methodology for specifying and verifying schedulers using the B method. It is based on the refinement mechanism. The specification must manage time through clocks, whereas the natural modeling of schedulers exploits only stopwatches.

The NEPTUNE Technology to Verify and to Document Software Components

The main objective of the NEPTUNE project (Nice Environment with a Process and Tools Using Norms and Example) is to develop both a method and tools (complementary to the existing software environments) based on the use of the UML notation. This method, gained from considerable experience in the industrial environment, will apply to a variety of different fields: software development, business processes and knowledge management. The newly developed tools will enable static check of UML models for their coherence. They will also enable generation of professional documentation resulting from the transformation of models. This will be compliant with the context of the UML notation and will take into account user’s requirements. The method and tools developed in this way will facilitate the application of the UML standard as well as promoting its use in a large number of varied fields.

Towards a HOL Theory and Memory

This paper introduces a formalization of memory models for multiprocessor architectures based on transition systems. Relations between memory models can be expressed as simulations between the corresponding transition systems. We show how simulation relations are preserved by structuring operators over transition systems. We derive from them proof tactics used to establish simulation relations between basic memory models. These memory models are also proved correct against a formal characterization of memory consistencies.

Automatic Verification of Bossa Scheduler Properties

Bossa is a development environment for operating-system process schedulers that provides numerous safety guarantees. In this paper, we show how to automate the checking of safety properties of a scheduling policy developed in this environment. We find that most of the relevant properties can be considered as invariant or refinement properties. In order to automate the related proof obligations, we use the WS1S logic for which a decision procedure is implemented by Mona. The proof techniques are implemented using the FMona tool.