Showing 1–2 of 2 results for author: Voisin, L

Theory Plug-in for Rodin 3.x

Authors: T. S. Hoang, L. Voisin, A. Salehi, M. Butler, T. Wilkinson, N. Beauger

Abstract: The Theory plug-in enables modellers to extend the mathematical modelling notation for Event-B, with accompanying support for reasoning about the extended language. Previous version of the Theory plug-in has been implemented based on Rodin 2.x. This presentation outline the main improvements to the The- ory plug-in, to be compatible with Rodin 3.x, in terms of both reliability and us- ability. We… ▽ More The Theory plug-in enables modellers to extend the mathematical modelling notation for Event-B, with accompanying support for reasoning about the extended language. Previous version of the Theory plug-in has been implemented based on Rodin 2.x. This presentation outline the main improvements to the The- ory plug-in, to be compatible with Rodin 3.x, in terms of both reliability and us- ability. We will also present the changes that were needed in the Rodin core to accommodate the Theory plug-in. Finally, we identify future enhancements and research directions for the Theory plug-in. △ Less

Submitted 4 January, 2017; originally announced January 2017.

Comments: Event-B day 2016, Tokyo

ACM Class: D.2.4

From Event-B to Verified C via HLL

Authors: Ning Ge, Arnaud Dieumegard, Eric Jenn, Laurent Voisin

Abstract: This work addresses the correct translation of an Event-B model to C code via an intermediate formal language, HLL. The proof of correctness follows two main steps. First, the final refinement of the Event-B model, including invariants, is translated to HLL. At that point, additional properties (e.g., deadlock-freeness, liveness properties, etc.) are added to the HLL model. The proof of the invari… ▽ More This work addresses the correct translation of an Event-B model to C code via an intermediate formal language, HLL. The proof of correctness follows two main steps. First, the final refinement of the Event-B model, including invariants, is translated to HLL. At that point, additional properties (e.g., deadlock-freeness, liveness properties, etc.) are added to the HLL model. The proof of the invariants and additional properties at the HLL level guarantees the correctness of the translation. Second, the C code is automatically generated from the HLL model for most of the system functions and manually for the remaining ones; in this case, the HLL model provides formal contracts to the software developer. An equivalence proof between the C code and the HLL model guarantees the correctness of the code. △ Less

Submitted 24 October, 2016; originally announced October 2016.