Marina A. Waldén

Reasoning about Action Systems using the B-Method

The action system formalism has been succesfully used when constructing parallel and distributed systems in a stepwise manner within the refinement calculus. Usually the derivation is carried out manually. In order to be able to produce more trustworthy software, some mechanical tool is needed. In this paper we show how action systems can be derived and refined within the B-Toolkit, which is a mechanical tool supporting a software development method, the B-Method. We describe how action systems are embedded in the B-Method. Furthermore, we show how a typical and nontrivial refinement rule, the superposition refinement rule, is formalized and applied on action systems within the B-Method. In addition to providing tool support for action system refinement we also extend the application area of the B-Method to cover parallel and distributed systems. A derivation towards a distributed load balancing algorithm is given as a case study.

Data refinement of remote procedures

Abstract. Recently the action systems formalism for parallel and distributed systems has been extended with the procedure mechanism. This gives us a very general framework for describing different communication paradigms for action systems, e.g. remote procedure calls. Action systems come with a design methodology based on the refinement calculus. Data refinement is a powerful technique for refining action systems. In this paper we will develop a theory and proof rules for the refinement of action systems that communicate via remote procedures based on the data refinement approach. The proof rules we develop are compositional so that modular refinement of action systems is supported. As an example we will especially study the atomicity refinement of actions. This is an important refinement strategy, as it potentially increases the degree of parallelism in an action system.

Refining Action Systems within B-Tool

Action systems is a formalism designed for the construction of parallel and distributed systems in a stepwise manner within the refinement calculus. In this paper we show how action systems can be derived and refined within a mechanical proof tool, the B-Tool. We describe how action systems are embedded in B-Tool. Due to this embedding we can now develop parallel and distributed systems within the B-Tool. We also show how a typical and nontrivial refinement rule, the superposition refinement rule, is formalized and applied on action systems within B-Tool. A derivation towards a distributed load balancing algorithm is given as a case study.

Free text retrieval on transputer networks

Abstract An implementation of a document retrieval system developed on Hathi-2 is described. Hathi-2 is a multiprocessor system built from IMS T800 transputers. An efficient distributed search strategy in large free text databases is derived following the ‘processor farm’ paradigm for programming parallel and distributed systems. The processor farm approach is considered for several different transputer network configurations. The main purpose of the paper is to study the applicability of this approach to transputer networks and to report on the performance figures observed for the document retrieval system.

Refinement of statemachines using event b semantics

While refinement gives a formal underpinning to the development of dependable control systems, such models are difficult to communicate and reason about in a non-formal sense, particularly for validation by non-specialist industrial partners. Here we present a visualisation of, and guidance for, event B refinement using a specialisation of UML statemachines. Furthermore, we introduce design patterns and process rules that are aimed at assisting in the software development process leading to correct refinements. The specialisation will be incorporated into the UML-B notation to be integrated with the Event B platform developed by the RODIN project.

A Topological Approach to Distributed Computing

In several state-based approaches to distributed computing, e.g., action systems, or UNITY, the computing nodes are commonly left unspecified or implicit. For instance, an action system comes with an informal description on how the system is supposed to be mapped into the network. The purpose of this paper is to make this mapping explicit so that, e.g., in the action system formalism we are provided with means on the language level to reason about the location of a system in a network. Hence, we define the notion of a topological action system that carries with it information about its location within the network. The action system itself can model some active execution or merely a repository of data or any combination of these. We also show how our approach leads to action systems with data and/or code mobility.

A language for modeling network availability

Computer networks have become ubiquitous in our society and thus, the various types of resources hosted by them are becoming increasingly important. In this paper we study the resource availability in networks by defining a dedicated middleware language. This language is a conservative extension of the action system formalism, a general state-based approach to modeling and analyzing distributed systems. Our language formally treats aspects such as resource accessibility, replicated and homonym resources, their mobility, as well as node failure and maintenance in networks. The middleware approach motivates the separation of the views and formalisms used by the various roles such as the network user, the application developer, and the network manager.

Parallel Programming with the B Method

In later chapters we shall use B AMN to design examples of so-called reactive systems. Reactive systems are systems that maintain an on-going interaction with their environment. Reactive systems may also be composed of parallel interacting subsystems. Examples of such systems include plant controllers and electronic mail services. The action system formalism, introduced by Back and Kurki-Suonio [5], provides a framework for designing reactive systems by providing ways of modelling on-going interaction, techniques for parallel decomposition of systems and, of course, techniques for refining systems.

Data Refinement and Remote Procedures

Recently the action systems formalism for parallel and distributed systems has been extended with the procedure mechanism. This gives us a very general framework for describing different communication paradigms for action systems, e.g. remote procedure calls. Action systems come with a design methodology based on the refinement calculus. Data refinement is a powerful technique for refining action systems. In this paper we will develop a theory and proof rules for the refinement of action systems that communicate via remote procedures based on the data refinement approach. The proof rules we develop are compositional so that modular refinement of action systems is supported. As an example we will especially study the atomicity refinement of actions. This is an important refinement strategy, as it potentially increases the degree of parallelism in an action system.

Derivation of concurrent programs by stepwise scheduling of Event-B models

Concurrent programs are often complex and they are not straightforward to develop and prove correct. Formal development methods based on refinement make it possible not only to derive programs gradually, but also to prove their correctness in a stepwise fashion. Event-B is a formal framework that has been shown useful for developing concurrent and distributed programs. In order to scale to large systems, models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. The purpose of these schedules is both to provide process-oriented specifications of the programs to complement the state-based approach in Event-B, as well as to facilitate more efficient implementation of the models. The schedules are introduced in a stepwise manner and should be designed to result in a correctness-preserving refinement step. In order to reduce the verification burden on the developers, we provide patterns for schedule introduction, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem.