Neil Evans

Automatic Generation of CSP

CSP ? B is a formal approach to specification that combines CSP and B. In this paper we present our tool that automatically translates a subset of executable UML (xUML) models into CSP ? B, for the purpose of verification and increased validation at the early stages of a software engineering development lifecycle. The tool is being developed for our industrial collaborators, AWE plc, in order to strengthen their software engineering process which uses xUML. As part of this process, AWE and Kennedy Carter Ltd. have built an xUML to SPARK Ada code generator, which is also employed to contribute a higher level of safety assurance at the latter stages of the lifecycle. Our tool is based on a model-text transformation strategy that uses the xUML meta-model to map to CSP and B constructs. The tool generates machine readable CSP and B; we present a simple example to demonstrate the transformation strategy, and the analysis of the resulting specification.

Chunks: component verification in CSP ∥ b

CSP ∥ B is an approach to combining the process algebra CSP with the formal development method B, enabling the formal description of systems involving both event-oriented and state-oriented aspects of behaviour. The approach provides architectures which enable the application of CSP verification tools and B verification tools to the appropriate parts of the overall description. Previous work has considered how large descriptions can be verified using coarse grained component parts. This paper presents a generalisation of that work so that CSP ∥ B descriptions can be decomposed into finer grained components, chunks, which focus on demonstrating the absence of particular divergent behaviour separately. The theory underpinning chunks is applicable not only to CSP ∥ B specification but to CSP specifications. This makes it an attractive technique to decomposing large systems for analysing with FDR.

How to verify dynamic properties of information systems

EB/sup 3/ is an established formal technique, based on process algebra, for specifying Information Systems (IS) that have both complex state and event based features; as yet, EB/sup 3/ has no tool support. Another formal technique called CSP /spl par/ B uses two existing analysis tools, FDR and the B-Toolkit, to support the verification of state/event based systems. However the CSP /spl par/ B approach has never been applied to this specialised domain. In this paper we use a specification pattern of EB/sup 3/ to motivate a new style of specification in CSP /spl par/ B appropriate for IS. We demonstrate this using an example system and show that the verification of its dynamic properties is now amenable to tool support.

A proposal for records in event-b

The B method is a well known approach to the formal specification and development of sequential computer programs. Inspired by action systems, the B method has evolved to incorporate system modelling and distributed system development. This extension is called Event-B. Even though several of the structuring mechanisms of the original B method are absent from Event-B, the desire to define and maintain structured data persists. We propose the introduction of records to Event-B for this purpose. Our approach upholds the refinement principles of Event-B by allowing the stepwise development of records too.

Applying CSP || B to information systems

CSP || B is a formal approach which combines state and event-based descriptions of a system. It enables the automatic verification of dynamic properties using model checking techniques. In this paper we identify a variation on the standard CSP || B architecture so that it is more applicable to support the specification of information systems. We specify a library system using this new architecture. We examine several safety and liveness requirements and demonstrate that we can compositionally verify them using FDR. If a property fails to model check we identify an abstraction technique which enables us to pinpoint the cause of the failure.

Interactive tool support for CSP

CSP || B is an integration of two well known formal notations: CSP and B. It provides a method for modelling systems with both complex state (described in B machines) and control flow (described as CSP processes). Consistency checking within this approach verifies that a controller process never calls a B operation outside its precondition. Otherwise the behaviour of the operation cannot be predicted. In previous work, this check was carried out by manually decomposing the model before preprocessing the CSP processes to perform a hand-written weakest precondition proof. In this paper, a framework is described that mechanises consistency checking in a theorem prover and removes the need for preprocessing. This work is based on an existing PVS embedding of the CSP traces model, but it is extended by introducing a notion of state so that the interaction between processes and machines can be analysed. Numerous rules have been defined (and proved) which enable consistency checking and decomposition via PVS proof. These rules also formally justify the relaxation of previous constraints on CSP || B architectures, thereby widening the scope of CSP || B modelling. The PVS embedding and rules presented in this paper are not only applicable to CSP || B specifications, but to other combined approaches which use a non-blocking semantics for the state-based operations.

Software Development and Authentication for Arms Control Information Barriers

The UK-Norway initiative [1] is a joint project to investigate the technologies available for monitoring future arms control agreements. This paper describes one way in which formal methods can assist in the verification of software that is used for such a purpose.

Modelling and Refinement in CODA

This paper provides an overview of the CODA framework for modelling and refinement of component-based embedded systems. CODA is an extension of Event-B and UML-B and is supported by a plug-in for the Rodin toolset. CODA augments Event-B with constructs for component-based modelling including components, communications ports, port connectors, timed communications and timing triggers. Component behaviour is specified through a combination of UML-B state machines and Event-B. CODA communications and timing are given an Event-B semantics through translation rules. Refinement is based on Event-B refinement and allows layered construction of CODA models in a consistent way.