Pre/post condition-based specifications are commonplace in a variety of software engineering activities that range from requirements through to design and implementation. The fragmented nature of these specifications can hinder validation as it is difficult to understand if the specifications for the various operations fit together well. In this paper we propose a novel technique for automatically constructing abstractions in the form of behaviour models from pre/post condition-based specifications. The level of abstraction at which such models are constructed preserves enabledness of sets of operations, resulting in a finite model that is intuitive to validate and which facilitates tracing back to the specification for debugging. The paper also reports on the application of the approach to an industrial strength protocol specification in which concerns were identified. 1.

the date of receipt and acceptance should be inserted later

Le raffinement est une notion clé dans la méthode B. Nous étudions le rapport entre cette notion et certaines relations entre systèmes de transitions étiquetés telles que la simulation, la bisimulation... Le point de départ de l’étude est la définition d’une traduction particulière des STEs en spécification B. Nous présentons, ensuite, des schémas composés de spécifications B basées sur les clauses de modularité INCLUDES et REFINES. Pour chacun de ces schémas nous détaillons une proposition en terme de relation entre STEs. Les schémas mis en évidence pourront ensuite être utilisés dans le cadre de l’assemblage des composants. Mots clés: méthode B, raffinement, système de transitions étiquetés, simulation Refinement is an important technique of B method. We study the relationship between B refinement and some relations between labeled transition systems (LTS) such that simulation or bisimulation... The starting point of the study is the definition of a translation of LTSs into B specifications. Then we consider some diagrams composed of B specifications based on the clauses INCLUDES and REFINES. For every diagram we give a proposition in terms of relation between LTSs. These diagrams are then used to verify the correctness of the component assembly at the protocol level.

This paper summarises roughly ten years of experience using declarative programming for developing tools to validate formal specifications. More precisely, we present insights gained and lessons learned while implementing animators and model checkers in Prolog for various specification languages, ranging from process algebras such as CSP to model-based specifications such as Z and

the date of receipt and acceptance should be inserted later Abstract We present a new approximate verification technique for falsifying the invariants of B models. The technique employs symmetry of B models induced by the use of deferred sets. The basic idea is to efficiently compute markers for states, so that symmetric states are guaranteed to have the same marker (but not the other way around). The falsification algorithm then assumes that two states with the same marker can be considered symmetric. We describe how symmetry markers can be efficiently computed and empirically evaluate an implementation, showing both very good performance results and a high degree of precision (i.e., very few non-symmetric states receive the same marker). We also identify a class of B models for which the technique is precise and therefore provides an efficient and complete verification method. Finally, we show that the technique can be applied to Z models as well.

Abstract. In this paper we examine the difference between model checking high-level and low-level models. In particular, we compare the ProB model checker for the B-method and the SPIN model checker for Promela. While SPIN has a dramatically more efficient model checking engine, we show that in practice the performance can be disappointing compared to model checking high-level specifications with ProB. We investigate the reasons for this behaviour, examining expressivity, granularity and SPIN’s search algorithms. We also show that certain types of information (such as symmetry) can be more easily inferred and exploited in highlevel models, leading to a considerable reduction in model checking time.

Abstract—Pre/post condition-based specifications are common-place in a variety of software engineering activities that range from requirements through to design and implementation. The fragmented nature of these specifications can hinder validation as it is difficult to understand if the specifications for the various operations fit together well. In this paper, we propose a novel technique for automatically constructing abstractions in the form of behaviour models from pre/post condition-based specifications. Abstraction techniques have been used successfully for addressing the complexity of formal artifacts in software engineering; however, the focus has been, up to now, on abstractions for verification. Our aim is abstraction for validation and hence, different and novel tradeoffs between precision and tractability are required. More specifically, in this paper, we define and study enabledness preserving abstractions, that is, models in which concrete states are grouped according to the set of operations that they enable. The abstraction results in a finite model that is intuitive to validate and which facilitates tracing back to the specification for debugging. The paper also reports on the application of the approach to two industrial strength protocol specifications in which concerns were identified.