imported>Alexili |
|
| Line 1: |
Line 1: |
| − | = Overview =
| + | {{TOCright}} |
| | + | Return to [[Rodin Plug-ins]] |
| | | | |
| − | Event-B, being an event systems formalism does not have a mechanism for explicitly defining event ordering. Although event guards may express any desired event ordering, the ability to have a summary of possible event flows in a concise and compact form is useful for many tasks, for example, code generation and connecting with other formalisms. The flows plugin addresses one aspect of event ordering: it allows a modeller to specify and prove that a given sequence of events does not contradict a given machine specification. More precisely, if we were to execute a machine step-by-step following our prescribed sequence of events we would not discover divergencies and deadlocks not already present in the original machine. In other words, the constraining of event ordering must be such that the overall specification is an Event-B refinement of the original model. Importantly, this means that all the desired model properties proved before are preserved.
| + | The CamilleX feature provides text editors for XContexts and and XMachines which then compiled automatically to Event-B contexts and machines. |
| | + | Extension to Event-B including the ''machine inclusion'' mechanism is also supported. |
| | | | |
| − | Sequential composition of events may be expressed in a number of ways:
| + | <br style="clear: both" /> |
| − | * event immediately follows another event; no other events may take place between the composed events.
| |
| − | * event eventually follows an event; thus, although there is an interference from other events, it is guaranteed that the second is eventually enabled.
| |
| − | * event may follow an event; this is the weakest form of connection when we only say that it may be the case that the second event follows the first event; it may happen, however, that some other event interferes and the second event is delayed or is even not enabled ever.
| |
| | | | |
| − | Although the last case may seem the least appealing, it is the one that forms the basis of the Flows plugin. The primary reason for offering such a weak guarantee is proof effort required for stronger types of connectives.
| + | Please have a look also at the [[CamilleX User Guide]]. |
| | | | |
| − | = Motivations = | + | === Current version === |
| | + | The CamilleX version 2.1.0 is available as a separate feature from the main Soton Plug-in update site (under the ''CamilleX'' category). Notice that the Soton plug-in update site is now included in the composite Rodin Update Site. |
| | | | |
| − | There are a number of reasons to consider an extension of Event-B with an event ordering mechanism:
| + | === Principles === |
| − | * for some problems the information about event ordering is an essential part of requirements; it comes as a natural expectation to be able to adequately reproduce these in a model;
| + | The CamilleX editors (i.e., XContext and XMachine editors) operate on the separate XContext and XMachine text file and they are compiled to the Rodin files. |
| − | * explicit control flow may help in proving properties related to event ordering;
| |
| − | * sequential code generation requires some form of control flow information;
| |
| − | * since event ordering could restrict the non-determinism in event selection, model checking is likely to be more efficient for a composition of a machine with event ordering information;
| |
| − | * a potential for a visual presentation based on control flow information;
| |
| − | * bridging the gap between high-level workflow and architectural languages, and Event-B.
| |
| − | | |
| − | It is also hoped that the plugin would improve readability of larger models: currently they are simply a long list of events with nothing except comments to provide any structuring clues.
| |
| − | | |
| − | = Choices / Decisions =
| |
| − | | |
| − | The primary functionality of the plugin is the generation of additional proof obligations. Rodin model builder automatically invokes the static checker and the proof obligations generator of the plugin and the proof obligations related to flow appear in the list of the model proof obligations.
| |
| − | | |
| − | One of the lessons learned with an initial plugin prototype was that a CSP-like language notation is not the best way to express event ordering as not all users are not familiar with process algebraic notations. It was decided to use graphical editor to would allow a visual layout of flow diagrams. This, in our view, is a more intuitive way of specifying event ordering. To realise this, we have relied on GMF: an Eclipse library for manipulating EMF models using graphical editors.
| |
| − | | |
| − | = Available Documentation =
| |
| − | | |
| − | There is a [[Flows|wiki]] page summarising proof obligation involved in proving machine/flow consistency.
| |
| − | | |
| − | = Planning =
| |
| − | The plugin is to be available for the time of release of Platform version 1.2.
| |
| − | | |
| − | [[Category:D23 Deliverable]]
| |
Return to Rodin Plug-ins
The CamilleX feature provides text editors for XContexts and and XMachines which then compiled automatically to Event-B contexts and machines.
Extension to Event-B including the machine inclusion mechanism is also supported.
Please have a look also at the CamilleX User Guide.
Current version
The CamilleX version 2.1.0 is available as a separate feature from the main Soton Plug-in update site (under the CamilleX category). Notice that the Soton plug-in update site is now included in the composite Rodin Update Site.
Principles
The CamilleX editors (i.e., XContext and XMachine editors) operate on the separate XContext and XMachine text file and they are compiled to the Rodin files.
