- Email: [email protected]
Preface: Abstract State Machines, Alloy, B, VDM, and Z. Selected & extended papers from ABZ 2012
Science of Computer Programming 94 (2014) 67–68
Contents lists available at ScienceDirect
Science of Computer Programming www.elsevier.com/locate/scico
Preface: Abstract State Machines, Alloy, B, VDM, and Z. Selected & extended papers from ABZ 2012 This special issue contains a selection of the best research contributions presented at ABZ 2012, the 3rd International Conference on Abstract State Machines, Alloy, B, VDM, and Z. The event was organized in Pisa on June 18–21, 2012, and was dedicated to Egon Börger, on the occasion of his 65th birthday, to celebrate his contribution to state-based formal methods. The papers of this volume aim to provide a view of the current research progress around five formal methods: Abstract State Machines (ASMs), Alloy, B, VDM, and Z, which share a common theoretical foundation based on the concepts of state and machine operation, and are widely used, in both academia and industry, for the design and analysis of hardware and software systems. In the last years, due to the maturity reached in modelling and analyzing real systems, communities around these formal approaches have been working towards an integrated use of these methods and their supporting tools. The goal is to define a comprehensive approach for designing reliable high-quality hardware/software systems in a rigorous and controllable way, by complementing system modelling with experimental validation and mathematical verification. The ABZ series of conferences was born to facilitate this cross-fertilization. The nine papers contained in this special issue were selected by taking into consideration all the formal communities, and are based on the papers received for the ABZ 2012 conference. The journal version of each contribution is a significant extension w.r.t. the conference version, and was subjected to a rigorous refereeing process to the usual standards of Science of Computer Programming. The selected publications show the continuous improvement of theory and tools behind these methods, and the current trend towards methods’ application in the context of modern complex systems, such as web applications and hybrid systems, as well as the effort in improving verification approaches to deal with complex models. The paper Modeling Web Applications Infrastructure with ASMs, by Vincenzo Gervasi, Egon Börger, and Antonio Cisternino, tackles the lack of rigorous abstract models for web application frameworks. It is still a theoretical challenge to analyze, evaluate and classify web application systems along the lines of fundamental behavioural model properties which can be accurately stated and verified, and be instantiated and checked for implementations. The authors provide a formal description, via Abstract State Machines, of client–server architectures for web applications. Several major frameworks for web applications are described as progressive refinements of a number of basic modules. The goal of this piece of research is to make a rigorous mathematical analysis of web applications possible, including the precise statement and analysis of the similarities and differences among existing frameworks. The paper Test Generation for Sequential Nets of Abstract State Machines with Information Passing, by Paolo Arcaini and Angelo Gargantini, regards model-based test case generation for Abstract State Machines. The authors try to overcome the limitations of model checking (mainly due to the state explosion problem) by focusing on Sequential Nets of ASMs, which consist of several sub-machines that pass the control and some information to each other. In order to generate test sequences for a sequential net of ASMs, test sequences are generated for each single ASM and combined in an efficient way with linear complexity. The paper ASM, Controller Synthesis, and Complete Refinement, by Richard Banach, Huibiao Zhu, Wen Su, and Xiaofeng Wu, introduces the controller synthesis problem for ASMs, namely the problem of separating a single model for controlled and controlling parts of a system into separate models. The authors propose a twofold contribution: (1) a method to split a monolithic specification into “plant” and “controller” subsystems, with a set of criteria to prove correctness of the decomposition; and (2) a notion of hybrid ASM with discrete as well as continuous “steps”, useful to model phenomena that can be described by a set of differential equations intermixed with mode changes. Formal development in Event-B generally requires the validation of a large number of proof obligations which are higherlevel set-theoretic formulas. Since verification tools do not support the full mathematical language of Event-B, these formulas are automatically simplified in formulas involving just predicate logic, equality, arithmetic and uninterpreted set membership. The paper Integrating SMT Solvers in Rodin, by David Déharbe, Pascal Fontaine, Yoann Guyot, and Laurent Voisin, http://dx.doi.org/10.1016/j.scico.2014.06.002 0167-6423/© 2014 Elsevier B.V. All rights reserved.
68
Preface
addresses the important and timely problem of using Satisfiability Modulo Theory (SMT) solvers to verify proof obligations, involving higher-level set-theoretic formulas, for Event-B specifications. The approach has been implemented as a plug-in for the Rodin platform. The tool converts proof obligation sequents produced by Rodin into a format that can be verified by standard SMT solvers. The benefits and difficulties are discussed, and experimental results are presented in both industrial and academic projects. The paper Refinement of Decomposed Models by Interface Instantiation, by Stefan Hallerstede and Thai Son Hoang, addresses the problem of decomposition and modularization for Event-B. This feature is extremely important when dealing with top-down formal development of systems. The authors present a novel approach allowing developers to decompose Event-B machines through the interface mechanism. The approach leads to the capability to realize parallel refinement of different machines that arise from decomposition. A methodology to deal with continuous variables in modelling real systems by using the Event-B framework and the Rodin tool is presented in the paper Formalizing Hybrid Systems with Event-B and the Rodin Platform, by Wen Su, Jean-Raymond Abrial and Huibiao Zhu. Starting with an abstraction described with discrete variables, Event-B machines are refined by progressively introducing continuous variables. This approach is suitable for modelling hybrid systems and it is applied to several case studies, each exposing a specific typical problem that one may encounter in the study of hybrid systems. A paper representing a step forward in the context of the Alloy formal method is Preventing Arithmetic Overflows in Alloy, by Aleksandar Milicevic and Daniel Jackson. This paper describes an improvement to the Alloy analyzer to deal with overflow integer expressions. In the previous version of Alloy, such overflow expressions returned the smallest negative integer, inducing spurious counter-examples, which were not easy to detect. To overcome this limitation, the authors introduce a technique that modifies the scope of quantified integer variables to ignore overflow expressions. The paper Supervisory Control Theory with Alloy, by Benoît Fraikin, Marc Frappier, and Richard St-Denis, presents an interesting exploration of the use of Alloy in developing an abstract model of a theory in a declarative manner and providing an interactive simulation platform that can be used to explore various instances of the model. This is extremely useful, especially for students, when becoming familiar with an unknown theory: new users can explore the abstract model with their own instances, even adding new relationships between concepts, in order to verify properties, generate solutions to practical problems and, ultimately, extend the theory. The authors propose the use of Alloy in modelling and prototyping varying fragments of the Supervisory Control Theory, a control theory for discrete event systems. They also include the verification of non-trivial properties such as controllability, normality and observational equivalence. Frequently, in the specification and development of programs, partial terms – those that can fail to denote a value – occur. Logicians argue for the use of the non-classical “Logic of Partial Functions” (LPF) to facilitate sound and convenient reasoning about such terms. The paper Revising Basic Theorem Proving Algorithms to Cope with the Logic of Partial Functions, by Cliff B. Jones, Matthew J. Lovert, and L. Jason Steggles, deals with exploring the necessary steps to be taken to enable theorem-proving algorithms to cope with LPF. A complete and sound analysis of theorem-proving in LPF is clearly necessary to enable robust tool support, and this work advances towards that goal. The authors also point out that faults have been discovered in existing tools due to a failure to appreciate the subtlety of undefined terms, so this work helps to improve the existing state of the art as well as building a solid foundation for further work. We wish to thank all the reviewers for their diligence, dedication and effort, who helped us in preparing this special issue of ABZ 2012.
Elvinia Riccobene Dipartimento di Informatica, Università degli Studi di Milano, Italy E-mail address: [email protected] Steve Reeves Department of Computer Science, University of Waikato, Hamilton, New Zealand E-mail address: [email protected] 6 June 2014 Available online 11 June 2014
Contents lists available at ScienceDirect
Science of Computer Programming www.elsevier.com/locate/scico
Preface: Abstract State Machines, Alloy, B, VDM, and Z. Selected & extended papers from ABZ 2012 This special issue contains a selection of the best research contributions presented at ABZ 2012, the 3rd International Conference on Abstract State Machines, Alloy, B, VDM, and Z. The event was organized in Pisa on June 18–21, 2012, and was dedicated to Egon Börger, on the occasion of his 65th birthday, to celebrate his contribution to state-based formal methods. The papers of this volume aim to provide a view of the current research progress around five formal methods: Abstract State Machines (ASMs), Alloy, B, VDM, and Z, which share a common theoretical foundation based on the concepts of state and machine operation, and are widely used, in both academia and industry, for the design and analysis of hardware and software systems. In the last years, due to the maturity reached in modelling and analyzing real systems, communities around these formal approaches have been working towards an integrated use of these methods and their supporting tools. The goal is to define a comprehensive approach for designing reliable high-quality hardware/software systems in a rigorous and controllable way, by complementing system modelling with experimental validation and mathematical verification. The ABZ series of conferences was born to facilitate this cross-fertilization. The nine papers contained in this special issue were selected by taking into consideration all the formal communities, and are based on the papers received for the ABZ 2012 conference. The journal version of each contribution is a significant extension w.r.t. the conference version, and was subjected to a rigorous refereeing process to the usual standards of Science of Computer Programming. The selected publications show the continuous improvement of theory and tools behind these methods, and the current trend towards methods’ application in the context of modern complex systems, such as web applications and hybrid systems, as well as the effort in improving verification approaches to deal with complex models. The paper Modeling Web Applications Infrastructure with ASMs, by Vincenzo Gervasi, Egon Börger, and Antonio Cisternino, tackles the lack of rigorous abstract models for web application frameworks. It is still a theoretical challenge to analyze, evaluate and classify web application systems along the lines of fundamental behavioural model properties which can be accurately stated and verified, and be instantiated and checked for implementations. The authors provide a formal description, via Abstract State Machines, of client–server architectures for web applications. Several major frameworks for web applications are described as progressive refinements of a number of basic modules. The goal of this piece of research is to make a rigorous mathematical analysis of web applications possible, including the precise statement and analysis of the similarities and differences among existing frameworks. The paper Test Generation for Sequential Nets of Abstract State Machines with Information Passing, by Paolo Arcaini and Angelo Gargantini, regards model-based test case generation for Abstract State Machines. The authors try to overcome the limitations of model checking (mainly due to the state explosion problem) by focusing on Sequential Nets of ASMs, which consist of several sub-machines that pass the control and some information to each other. In order to generate test sequences for a sequential net of ASMs, test sequences are generated for each single ASM and combined in an efficient way with linear complexity. The paper ASM, Controller Synthesis, and Complete Refinement, by Richard Banach, Huibiao Zhu, Wen Su, and Xiaofeng Wu, introduces the controller synthesis problem for ASMs, namely the problem of separating a single model for controlled and controlling parts of a system into separate models. The authors propose a twofold contribution: (1) a method to split a monolithic specification into “plant” and “controller” subsystems, with a set of criteria to prove correctness of the decomposition; and (2) a notion of hybrid ASM with discrete as well as continuous “steps”, useful to model phenomena that can be described by a set of differential equations intermixed with mode changes. Formal development in Event-B generally requires the validation of a large number of proof obligations which are higherlevel set-theoretic formulas. Since verification tools do not support the full mathematical language of Event-B, these formulas are automatically simplified in formulas involving just predicate logic, equality, arithmetic and uninterpreted set membership. The paper Integrating SMT Solvers in Rodin, by David Déharbe, Pascal Fontaine, Yoann Guyot, and Laurent Voisin, http://dx.doi.org/10.1016/j.scico.2014.06.002 0167-6423/© 2014 Elsevier B.V. All rights reserved.
68
Preface
addresses the important and timely problem of using Satisfiability Modulo Theory (SMT) solvers to verify proof obligations, involving higher-level set-theoretic formulas, for Event-B specifications. The approach has been implemented as a plug-in for the Rodin platform. The tool converts proof obligation sequents produced by Rodin into a format that can be verified by standard SMT solvers. The benefits and difficulties are discussed, and experimental results are presented in both industrial and academic projects. The paper Refinement of Decomposed Models by Interface Instantiation, by Stefan Hallerstede and Thai Son Hoang, addresses the problem of decomposition and modularization for Event-B. This feature is extremely important when dealing with top-down formal development of systems. The authors present a novel approach allowing developers to decompose Event-B machines through the interface mechanism. The approach leads to the capability to realize parallel refinement of different machines that arise from decomposition. A methodology to deal with continuous variables in modelling real systems by using the Event-B framework and the Rodin tool is presented in the paper Formalizing Hybrid Systems with Event-B and the Rodin Platform, by Wen Su, Jean-Raymond Abrial and Huibiao Zhu. Starting with an abstraction described with discrete variables, Event-B machines are refined by progressively introducing continuous variables. This approach is suitable for modelling hybrid systems and it is applied to several case studies, each exposing a specific typical problem that one may encounter in the study of hybrid systems. A paper representing a step forward in the context of the Alloy formal method is Preventing Arithmetic Overflows in Alloy, by Aleksandar Milicevic and Daniel Jackson. This paper describes an improvement to the Alloy analyzer to deal with overflow integer expressions. In the previous version of Alloy, such overflow expressions returned the smallest negative integer, inducing spurious counter-examples, which were not easy to detect. To overcome this limitation, the authors introduce a technique that modifies the scope of quantified integer variables to ignore overflow expressions. The paper Supervisory Control Theory with Alloy, by Benoît Fraikin, Marc Frappier, and Richard St-Denis, presents an interesting exploration of the use of Alloy in developing an abstract model of a theory in a declarative manner and providing an interactive simulation platform that can be used to explore various instances of the model. This is extremely useful, especially for students, when becoming familiar with an unknown theory: new users can explore the abstract model with their own instances, even adding new relationships between concepts, in order to verify properties, generate solutions to practical problems and, ultimately, extend the theory. The authors propose the use of Alloy in modelling and prototyping varying fragments of the Supervisory Control Theory, a control theory for discrete event systems. They also include the verification of non-trivial properties such as controllability, normality and observational equivalence. Frequently, in the specification and development of programs, partial terms – those that can fail to denote a value – occur. Logicians argue for the use of the non-classical “Logic of Partial Functions” (LPF) to facilitate sound and convenient reasoning about such terms. The paper Revising Basic Theorem Proving Algorithms to Cope with the Logic of Partial Functions, by Cliff B. Jones, Matthew J. Lovert, and L. Jason Steggles, deals with exploring the necessary steps to be taken to enable theorem-proving algorithms to cope with LPF. A complete and sound analysis of theorem-proving in LPF is clearly necessary to enable robust tool support, and this work advances towards that goal. The authors also point out that faults have been discovered in existing tools due to a failure to appreciate the subtlety of undefined terms, so this work helps to improve the existing state of the art as well as building a solid foundation for further work. We wish to thank all the reviewers for their diligence, dedication and effort, who helped us in preparing this special issue of ABZ 2012.
Elvinia Riccobene Dipartimento di Informatica, Università degli Studi di Milano, Italy E-mail address: [email protected] Steve Reeves Department of Computer Science, University of Waikato, Hamilton, New Zealand E-mail address: [email protected] 6 June 2014 Available online 11 June 2014