## Validating and animating higher-order recursive functions in B. Submitted; preliminary version presented at Dagstuhl Seminar 06191 Rigorous Methods for Software Construction and Analysis (2006)

### Cached

### Download Links

Citations: | 4 - 2 self |

### BibTeX

@MISC{Leuschel06validatingand,

author = {Michael Leuschel and Dominique Cansell and Michael Butler and Loria Nancy},

title = {Validating and animating higher-order recursive functions in B. Submitted; preliminary version presented at Dagstuhl Seminar 06191 Rigorous Methods for Software Construction and Analysis},

year = {2006}

}

### OpenURL

### Abstract

Abstract. ProB is an animation and model checking tool for the B Method, which can deal with many interesting specifications. Some specifications, however, contain complicated functions which cannot be represented explicitly by a tool. We present a scheme with which higher-order recursive functions can be encoded in B, and establish soundness of this scheme. We then describe a symbolic representation for such functions. This representation enables ProB to successfully animate and model check a new class of relevant specifications, where animation is especially important due to the involved nature of the specification.

### Citations

2703 | Model Checking
- Clarke, Grumberg, et al.
- 1999
(Show Context)
Citation Context ...RODIN (Rigourous Open Development Environment for Complex Systems).sform of animation, e.g., to check that certain functionality is present in the specification. Another useful tool is model checking =-=[6]-=-, whereby the specification can be systematically checked for certain temporal properties. In previous work [9], we have presented the ProB animator and model checker to support those activities. The ... |

671 |
Partial Evaluation and Automatic Program Generation
- Jones, Gomard, et al.
- 1993
(Show Context)
Citation Context ...is actually quite reasonable (also given the fact that the typing predicates are repeatedly evaluated). However, there is definitely scope for improvement. Possibly with the use of partial evaluation =-=[7]-=- and more sophisticated implementation techniques, a big improvement in speed should be possible. Still, in its current form the tool can be used to animate a wide 9 Note that neither SICStus Prolog n... |

175 |
The B-Book
- Abrial
- 1996
(Show Context)
Citation Context ...he involved nature of the specification. Keywords: B-Method, Tool Support, Model Checking, Animation, Logic Programming, Constraints. 4 1 Introduction The B-method, originally devised by J.-R. Abrial =-=[1]-=-, is a theory and methodology for formal development of computer systems. It is used by industries in a range of critical domains. B specifications are structured into abstract machines. The state of ... |

106 | ProB: A Model Checker for B
- Leuschel, Butler
- 2003
(Show Context)
Citation Context ...ain functionality is present in the specification. Another useful tool is model checking [6], whereby the specification can be systematically checked for certain temporal properties. In previous work =-=[9]-=-, we have presented the ProB animator and model checker to support those activities. The tool can also be used to complement proof activities, as it supports automated consistency checking of B machin... |

14 | Partial recursive functions in higher-order logic
- Krauss
(Show Context)
Citation Context ...case, fact1 will be stored as a standard closure (calling fact2) and fact2 will be a recursive closure with no reference to fact1. Note that we can also deal with the problematic example discussed in =-=[8]-=-. Higher-Order Functional Programming Some higher-order programming is actually already built into B: to map a function f over a sequence s we simply need to use the relational composition (s; f), as ... |

14 | Automatic refinement checking for B
- Leuschel, Butler
(Show Context)
Citation Context ...hose activities. The tool can also be used to complement proof activities, as it supports automated consistency checking of B machines and has been recently extended for automated refinement checking =-=[10]-=-. Motivation The ProB tool has been successfully applied to various academic and industrial examples (e.g., a Volvo vehicle function [9]). ProB can deal with B’s data structures, such as relations, fu... |

9 |
On Using Conditional Definitions in Formal Theories
- Abrial, Mussat
- 2002
(Show Context)
Citation Context ...ithout it, we have in principle no guarantee that, for the recursive call fact(x − 1), the function is actually defined for x − 1 and that it actually is a function (and not just a relation; see also =-=[3]-=-). Thus, a more rigourous definition of the function is as follows: MODEL Factorial CONSTANTS factorial PROPERTIES factorial : NATURAL <-> NATURAL & factorial = { x,y | x: NATURAL & y: NATURAL & (x=0 ... |

9 | A System-Based Approach to the Formal Development of Embedded Controllers for a Railway. Design Automation for Embedded Systems
- Butler
(Show Context)
Citation Context ...ation about the possible values of the constants. Still, in the end, the constants will be represented explicitly inside ProB. This is not a problem for some models: for example, the railway model in =-=[4]-=- based on a requirements document from Siemens Transportation Systems, can be animated and model checked: the constants represent, amongst others, the underlying rail network topology. Some specificat... |

9 | Validating Z specifications using the ProBAnimator and model checker
- Plagge, Leuschel
- 2007
(Show Context)
Citation Context ...cations, however, contain complicated functions or sets which cannot be represented explicitly. Take the following recursive function over sequences of sequences, coming from an industrial case study =-=[12]-=-: removeDuplicates = {ss,rs | ss: seq(seq(PLACE)) & rs:seq(seq(PLACE)) & (ss=<> => rs=<>) & (card(ss)=1 => rs=ss) & (card(ss)>1 => ( #(s1,s2).(s1:seq(PLACE) & s1=first(ss) & s2:seq(PLACE) & s2=ss(2) &... |

5 |
Higher-order” mathematics in B
- Abrial, Cansell, et al.
- 2002
(Show Context)
Citation Context ...etect an error in the original specification [12]. 7 Related Work and Conclusion While there are various other animators for B and Z, to our knowledge, none of them can handle recursive functions. In =-=[2]-=- authors explain how we can specify higher order expression and theorems using B and how we can prove such theorems using B tools. The second work [5] is more related to our work. The factorial functi... |

2 |
Reconciling axiomatic and model-based specifications using the B method
- Robinson
- 2000
(Show Context)
Citation Context ...irst refinement computes a finite subset of the factorial function like in dynamic programming The last refinement computes factorial(n) using the well known loop from 1 to n. Another related work is =-=[14]-=-, which presents a framework to reconcile axiomatic and model-based specifications. As such it is related to our desire at the end of Sect. 4 to present two different views of a specification: one sui... |

1 |
Equality of agent expressions is preserved under an extension of the universe of actions
- Massart, Devillers
(Show Context)
Citation Context ...ive closure will be unrolled, etc., until we reach the base case of the recursion. Note that this way to handle recursion is related to the fix operator sometimes used in process algebras (see, e.g., =-=[11]-=-). New Syntax The introduction of a new syntax for recursive functions can provide both an effective way to animate recursive functions as well as a convenient way to prove properties with and about t... |

1 |
How many recursive calls does a recursive function make
- Robertson
- 1999
(Show Context)
Citation Context ... = {x,z| x:NATURAL & z:NATURAL & (x=0 => z=1) & (x=1 => z=1) & (x>1 => (z=fib(x-1)+fib(x-2))) }. The results are summarised in the same Table 1. For Fib(20) we have 21891 (2 × fib(20) − 1, see, e.g., =-=[13]-=-) calls to the Fibonacci function. This corresponds to 3357 calls per second. For a programming language this would of course be very slow (even though ProB works with big integers); but for animation... |