Jim Woodcock

Slotted-circus: a UTP-family of reactive theories

Verifying Temporal Properties of CommUnity Designs.- Precise Scenarios - A Customer-Friendly Foundation for Formal Specifications.- Automated Verification of Security Policies in Mobile Code.- Slicing Concurrent Real-Time System Specifications for Verification.- Slotted-Circus.- Bug Hunting with False Negatives.- Behavioural Specifications from Class Models.- Inheriting Laws for Processes with States.- Probabilistic Timed Behavior Trees.- Guiding the Correction of Parameterized Specifications.- Proving Linearizability Via Non-atomic Refinement.- Lifting General Correctness into Partial Correctness is ok.- Verifying CSP-OZ-DC Specifications with Complex Data Types and Timing Parameters.- Modelling and Verification of the LMAC Protocol for Wireless Sensor Networks.- Finding State Solutions to Temporal Logic Queries.- Qualitative Probabilistic Modelling in Event-B.- Verifying Smart Card Applications: An ASM Approach.- Verification of Probabilistic Properties in HOL Using the Cumulative Distribution Function.- UTP Semantics for Web Services.- Combining Mobility with State.- Algebraic Approaches to Formal Analysis of the Mondex Electronic Purse System.- Capturing Conflict and Confusion in CSP.- A Stepwise Development Process for Reasoning About the Reliability of Real-Time Systems.- Decomposing Integrated Specifications for Verification.- Validating Z Specifications Using the ProB Animator and Model Checker.- Verification of Multi-agent Negotiations Using the Alloy Analyzer.- Integrated Static Analysis for Linux Device Driver Verification.- Integrating Verification, Testing, and Learning for Cryptographic Protocols.- Translating FSP into LOTOS and Networks of Automata.- Common Semantics for Use Cases and Task Models.- Unifying Theories of Objects.- Non-interference Properties for Data-Type Reduction of Communicating Systems.- Co-simulation of Distributed Embedded Real-Time Control Systems.

The Semantics of Circus

Circus is a concurrent language for refinement; it is a unification of imperative CSP, Z, and the refinement calculus. We describe the language of Circus and the formalisation of its model in Hoare & Hes unifying theories of programming.

Non-interference through determinism

The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the systems functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications.

A UTP semantics for Circus

Circus specifications define both data and behavioural aspects of systems using a combination of Z and CSP constructs. Previously, a denotational semantics has been given to Circus; however, a shallow embedding of Circus in Z, in which the mapping from Circus constructs to their semantic representation as a Z specification, with yet another language being used as a meta-language, was not useful for proving properties like the refinement laws that justify the distinguishing development technique associated with Circus. This work presents a final reference for the Circus denotational semantics based on Hoare and He’s Unifying Theories of Programming (UTP); as such, it allows the proof of meta-theorems about Circus including the refinement laws in which we are interested. Its correspondence with the CSP semantics is illustrated with some examples. We also discuss the library of lemmas and theorems used in the proofs of the refinement laws. Finally, we give an account of the mechanisation of the Circus semantics and of the mechanical proofs of the refinement laws.

A Refinement Strategy for Circus

We present a refinement strategy for Circus, which is the combination of Z, CSP, and the refinement calculus in the setting of Hoare and He’s unifying theories of programming. The strategy unifies the theories of refinement for processes and their constituent actions, and provides a coherent technique for the stepwise refinement of concurrent and distributed programs involving rich data structures. This kind of development is carried out using Circus’s refinement calculus, and we describe some of its laws for the simultaneous refinement of state and control behaviour, including the splitting of a process into parallel subcomponents. We illustrate the strategy and the laws using a case study that shows the complete development of a small distributed program.

Refinement of State-Based Concurrent Systems

The traces, failures, and divergences of CSP can be expressed as weakest precondition formulae over action systems. We show how such systems may be refined up to failures-divergences, by giving two proof methods which are sound and jointly complete: forwards and backwards simulations. The technical advantage of our weakest precondition approach over the usual relational approach is in our simple handling of divergence; the practical advantage is in the fact that the refinement calculus for sequential programs may be used to calculate forwards simulations. Our methods may be adapted to state-based development methods such as VDM or Z.

Verified software: a grand challenge

Given the right computer-based tools, the use of formal methods could become widespread and transform software engineering. The computer science community recently committed itself to making verified software a reality within the next 15 to 20 years when representatives met in Zurich in 2005 to discuss an international grand challenge on verification.

A Tutorial Introduction to CSP in Unifying Theories of Programming

In their Unifying Theories of Programming (UTP), Hoare & He use the alphabetised relational calculus to give denotational semantics to a wide variety of constructs taken from different programming paradigms. A key concept in their programme is the design: the familiar precondition-postcondition pair that describes the contract between a programmer and a client. We give a tutorial introduction to the theory of alphabetised relations, and its sub-theory of designs. We illustrate the ideas by applying them to theories of imperative programming, including Hoare logic, weakest preconditions, and the refinement calculus.

Systems of Systems Engineering: Basic Concepts, Model-Based Techniques, and Research Directions

The term “System of Systems” (SoS) has been used since the 1950s to describe systems that are composed of independent constituent systems, which act jointly towards a common goal through the synergism between them. Examples of SoS arise in areas such as power grid technology, transport, production, and military enterprises. SoS engineering is challenged by the independence, heterogeneity, evolution, and emergence properties found in SoS. This article focuses on the role of model-based techniques within the SoS engineering field. A review of existing attempts to define and classify SoS is used to identify several dimensions that characterise SoS applications. The SoS field is exemplified by a series of representative systems selected from the literature on SoS applications. Within the area of model-based techniques the survey specifically reviews the state of the art for SoS modelling, architectural description, simulation, verification, and testing. Finally, the identified dimensions of SoS characteristics are used to identify research challenges and future research areas of model-based SoS engineering.

First Steps in the Verified Software Grand Challenge

Bugs have become an unpleasant fact for software producers. Awareness is growing in industry that something must be done about software reliability. A growing number of academic and industrial researchers believe that the way to revolutionize the production of software is by using formal methods, and they also believe that doing so is now feasible. Given the right computer-based tools, the use of formal methods will become widespread, transforming the practice of software engineering. The computer science research community is collaborating to develop verification technology that will demonstrably enhance the productivity and reliability with which software is designed, developed, integrated, and maintained