Lukas Ladenberger

Visualising Event-B Models with B-Motion Studio

The communication between a developer and a domain expert (or manager) is very important for successful deployment of formal methods. On the one hand it is crucial for the developer to get feedback from the domain expert for further development. On the other hand the domain expert needs to check whether his expectations are met. An animation tool allows to check the presence of desired functionality and to inspect the behaviour of a specification, but requires knowledge about the mathematical notation. To avoid this problem, it is useful to create domain specific visualisations. One tool which performs this task is Brama. This tool is very important for ClearSy, and is being used for several industrial projects and has helped to obtain several contracts. However, the tool cannot be applied in conjunction with ProB. Also, creating the code that defines the mapping between a state and its graphical representation is a rather time consuming task. It can take several weeks to develop a custom visualisation.

Validation of the ABZ Landing Gear System Using ProB

In this paper we present our formalisation of the ABZ landing gear case study in Event-B. The development was carried out using the Rodin platform and mainly used superposition refinement to structure the specification. To validate the model we complemented proof with animation and model checking. For the latter, we used the ProB animator and model checker. Graphical representation of the model turned out to be crucial in the development and validation of the model; this was achieved using a new version of BMotion Studio integrated into ProB 2.0.

A method and tool for tracing requirements into specifications

The creation of a consistent system description is a challenging problem of requirements engineering. Formal and informal reasoning can greatly contribute to meet this challenge. However, this demands that formal and informal reasoning and the system description are connected in such a way that the reasoning permits drawing conclusions about the system description. We describe an incremental approach to requirements modelling and validation that incorporates formal and informal reasoning. Our main contribution is an approach to requirements tracing that delivers the necessary connection that links the reasoning to the system description. Formal refinement is used in order to deal with large and complex system descriptions. We discuss tool support for our approach to requirements tracing that combines informal requirements modelling with formal modelling and verification while tracing requirements among each other and into the formal model.

Validating the Requirements and Design of a Hemodialysis Machine Using iUML-B, BMotion Studio, and Co-Simulation

We present a formal specification of a hemodialysis machine HD machine using Event-B. We model the HD machine using iUML-B state-machines and class diagrams and build a corresponding BMotion Studio visualisation. We focus on validation using i diagrams to aid the modelling of the sequential properties of the requirements, and ii ProB-based animation and visualisation tools to explore the systems behaviour. Some of the safety properties involve dynamic behaviour which is difficult to verify in Event-B. For these properties we use co-simulation tools to validate against a continuous model of the physical behaviour.

Mastering the Visualization of Larger State Spaces with Projection Diagrams

State space visualization is a popular technique for supporting the analysis of formal models. It often allows users to get a global view of the system and to identify structural similarities, symmetries, and unanticipated properties. However, state spaces typically become very large, so human inspection of the visualization becomes difficult. To overcome this challenge, we present an approach which can considerably reduce the size of the state space by creating projection diagrams. Moreover, we present an approach to link a projection diagram with a domain specific visualization. The projection diagram construction can be initiated directly from user-selected graphical elements without the user having to write formulas or having to know the variables or internal structure of the model. This makes the projection diagram inspection and construction accessible to non-formal method experts. These techniques have been implemented within the ProB toolset, and we demonstrate their benefits and usefulness on several examples.

An Approach for Creating Domain Specific Visualisations of CSP Models

A domain specific visualisation can greatly contribute to better understanding of formal models. In this work we propose an approach that supports the user in creating domain specific visualisations of CSP models. CSP (Communicating Sequential Processes) is a formal language that is mainly used for specifying concurrent and distributed systems. We have successfully created various visualisations of CSP models in order to demonstrate our approach. The visualisations of two case studies are presented in this paper: the bully algorithm and a level crossing gate. In addition, we discuss possible applications of our approach.

A formal approach to safety verification of railway signaling systems

This paper proposes a new tool based on formal methods to validate track topologies and train movements conditions. Its distinguishing features are (1) the graphical simulation of railways specifications, (2) the automatic generation and (3) the validation of train movement properties. The tool is called VeRaSiS (Verification of Railway Signaling Systems), and uses Event-B [1] to formalize, prove and verify the generated properties. Further, it is designed for industrial use, where we face the challenge that mainstream users are not familiar with formal modeling and where the specification is presented in the users domain, shielding them from the formalism. This tool is under development, and its current status is presented in this paper. A preliminary analysis using an industrial case study provided by a Brazilian transportation company showed the efficiently use of formal methods for validating train movement properties of a railway signaling system. The properties were formalized and verified automatically using ProB [2]. The outcome was an error in the first validation which was performed manually by a domain expert. The risk of missing critical faults in analysis is a risk that upset industrial management and this is the reason why they have given the green light to start this project. In summary, we believe that the formal approach and especially the VeRaSiS approach proposed in this paper is an important step towards guaranteeing the safety and reliability of signaling systems. Additional industrial case studies would help to validate and improve the VeRaSiS approach. Our main goal is to develop a fully functional first version of the VeRaSiS tool in order to prove its usefulness.

Validation of the ABZ landing gear system using ProB

In this article, we present our formalization of the ABZ landing gear case study in Event-B. The development was carried out using the Rodin platform and mainly used superposition refinement to structure the specification. To validate the model, we complemented proof with animation and model checking. For the latter, we used the ProB animator and model checker. Graphical representation of the model turned out to be crucial in the development and validation of the model; this was achieved using the visualization features provided by ProB and BMotion Studio. In addition, we discuss the positive and negative aspects of the Event-B language and tools which we encountered while working on the ABZ case study.

Validating and verifying the requirements and design of a haemodialysis machine using the rodin toolset

Abstract We present a formal specification and analysis of a haemodialysis machine (HD machine) in Event-B using the Rodin Toolset. The medical device domain is a particularly complex multidisciplinary field involving disparate branches of engineering, biological and medical fields as well as a critical patient-machine interface. Requirements include safety properties, process steps, human–machine interfaces, timing constraints, dynamic control algorithms, and design features. Our aim is to demonstrate that the Event-B based modelling, verification and validation tools deal with the variety of requirements involved in a typical medical device. We utilise ProR for structuring and tracking requirements. We model the HD machine using iUML-B state-machines and class diagrams, and build a corresponding BMotion Studio visualisation. For verification, we use both theorem proving and model checking techniques. We validate the design of the system using (i) diagrams to aid the modelling of the sequential properties of the requirements, and (ii) ProB-based animation and visualisation tools to explore the systems behaviour. Some of the safety properties involve dynamic behaviour which is difficult to verify in Event-B. For these properties we use (iii) co-simulation tools to validate against a continuous model of the physical behaviour. We conclude that the Event-B based modelling tools are particularly rich in verification and validation techniques and with the help of supporting tools for requirements tracking, are able to address the different kinds of requirements in a medical device.

BMotionWeb: A Tool for Rapid Creation of Formal Prototypes

The application of formal methods to the development of reliable interactive systems usually involves a multidisciplinary team with different roles and expertises (e.g. formal engineers, user interface designers and domain experts). While formal engineers provide the necessary expertise in formal methods, other roles may not be well versed in formal methods, such as user interface engineers or domain experts; consequently barriers may arise while working in a multidisciplinary team. For instance, communication problems and challenges in the rigorous use of formal method tools. Tools like BMotion Studio may reduce these barriers by creating visualizations of formal specifications, however, lacks features needed for the analysis of interactive systems. In this paper, we present a novel graphical environment that continues the ideas of BMotion Studio called BMotionWeb to provide support for the rapid creation of formal prototypes. A formal prototype links a mockup of a graphical user interface or device to an animated formal specification with the aim of providing lightweight formal validation of interactive systems. In order to demonstrate the application of BMotionWeb, we provide two case studies: a formal prototype of a simple phonebook software and a cruise control device.