Abeer Saeed Abdo Hadad,Chunyan Ma,Adeeb Abdulwakeel Obadi Ahmed

DOI: https://doi.org/10.1109/access.2020.2987972

IF: 3.9

2020-01-01

IEEE Access

Abstract:AADL is widely used to depict the architecture and behavior of real-time safety-critical systems such as avionics and aerospace. The development of these systems has strict requirements for building fault-free systems. Formal verification is frequently applied to verify the critical properties of the systems, such as safety and liveness; however, the formal verification is not supported by AADL. Model transformation is commonly applied to provide formal semantics; hence, the AADL model can be verified by a language that supports formal verification in addition to the ability to cover all AADL model behavior. Event-B, with its proof obligation, is increasingly used to model and verify safety-critical systems. This paper presents the transformation of the AADL model into Event-B, which captures most AADL components and behavioral actions to be effective in the verification of current real-time systems models. Then, we define theorems and invariants of safety and liveness properties to be proven by using the RODIN platform. To demonstrate the efficacy of our method, we model the AADL of movement authority (MA) control of the Chinese Train Control System, transform the AADL model to Event-B and verify its crucial properties.

Jian Zhu,Kai Hu,Mamoun Filali,Jean-Paul Bodeveix,Jean-Pierre Talpin

DOI: https://doi.org/10.48550/arXiv.2005.01261

2020-05-13

Abstract:Smart contracts are the artifact of the blockchain that provide immutable and verifiable specifications of physical transactions. Solidity is a domain-specific programming language with the purpose of defining smart contracts. It aims at reducing the transaction costs occasioned by the execution of contracts on the distributed ledgers such as the Ethereum. However, Solidity contracts need to adhere safety and security requirements that require formal verification and certification. This paper proposes a method to meet such requirements by translating Solidity contracts to Event-B models, supporting certification. To that purpose, we define a restrained Solidity subset and a transfer function which translates Solidity contracts to Event-B models. Then we take advantage of Event-B method capabilities to refine models at different levels of abstraction to verify Solidity contracts' properties. And we can verify the generated proof obligations of the Event-B model with the help of the Rodin platform.

Software Engineering

Hongjiang Gao,Yongsheng Zhao,Jun Liu,Zheng Qin

2007-01-01

Abstract:With increasingly complexity in intellectualized information management systems (IIMS), the problem of their verification and validation is acquiring increasing importance, and rigorous design practices are needed in case of critical applications. In this paper, a practical approach for increasingly developing flexible and reliable formal specifications of IIMS using Event-B is described, with a roles-based collaboration model, exemplified on iterated contract net interaction protocol in the interaction of IIMS, and then B models generated with evt2b supported by Atelier B are then proven in consistency and correctness.

Wen Su,Jean-Raymond Abrial,Huibiao Zhu

DOI: https://doi.org/10.1016/j.scico.2014.04.015

IF: 1.039

2014-01-01

Science of Computer Programming

Abstract:This paper contains the development of hybrid systems with Event-B and the Rodin Platform. It follows the seminal approach introduced at the turn of the century in Action Systems. Many examples that have been entirely proved with the Rodin Platform illustrate our approach. We propose to complement the Event-B/Rodin Platform approach with the usage of Matlab, either to simulate examples with some correct as well as incorrect set of parameters, or to use the analytical power of Matlab to complement the usage of Event-B.

Kaiming Fu,Bin Fang,Yafen Li,Huijie Li

DOI: https://doi.org/10.1109/ccdc.2016.7531625

2016-01-01

Abstract:Before the automatic production line put into practical use in industrial domain, it must go through a large number of long-term rigorous test to detect errors in the design process. However in the actual test process, the same mistake leads to different results due to the different test methods and there are some special conditions resulting from the limitation of field test environment what can't be used to be tested. The formal method, by using the method of discrete mathematics to practical system mathematical modeling and validation, can replace the methods what can not been tested under the conditions of system verification. The formal method is also suitable for developing large reactive and distributed systems. In this paper, the specific formal method which is called Event-B improves the high security and reliability of system. Moreover the related tools such as Rodin are used for modeling, refinement and verification in the PLC (Programmable Logic Controller) automatic production line. The result in this paper shows that our approach contributes to reducing system details during the early development stage and leads to simpler proofs and more automated proofs. Thus it provides a new method for reference for higher requirements in the reliability in engineering projects, so as to ensure the correctness of the designed software.

Jian Zhu,Kai Hu,Mamoun Filali,Jean-Paul Bodeveix,Jean-Pierre Talpin,Haitao Cao

DOI: https://doi.org/10.1109/COMPSAC51774.2021.00183

2021-01-01

Abstract:Smart contracts are the artifact of the blockchain that provides immutable and verifiable specifications of physical transactions. Solidity is a domain-specific programming language with the purpose of defining smart contracts. It aims at reducing the transaction costs occasioned by the execution of contracts on the distributed ledgers such as Ethereum. However, Solidity contracts need to adhere to safety and security requirements that require formal verification and certification. This paper proposes a method to meet such requirements by translating Solidity contracts to Event-B models, supporting certification. To that purpose, we define a restrained Solidity subset and a transfer function that translates Solidity contracts to Event-B models. Besides, we have implemented a translator to improve the conversion efficiency. As a case study, we take advantage of Event-B method capabilities to simulate models at different levels of abstraction and to express the properties of a typical smart contract: Honeypot contract. Lastly, we verify the generated proof obligations of the Event-B model with the help of the Rodin platform.

He Zhao,Bin Fang,Hui-jie Li,Pu Wang

DOI: https://doi.org/10.2991/icismme-15.2015.288

2015-01-01

Abstract:In order to ensure the safety of equipment and persons, the rigorous requirements on the correctness and reliability of control program are always needed in industrial control system. The traditional program design methods are based on the realization of the functions and verified by the simulations and tests. Errors can only be founded during the simulation and test phase. And some vital errors cannot be tested, because these errors may cause damages to the equipment and persons. So the correctness and reliability of control program cannot be ensured. For these problems, the formal design methods emerged as the times require. The errors can be found in design level by the formalized-model. In other word, formal methods could detect the errors earlier, reduce the cost of development, and are suitable for the occasions that require rigorous requirements on the correctness and reliability. This paper discussed a kind of Event-B based formal method, using Rodin Platform, to model, refine and verify the automated production line control system.

Ning Ge,Arnaud Dieumegard,Eric Jenn,Laurent Voisin

DOI: https://doi.org/10.1002/smr.1959

2018-01-01

Journal of Software

Abstract:Event‐B is a formal notation and method for the systems development. The key feature of this method is to produce correct‐by‐construction system designs. Once the correct design is established, the remaining work is to generate or implement correct code from the design. Two main problems remain in the process from the correct‐by‐construction design to the correct software. First, the Event‐B design is “quasi‐correct” due to some technical limitations. For instance, it is still difficult to prove the liveness properties by the Rodin platform; it is not possible to construct the Event‐B design with floating‐point arithmetic, and sometimes, the Event‐B model is incomplete and must rely on the third‐party libraries. Therefore, a method is needed to complement these modeling and proof gaps. Secondly, proving the correctness of an automatic code generator is very difficult; therefore, a method is needed to guarantee the correctness of the produced code without proving the code generator. In this article, we address the above 2 problems by introducing an intermediate formal language called High‐Level Language (HLL) between the Event‐B models and the C code. The Event‐B model is translated to HLL with an additional schedule configuration, where Event‐B invariants and system invariants (here, deadlock‐freeness and liveness properties) are proved using a SAT‐based model checker called S3. This proof guarantees the correctness of the HLL model with respect to the Event‐B model. The C code is then automatically generated from the HLL model for most functions and is manually implemented for the third‐party ones according to the function contracts defined in Event‐B. The correctness of the generated C code is guaranteed using the equivalence proof, and the correctness of the implemented C code is guaranteed using the conformance proof. Through the article, we use a traffic light controller to illustrate the proposed method; then, we apply the method to an automatic protection function of a 3‐wheeled robot to evaluate its feasibility.

Michael Butler,Issam Maamria

DOI: https://doi.org/10.1007/978-3-642-39698-4_5

2013-01-01

Abstract:The Rodin tool for Event-B supports formal modelling and proof using a mathematical language that is based on predicate logic and set theory. Although Rodin has in-built support for a rich set of operators and proof rules, for some application areas there may be a need to extend the set of operators and proof rules supported by the tool. This paper outlines a new feature of the Rodin tool, the theory component, that allows users to extend the mathematical language supported by the tool. Using theories, Rodin users may define new data types and polymorphic operators in a systematic and practical way. Theories also allow users to extend the proof capabilities of Rodin by defining new proof rules that get incorporated into the proof mechanisms. Soundness of new definitions and rules is provided through validity proof obligations.

Andrés Marín López,C. D. Kloos,J. A. Fisteus

Abstract:Business process management is a key issue in B2B. Different process modelling languages and workflow management tools and frameworks have appeared to aid the development, deployment and management of e-commerce solutions. Nevertheless, there is not yet a framework to compel with tasks such as guaranteeing: safety outcomes of the run of a composition of processes, the eventual execution of processes under some condition, or the soundness of a design with respect to the specification. This is the mission of formal methods, and they have been successfully applied in the fields of real-time software, hardware verification, and a growing list of application areas as the computation costs decrease. In this article we present VERBUS, a formal system for the modelling and verification of business processes. VERBUS allows a designer to specify properties for verification. The Finite State Machine theory is under the hood of VERBUS, providing the designer with a well-known and understandable approach, which offers a set of existing tools for verification or for compiling to other formats for the application of model–checkers.

Computer Science,Business

Asieh Salehi Fathabadi,Vahid Yazdanpanah

DOI: https://doi.org/10.4204/EPTCS.395.2

2023-11-16

Abstract:Trust is a crucial component in collaborative multiagent systems (MAS) involving humans and autonomous AI agents. Rather than assuming trust based on past system behaviours, it is important to formally verify trust by modelling the current state and capabilities of agents. We argue for verifying actual trust relations based on agents abilities to deliver intended outcomes in specific contexts. To enable reasoning about different notions of trust, we propose using the refinement-based formal method Event-B. Refinement allows progressively introducing new aspects of trust from abstract to concrete models incorporating knowledge and runtime states. We demonstrate modelling three trust concepts and verifying associated trust properties in MAS. The formal, correctness-by-construction approach allows to deduce guarantees about trustworthy autonomy in human-AI partnerships. Overall, our contribution facilitates rigorous verification of trust in multiagent systems.

Computer Science and Game Theory,Multiagent Systems

Eduard Kamburjan,Nathan Wasser

DOI: https://doi.org/10.48550/arXiv.2110.01964

2022-02-11

Abstract:We present a novel and well automatable approach to formal verification of programs with underspecified semantics, i.e., a language semantics that leaves open the order of certain evaluations. First, we reduce this problem to non-determinism of distributed systems, automatically extracting a distributed Active Object model from underspecified, sequential C code. This translation process provides a fully formal semantics for the considered C subset. In the extracted model every non-deterministic choice corresponds to one possible evaluation order. This step also automatically translates specifications in the ANSI/ISO C Specification Language (ACSL) into method contracts and object invariants for Active Objects. We then perform verification on the specified Active Objects model. For this we have implemented a theorem prover Crowbar based on the Behavioral Program Logic (BPL), which verifies the extracted model with respect to the translated specification and ensures the original property of the C code for all possible evaluation orders. By using model extraction, we can use standard tools, without designing a new complex program logic to deal with underspecification. The case study used is highly underspecified and cannot be verified with existing tools for C.

Programming Languages,Logic in Computer Science

Shiling Feng,Xiaohong Chen,Qin Li,Yongxin Zhao

DOI: https://doi.org/10.1109/tase52547.2021.00034

2021-01-01

Abstract:Software requirements are the criteria for the correctness of the software behaviors. How to verify the correctness of the requirements is a big challenge in requirements engineering. Among various requirements approaches, the environment modeling based requirements engineering(EBRE) gains great popularity due to its explicit environment model. However, it still lacks of a formal approach to verify the correctness of the requirements models proposed in EBRE. Event-B is a popular formal method employing step-wise refinement to construct system models and verify their correctness according to the system requirements. This paper combines EBRE with Event-B to merge the advantages of the two methods. On the one hand, we transform the EBRE models to the initial Event-B model to guide the further design and development of the system. On the other hand, the transformed Event-B model can provide formal proof on the consistency of the requirements model. We also implement a plug-in tool on the Rodin platform to realize the automatic transformation from EBRE models to Event-B model and to commit a formal verification on the correctness of the transformed requirements model.

Olfa Mosbahi,Mohamed Khalgui,Hans-Michael Hanish,Zhiwu Li

DOI: https://doi.org/10.1109/tsmca.2010.2093885

2011-01-01

Abstract:This paper addresses a component-based approach using the Event-B method to develop automated systems. These systems are composed of two parts: the control part (controller) and the operative part (controlled component). The first is a software component which controls the operative part that models the physical device and its environment. We propose in this paper the use of the formal Event-B method to develop automated systems applying a codesign technique, where the two components are developed separately, and then, a composition is defined with the Event-B method to prove the automated system correctness. First of all, we define a specification for the composition of these two components in the Event-B method. Second, we give refinement semantics for a component-based system before proposing a method to verify the refinement of a whole system from that of its components.

Yuqian Guan,Jian Guo,Qin Li

DOI: https://doi.org/10.1109/access.2021.3073398

IF: 3.9

2021-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is becoming an increasingly common paradigm. As IoT usage scenarios have increased, many challenges in IoT operating systems' safety and adaptability have remained. According to the programming model, IoT operating systems can be categorized into three types: multithreading, event-driven, and hybrid. Different operating system models are applied in different scenarios depending on the real-time requirements or resource richness. The safety of IoT operating systems is critical; hence, formal verification is an important method of detecting potential vulnerabilities and providing safety guarantees. This paper proposes a hybrid model for an IoT operating system and employs the Event-B method for modeling and verification. We rewrite the requirements and divide the Event-Bus hybrid operating system model into eight levels for refinement. The safety and liveness properties of Event-Bus are guaranteed by generating and proving the proof obligations at each model level. A large proportion of the proof obligations (91%) are automatically proven on the Rodin platform to simplify the development process.

T. Komenda,M. Hofbaur,Thomas Haspl,Michael Rathmair,Bernhard Reiterer

DOI: https://doi.org/10.1109/ICAR53236.2021.9659366

2021-12-06

Abstract:Formal verification is a powerful tool to show functional correctness of task and workflow descriptions representing robot-based manufacturing processes. A prerequisite is the integration of the process into a well-structured modeling and design architecture. In this paper, we propose a layer-based formal verification scheme that accepts BPMN-based input models. The integrated composition of tools enables state-space comprehensive verification targeting a set of user-defined verification goals. The importance of formal verification scheme is highlighted by our methodology which strictly supports a model refinement and abstraction approach. Since the complexity and size of robot application process models are steadily increasing this feature in combination with a clear verification methodology is a substantial contribution towards industrial acceptance.

Engineering,Computer Science

Paulo J. Matos,Joao Marques-Silva

DOI: https://doi.org/10.48550/arXiv.0805.3256

2008-05-30

Abstract:As systems become ever more complex, verification becomes more main stream. Event-B and Alloy are two formal specification languages based on fairly different methodologies. While Event-B uses theorem provers to prove that invariants hold for a given specification, Alloy uses a SAT-based model finder. In some settings, Event-B invariants may not be proved automatically, and so the often difficult step of interactive proof is required. One solution for this problem is to validate invariants with model checking. This work studies the encoding of Event-B machines and contexts to Alloy in order to perform temporal model checking with Alloy's SAT-based engine.

Logic in Computer Science

Sohaib Soualah,Yousra Hafidi,Mohamed Khalgui,Allaoua Chaoui,Laid Kahloul

DOI: https://doi.org/10.5220/0009893602500259

2020-01-01

Abstract:This paper deals with the modelling and verification of reconfigurable discrete event systems using model driven engineering (MDE) and Isabelle/HOL. MDE is a software development methodology followed by engineers. Isabelle/HOL is an interactive/automated theorem prover that combines the functional programming paradigm with high order logic (HOL), which makes it efficient for developing solid formalizations. We are interested in combining these two complementary technologies by mapping elements of MDE into Isabelle/HOL. In this paper, we present a transformation process from Ecore models, to functional data structures, used in proof assistants. This transformation method is based on Model-driven engineering and defined by a set of transformation rules that are described using formal presentations. Furthermore, in order to avoid redundant computations in RDESs, we propose a new algorithm for improved verification. We implement the contributions of this paper using Eclipse environment and Isabelle tool. Finally, we illustrate the proposed approach through FESTO MPS case study.

Jie Li,Kai Hu,Jian Zhu,Jean-Paul Bodeveix,Yafei Ye

DOI: https://doi.org/10.1155/2022/4467917

2022-01-01

Wireless Communications and Mobile Computing

Abstract:The practical Byzantine Fault Tolerance (PBFT) is a classical consensus algorithm that has been widely applied in an alliance blockchain system to make all nodes agree to certain transactions under the assumption that the proportion of Byzantine nodes is no more than 1/3. It is prevalent due to its performance, simplicity, and claimed correctness. However, any vulnerability of the consensus algorithm can lead to a significant loss in finance because no one can change the transaction results after execution. This paper proposes a formal development method of the PBFT algorithm by horizontal refinement in Event-B, which allows us to manage the complexity of the proof process by factoring the proof of correctness into several refinement steps. During the development of PBFT, we have specified the core mechanism like parameterized message types, primary node change, and water-mark interval. Furthermore, we present a mechanical verification of the safety and liveness properties of the model in Rodin, which can be partially and widely used to check the blockchain consensus algorithm vulnerability using a refinement tree of algorithms.

Ignacy Stępka,Nicholas Gisolfi,Artur Dubrawski

2024-08-02

Abstract:Recent advancements in machine learning have accelerated its widespread adoption across various real-world applications. However, in safety-critical domains, the deployment of machine learning models is riddled with challenges due to their complexity, lack of interpretability, and absence of formal guarantees regarding their behavior. In this paper, we introduce a verification framework tailored for Bayesian networks, designed to address these drawbacks. Our framework comprises two key components: (1) a two-step compilation and encoding scheme that translates Bayesian networks into Boolean logic literals, and (2) formal verification queries that leverage these literals to verify various properties encoded as constraints. Specifically, we introduce two verification queries: if-then rules (ITR) and feature monotonicity (FMO). We benchmark the efficiency of our verification scheme and demonstrate its practical utility in real-world scenarios.

Artificial Intelligence,Logic in Computer Science