FAQ
General
What is event-B?
Event-B is a formal method for system-level modelling and analysis. Key features of event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. More details are available in http://www.event-b.org/
What is the difference between event-B and the B method?
Event-B is derived from the B method. Both notations have the same inventor, and share many common concepts (set-theory, refinement, proof obligations, ...) However, they are used for quite different purpose. The B method is devoted to the development of correct by construction software, while the purpose of event-B is to model full systems (including hardware, software and environment of operation).
Both notations use a mathematical language which are quite close but do not match exactly (in particular, operator precedences are different).
What is Rodin?
The Rodin Platform is an Eclipse-based IDE for Event-B that provides effective support for refinement and mathematical proof. The platform is open source, contributes to the Eclipse framework and is further extendable with plugins.
Where does the Rodin name come from?
The Rodin platform was initially developed within the European Commission funded Rodin project (IST-511599 ), where Rodin is an acronym for "Rigorous Open Development Environment for Complex Systems” . Rodin is also the name of a famous French sculptor, one of his most famous work being the Thinker.
General Tool Usage?
How do I install external plug-ins without using Eclipse Update Manager?
Although it is preferred to install additional plug-ins into the Rodin platform using the Update Manager of Eclipse, this might not always be practical. In this case, a manner to install these plug-ins is to emulate either manually or using ad-hoc scripts the operations normally performed by the Update Manager.
This manual installation of plug-ins is described in Installing external plug-ins manually.
The builder takes too long
Generally, the builder spends most of its time attempting to prove POs. There are basically two ways to get it out of the way:
- the first one is to disable the automated prover in the Preferences panel.
- the second one is to mark some PO as reviewed when you don't want the auto-prover to attempt them anymore.
Note that if you disable the automated prover, you always can run it later on some files by using the contextual menu in the event-B Explorer.
To disable the automated prover, open Rodin Preferences (menu
). In the tree in the left-hand panel, select . Then, in the right-hand panel ensure that the checkbox labelled Enable auto-tactic for proving is disabled.To review a proof obligation, just open it in the interactive prover, then click on the review button (this is a round blue button with a R in the proof control toolbar). The proof obligation should now labelled with the same icon in the event-B explorer.
What are the ASCII shortcuts for mathematical operators
The ASCII shortcuts that can be used for entering mathematical operators are described in the help of the event-B keyboard plug-in. In the help system, this page has the following path
.This page is also available in the dynamic help system. The advantage of using dynamic help is that it allows to display the help page side-by-side with the other views and editors. To start the dynamic help, click
, then click and select the page in the tree.
Rodin (and eclipse) doesn't take into account the MOZILLA_FIVE_HOME environment variable
You have to add a properties by appending the following code to your eclipse/eclipse.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner/xulrunner-xxx
Modeling and Proving
Witness for Xyz missing. Default witness generated
A parameter as disappeared during a refinement. If this is intentional, you have to add a witness telling how the abstract parameter is refined.
Identifier Xyz should not occur free in a witness
You refer to
in a witness predicate where
is a disappearing abstract variable or parameter which is not set as the witness label.
In INITIALISATION, I get Witness Xyz must be a disappearing abstract variable or parameter
You should mark the variable as an after variable by using a tick. The witness label should be
, and the predicate should refer to
too.
I've added a witness for Xyz but it keeps saying "Identifier Xyz has not been defined"
As specified in the modelling language manual, the witness must be labelled by the name
of the concrete variable being concerned.
How can I do a Proof by Induction?
This page about proof by induction will give you some starting tips.
Labels of proof tree nodes explained
- ahmeans add hypothesis,
- ehmeans rewrite with equality from hypothesis from left to right,
- hemeans rewrite with equality from hypothesis from right to left,
- rvtell us that this goal as been manually reviewed,
- sl/dsmeans selection/deselection,
- PPmeans discharged by the predicate prover
- MLmeans discharged by the mono lemma prover
How to contribute?
See the How to contribute page.
Developer FAQ
Using Rodin-SVN from eclipse consumes too much memory
You can generate a product and use it as if it was a normal release.
How do I generate a Rodin product from SVN?
In the project org.rodinp.platform, right-click on Rodin.platform and select
. Choose and click on type Rodin for the Root directory, and choose the Destination directory. Then click on .How do I collect debug information from the Rodin platform?
You may see the log in the console by appending -consoleLog to the rodin executable: rodin -consoleLog
You may add specific debug informations by setting specific options: rodin --debug options.file -consoleLog
where
contains something like:
org.pluginname/debug = true org.pluginname/debug/optionaldebug = true
where optionaldebug may be found in the
file in the rodin source repository.
How do I submit a patch?
Good practises for patch submission are described here.
How do I track memory leaks?
If you suspect that some memory isn't freed, you may find some useful directions on how to track memory leaks here.
How do I report a bug.
See the How to contribute page.
How do I save the models ?
After the separation between a file (IRodinFile) and its root (a IInternalElement), that occurred in version 0.9.2, model saving is no more achievable through internal elements. Instead, you have to save the IRodinFile.
IInternalElement element = ... element.getRodinFile().save(...);