Difference between pages "EMF framework for Event-B" and "Event-B Examples"

From Event-B
(Difference between pages)
Jump to navigationJump to search
imported>Colin
 
imported>Andy
 
Line 1: Line 1:
 
{{TOCright}}
 
{{TOCright}}
''This page is edited by Colin, Alexei and Fabian''
+
This page is for listing available example Event-B/Rodin projects.
  
{| style="width:auto; background-color:#FFFF00; border:2px solid red;  padding:3px;"
+
== Year 2011 ==
|<b title="Usage warning"><font size="3"> Warning:</font size="3"></b><font size="1">
+
=== [[Development of a Heating Controller System]]===
 +
By Abdolbaghi Rezazadeh.
  
This page is being updated and is currently inconsistent and inaccurate in some areas
+
This section describes an Event-B development of a simple heating controller. This is a first case study that covers the entire development process; starting from a system specification and ending up in an implementation in the Ada programing language. The overall aim of this case study is to put in practice the recommended methodological aspects of Event-B, particularly those aspects of modelling concerned with decomposition and code generation. We begin the tutorial with an overview of the abstract development that forms the basis for subsequent Tasking Event-B modelling. In the Tasking Event-B tutorial the developer is guided, step-by-step, through the final construction stages of a partially completed model. The tutorial provides an introduction to some of the main constructs used when modelling with Tasking Event-B.
  
|}
+
== Year 2010 ==
  
===The Eclipse Modeling Framework===
+
===[http://deploy-eprints.ecs.soton.ac.uk/227/ Modularisation Training]===
 +
By Alexei Iliasov.
  
The EMF project is a modeling framework and code generation facility for building tools and other applications based on a structured data model. From a model specification described in XMI, EMF provides tools and runtime support to produce a set of Java classes for the model, along with a set of adapter classes that enable viewing and command-based editing of the model, and a basic editor.
+
This is teaching material for those wishing to learn about the Modularisation plugin. It includes a development and detailed explanatory slides.  
  
===An EMF Meta-Model of Event-B===
 
  
The Event-B meta-model defines the structure of Event-B projects. The model is structured into three packages for clarity. The core package contains a structure of abstract meta-classes so that models can be treated generically as far as possible. The core package also contains mechanisms to handle extensions provided by other plug-ins and a meta-class to model entire projects. There are two sub-packages, contained with the core package, for Machine and Context.  Note, that the ''EventB'' prefix is used to indicate that a meta-class is abstract (i.e. cannot be instantiated except via one of its subclasses).
+
== Year 2009 ==
  
====Core abstract structure====
+
===[http://deploy-eprints.ecs.soton.ac.uk/150/ Code Generation - Shared Buffer Example]===
The root of all meta-classes in the Event-B EMF model is the abstract base class, ''EventBObject'' this provides some convenience methods to access containing or contained elements of a specified type and a method to obtain the URL of an element's package. EventBObject extends the EMF class, EModelElement, which provides a facility to store EAnnotations in any EventBObject. (EAnnotations give a flexible and efficient way to store information that is not part of the main model. For example this is used to store some information contained in the Rodin database, which must be preserved but is not of interest in the EMF modelling tools).
+
By Andrew Edmunds and Michael Butler
  
''EventBElement'' provides a common abstract base class for all EventBObjects that are elements of the model. This meta-class provides extensibility features that are described later.
+
The document describes an example Event-B development of a shared buffer and reading/writing processes. An implementation is then specified using the OCB notation; and a description of the implementation refinement and Java source is shown. An archive file contains the abstract Event-B development, however the implementation refinement proof is ongoing.
  
''EventBCommentedElement'' provides the ability to comment elements. It inherits a string attribute, ''comment'' from ''EventBCommented''. (The use of a separate meta-class, outside the main inheritance hierarchy gives more flexibility for future modifications if other elements need to be commented. Hence if client code refers to comments via ''EventBCommented'' rather than ''EventBCommentedElement'' they will not be affected if, in the future, other elements inherit ''EventBCommented'').
+
=== [http://deploy-eprints.ecs.soton.ac.uk/138/ Well-ordering theorem]===
 +
By Jean-Raymond Abrial.
  
Similarly, ''EventBNamedCommentedElement'' adds the ability to name elements by inheriting a string attribute, ''name'' from ''EventBNamed''. (Currently, a named but not commented element is not provided).  
+
The slides outline the use of Rodin in the proof of Well-ordering theorem. The archive contains the
 +
Rodin development.
  
''EventBExpression'' provides a string attribute, ''expression'', for an Event-B mathematical expression. Note that this class extends ''EventBCommentedElement'' since our current need (Variant) is for expression elements not to be commented but not named.
 
  
''EventBPredicate'', provides a string attribute, ''predicate'' for an Event-B mathematical predicate. Note that this class extends ''EventBNamedCommentedElement'' since our current need is for all predicate elements to be commented and named.
+
=== [[Development of a flash-based filestore]]===
 +
By Kriangsak Damchom and Michael Butler.
  
''EventBDerivedPredicate'', extends ''EventBPredicate'' and provides a boolean attribute, ''theorem'' to indicate that the predicate is a theorem that should be derived (from previous predicates in the same container).
+
The paper outlines the use of Event-B in the development of a flash-based filestore.  The archive contains the
 +
Event-B development.
  
[[Image:EMFcore1abstract.gif|EMF model, abstract base elements]]
+
=== [http://deploy-eprints.ecs.soton.ac.uk/107/ Real-time controller for a water tank]===
 +
By Michael Butler.
  
====Extensibility Mechanism====
+
The draft paper outlines an approach to treating continuous behaviour in Event-B by a discrete approximation.
 +
An example of a water tank system is used to illustrate the proposed approach.  The archive contains the
 +
Event-B development for the water tank system.
  
The abstract root meta-class, ''BElement'', contains a collection, ''extensions'', of another abstract meta-class, ''BExtension''. ''BExtension'' can be specialised in other EMF models to define extensions of the model. Extension classes should override the abstract load and save methods of ''BExtension'' in order to define their specific requirements for serialisation.
+
=== [http://deploy-eprints.ecs.soton.ac.uk/95/ UML-B Development of an ATM]===
 +
By Mar Yah Said, Michael Butler and Colin Snook.
  
[[Image:EMFcore2extensions.gif|EMF model, extension mechanism]]
+
This paper outlines support for refinement of classes and statemachines in UML-B and issustrates these
 +
with an Automated Teller Machine (ATM) example. The ATM development is contained in a Rodin
 +
archive.  It consists of an abstract model focusing on bank account updates.  The ATM, pin cards and
 +
messaging between ATMs and a bank server are introduced in successive refinements.
  
====Project====
+
=== [http://deploy-eprints.ecs.soton.ac.uk/84/ MIDAS: A Formally Constructed Virtual Machine]===  
 +
By [[User:Steve|Steve]].
  
A Project contains a collection of components. Project extends EventBNamedCommentedElement. This allows it to contain Extensions and Attributes as well as providing it with a name and comment.  
+
MIDAS (Microprocessor Instruction and Data Abstraction System) is a specification of an Instruction Set Architecture (ISA). It is refined to a usable Virtual Machine (VM) capable of executing binary images compiled from the C language. It was developed to demonstrate a methodology for formal construction of various ISAs in Event-B via a generic model. There are two variants: a stack-based machine and a randomly accessible register array machine. The two variants employ the same instruction codes, the differences being limited to register file behavior.
  
[[Image:EMFcore3project.gif|EMF model of an Event-B Project]]
+
The archive supplied at [http://deploy-eprints.ecs.soton.ac.uk/84/ Deploy repository] contains: C-coded prototypes of the MIDAS VMs, an Event-B model refinement constructing the same VMs, the B2C Event-B to C auto-generation tool, C compiler/assembler/linkers for the VMs, an example C test suite, and execution environments for running compiled C on the machines.
  
====Machine package====
+
MIDAS is described in detail in [http://deploy-eprints.ecs.soton.ac.uk/163/ Formal Construction of Instruction Set Architectures (PhD Thesis)].
  
A Machine inherits from component (so that it can be used in the ''components'' collection of a Project). Machines, refine other machines (via a subtype of ''BReferenceElement'' which may be resolved), see contexts  (via a subtype of ''BReferenceElement'' which may be resolved), and may contain, variables, invariants, theorems, a single variant and events.
+
=== [http://deploy-eprints.ecs.soton.ac.uk/82/ Development of a Network Topology Discovery Algorithm]===
 +
By ''Hoang, Thai Son and Basin, David and Kuruma, Hironobu and Abrial, Jean-Raymond''.
  
[[Image:EMFmachine.gif|EMF model of a Machine]]
+
This paper and this Rodin development is another version of the [[#Link State Routing Development|Link State Routing Development]] presented in 2008.
  
'''Events'''
+
== Year 2008 ==
 +
=== [http://deploy-eprints.ecs.soton.ac.uk/31/ Link State Routing Development]===
 +
By ''Hoang, Thai Son and Basin, David and Kuruma, Hironobu and Abrial, Jean-Raymond''.
  
Events contain parameters, witnesses, refines relationships with other events, guards and actions. Witnesses, link with other parameters (via a subtype of ''BReferenceElement'' which may be resolved). Similarly, event refinement relationships link to other events (via a subtype of ''BReferenceElement'' which may be resolved). The enumerated type, ''BConvergence'', provides the values for the convergence property of an event.
+
We present a formal development in Event-B of a distributed topology discovery algorithm. Distributed topology discovery is at the core several routing algorithms and is the problem of each node in a network discovering and maintaining information on the network topology. One of the key challenges in developing this algorithm is specifying the problem itself.We provide a specification that includes both safety properties, formalizing invariants that should hold in all system states, and liveness properties that characterize when the system reaches stable states. We specify these by appropriately combining invariants, event refinement, and proofs of event convergence and deadlock freedom. The combination of these features is novel and should be useful for formalizing and developing other kinds of semi-reactive systems, which are systems that react to, but do not modify, their environment.
  
[[Image:EMFevent.gif|EMF model of an Event]]
+
=== [http://deploy-eprints.ecs.soton.ac.uk/22/ Modelling and proof of a Tree-structured File System] ===
 +
By ''Damchoom, Kriangsak and Butler, Michael and Abrial, Jean-Raymond''.
  
====Context package====
+
We present a verified model of a tree-structured file system which was carried out using Event-B and the Rodin platform. The model is focused on basic functionalities affecting the tree structure including create, copy, delete and move. This work is aimed at constructing a clear and accurate model with all proof obligations discharged. While constructing the model of a file system, we begin with an abstract model of a file system and subsequently refine it by adding more details through refinement steps.  We have found that careful formulation of invariants and useful theorems that can be reused for discharging similar proof obligations make models simpler and easier to prove.
  
A Context inherits from component. Contexts, extend other contexts  (via a subtype of ''BReferenceElement'' which may be resolved), and contain sets, constants, axioms and theorems. (Note that the ''BTheorem'' meta-class is the same one that appeared in the Machine package).
+
=== [http://deploy-eprints.ecs.soton.ac.uk/56/ Deliverable D8 D10.1 "Teaching Materials"] ===
 +
By ''Abrial, Jean-Raymond and Hoang, Thai Son and Schmalz, Matthias''.
  
[[Image:EMFcontext.gif|EMF model of a Context]]
+
==Year 2007==
 +
=== [http://deploy-eprints.ecs.soton.ac.uk/9/ Redevelopment of an Industrial Case Study Using Event-B and Rodin]===
 +
From ''Rezazadeh, Abdolbaghi and Butler, Michael and Evans, Neil''.
  
===Event-B Mathematical Language Extension===
+
CDIS is a commercial air traffic information system that was developed using formal methods 15 years ago by Praxis, and it is still in operation today. This system is an example of an industrial scale system that has been developed using formal methods. In particular, the functional requirements of the system were specified using VVSL -- a variant of VDM. A subset of the original specification has been chosen to be reconstructed on the Rodin platform based on the new Event-B formalism. The goal of our reconstruction was to overcome three key difficulties of the original formalisation, namely the difficulty of comprehending the original specification, the lack of any mechanical proof of the consistency of the specification and the difficulty of dealing with distribution and atomicity refinement. In this paper we elucidate how a new formal notation and tool can help to overcome these difficulties.
Using [[#The Extension mechanism|the Extension mechanism]] an EMF extension for the Mathmetical Language of EventB will be created. This means expressions, predicates and substitutions will be available as EMF models too.
 
  
As the RodinDB only saves these constructs as plain strings, their EMF representation will be recreated every time a model is loaded. The existing RodinParser in combination with a conversion component will be used for this task.
+
[[Category:Examples]]
To avoid unnecessary parsing the creation of these models will be postponed until the models are needed. For example, it will be up to the tool developers to decide when they need a fully resolved structure of predicates. API methods in the [[#Text Tools|Text Tools]] will ease parsing and model construction for tool developers.
 
 
 
===Persistence===
 
The Persistence package will override the default EMF persistence so that models created with the Event-B EMF framework will be serialised into the Rodin Database. The serialisation will make use of the Rodin API so that it is decoupled from the serialisation of the Rodin database. Serialisation will synchronise changes with the Rodin Database so that only elements that have been altered are updated.
 
The Persistence API will provide methods to open/create Rodin projects, load and unload components (from Rodin Database to cache), save changes, register listeners to projects and components and resolve references between elements.
 
 
 
===Text Tools===
 
As several tools based on the EventB meta-model will deal with a textual representation of it, a component called 'Text Tools' will be created. Text Tools will offer an API for basic tasks such as:
 
* Define a concrete syntax for the structure of machines and contexts
 
* Conversion from an EventB meta-model to text, i.e., pretty-print with configurable layout
 
* Parsing of text input which produces an EventB meta-model
 
 
 
 
 
'''Structural parsing'''
 
 
 
The Rodin core already provides a parser for expressions, predicates and substitutions. Therefore Text Tools will only provide a parser for the structural parts of the text representation of EventB machines and contexts. This parser will treat expressions, predicates and substitutions as plain strings that are stored in attributes in the meta-model.
 
As described in section [[#Event-B Mathematical Language Extension|Event-B Mathematical Language Extension]] the full mathematical language will be supported as an extension to the EventB meta-model. Tools that are interested in working on a fully parsed version of an expression, predicate or substitution will be able to use helper methods of the Text Tools API. These helper methods will make use of the existing Rodin parser and convert the resulting AST to the meta-model.
 
 
 
 
 
'''Fallback strategy'''
 
 
 
When the user is editing the textual representation of a machine or context the input may contain syntactic errors which prevent converting the parse result into an EMF model. As the user might wish to save the text representation in this syntactically incorrect state, Text Tools will provide a fallback strategy for this case. API methods will be provided to store the plain text into the RodinDB. This plain text will be used as a basis for editing next time the model is loaded via Text Tools.
 
 
 
 
 
'''Conflict resolution'''
 
 
 
When Text Tools loads an EventB meta-model from the Rodin Database it will detect any conflicts in the model. Conflicts will occur if other editors, that do not work via Text Tools, have changed the model in the RodinDB after Text Tools has stored a syntactically incorrect version as plain text. In this case the tool that is using Text Tools to load the model will be informed about the conflict and asked to resolve it. Strategies to solve these conflicts could be 'automatic overwriting based on time stamps' or using the editors described in the section [[#Compare/Merge Editor|Compare/Merge Editor]].
 
 
 
===Tools That Will Use the Framework===
 
 
 
The framework described above is not yet available. However, we already plan to use it in some tools.
 
 
 
====Compare/Merge Editor====
 
In several situations conflicts between different versions of an Event-B model can occur. Often the responsible tool will not be able to resolve these conflicts automatically and user interaction is required. A compare and merge editor for Event-B models will help users to solve these conflicts. This editor will be based on the [http://wiki.eclipse.org/index.php/EMF_Compare EMF Compare] sub-project. It will compare the two conflicting versions and present the differences to the user. This visualization of the model will resemble the [[#Structure Editor|Structure Editor]].
 
 
 
If one of the two versions of the machine/context contains an invalid structure that means it is only available as text, the EMF based Compare/Merge editor cannot be used. A textual Compare/Merge editor will be available as an alternative view (integrated with the EMF Compare/Merge editor). The second view will be based on the [[#Text Editor|Text Editor]].
 
 
 
Usage scenarios are, for example:
 
* Merging after a conflict between RodinDB and Text Editor (as described in [[#Text Tools|Text Tools]])
 
* Team-based development, for example, using SVN or CVS
 
* Comparison of an abstract and a refining machine, highlighting the differences
 
 
 
====Text Editor====
 
Requests by several users have shown that there is demand for a text editor for EventB models. Based on the EventB meta-model and the [http://www2.informatik.hu-berlin.de/sam/meta-tools/tef/index.html Text Editor Framework], a state-of-the-art text editor will be created.
 
The editor will make use of  [[#Text Tools|Text Tools]] and will provide an extensible set of features, such as (syntactical and semantical) highlighting, code completion, quick navigation and outline view.
 
 
 
The text editor will be available in two forms. A first class Eclipse editor will offer editing of full machines and contexts. In addition a pop-up editor will be created that can be used by other tools to allow their users text editing of sub-components in machines and contexts. An example is the [[#Structure Editor|Structure Editor]], which will offer a pop-up text editor allowing the user to edit a single expression or a compound sub-component such as an event.
 
 
 
====Structure Editor====
 
EMF provides support to generate structured (e.g. tree, list, table based) editors for models. An adapted version of these editors will allow users to edit machine and context elements within a structure using menu-guided selections. To allow feature-rich editing of elements containing expressions, predicates and substitutions this editor will use the pop-up variant of the [[#Text Editor|Text Editor]].
 
 
 
====Project Diagram Editor====
 
A diagrammatic editor will be produced that shows the structure of an Event-B Project in terms of it's Machines and Contexts with their refines, sees and extends relationships. (This will replace the current UML-B package diagram). The Project Diagram editor will be produced using the Graphical Modelling Framework (GMF). It will allow machines and contexts to be created/deleted and their relationships changed. A feature to create a 'starting point' refinement of a machine, will be included.
 
 
 
====[[UML-B]]====
 
UML-B will be re-implemented as an extension to the Event-B meta-model. The UML-B meta-classes will extend and add to the meta-classes of Event-B. This will provide greater integration between the EMF based Event-B editors and the UML-B diagrammatic editors.
 
 
 
====Refinement Pattern Editor====
 
The EMF framework will be used to implement the text editor for the Event-B pattern plugin. The syntax of facets - Event-B model templates used to describe patterns - is an extension of the Event-B syntax.
 
 
 
====[[Parallel Composition using Event-B|Shared Event Composition Tool]]====
 
An editor for composing two machines based on shared events has been developed by Southampton. This tool will be re-implemented to utilise the Event-B EMF framework.
 
 
 
See [[Parallel Composition using Event-B]].
 
 
 
====[[Feature Composition Plug-in|Feature Composition Tool]]====
 
An editor for composing two machines based on feature selection has been developed by Southampton. The tool (which is already based on EMF) will be re-implemented to utilise the Event-B EMF framework.
 
See [[Feature Composition Plug-in]].
 
 
 
===Internal Documentation===
 
The following pages contain documentation that we use internally only ('''not''' to be included in deliverable):
 
* [[Tasklist for EventB meta model development|Tasklist]]
 
 
 
[[Category:Design proposal]]
 

Revision as of 16:23, 3 May 2011

This page is for listing available example Event-B/Rodin projects.

Year 2011

Development of a Heating Controller System

By Abdolbaghi Rezazadeh.

This section describes an Event-B development of a simple heating controller. This is a first case study that covers the entire development process; starting from a system specification and ending up in an implementation in the Ada programing language. The overall aim of this case study is to put in practice the recommended methodological aspects of Event-B, particularly those aspects of modelling concerned with decomposition and code generation. We begin the tutorial with an overview of the abstract development that forms the basis for subsequent Tasking Event-B modelling. In the Tasking Event-B tutorial the developer is guided, step-by-step, through the final construction stages of a partially completed model. The tutorial provides an introduction to some of the main constructs used when modelling with Tasking Event-B.

Year 2010

Modularisation Training

By Alexei Iliasov.

This is teaching material for those wishing to learn about the Modularisation plugin. It includes a development and detailed explanatory slides.


Year 2009

Code Generation - Shared Buffer Example

By Andrew Edmunds and Michael Butler

The document describes an example Event-B development of a shared buffer and reading/writing processes. An implementation is then specified using the OCB notation; and a description of the implementation refinement and Java source is shown. An archive file contains the abstract Event-B development, however the implementation refinement proof is ongoing.

Well-ordering theorem

By Jean-Raymond Abrial.

The slides outline the use of Rodin in the proof of Well-ordering theorem. The archive contains the Rodin development.


Development of a flash-based filestore

By Kriangsak Damchom and Michael Butler.

The paper outlines the use of Event-B in the development of a flash-based filestore. The archive contains the Event-B development.

Real-time controller for a water tank

By Michael Butler.

The draft paper outlines an approach to treating continuous behaviour in Event-B by a discrete approximation. An example of a water tank system is used to illustrate the proposed approach. The archive contains the Event-B development for the water tank system.

UML-B Development of an ATM

By Mar Yah Said, Michael Butler and Colin Snook.

This paper outlines support for refinement of classes and statemachines in UML-B and issustrates these with an Automated Teller Machine (ATM) example. The ATM development is contained in a Rodin archive. It consists of an abstract model focusing on bank account updates. The ATM, pin cards and messaging between ATMs and a bank server are introduced in successive refinements.

MIDAS: A Formally Constructed Virtual Machine

By Steve.

MIDAS (Microprocessor Instruction and Data Abstraction System) is a specification of an Instruction Set Architecture (ISA). It is refined to a usable Virtual Machine (VM) capable of executing binary images compiled from the C language. It was developed to demonstrate a methodology for formal construction of various ISAs in Event-B via a generic model. There are two variants: a stack-based machine and a randomly accessible register array machine. The two variants employ the same instruction codes, the differences being limited to register file behavior.

The archive supplied at Deploy repository contains: C-coded prototypes of the MIDAS VMs, an Event-B model refinement constructing the same VMs, the B2C Event-B to C auto-generation tool, C compiler/assembler/linkers for the VMs, an example C test suite, and execution environments for running compiled C on the machines.

MIDAS is described in detail in Formal Construction of Instruction Set Architectures (PhD Thesis).

Development of a Network Topology Discovery Algorithm

By Hoang, Thai Son and Basin, David and Kuruma, Hironobu and Abrial, Jean-Raymond.

This paper and this Rodin development is another version of the Link State Routing Development presented in 2008.

Year 2008

Link State Routing Development

By Hoang, Thai Son and Basin, David and Kuruma, Hironobu and Abrial, Jean-Raymond.

We present a formal development in Event-B of a distributed topology discovery algorithm. Distributed topology discovery is at the core several routing algorithms and is the problem of each node in a network discovering and maintaining information on the network topology. One of the key challenges in developing this algorithm is specifying the problem itself.We provide a specification that includes both safety properties, formalizing invariants that should hold in all system states, and liveness properties that characterize when the system reaches stable states. We specify these by appropriately combining invariants, event refinement, and proofs of event convergence and deadlock freedom. The combination of these features is novel and should be useful for formalizing and developing other kinds of semi-reactive systems, which are systems that react to, but do not modify, their environment.

Modelling and proof of a Tree-structured File System

By Damchoom, Kriangsak and Butler, Michael and Abrial, Jean-Raymond.

We present a verified model of a tree-structured file system which was carried out using Event-B and the Rodin platform. The model is focused on basic functionalities affecting the tree structure including create, copy, delete and move. This work is aimed at constructing a clear and accurate model with all proof obligations discharged. While constructing the model of a file system, we begin with an abstract model of a file system and subsequently refine it by adding more details through refinement steps. We have found that careful formulation of invariants and useful theorems that can be reused for discharging similar proof obligations make models simpler and easier to prove.

Deliverable D8 D10.1 "Teaching Materials"

By Abrial, Jean-Raymond and Hoang, Thai Son and Schmalz, Matthias.

Year 2007

Redevelopment of an Industrial Case Study Using Event-B and Rodin

From Rezazadeh, Abdolbaghi and Butler, Michael and Evans, Neil.

CDIS is a commercial air traffic information system that was developed using formal methods 15 years ago by Praxis, and it is still in operation today. This system is an example of an industrial scale system that has been developed using formal methods. In particular, the functional requirements of the system were specified using VVSL -- a variant of VDM. A subset of the original specification has been chosen to be reconstructed on the Rodin platform based on the new Event-B formalism. The goal of our reconstruction was to overcome three key difficulties of the original formalisation, namely the difficulty of comprehending the original specification, the lack of any mechanical proof of the consistency of the specification and the difficulty of dealing with distribution and atomicity refinement. In this paper we elucidate how a new formal notation and tool can help to overcome these difficulties.

Retrieved from ‘https://wiki.event-b.org/index.php?title=EMF_framework_for_Event-B&oldid=4091