Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Formal verification and validation of run-to-completion style state charts using Event-B

Journal Article · · Innovations in Systems and Software Engineering
 [1];  [2];  [2];  [1];  [1];  [2]
  1. Sandia National Lab. (SNL-CA), Livermore, CA (United States)
  2. Univ. of Southampton (United Kingdom)
+ Show Author Affiliations

State chart notations with ‘run to completion’ semantics are popular with engineers for designing controllers that react to environment events with a sequence of state transitions but lack formal refinement and rigorous verification methods. State chart models are typically used to design complex control systems that respond to environmental triggers with a sequential process. The model is usually constructed at a concrete level and verified and validated using animation techniques relying on human judgement. Event-B, on the other hand, is based on refinement from an initial abstraction and is designed to make formal verification by automatic theorem provers feasible. Abstraction and formal verification provide greater assurance that critical (e.g. safety or security) properties are not violated by the control system. In this paper, we introduce a notion of refinement into a ‘run to completion’ state chart modelling notation and leverage Event-B’s tool support for theorem proving. We describe the difficulties in translating ‘run to completion’ semantics into Event-B refinements and suggest a solution. We illustrate our approach and show how models can be validated at different refinement levels using our scenario checker animation tools. We show how critical invariant properties can be verified by proof despite the reactive nature of the system and how behavioural aspects of the system can be verified by testing the expected reactions using a temporal logic, model checking approach. To verify liveness, we outline a proof that the run to completion is deadlock-free and converges to complete the run.

Research Organization:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); ASC
Grant/Contract Number:
NA0003525
OSTI ID:
1883178
Report Number(s):
SAND2021-10691J; 699032
Journal Information:
Innovations in Systems and Software Engineering, Journal Name: Innovations in Systems and Software Engineering Journal Issue: 4 Vol. 18; ISSN 1614-5046
Publisher:
Springer NatureCopyright Statement
Country of Publication:
United States
Language:
English

References (10)

Foundations for using linear temporal logic in Event-B refinement journal November 2016
Rodin: an open toolset for modelling and reasoning in Event-B journal April 2010
The Unit-B method: refinement guided by progress concerns journal March 2015
Statecharts: a visual formalism for complex systems journal June 1987
Structure and behavior preserving statecharts refinements journal January 2019
Domain-specific scenarios for refinement-based methods journal January 2021
Modeling in Event-B January 2010
Proving the Correctness of Multiprocess Programs journal March 1977
Uml-B journal January 2006
The TLA+ Toolbox journal December 2019

Similar Records

System description: IVY
Conference · Thu Feb 03 23:00:00 EST 2000 · OSTI ID:751900
Methods to model-check parallel systems software.
Technical Report · Sun Dec 14 23:00:00 EST 2003 · OSTI ID:822572
Semantics and correctness proofs for programs with partial functions
Conference · Sun Sep 01 00:00:00 EDT 1996 · OSTI ID:373932

Related Subjects

97 MATHEMATICS AND COMPUTING
Event-B
refinement
run to completion
state charts