Difference between pages "EMF framework for Event-B" and "Tasking Event-B Tutorial"

From Event-B
(Difference between pages)
Jump to navigationJump to search
imported>Colin
 
imported>Andy
 
Line 1: Line 1:
{{TOCright}}
+
For more information contact Andy Edmunds - University of Southampton - mailto:ae2@ecs.soton.ac.uk
''This page is edited by Colin, Alexei and Fabian''
+
=== Tasking Event-B Tutorial Overview ===
  
===An EMF Model of Event-B===
+
<span style="color: RED">'''Caution''': This Page is under Construction - some parts are incomplete</span>
  
 +
This tutorial follows on from the abstract development described [http://wiki.event-b.org/index.php/Development_of_a_Heating_Controller_System here].
  
{| style="width:auto; background-color:#FFFF00; border:2px solid red;  padding:3px;"
+
This code generation tutorial extends the Heating Controller tutorial example, and makes use of example projects from the download site. The code generation stage produces implementable Ada code, and also an Event-B model. It is a model of the implementation, and contains flow control variables that model the flow of execution through the task body. The Ada code is produced from an intermediate model that is not visible to the user. The Common Language model (CLM), is generated from the Tasking Event-B by a translation tool. Ada (and other implementations) may be generated from the CLM. An overview of Tasking Event-B can be found [http://wiki.event-b.org/index.php/Tasking_Event-B_Overview here].
|<b title="Usage warning"><font size="3"> Warning:</font size="3"></b><font size="1">
 
  
This page is being updated and is currently inconsistent and inaccurate in some areas
+
In the example so far, the Heating Controller has been refined to the point where we wish to add implementation constructs. The Event-B language is not expressive enough to fully describe the implementation. Tasking Event-B facilitates this final step to implementation, by extending Event-B with the necessary constructs. Event-B machines modelling tasks, shared objects and the environment are identified, and extended with the appropriate implementation details.
  
 +
The example/tutorial projects are are available in the [http://deploy-eprints.ecs.soton.ac.uk/304/ e-prints archive], or on [https://codegenerationd.svn.sourceforge.net/svnroot/codegenerationd/Examples/Heating_ControllerTutorial_v0.2.0/ SVN].
 +
 +
{| border="1"
 +
|Heating_ControllerTutorial2_Completed
 +
|An example project with an environment simulation. The environment variables are monitored and controlled using subroutine calls. The project contains a complete Tasking Development with generated Event-B and Ada code.
 +
|-
 +
|Heating_ControllerTutorial2_Partial1
 +
|A project with the final decomposition completed, ready to begin Tasking Event-B Development.
 +
|-
 +
|Heating_ControllerTutorial2_Partial2
 +
|A partially completed tasking specification for the continuation of the tutorial.
 +
|-
 +
|TheoriesForCG
 +
|Contains the mathematical language translations; encoded as rules in a theory plug-in rule-base.
 
|}
 
|}
  
====The Eclipse Modeling Framework====
+
== Using the Tasking Extension ==
 
+
The steps needed to generate code from an Event-B model, in this tutorial, are as follows,
The EMF project is a modeling framework and code generation facility for building tools and other applications based on a structured data model. From a model specification described in XMI, EMF provides tools and runtime support to produce a set of Java classes for the model, along with a set of adapter classes that enable viewing and command-based editing of the model, and a basic editor.
+
* Step 1 - [[Tasking Event-B_Tutorial#Adding the Implementation Level Refinement|Adding the Implementation Level Refinement]]
 
+
* Step 2 - [[Tasking Event-B_Tutorial#Pre-processing|Pre-processing]]
 
+
* Step 3 - [[Tasking Event-B_Tutorial#Providing the Annotations for Implementations|Add Tasking annotations]].
====Event-B Meta-Model====
+
* Step 4 - [[Tasking Event-B_Tutorial#Invoking the Translation|Invoke translators]].
The Event-B meta-model defines the structure of Event-B projects. The model is structured into three packages for clarity. The core package contains a structure of abstract meta-classes so that models can be treated generically as far as possible. The core package also contains mechanisms to handle extensions provided by other plug-ins and a meta-class to model entire projects. There are two sub-packages, contained with the core package, for Machine and Context.  Note, that the ''EventB'' prefix is used to indicate that a meta-class is abstract (i.e. cannot be instantiated except via one of its subclasses).
+
=== Download and Copy the Theories ===
 
+
The translations of the Event-B mathematical language to the target language constructs are specified as rules in the theory plug-in. Two rule files are included for the example, and are available in the [https://codegenerationd.svn.sourceforge.net/svnroot/codegenerationd/Examples/Heating_ControllerTutorial_v0.2.0/ SVN]. The files can be downloaded and copied into an Event-B project called ''MathExtensions''. The theory must then be deployed. Right-Click on the theory file and select deploy to do this. The non-Event-B project, the original download may now be deleted.
The root of all meta-classes in the Event-B EMF model is the abstract base class, ''EventBObject'' this provides some convenience methods to access containing or contained elements of a specified type and a method to obtain the URL of an element's package. EventBObject extends the EMF class, EModelElement, which provides a facility to store EAnnotations in any EventBObject. (EAnnotations give a flexible and efficient way to store information that is not part of the main model. For example this is used to store some information contained in the Rodin database, which must be preserved but is not of interest in the EMF modelling tools).
 
 
 
''EventBElement'' provides a common abstract base class for all EventBObjects that are elements of the model. This meta-class provides extensibility features that are described later.
 
 
 
''EventBCommentedElement'' provides the ability to comment elements. It inherits a string attribute, ''comment'' from ''EventBCommented''. (The use of a separate meta-class, outside the main inheritance hierarchy gives more flexibility for future modifications if other elements need to be commented. Hence if client code refers to comments via ''EventBCommented'' rather than ''EventBCommentedElement'' they will not be affected if, in the future, other elements inherit ''EventBCommented'').
 
 
 
Similarly, ''EventBNamedCommentedElement'' adds the ability to name elements by inheriting a string attribute, ''name'' from ''EventBNamed''. (Currently, a named but not commented element is not provided).
 
 
 
''EventBExpression'' provides a string attribute, ''expression'', for an Event-B mathematical expression. Note that this class extends ''EventBCommentedElement'' since our current need (Variant) is for expression elements not to be commented but not named.  
 
 
 
''EventBPredicate'', provides a string attribute, ''predicate'' for an Event-B mathematical predicate. Note that this class extends ''EventBNamedCommentedElement'' since our current need is for all predicate elements to be commented and named.
 
 
 
''EventBDerivedPredicate'', extends ''EventBPredicate'' and provides a boolean attribute, ''theorem'' to indicate that the predicate is a theorem that should be derived (from previous predicates in the same container).
 
 
 
[[Image:EMFcore1abstract.gif|EMF model, abstract base elements]]
 
 
 
====The Extension Mechanism====
 
 
 
The abstract root meta-class, ''BElement'', contains a collection, ''extensions'', of another abstract meta-class, ''BExtension''. ''BExtension'' can be specialised in other EMF models to define extensions of the model. Extension classes should override the abstract load and save methods of ''BExtension'' in order to define their specific requirements for serialisation.
 
 
 
[[Image:EMFcore2extensions.gif|EMF model, extension mechanism]]
 
  
====Project====
+
=== Adding the Implementation Level Refinement ===
 +
The final decomposition generates the machines that are required for code generation. However, it is not possible to edit the machines since they are machine generated, and therefore this is prohibited. In order to be able to modify the models we will refine the generated machines. This is where we begin with the ''Heating_ControllerTutorial2_Partial1'' project. To refine the machines we can use the automatic refinement feature, but this presents us with two problems that are dealt with in the pre-processing step. It is also at this stage that any remaining non-deterministic constructs should be removed by replacing them with deterministic constructs.
  
A Project contains a collection of components. Project extends EventBNamedCommentedElement. This allows it to contain Extensions and Attributes as well as providing it with a name and comment.  
+
TIP: Non-deterministic constructs cause strange characters to appear in the source code. If you see strange characters in the generated code, check for non-deterministic constructs in the implementation level machines.
  
[[Image:EMFcore3project.gif|EMF model of an Event-B Project]]
+
Alter_Temperature_Sensor1 in Envir1Impl: action becomes ts1 := ts1 + 1
 +
Alter_Temperature_Sensor2 in Envir1Impl: action becomes ts1 := ts1 + 1
 +
Alter_Heater_Status in Envir1Impl: action becomes hss := FALSE
 +
INITIALISATION in Heater_Monitor_TaskImpl: becomes shs := FALSE
  
===Machine package===
+
We also need to add a typing flag to an invariant. We need to add it in only one place, and this is where an invariant is used type a variable, in the Heating Controller machine. The flag is used to guide the translator to the typing invariant. This is because there is more than one invariant involving that particular variable. They may also be added to guards where parameters are typed in guards, and the parameters are referred to in more than one guard.
  
A Machine inherits from component (so that it can be used in the ''components'' collection of a Project). Machines, refine other machines (via a subtype of ''BReferenceElement'' which may be resolved), see contexts  (via a subtype of ''BReferenceElement'' which may be resolved), and may contain, variables, invariants, theorems, a single variant and events.
+
* Go to the ''Heater_Monitor_TaskImpl typing_shs'' invariant.
 +
* Add the typing flag, by right-clicking on the invariant and selecting typing from the menu.
  
[[Image:EMFmachine.gif|EMF model of a Machine]]
+
=== Pre-processing ===
  
'''Events'''
+
The pre-processing step should be a temporary, the solutions can be incorporated into the tool to automatically perform the changes that are required.
  
Events contain parameters, witnesses, refines relationships with other events, guards and actions. Witnesses, link with other parameters (via a subtype of ''BReferenceElement'' which may be resolved). Similarly, event refinement relationships link to other events (via a subtype of ''BReferenceElement'' which may be resolved). The enumerated type, ''BConvergence'',  provides the values for the convergence property of an event.
+
* The Code Generator requires a flattened version of each machine; all of the Event-B elements should be available in the implementation level machine.  
 +
* Composed machines are not currently able to be refined, so anything that requires synchronization of events requires some manual updates.
  
[[Image:EMFevent.gif|EMF model of an Event]]
+
===== 'Flattening' the Implementation Machines =====
  
===Context package===
+
The temporary solution for flattening:
 +
* Make events ''not extended''.
 +
* Copy missing invariants.
  
A Context inherits from component. Contexts, extend other contexts  (via a subtype of ''BReferenceElement'' which may be resolved), and contain sets, constants, axioms and theorems. (Note that the ''BTheorem'' meta-class is the same one that appeared in the Machine package).
+
I found the Event-B Machine Editor's synthesis view useful for this. Invariants can be copy-pasted into the implementation machine from the abstraction. (A dummy invariant can be added and selected for pasting)
  
[[Image:EMFcontext.gif|EMF model of a Context]]
+
===== Providing the correct Composed Machine =====
  
====Event-B Mathematical Language Extension====
+
The composed machine problem is sub-divided into two sub-problems. Firstly composed machines cannot be refined, and secondly when a machine is further decomposed there is no link between the first composed machine and the newly generated composed machine. So one or both of these problems may occur, depending on the number of decompositions.
Using [[#The Extension mechanism|the Extension mechanism]] an EMF extension for the Mathmetical Language of EventB will be created. This means expressions, predicates and substitutions will be available as EMF models too.
 
  
As the RodinDB only saves these constructs as plain strings, their EMF representation will be recreated every time a model is loaded. The existing RodinParser in combination with a conversion component will be used for this task.
+
We must manually add the information to the composed machines to address these two problems.
To avoid unnecessary parsing the creation of these models will be postponed until the models are needed. For example, it will be up to the tool developers to decide when they need a fully resolved structure of predicates. API methods in the [[#Text Tools|Text Tools]] will ease parsing and model construction for tool developers.
 
  
===Persistence===
+
The temporary solution for composed machines:
The Persistence package will override the default EMF persistence so that models created with the Event-B EMF framework will be serialised into the Rodin Database. The serialisation will make use of the Rodin API so that it is decoupled from the serialisation of the Rodin database. Serialisation will synchronise changes with the Rodin Database so that only elements that have been altered are updated.  
+
* Modify the lowest level decomposed machine, HCtrl_M1_cmp, to ''include'' the implementation level machines (task names ending in *Impl). To do this,
The Persistence API will provide methods to open/create Rodin projects, load and unload components (from Rodin Database to cache), save changes, register listeners to projects and components and resolve references between elements.
+
* open the composed machine editor. Open the INCLUDES edit feature.
 +
* Select the second drop-down box and find the *Impl version of each machine.
 +
* Save the composed machine.
 +
* Now add missing synchronizations to the composed machine. Add the ''Envir1Impl'' to the includes of HCtrl_M1_cmp.
 +
* Each composed event in the task, that synchronizes with the Environ machine, must have the remote event synchronization added manually. This can only be done by inspection of each composed event. We need to update Sense_Temperatures, Display_Current_Temperature, Actuate_OverHeat_Alram, Actuate_Heat_Source, Sense_Heater_Status, Actuate_NoHeat_Alarm, Sense_PressIncrease_Target_Temperature, Sense_PressDecrease_Target_Temperature, Display_Target_Temperature. One by one, expand the events in the composed events section of the composed machine editor; add a new event in the combines events section, select ''Envir1Impl'' and add the synchronizing event from the list-box to the right.
  
===Text Tools===
+
=== Adding Tasking Event-B ===
As several tools based on the EventB meta-model will deal with a textual representation of it, a component called 'Text Tools' will be created. Text Tools will offer an API for basic tasks such as:
+
Each Machine should be completed as follows.
* Define a concrete syntax for the structure of machines and contexts
+
==== The Temp_Ctrl_TaskImpl Machine ====
* Conversion from an EventB meta-model to text, i.e., pretty-print with configurable layout
+
Continuing with the tutorial project ''Heating_ControllerTutorial2_Partial2'', we need to make changes to the following machines. During the tutorial we will cut and paste from ''Heating_ControllerTutorial2_Completed'' model when, specifying the task bodies, to save typing.
* Parsing of text input which produces an EventB meta-model
 
  
 +
*Add the ''Auto Task'' extension.
 +
**Right-Click on the Machine node in the Rose tree-editor,
 +
**and click on ''New Child Element/Auto Task Machine'' menu option.
  
'''Structural parsing'''
+
''Auto Tasks'' are tasks that will be declared and defined in the ''Main'' procedure of the implementation. The effect of this is that the ''Auto Tasks'' are created when the program first loads, and then activated (made ready to run) before the ''Main'' procedure body runs.
  
The Rodin core already provides a parser for expressions, predicates and substitutions. Therefore Text Tools will only provide a parser for the structural parts of the text representation of EventB machines and contexts. This parser will treat expressions, predicates and substitutions as plain strings that are stored in attributes in the meta-model.
+
*'''Edit the TaskBody'''.
As described in section [[#Event-B Mathematical Language Extension|Event-B Mathematical Language Extension]] the full mathematical language will be supported as an extension to the EventB meta-model. Tools that are interested in working on a fully parsed version of an expression, predicate or substitution will be able to use helper methods of the Text Tools API. These helper methods will make use of the existing Rodin parser and convert the resulting AST to the meta-model.
+
**Open the properties editor for the task body.
 +
**Copy and paste the task body from ''Heating_ControllerTutorial2_Completed/Temp_Ctrl_TaskImpl''
 +
**Set the task type to ''Periodic'',
 +
**Set a period of 250 milliseconds.  
 +
**Click on the Set Task Body button.
  
 +
The task body is parsed, and if successful will add the structure to the EMF tree. If parsing is not successful an error panel will display the source of the error.
  
'''Fallback strategy'''
+
We now look at the sensing event ''Sense_Temperatures'' event in ''Temp_Ctrl_TaskImpl''. In order to assist with the translation we add the following annotation:
  
When the user is editing the textual representation of a machine or context the input may contain syntactic errors which prevent converting the parse result into an EMF model. As the user might wish to save the text representation in this syntactically incorrect state, Text Tools will provide a fallback strategy for this case. API methods will be provided to store the plain text into the RodinDB. This plain text will be used as a basis for editing next time the model is loaded via Text Tools.
+
*'''Add a Sensed Event Annotation'''.
 +
** Right-click on the ''Sense_Temperatures'' Event node.
 +
** Select ''New Child/Implementation'' from the menu.
 +
** Go to the Implementation properties view and set the ''Implementation Type'' property to ''Sensing''.
  
 +
We now look at the actuating event ''Display_Current_Temperatures'' event in ''Temp_Ctrl_TaskImpl''. In order to assist with the translation we add the following annotation:
  
'''Conflict resolution'''
+
*'''Add an Actuating Event Annotation'''.
 +
** Right-click on the ''Display_Current_Temperatures'' Event node.
 +
** Select ''New Child/Implementation'' from the menu.
 +
** Go to the Implementation properties view and set the ''Implementation Type'' property to ''Actuating''.
  
When Text Tools loads an EventB meta-model from the Rodin Database it will detect any conflicts in the model. Conflicts will occur if other editors, that do not work via Text Tools, have changed the model in the RodinDB after Text Tools has stored a syntactically incorrect version as plain text. In this case the tool that is using Text Tools to load the model will be informed about the conflict and asked to resolve it. Strategies to solve these conflicts could be 'automatic overwriting based on time stamps' or using the editors described in the section [[#Compare/Merge Editor|Compare/Merge Editor]].
+
==== The Shared Machine ====
  
===Tools That Will Use the Framework===
+
The next step is to identify the ''Shared_ObjectImpl'' machine as a ''Shared Machine''.
 +
* Right-click on the ''Shared_Object'' Machine node in the Rose tree-editor.
 +
* Select ''New Child/Shared Machine'' from the menu.
  
The framework described above is not yet available. However, we already plan to use it in some tools.
+
==== The Environ Machine ====
 +
In the prepared machine we identify the ''Envir1Impl'' as an ''Environ Machine'',
  
====Compare/Merge Editor====
+
*Add the ''Environ Machine'' extension.  
In several situations conflicts between different versions of an Event-B model can occur. Often the responsible tool will not be able to resolve these conflicts automatically and user interaction is required. A compare and merge editor for Event-B models will help users to solve these conflicts. This editor will be based on the [http://wiki.eclipse.org/index.php/EMF_Compare EMF Compare] sub-project. It will compare the two conflicting versions and present the differences to the user. This visualization of the model will resemble the [[#Structure Editor|Structure Editor]].  
+
**Right-click on the Machine node in the Rose tree-editor.
 +
**Select the ''New Child Element/Auto Task Machine'' menu option.
  
If one of the two versions of the machine/context contains an invalid structure that means it is only available as text, the EMF based Compare/Merge editor cannot be used. A textual Compare/Merge editor will be available as an alternative view (integrated with the EMF Compare/Merge editor). The second view will be based on the [[#Text Editor|Text Editor]].  
+
In the implementation, ''Environ Tasks'' are declared and defined in the ''Main'' procedure . The ''Envir1Impl'' machine models a task that simulates the environment, and can be used to generate simulation code. For deployment in a non-simulated environment the environ machine's generated code can be ignored. To specify the Environment task's behaviour we add edit the task body.
  
Usage scenarios are, for example:
+
*'''Edit the TaskBody'''.
* Merging after a conflict between RodinDB and Text Editor (as described in [[#Text Tools|Text Tools]])
+
**Open the properties editor for the task body.
* Team-based development, for example, using SVN or CVS
+
**Copy and paste the task body from ''Heating_ControllerTutorial2_Completed/Envir1Impl''
* Comparison of an abstract and a refining machine, highlighting the differences
+
**Set the task type to ''Periodic'',  
 +
**Set a period of 100 milliseconds.
 +
**Click on the Set Task Body button.
  
====Text Editor====
+
When clicking on Set Task Body, the task body text is sent to the parser. If parsing is successful then a builder adds the structure to the EMF tree. If parsing fails then an error panel displays the source of the error.
Requests by several users have shown that there is demand for a text editor for EventB models. Based on the EventB meta-model and the [http://www2.informatik.hu-berlin.de/sam/meta-tools/tef/index.html Text Editor Framework], a state-of-the-art text editor will be created.
 
The editor will make use of  [[#Text Tools|Text Tools]] and will provide an extensible set of features, such as (syntactical and semantical) highlighting, code completion, quick navigation and outline view.
 
  
The text editor will be available in two forms. A first class Eclipse editor will offer editing of full machines and contexts. In addition a pop-up editor will be created that can be used by other tools to allow their users text editing of sub-components in machines and contexts. An example is the [[#Structure Editor|Structure Editor]], which will offer a pop-up text editor allowing the user to edit a single expression or a compound sub-component such as an event.
+
The final step is to complete the ''Sense_Temperatures'' event. The event, being a kind of synchronization, synchronizes with the ''Sense_Temperatures'' event in the ''Temp_Ctrl_Task'' tasking machine. We annotate the model with sensing and actuating implementation types.
  
====Structure Editor====
+
*'''Add a Sensed Event Annotation'''.
EMF provides support to generate structured (e.g. tree, list, table based) editors for models. An adapted version of these editors will allow users to edit machine and context elements within a structure using menu-guided selections. To allow feature-rich editing of elements containing expressions, predicates and substitutions this editor will use the pop-up variant of the [[#Text Editor|Text Editor]].
+
** Right-click on the ''Sense_Temperatures'' Event node.
 +
** Select ''New Child/Implementation'' from the menu.
 +
** Go to the Implementation properties view and set the ''Implementation Type'' property to ''Sensing''.
  
====Project Diagram Editor====
+
*'''Add an Actuating Event Annotation'''.
A diagrammatic editor will be produced that shows the structure of an Event-B Project in terms of it's Machines and Contexts with their refines, sees and extends relationships. (This will replace the current UML-B package diagram). The Project Diagram editor will be produced using the Graphical Modelling Framework (GMF). It will allow machines and contexts to be created/deleted and their relationships changed. A feature to create a 'starting point' refinement of a machine, will be included.
+
** Right-click on the ''Display_Current_Temperatures'' Event node.
 +
** Select ''New Child/Implementation'' from the menu.
 +
** Go to the Implementation properties view and set the ''Implementation Type'' property to ''Actuating''.
  
====[[UML-B]]====
+
=== A Summary of Steps ===
UML-B will be re-implemented as an extension to the Event-B meta-model. The UML-B meta-classes will extend and add to the meta-classes of Event-B. This will provide greater integration between the EMF based Event-B editors and the UML-B diagrammatic editors.
+
For a Tasking Machine definition:
 +
# Add the Tasking Machine type (Auto etc).
 +
# Set the task type (Periodic etc.).
 +
# Set the task priority.
 +
# Specify the task body.
 +
# For sensing/actuating events, add the Event Type.
  
====Refinement Pattern Editor====
+
For a Shared Machine definition:
The EMF framework will be used to implement the text editor for the Event-B pattern plugin. The syntax of facets - Event-B model templates used to describe patterns - is an extension of the Event-B syntax.
+
# Add the ''SharedMachine'' Machine type.
  
====[[Parallel Composition using Event-B|Shared Event Composition Tool]]====
+
For an Environ Machine definition:
An editor for composing two machines based on shared events has been developed by Southampton. This tool will be re-implemented to utilise the Event-B EMF framework.
+
# Make the type an Environ Machine type.
 +
# Set the task type Periodic; a shorter period than the shortest task period is best for simulation.
 +
# Set the task priority.
 +
# Specify the task body, it will contain a simulation of changes in the environment.
 +
# For each sensing/actuating event, add the Event Type.
  
See [[Parallel Composition using Event-B]].
+
== Invoking the Translators ==
  
====[[Feature Composition Plug-in|Feature Composition Tool]]====
+
* To generate Ada code,
An editor for composing two machines based on feature selection has been developed by Southampton. The tool (which is already based on EMF) will be re-implemented to utilise the Event-B EMF framework.
+
** Right-Click on the composed machine, or any tasking machine in the development, select ''Code Generation/Translate Event-B to Ada''.
See [[Feature Composition Plug-in]].
+
** Open the generated ''code'' directory in the project to view the source files. A refresh will be necessary to make the code visible. The .gpr file has been provided for AdaCore GPS users.
  
===Internal Documentation===
+
* To create the Event-B model of the implementation,
The following pages contain documentation that we use internally only ('''not''' to be included in deliverable):
+
** Right-Click on the composed machine, or any tasking machine in the development, select ''Code Generation/Translate Tasking Event-B to Event-B''.
* [[Tasklist for EventB meta model development|Tasklist]]
+
** The Event-B model should be updated with the flow control variables. Users are not able to manually edit the generated elements. The additions can be removed using the menu option ''Code Generation/Remove Generated Event-B''
  
[[Category:Design proposal]]
+
=== Generated Code ===
 +
Generated code should be visible in the code directory, in the Event-B project. You can see the directory in the resource view; or alternatively, click on the view menu in the Event-B perspective, select customize view, and uncheck the ''all file and folders'' filter.
 +
[[Category:User documentation]]

Revision as of 09:46, 2 December 2011

For more information contact Andy Edmunds - University of Southampton - mailto:ae2@ecs.soton.ac.uk

Tasking Event-B Tutorial Overview

Caution: This Page is under Construction - some parts are incomplete

This tutorial follows on from the abstract development described here.

This code generation tutorial extends the Heating Controller tutorial example, and makes use of example projects from the download site. The code generation stage produces implementable Ada code, and also an Event-B model. It is a model of the implementation, and contains flow control variables that model the flow of execution through the task body. The Ada code is produced from an intermediate model that is not visible to the user. The Common Language model (CLM), is generated from the Tasking Event-B by a translation tool. Ada (and other implementations) may be generated from the CLM. An overview of Tasking Event-B can be found here.

In the example so far, the Heating Controller has been refined to the point where we wish to add implementation constructs. The Event-B language is not expressive enough to fully describe the implementation. Tasking Event-B facilitates this final step to implementation, by extending Event-B with the necessary constructs. Event-B machines modelling tasks, shared objects and the environment are identified, and extended with the appropriate implementation details.

The example/tutorial projects are are available in the e-prints archive, or on SVN.

Heating_ControllerTutorial2_Completed An example project with an environment simulation. The environment variables are monitored and controlled using subroutine calls. The project contains a complete Tasking Development with generated Event-B and Ada code.
Heating_ControllerTutorial2_Partial1 A project with the final decomposition completed, ready to begin Tasking Event-B Development.
Heating_ControllerTutorial2_Partial2 A partially completed tasking specification for the continuation of the tutorial.
TheoriesForCG Contains the mathematical language translations; encoded as rules in a theory plug-in rule-base.

Using the Tasking Extension

The steps needed to generate code from an Event-B model, in this tutorial, are as follows,

Download and Copy the Theories

The translations of the Event-B mathematical language to the target language constructs are specified as rules in the theory plug-in. Two rule files are included for the example, and are available in the SVN. The files can be downloaded and copied into an Event-B project called MathExtensions. The theory must then be deployed. Right-Click on the theory file and select deploy to do this. The non-Event-B project, the original download may now be deleted.

Adding the Implementation Level Refinement

The final decomposition generates the machines that are required for code generation. However, it is not possible to edit the machines since they are machine generated, and therefore this is prohibited. In order to be able to modify the models we will refine the generated machines. This is where we begin with the Heating_ControllerTutorial2_Partial1 project. To refine the machines we can use the automatic refinement feature, but this presents us with two problems that are dealt with in the pre-processing step. It is also at this stage that any remaining non-deterministic constructs should be removed by replacing them with deterministic constructs.

TIP: Non-deterministic constructs cause strange characters to appear in the source code. If you see strange characters in the generated code, check for non-deterministic constructs in the implementation level machines.

Alter_Temperature_Sensor1 in Envir1Impl: action becomes ts1 := ts1 + 1
Alter_Temperature_Sensor2 in Envir1Impl: action becomes ts1 := ts1 + 1
Alter_Heater_Status in Envir1Impl: action becomes hss := FALSE
INITIALISATION in Heater_Monitor_TaskImpl: becomes shs := FALSE

We also need to add a typing flag to an invariant. We need to add it in only one place, and this is where an invariant is used type a variable, in the Heating Controller machine. The flag is used to guide the translator to the typing invariant. This is because there is more than one invariant involving that particular variable. They may also be added to guards where parameters are typed in guards, and the parameters are referred to in more than one guard.

  • Go to the Heater_Monitor_TaskImpl typing_shs invariant.
  • Add the typing flag, by right-clicking on the invariant and selecting typing from the menu.

Pre-processing

The pre-processing step should be a temporary, the solutions can be incorporated into the tool to automatically perform the changes that are required.

  • The Code Generator requires a flattened version of each machine; all of the Event-B elements should be available in the implementation level machine.
  • Composed machines are not currently able to be refined, so anything that requires synchronization of events requires some manual updates.
'Flattening' the Implementation Machines

The temporary solution for flattening:

  • Make events not extended.
  • Copy missing invariants.

I found the Event-B Machine Editor's synthesis view useful for this. Invariants can be copy-pasted into the implementation machine from the abstraction. (A dummy invariant can be added and selected for pasting)

Providing the correct Composed Machine

The composed machine problem is sub-divided into two sub-problems. Firstly composed machines cannot be refined, and secondly when a machine is further decomposed there is no link between the first composed machine and the newly generated composed machine. So one or both of these problems may occur, depending on the number of decompositions.

We must manually add the information to the composed machines to address these two problems.

The temporary solution for composed machines:

  • Modify the lowest level decomposed machine, HCtrl_M1_cmp, to include the implementation level machines (task names ending in *Impl). To do this,
  • open the composed machine editor. Open the INCLUDES edit feature.
  • Select the second drop-down box and find the *Impl version of each machine.
  • Save the composed machine.
  • Now add missing synchronizations to the composed machine. Add the Envir1Impl to the includes of HCtrl_M1_cmp.
  • Each composed event in the task, that synchronizes with the Environ machine, must have the remote event synchronization added manually. This can only be done by inspection of each composed event. We need to update Sense_Temperatures, Display_Current_Temperature, Actuate_OverHeat_Alram, Actuate_Heat_Source, Sense_Heater_Status, Actuate_NoHeat_Alarm, Sense_PressIncrease_Target_Temperature, Sense_PressDecrease_Target_Temperature, Display_Target_Temperature. One by one, expand the events in the composed events section of the composed machine editor; add a new event in the combines events section, select Envir1Impl and add the synchronizing event from the list-box to the right.

Adding Tasking Event-B

Each Machine should be completed as follows.

The Temp_Ctrl_TaskImpl Machine

Continuing with the tutorial project Heating_ControllerTutorial2_Partial2, we need to make changes to the following machines. During the tutorial we will cut and paste from Heating_ControllerTutorial2_Completed model when, specifying the task bodies, to save typing.

  • Add the Auto Task extension.
    • Right-Click on the Machine node in the Rose tree-editor,
    • and click on New Child Element/Auto Task Machine menu option.

Auto Tasks are tasks that will be declared and defined in the Main procedure of the implementation. The effect of this is that the Auto Tasks are created when the program first loads, and then activated (made ready to run) before the Main procedure body runs.

  • Edit the TaskBody.
    • Open the properties editor for the task body.
    • Copy and paste the task body from Heating_ControllerTutorial2_Completed/Temp_Ctrl_TaskImpl
    • Set the task type to Periodic,
    • Set a period of 250 milliseconds.
    • Click on the Set Task Body button.

The task body is parsed, and if successful will add the structure to the EMF tree. If parsing is not successful an error panel will display the source of the error.

We now look at the sensing event Sense_Temperatures event in Temp_Ctrl_TaskImpl. In order to assist with the translation we add the following annotation:

  • Add a Sensed Event Annotation.
    • Right-click on the Sense_Temperatures Event node.
    • Select New Child/Implementation from the menu.
    • Go to the Implementation properties view and set the Implementation Type property to Sensing.

We now look at the actuating event Display_Current_Temperatures event in Temp_Ctrl_TaskImpl. In order to assist with the translation we add the following annotation:

  • Add an Actuating Event Annotation.
    • Right-click on the Display_Current_Temperatures Event node.
    • Select New Child/Implementation from the menu.
    • Go to the Implementation properties view and set the Implementation Type property to Actuating.

The Shared Machine

The next step is to identify the Shared_ObjectImpl machine as a Shared Machine.

  • Right-click on the Shared_Object Machine node in the Rose tree-editor.
  • Select New Child/Shared Machine from the menu.

The Environ Machine

In the prepared machine we identify the Envir1Impl as an Environ Machine,

  • Add the Environ Machine extension.
    • Right-click on the Machine node in the Rose tree-editor.
    • Select the New Child Element/Auto Task Machine menu option.

In the implementation, Environ Tasks are declared and defined in the Main procedure . The Envir1Impl machine models a task that simulates the environment, and can be used to generate simulation code. For deployment in a non-simulated environment the environ machine's generated code can be ignored. To specify the Environment task's behaviour we add edit the task body.

  • Edit the TaskBody.
    • Open the properties editor for the task body.
    • Copy and paste the task body from Heating_ControllerTutorial2_Completed/Envir1Impl
    • Set the task type to Periodic,
    • Set a period of 100 milliseconds.
    • Click on the Set Task Body button.

When clicking on Set Task Body, the task body text is sent to the parser. If parsing is successful then a builder adds the structure to the EMF tree. If parsing fails then an error panel displays the source of the error.

The final step is to complete the Sense_Temperatures event. The event, being a kind of synchronization, synchronizes with the Sense_Temperatures event in the Temp_Ctrl_Task tasking machine. We annotate the model with sensing and actuating implementation types.

  • Add a Sensed Event Annotation.
    • Right-click on the Sense_Temperatures Event node.
    • Select New Child/Implementation from the menu.
    • Go to the Implementation properties view and set the Implementation Type property to Sensing.
  • Add an Actuating Event Annotation.
    • Right-click on the Display_Current_Temperatures Event node.
    • Select New Child/Implementation from the menu.
    • Go to the Implementation properties view and set the Implementation Type property to Actuating.

A Summary of Steps

For a Tasking Machine definition:

  1. Add the Tasking Machine type (Auto etc).
  2. Set the task type (Periodic etc.).
  3. Set the task priority.
  4. Specify the task body.
  5. For sensing/actuating events, add the Event Type.

For a Shared Machine definition:

  1. Add the SharedMachine Machine type.

For an Environ Machine definition:

  1. Make the type an Environ Machine type.
  2. Set the task type Periodic; a shorter period than the shortest task period is best for simulation.
  3. Set the task priority.
  4. Specify the task body, it will contain a simulation of changes in the environment.
  5. For each sensing/actuating event, add the Event Type.

Invoking the Translators

  • To generate Ada code,
    • Right-Click on the composed machine, or any tasking machine in the development, select Code Generation/Translate Event-B to Ada.
    • Open the generated code directory in the project to view the source files. A refresh will be necessary to make the code visible. The .gpr file has been provided for AdaCore GPS users.
  • To create the Event-B model of the implementation,
    • Right-Click on the composed machine, or any tasking machine in the development, select Code Generation/Translate Tasking Event-B to Event-B.
    • The Event-B model should be updated with the flow control variables. Users are not able to manually edit the generated elements. The additions can be removed using the menu option Code Generation/Remove Generated Event-B

Generated Code

Generated code should be visible in the code directory, in the Event-B project. You can see the directory in the resource view; or alternatively, click on the view menu in the Event-B perspective, select customize view, and uncheck the all file and folders filter.