Developing verified sequential programs with Event-B
Developing verified sequential programs with Event-B
The constructive approach to software correctness aims at formal modelling of the intended behaviour and structure of a system in different levels of abstraction and verifying properties of models. The target of analytical approach is to verify properties of the final program code. A high level look at these two approaches suggests that the constructive and analytical approaches should complement each other well. The aim of this thesis is to build a link between Event-B (constructive approach) and Dafny (analytical approach) for developing sequential verified programs. The first contribution of this thesis is a tool supported method for transforming Event-B models to simple Dafny code contracts (in the form of method pre- and post-conditions). Transformation of Event-B formal models to Dafny method declarations and code contracts is enabled by a set of transformation rules. Using this set of transformation rules, one can generate code contracts from Event-B models but not implementations. The generated code contracts must be seen as an interface that can be implemented. If there is an implementation that satisfies the generated contracts then it is considered to be a correct implementation of the abstract Event-B model. A tool for automatic transformation of Event-B models to simple Dafny code contracts is presented. The second contribution of this thesis is an approach for derivation of algorithmic structure in Event-B refinement. To facilitate this, we augment Event-B with a scheduling language that allows modeller to explicitly define the control flow between Event-B events in each refinement level. The scheduling language supports both non-deterministic (choices and iterations) and deterministic (conditionals and loops) control structures and treat Event-B events as its atoms. We provide a set of schedule refinement rules for refining an abstract scheduling language to a concrete program structure. We also provide a set of rules allowing the elimination of event guards at the concrete level. The final contribution of this thesis is a method for transforming scheduled Event-B models to Dafny code and contracts. We formulate the transformation of a scheduled Event-B model to Dafny program constructs and show how the actions of an atomic event can be sequentialised in the final program. We introduce an approach for generation of Dafny contracts in the form of assertions in order to verify the correctness of the sequentialisation.
University of Southampton
Dalvandi, Mohammad Sadegh
5e49c22a-9a97-4bc3-864a-4dc8e3704164
April 2018
Dalvandi, Mohammad Sadegh
5e49c22a-9a97-4bc3-864a-4dc8e3704164
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Rezazadeh, Abdolbaghi
ab1aeb76-9d41-4b46-820c-cc66b631cb99
Dalvandi, Mohammad Sadegh
(2018)
Developing verified sequential programs with Event-B.
Electronics & Computer Science, Doctoral Thesis, 167pp.
Record type:
Thesis
(Doctoral)
Abstract
The constructive approach to software correctness aims at formal modelling of the intended behaviour and structure of a system in different levels of abstraction and verifying properties of models. The target of analytical approach is to verify properties of the final program code. A high level look at these two approaches suggests that the constructive and analytical approaches should complement each other well. The aim of this thesis is to build a link between Event-B (constructive approach) and Dafny (analytical approach) for developing sequential verified programs. The first contribution of this thesis is a tool supported method for transforming Event-B models to simple Dafny code contracts (in the form of method pre- and post-conditions). Transformation of Event-B formal models to Dafny method declarations and code contracts is enabled by a set of transformation rules. Using this set of transformation rules, one can generate code contracts from Event-B models but not implementations. The generated code contracts must be seen as an interface that can be implemented. If there is an implementation that satisfies the generated contracts then it is considered to be a correct implementation of the abstract Event-B model. A tool for automatic transformation of Event-B models to simple Dafny code contracts is presented. The second contribution of this thesis is an approach for derivation of algorithmic structure in Event-B refinement. To facilitate this, we augment Event-B with a scheduling language that allows modeller to explicitly define the control flow between Event-B events in each refinement level. The scheduling language supports both non-deterministic (choices and iterations) and deterministic (conditionals and loops) control structures and treat Event-B events as its atoms. We provide a set of schedule refinement rules for refining an abstract scheduling language to a concrete program structure. We also provide a set of rules allowing the elimination of event guards at the concrete level. The final contribution of this thesis is a method for transforming scheduled Event-B models to Dafny code and contracts. We formulate the transformation of a scheduled Event-B model to Dafny program constructs and show how the actions of an atomic event can be sequentialised in the final program. We introduce an approach for generation of Dafny contracts in the form of assertions in order to verify the correctness of the sequentialisation.
Text
Thesis
- Version of Record
More information
Published date: April 2018
Identifiers
Local EPrints ID: 422225
URI: http://eprints.soton.ac.uk/id/eprint/422225
PURE UUID: 353ef1ba-48d7-4d1f-a45b-163eacc3c319
Catalogue record
Date deposited: 19 Jul 2018 16:30
Last modified: 16 Mar 2024 03:35
Export record
Contributors
Author:
Mohammad Sadegh Dalvandi
Thesis advisor:
Michael Butler
Thesis advisor:
Abdolbaghi Rezazadeh
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics