what is the b method
play

What is the B-method? Welcome to Provably Correct Software - PDF document

Jun 22, 2023 •350 likes •545 views

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated

  1. What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated 2008-03-18 Provably Correct Software Page 2 Updated 2008-03-18 What is the B-method (really)? The software development process • Requirements capture The B-method is a formal method used for • Specification • Formal specification of software (using the Abstract Machine Traditionally done using plain language, diagrams, tables ... Notation – AMN ) • Validation (are we building the right system?) • Writing executable programs (using the B0 subset of AMN) Traditionally done by inspection, prototyping ... • Proving consistency of specifications and correctness of programs • Design Characteristics: Specify the architecture and data structures of the software • Model-based specification • Implementation • Refinement Programs written in a programming language • Verification (are we building the system right?) The B-method is supported by software tools such as Traditionally done by testing • Atelier B • Debugging • B-Toolkit Try to find out where the program goes wrong • ProB Provably Correct Software Page 3 Updated 2008-03-18 Provably Correct Software Page 4 Updated 2008-03-18 The role of B in software development Model-based specification • Requirements capture The specification gives a mathematical model of the data the • Specification program uses and describes the function of the program in terms of Wholly or in part written in AMN. mathematical operations on that data. • Validation (are we building the right system?) Consider a stack : Proving correctness theorems, animating the specification... • A stack can be modelled as a sequence of objects . • Design • Assume that the top element is always the last element of the Design specifications wholly or in part written in AMN. sequence. • Implementation • Pushing an item onto the stack means the same as adding it to the Programs written in the B0 subset of the AMN. end of the sequence. • Verification (are we building the system right?) • Popping an object off the stack means removing the last element Refinement proof. Testing should not be needed. from the sequence. • Debugging You don � t need this (at least not in the traditional sense) Provably Correct Software Page 5 Updated 2008-03-18 Provably Correct Software Page 6 Updated 2008-03-18

  2. A stack in B (simplified) B ensures error-free execution • There must be a size limit for the stack (as computer memory is A stack can be formally specified by the following B specification finite) machine (or abstract machine) written in AMN. • There must be preconditions on the operators to make sure that MACHINE Stack SETS ELEMENTS they are well-defined. (What happens if you pop an empty stack?) VARIABLES stack INVARIANT stack:seq(ELEMENTS) INITIALISATION stack := <> OPERATIONS xx <-- get = xx := last(stack); push(xx) = stack := stack<-xx; pop = stack := front(stack) END Actually, you would not be able to develop a program conforming to this specification because some important things are missing. Can you see what? (Think about the Prog. Methodology 1 course...) Provably Correct Software Page 7 Updated 2008-03-18 Provably Correct Software Page 8 Updated 2008-03-18 A better specification Implementing Stacks – refinement MACHINE Stack The stack specification does not concern itself with implementation CONSTANTS maxsize SETS ELEMENTS details. Stacks are actually implemented by a B implementation PROPERTIES maxsize:NAT VARIABLES stack machine . This machine must be a refinement of the specification. INVARIANT stack:seq(ELEMENTS) & size(stack)<=maxsize INITIALISATION stack := <> Intuitively, a refinement is something which is the same but more OPERATIONS xx <-- get = PRE stack /= <> concrete . For example: THEN xx := last(stack) END; • undetermined things (e.g. maximum stack size) are decided push(xx) = PRE xx:ELEMENTS & size(stack)<maxsize THEN stack := stack<-xx • algorithms are provided for abstract operations (e.g. a quantified END; pop = PRE stack /= <> expression can be refined by a loop). THEN stack := front(stack) • an operation can be implemented in terms of other simpler END END operations (stepwise refinement). NAT is the set of implementable natural numbers (has upper limit). • mathematical objects like sequences are replaced by B guarantees that preconditions are satisfied when operations are implementable objects like arrays. used ( design by contract ). Provably Correct Software Page 9 Updated 2008-03-18 Provably Correct Software Page 10 Updated 2008-03-18 A stack implementation Sequence of refinements IMPLEMENTATION StackI Sometimes the step from specification to implementation is too REFINES Stack VALUES ELEMENTS = INT; maxsize = 100 large. The refinement can then be done as a series of smaller CONCRETE_VARIABLES array, currentsize INVARIANT array:(1..maxsize)-->ELEMENTS & refinements. The intermediate stages are represented by B currentsize:0..maxsize & !ii.(ii:1..currentsize => refinement machines . stack(ii) = array(ii)) & currentsize = size(stack) In the sequence of refinements, the machines get successively INITIALISATION array := (1..maxsize)*{0}; currentsize := 0 OPERATIONS more concrete, until the implementation machine is reached. xx <-- get = xx := array(currentsize); push(xx) = BEGIN currentsize := currentsize+1; array(currentsize) := xx END; pop = currentsize := currentsize-1 END The stack is stored as an array. When items are pushed on the stack, they are stored in successive array elements. (If you are curious – identifiers must have at least 2 characters.) Provably Correct Software Page 11 Updated 2008-03-18 Provably Correct Software Page 12 Updated 2008-03-18

  3. Algebraic specification Atelier B A different specification technique is to give equations that describe We will use the Atelier B tool. It can: what properties the operations should have. A stack could be • Do syntax and type checking of B machines specified by the following (in)equations: (assuming s ranges over • Generate proof obligations for the consistency of machines stacks, e over elements and empty represents the empty stack). • Generate proof obligations for refinements get(push(s,e)) = e • Prove most proof obligations pop(push(s,e)) = s • Translate implementation machines into C (or C++ or ADA) push(s,e) � empty • Generate basic documentation of machines get(empty) � e • Manage projects with many developers pop(empty) � s See the course web site for instructions on how to run Atelier B! B is not intended for algebraic specifications, but you can with Atelier B is a commercial product used in industrial software difficulty abuse the notation to write such specifications. development. (Unfortunatelty the graphical user interface is somewhat primitive.) Provably Correct Software Page 13 Updated 2008-03-18 Provably Correct Software Page 14 Updated 2008-03-18 ProB About the B-method We will also use the ProB tool to validate specifications. The B method was developed with practical software development Some things it can do: in mind. It brings together ideas from various areas of computer science (and mathematics). Some of them are: • Animate B specification machines • Check internal consistency of a machine by automatic testing • Axiomatic set theory (Zermelo-Fraenkel) • Model-based specifications (Z, VDM-SL) ProB is research software under development. • Pre- and postconditions • It does not implement the full AMN, so not all B specifications • Design by contract can be animated. • Invariants • It requires limites ranges of numbers and sizes of sets to work. • Guarded commands • It does give a very clear view of what the B machine is doing. • Weakest precondition semantics See the course web site for instructions on how to run ProB! • Hoare logic (axiomatic semantics) • Refinement calculus • Stepwise refinement Provably Correct Software Page 15 Updated 2008-03-18 Provably Correct Software Page 16 Updated 2008-03-18 The course The projects • Suggest a small programming task. Get the instructor � s approval. • Lectures outline the material and point out important issues. • Write a B specification machine (or machines) • Students study the details from the textbook and other sources • Validate it, prove its consistency (web resources, research papers…) • Write a B implementation machine (or machines) • Weekly seminars with presentations by students and discussions. • Prove that it is a refinement (possibly using intermediate refinement • During the course groups of 2 (or 3) students carry out a program machines) development project including specification, implementation and • Generate an executable program and run it. Is it bug-free? proof. • Write a project report! • No proper exam. The seminars can be seen as an ongoing oral exam. Provably Correct Software Page 17 Updated 2008-03-18 Provably Correct Software Page 18 Updated 2008-03-18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem /Question Research Hypothesis Experiment Data (Results /Observation) Conclusion The Scientific Method The scientific method idea is the method on

310 views • 11 slides
Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to

Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to

Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to apply, but it has not been so widely implemented as DP. Similar to DP, MG returns True if given clauses are satisfiable . AUTOMATED REASONING MG

79 views • 7 slides
Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method

Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method

Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method handles? Why do we need them? What's new for method handles in Java 9? InvokeBinder primer Something crazy? Method Handles? History

886 views • 55 slides
* 1 Sequence data Sequence data * 2 Align Sequences Align Sequences 2. The dataset

* 1 Sequence data Sequence data * 2 Align Sequences Align Sequences 2. The dataset

Inferring trees is difficult!!! MODELS OF PROTEIN EVOLUTION: 1. The method problem AN INTRODUCTION TO AMINO ACID EXCHANGE MATRICES A Method 1 Method 1 Dataset 1 Dataset 1 B ? C A Robert Hirt Method 2 Method 2 Department of Zoology,

373 views • 13 slides
Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method :

Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method :

2020/5/20 @ R-CCS Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method : small flow-time expansion method WHOT-QCD Collaboration: K. Kanaya, Y. Taniguchi, A. Baba, A. Suzuki (Univ. Tsukuba) S.

926 views • 50 slides
How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to determine the truth. New theories become accepted when enough evidence is found to prove them, not because well respected scientists propose them. You

591 views • 24 slides
Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero

Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero

Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero of a function. Recall FONC = f x ( ) 0 For quadratic case: = + 1 g x ( ) xQx bx 2 = + = g x ( ) Qx b 0 =

477 views • 24 slides
How to Memorize Numbers A brief summary of the Peg System 1. Numbers are very difficult to

How to Memorize Numbers A brief summary of the Peg System 1. Numbers are very difficult to

Dynamic Memory Workshop CA Srinivas Vakati | +91 9769064199 | Srinivas@srinivasvakati.com Techniques for Memorizing 1. Linking method / Story method 2. Memory Palace Method 3. Peg Method Rules of Memory ICU 1. Imagination/ Visualization

43 views • 3 slides
Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method Amortized Analysis Potential Method Examples : Binary Counter and Dynamic Table http://www.cp.eng.chula.ac.th/faculty/spj Cost of A Sequence of

332 views • 14 slides
Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method Amortized Analysis Potential Method Examples : Binary Counter and Dynamic Table http://www.cp.eng.chula.ac.th/faculty/spj Cost of A Sequence of

379 views • 21 slides
Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse

Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse

Acceptance-Rejection Method Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse transform method is not directly applicable or is inefficient. To simulate a sample x of X with pdf f X . Aim: 1 Consider a

930 views • 26 slides
Income ome A Appr pproach Three methods to determine: Summation Method (build-up method)

Income ome A Appr pproach Three methods to determine: Summation Method (build-up method)

Income ome A Appr pproach Three methods to determine: Summation Method (build-up method) Band-of-Investment Method Market Comparison Method 1 Income ome A Appr pproach Recapture Rate percentage that allows for return

852 views • 56 slides
The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1 Kazuki Niino, Olaf Steinbach TU Graz 2 Background Space-time method for a BEM Flexible mesh Stability Large coefficient matrix

286 views • 27 slides
How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has

How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue November 18, 2016 In this class you should learn: How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has Simpsons

165 views • 5 slides
Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c

Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c

Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c S 2 Introduc Intr oduction to the tion to the Sc Scie ientif ntific ic Me Method thod Basic sic R Requir quirements: nts:

142 views • 12 slides
Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be

Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be

2/14/16 Preliminaries: programming as a contract n Specifying what each method does Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be true before the method is executed q Caller obligation Chapter

460 views • 9 slides
HELLO! HELLO! Makerspaces in ECE I am Margaret A. Powers I am Margaret A. Powers Director of

HELLO! HELLO! Makerspaces in ECE I am Margaret A. Powers I am Margaret A. Powers Director of

HELLO! HELLO! Makerspaces in ECE I am Margaret A. Powers I am Margaret A. Powers Director of STEAM Innovation Innovation &amp; Ed Tech Consultant A Planning Guide for Administrators Serve as a coach, collaborator, and catalyst

648 views • 13 slides
bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier

bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier

bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier BNP Paribas Technical Co-founder WeAreTheShops (Solo) Founder RDC Dist. Agency Eng. Manager Sensio/SensioLabs Developer A ffi liationWizard

1.42k views • 82 slides
Koshino House Tadao Ando Koshino House Introduction In the Koshino House, Tadao Ando arranged

Koshino House Tadao Ando Koshino House Introduction In the Koshino House, Tadao Ando arranged

Koshino House Tadao Ando Koshino House Introduction In the Koshino House, Tadao Ando arranged the two organic concrete boxes in parallel so as to avoid the scatterred trees around them, and also had them burried into the ground. The two

811 views • 18 slides
PUF based Security Enhancement for Automotive Software Update Hiroyuki

PUF based Security Enhancement for Automotive Software Update Hiroyuki

PUF based Security Enhancement for Automotive Software Update Hiroyuki Tomiyama Ritsumeikan University http://hiroyuki.tomiyama lab.org/ MPSoC 2015 Our Team Advisors from WITZ Co. Ltd.

320 views • 8 slides
Event-B &amp; Cloud Provers A. Iliasov D. Adjepon-Yamoah P. Stankaitis Department of Computer

Event-B &amp; Cloud Provers A. Iliasov D. Adjepon-Yamoah P. Stankaitis Department of Computer

Event-B &amp; Cloud Provers A. Iliasov D. Adjepon-Yamoah P. Stankaitis Department of Computer Science Newcastle University AI4FM workshop, 2015 A. Iliasov, D. Adjepon-Yamoah, P. Stankaitis (Universities of Somewhere and Elsewhere) Event-B

628 views • 25 slides
Plugging external provers into the Rodin platform Laurent Voisin (Systerel) Rodin and Event-B

Plugging external provers into the Rodin platform Laurent Voisin (Systerel) Rodin and Event-B

Plugging external provers into the Rodin platform Laurent Voisin (Systerel) Rodin and Event-B An open platform for Event-B modelling and proving Designed to model reactive discrete systems by engineers (no PhD required) Based on the

373 views • 8 slides
Ultrahigh energy cosmic rays Ultrahigh energy cosmic rays sources? and pulsar winds Kumiko

Ultrahigh energy cosmic rays Ultrahigh energy cosmic rays sources? and pulsar winds Kumiko

Ultrahigh energy cosmic rays Ultrahigh energy cosmic rays sources? and pulsar winds Kumiko Kotera Institut dAstrophysique de Paris Atelier Acclration - 03/10/12 Since 1990 in ultrahigh energy cosmic rays Auger SOUTH Cerenkov tanks:

379 views • 14 slides
54 TH ANNUAL GENERAL MEETING 24 July 2020 Our foremost priority in these trying times is the

54 TH ANNUAL GENERAL MEETING 24 July 2020 Our foremost priority in these trying times is the

54 TH ANNUAL GENERAL MEETING 24 July 2020 Our foremost priority in these trying times is the health and well-being of our staff, customers, and business partners. As uncertainties persist in the local and global economy, we will maintain an

556 views • 26 slides

More recommend