From a Solution Model to a B Model for Verification of Safety Properties

From a Solution Model to a B Model for Verification of Safety Properties Philippe Bon, Simon Collart-Dutilleul

To cite this version: Philippe Bon, Simon Collart-Dutilleul. From a Solution Model to a B Model for Verification of Safety Properties. Journal of Universal Computer Science, Springer, 2013, 19 (1), p2-24. .

HAL Id: hal-00865039 https://hal.archives-ouvertes.fr/hal-00865039 Submitted on 23 Sep 2013

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche fran¸cais ou étrangers, des laboratoires publics ou privés.

Journal of Universal Computer Science, vol. 19, no. 1 (2013), 2-24 submitted: 18/10/10, accepted: 28/12/12, appeared: 1/1/13 © J.UCS

B !"" #

!$ " %"% !"" #

B

B

B !" !# $

"! ! " ! " & ' " $ & (

% !(" ! " !!!! ) *" $" +) ! !" "+"+ " %!% !""! " &) !)!"$! & & ! ! !" %!" "*" " %! " %" "" "! %!" "*" " +" ) ,"

B , ! ! !

& "

B

$

! " ! "! ! " ! ")

! !"" " +

B

$ " !!!! -" "! " " & $"$"! " *" +

!"" " $!$! !% ! !$! !) ." ! ! $%"% *%! ! + %! % )+ $"$" $ ! %! %

+ $

! ! $ "! /" +! ! " / $ + %!%) " $

! %! / ! )

Bon P., Collart-Dutilleul S.: From a Solution Model ...

3

!$ $ +%+ " %! " %" "& " "!"+ "!"!

-" "! (!" ! "" " +! "!" " !"" "! *" ! "" !) ." ! ! ) "+ & " %! ! % $%"% *%! !"%"% ! ! ") !0%! ! ! "" -" "! " )$ !(" ! !% ! " $%" " $$%$ ) %" ! %" + $+! 1 '! 2334 ! !" !%"! $ 5%" " %!+ "

B

$" 1 264

*$ "!! $ !" " 0%$"! 5%" " *!! " !!!! %!+ $ $" ! ! $ %!" ! !% ! &) !)!"$! " %!

%$ *"! " 17 !!. " 824 + $ ! ) "+ %!" *" & $) " $ &" $" $" $!$! / $ + & ! " $* %" ! $ & & & " *!! " ' & &

" *" 9 ! + "! " & + -" "! ) !" + $ + & &! ") " " $"$" "!

) -" "! 1:! .+ 224 ! ! " " &+ $ ; " $ ! " ) *" %!+ ! $ $

! " & " "!" " $ & ( &" !" " " !(" ! %" $") $$" < / !) " "!" ! " !% &) "" " *" !!!!$" ! ! " &) "*" "

B

$"

! $ $" & ! " ! +

$!$ !!!!$"

B

$" !! %" *%" ! % 9 !0%")

" $ " ! ! " "!" + -" " +%+ "

B

$!$ (!" !" !"! " + -" "! " !

" "! & ' ! &" "

B

$" " !" ! " " "

$ "%" "! " ! ! " % + $" +)

"!" $ + -" "! "

B

!"" $! !" !"

!! ! $ %" ! ! % +

$ "! !" ! " & " + (+% 2# " !"" &" " "" ! & ! ! " " ! & 0%$"! "( " $ !(" " 0%$"! $ " )! 7%+ " 0%$" )!! -" " $) %! " % $ % )!! $ " 0%$"! $) %! " $ " !)"!!

" 19 " 7%"% " 64 17' =%.. 84


4

7+$

" 0%$" ++

" &) %!+ " 0%$" $ ! " ' !)!"$") " "!! & % ! %" "! ! $ "

$) %! "

$' $! "& " % " & % ! %" $ " 0%$" $ 17 !!. " 824 > & " " " )!! ! " !+ !! ! *" "

&" " !(" ! %" ? " *%" " $$"" "!' %" ") ) *" " $ ! "!"+ "! ! $" + $ ! %! % >+ -" "! " " 0%")

$ $ +

+%+ & ; " ! %" " ) " *" ! *!! &" + -" "! ! 1-64 " " $ "!"

"! $ " $$"" ! " ! ! !) " !%@" "! A " $ ! " %" " " !! $$"" ! %" % + ! " 5)

"

B

!! %+ $"" ! &' & " "!"

+ -" " " !""

B

$! ! ) "!"+ +

-" "! & ) 9 -" 1-" 2684 " $ "!

!) %! %" " ! -" " " ) &! $ "

! ) )$ % !)!"$ %" ! " % !" !!!! " "! !" & !"" " !" " ! " ) " & !" + -" "! $ !) % -" "


5

-" "! %! " $ " % !" )$ !)!"$! 1/%" 2B4 -" " ! "% !! " +! &" " !""

-" " ! "" + " ! "& ")!

!A ! "!" ! ! ' ) " "!" "!" " =) "!" ! !" ) ! *! ! ) ! %! $") -" "! " $ $* $! ! $" %! " !. " $ ) !% ! " ! !!) " %! + -" "! !. " $") -" " ! % " " " "" " '! " C""

! D) $" & $") -" "! " ' " C "" > & !" $ + " ! " !%!! " "% "! $" ! " '! & "! + -" " ) (!" +%+ " '! $ +%+ *!! ! "! $ " ! $ !"" " " ! ) $% + "!" ! $'+ ! $%"!" " '! "!" ! (+ ! ! " $%"!"! "! $" ! " + -" "! !"%"% " '! ) (!" +%+ $! + -" " !"+%! $ !" $$ A

"!E"!" ! -" "! 1= 2B34 ! (!" + % -" "! 1:! 284 ! %" +%+ + -" "! 1!+ 224 ! 0%" +%+ % " !. $ ! %! *"! ! -" " ! %$

-" "! ) )$ ! 1)$ ! 23B4 F) " % -" "! !" ?%" " %+ "$ ! $ ! " $%!" ( !" +%+! !! " ( " & !"

+%+ (" !!"! ++ $!$

"

!!++

% + %!+

" "! !"! "$

! %! !" % +

!! !!++

" ( (!" +%+! "%") %" $"$" +%+ ! %!


6

" %! ! !" !)$ !

!" !)$ !

"! !)$

! !! " )$

"

0

!" !)$ !

! !"! !!%$ " !@ " $

%" ! "!# !" "+

(!" +%+

!)$

%" ! &" ") 0%

%" %!) $ !""!

!)$ ! ! &" !)$ !

%" ! !" %"

$"$" +%+ !

x

y

2 ∗ x + f (y)

&" %" !)$

"" &" ")

'&!

! *!! %" $ !""

∗

") 2#

f

+

∗

2

") 8 %(*

+#

! %" $ *!! ! &" !)$ ! "!

2∗x+y > z −3 ! " $ %" $ *!! ! 2∗x+y z −3 &" " !)$ > ") 8 %(* "" # ) ! !!) %" $ " $! &" 0%"(! ∃ ∀ + " ! ! @%" ∧ !@%" ∨ +" (x = 3) ∨ ∃y((x + y > 2) ∧ (x − y < 3)) ! *$

$% *!! ! ! "

" ! !

$% ! ! "! ! 0%"( ( !" %! $% ! " ! %!

x

! 0%"( )

∃

∀#

(!" +%+ !!"! A

!! "+ " !"" % " !! "+ " !)$

%" % %" " """

$

!! "+ " !)$ "

" & !

%" # *!! ! $% !!) "" !" " """ $ " ! &" " """

+ ∗ !

" $%"" " *!! 2∗4+5 %" ! 13 '&! &" " """ "!

=< > ! 0%") !! " ! $% ∃x∃y((x + y > 2) ∧ (x − y < 3)) ! "% " %! " "" """ ! " """ $ $% ∃x(2 ∗ x − 1 = 0) ! "% " " $ %" ! " "+ $ " "" $ !"" (!" +%+! ! $ !! " " ! $ $) (

! " & !)"* " """ (!" +%+ $) (

# Π

!"

"

V

!" !

"+

Ω

!" !)$ !

"! !)$

! !! "

%" ! !"


# % #

(Ω, Π)

")

#

$

v

!"%"

e1 , ..., en

%"

!A

Ω

#

f (e1 , ..., en )

&

f

! %" !)$ &" ")

n

*!! !

! ! ! " %"

V

!" *!! !

#

V

%"

0

!

7

L

!

*!! &" %"

(L, Π) ! !"%" p(e1 , ..., en ) & p ! n e1 , ..., en *!! ! " $ &" %"

" !)$ &" ") ! ! ! " #

! "A

" $ !"%"

(F ), F ∧ G, F ∨ G, ¬F, F ⇒ G

!"%"

∃x(F )

∀x(F )

!"

Ψ

$% !

# !"%"

∃x(F )

!

x ! ∃x(G) ∀x(G)#

! !

∀x(F )#

F

x + F

$% &" %" 0%"(! ! ! "

$%

! ! "

$% &" %" ! ! ! "

T

! !" ! $%

a, b, d %! f, g, h %" !)$ ! p, q A, B, C " $! F, G $%

F

" &+ *" " " ""! !

&

) " *!"" ! %!# 0%"( &" %"

) '! ! ! "

#

F ⇔G

&

& " ! !% $% !

$%

G

x, y, z, u, v, w

"

" !)$ !

e, c

*!

" ! ! " %! " " ) "

+%+ ! " ! ! %! % " "" *!! ! &" *") 0%"( ! "%") !%!""%" !!"! + &" *!! $) " ! ( ! &!A

# #

!

V

σ = [x1 /e1 , ..., xn /en ] ! L !A

" " !" *!! !

" $ " !"


8

σ(xi ) = ei σ(v) = v

i = 1, ..., n

"! !

# !%!""%" " ! *" " $ !$ " !"

*!! ! $ $)A # $ !"

σ1 ◦ σ2

σ(f (e1 , ..., en )) = f (σ(e1 ), ..., σ(en ))

"& !%!""%" ! ! ( )

(σ1 ◦ σ2 )(e) =

σ1 (σ2 (e)) # " " !%!""%" " $% ! ( !A

σ(p(e1 , ..., en )) = p(σ(e1 ), ..., σ(en )) σ(¬F ) = ¬σ(F ) σ(F op G) = σ(F ) op σ(G) ∧ ∨ ⇒ ⇔

# !%!""%"

η = [x/a]

&

&

a

op

! "!

" !

! !"" !

#

# !%!""%"

α = [x/v]

&

v

! !

# " !!+" η

%!

x

)

a

= [x/a] " 0%"(

$% !

A

η(∃x(F )) = ∃x(F ) η(∃v(F )) = ∃v(η(F )) !$

v

C"

x

∀

" "! (" ! % -" "! (

% -" " 1:! 284 ! !! -" " &" !" %! " !"+%! " '! *!! & "! ") -" " &! %! " $ !)!"$! 9 % -" "! ! %" +%+ & " ")+ " ! ) $ "" ") $" "

(" !" ! !! " " ! ") ! % " % -" "! ! ") (!" +%+ ! !"

$! !)$ !

%" ! "" ! %" ! %!

"! $! " ! $ "" " " "" % -" " &)! % " E"!" -" " $ (" % -" " ! + &A


#

% -" " ! "%

9

CP N = (Σ, P, T, A, N, C, G, E, I)

! #

Σ

$") (" !" ")!

#

P

! (" !" !

#

T

! (" !" "!" !

#

A

! (" !" ! !A

#

N

# #

C ! " G ! " ! "

P ∩ T = P ∩ A = T ∩ A = ∅,

%" ( $

A

"

P × T ∪ T × P

%" ( $

P

"

Σ

%" ( $

P

" *!! ! !A

∀t ∈ T : [T ype(G(t)) = B ∧ T ype(V ar(G(t))) ⊆ Σ], #

E

!

$ %

%" ( $

A

" *!! ! !A

∀a ∈ A : [T ype(E(a)) = C(p(a))MS ∧ T ype(V ar(E(a))) ⊆ Σ] & *#

I

p(a)

!

!

N (a) %" ( $

P

" ! *!! ! !A

∀p ∈ P : [T ype(I(p)) = C(p)MS ]. " 1:! 284 " $ "! " (" ( !) % -" " % ! $ " ! $ " ) !" " (" ! *!! ! +A

# &

∀t ∈ T : V ar(t) = {v|v ∈ V ar(G(t)) ∨ ∃a ∈ A : v ∈

V ar(E(a))}.

∀(x1 , x2 ) ∈ (P × T ∪ T × P ) : E(x1 , x2 ) =

E(a).

a∈A(x1 ,x2 )

V ar(t) ! " !"

(x1 , x2 ) & " ("

# ' # #

!

"!" '

t

t & E(x1 , x2 ) ! "

! " % A

! %"

b

(

V ar(t)

!A

∀v ∈ V ar(t) : b(v) ∈ T ype(v) G(t) & G(t) +% t ) ' b

! " "+ " %" "


10

!" "!"

t

'! ! " )

B(t)

9 $$") " ! ! " ' + $" $'+ !" & ( A

# (

" ' ! %

(p, c)

&

p ∈ P

c ∈ C(p) T E

"! " !" " '!

+ $" ! %

(b, t)

&

t∈T

b ∈ B(t) BE

"!

" !" + $"!

$'+ ! $%"!" !

T E " $'+ M0 ! " $'+

" ) " %" " "!" *!! !A

∀(p, c) ∈ T E : M0 (p, c) = (I(p))(c). M

"! " !" $'+

!" ! $") (" ! & "

BE Y

"! " !" !"!

& &! %! " ! " %

% -" " ( A

# )

!"

! ) $'+

Y

") ! ' A

∀p ∈ P :

M

) " &+

E(p, t) M (p).

(t,b)∈Y

"

Y

!" $'+

M

A

(t, b) ∈ Y "!" t ! (t, b) ! ! ! " M

(t1 , b1 ), (t2 , b2 ) ∈ Y

$'+

'

M

(t1 , b1 ) = (t2 , b2 ) (t1 , b1 )

b

) *"!

(t2 , b2 )

%

") " t1 t2 ! %")

|Y (t)| 2

Y (t, b) 2

" "

t

! "! %")

(t, b)

! "! %")

! " !" &! %! " *!! " !! !$%"") "!" (+

# * +

M1

"

; !" ! " ( " " +! $'

M2

!A

∀p ∈ P : M2 (p) = (M1 (p) −

E(p, t) ) +

(t,b)∈Y

E(t, p) .

(t,b)∈Y

(!" !%$ !"! !%$ " '! & " ! !"! % " '!

Y

M2

! ! " ") $

" ! $) " ! &!A

M1 [Y > M2

M1

) " %


11

) " " (+ !0% % & &! %! " ( $'+ ! ( ! &!A

# +

% (" !0% ! !0% $'+!

!"! " A

M1 [Y1 > M2 [Y2 > M3 . . . Mn [Yn > Mn+1 ∈ N Mi [Yi > Mi+1 i ∈ 1..n M1 ! ! " " !"" $'+ Mn+1 ( $'+ - !" "+ n ! ! " " !" %$ !0% ! n

% ! +" "" &) $'+! $"" A

M1 [Y1 Y2 . . . Yn > Mn+1

# ,

$'+

M

! $

% (" !0% &" )

n ∈ N

M

M

) " !

! !"" $'+

M ! ( $'+

" ! !" !0% !A

M [Y1 Y2 . . . Yn > M . M

! ! " $

$

M

! "

M

n

!"! !" $'+!

[M >

! $" " ++ "! + % -" " &)! % " E"!" -" " 0% %! " " " " 1:! 284 " "$

- . " %

" %!"" " C" "

! !" "! " " &) *$ ! %! ! ! !"% ) ! *$ ! + ) 1= 224 ! !"% ) ! ! ) " + &+ %!A 2 A &) "& ' ! $ ! !%" $") "!

CdVi

&"

i ∈ [0..6]

8 A "! % " !$ "5 " & ! ") %! & " % A G2 A & "! " " !$ "' " " !$ $ $" G8 A " $%!" "' !+$" "& "& "!

) "% ! &) "& ' ! ! A H2 A &) "& ' ! !

! "'! %$ $ " 6


12

$" !""

" ! !"% )

+% 8 +! !$" !"" " ! !"% ) ! & 6 "'! !" " (+% )

CdVi

&"

i ∈ [0..6]

1= 224 " ! !"% ) ! !( &" $") -" " ! -" " ! 0%" )A " ! $ ! 82 ! 2I "!" ! BI ! %! + -" "! ! !!) " % " !. " $ " "! "& ")! " '

ta

tb

!"+ " "& ")!

" " % % -" " (+% J $ ! " " " &) *$ " $'+ " -" " "! "" " "' ! % ) "

0

ta " "' 4 ) " tb $%"!" 1 ta Busy0x 1 tb Busy4x# " $! "" " $'+! " "'! 1, 2 5 $%"!" 1 f ree ! F ree1 F ree2 F ree5# -" " % " "'! " $' ) !$ " '! " "' %$! "' " %" !!"" !$(" " " ! !!A & " -" " ) $ ! 8 ! 2 "!" ""

% (+% I $'+ $! %$!

"+ " "'! " " %! "" " "" " ! "( "' !!+ " $ "' " " *" ! $ ) " "!" " +% +! " " " !" ! ") 0%$"! G2 G8# !" 0%$" H2# ! $ ) $'+! & + "'! %$! ) " "!" +%

k = (j + 1) mod 7

& $ " %"

i = (j − 1) mod 7


13

) * 9 L &" " M " 9 9 N L

&"

* A

) A

9 N

2K"

2

2K"

$%&'

?%!)2*

?%!)*

2

$'&(

2K

$"&%

6

2K

2

2K

?%!)6*

2

2

8

?%!)8*

$(&)

2K

2K

2K

J

?%!)J*

$+&"

I

$)&*

?%!)*

?%!)I*

2

2K"

$*&+

2K"

9 % -" " $

&) ! !"% )

9 L &" " M " 9 9 N L &" M 2 M 8 M J M I M M 6 * A A 9 N @ A 9 N ' A 9 N 2KO2P 2KO"P 2KOI"P

CdV × T rain @*# ?%!)

2KO"P Q 2KOI"P

2KOP

CdV

/ +

'*# 8

2KO8P

i = (j − 1) mod 7 k = (j + 1) mod 7

' J

2KO2P Q 2KO8P Q 2KOP

& $( -" " $

" ! !"% )


14

B

B

$" & &! ) :)$ 1 264 !

$ $ " $" !% !

Z

V DM ! $" ! !

"& $$") $ !A " !"" !! " !)!"$ ""! " !! " !""! " )$ $ !! & +!

!"" ) " ! ( ""! )$ $ &! %! " ! "! & " ' " " ! "! *!! ) !! + "! ""! !""! ! (" ! $ ! " !)!"$ !"" ! ! ) " !" %! "!*!! !# & " " !" $ ! " !"" !" !" !"" +! $ ! " )$ !" / ! %" &" " "!" $"!A

! ( ) " !"

!""! $ & " !"" +

! &

! $ !

" !" $ (" ! " %!

"

*!! #

"!! !""! ! !%+

$ +!

! " ! $$ $ $ " $" ! "!!

B

"" " " !%!""%" ! " " !"

" 1 264

B

! C! %! " "+"! " " ($"

& $'! $" $" $ " !(" ! " " !! !+ $!$ ! $!$ !

-

+" ! +" " !"+ "

B

$" !!

" +%" " ") " ($" " !"" $ ! !%" " ! " $+ !" + !+ !""! " !)!"$! !% ! 9 9 !" ! / " ? $" !$! " 5" $" " %!" & &) " ! "& $" !% ! /F 1?$ " 24 17 " 284#

& /0 / + " " "! ! !

B

+%+ $"$"

"" !!") " !" " ) > & "

B

!" " ) " "

")+ ! " % " $"! !" " !$ ") " !"%"%! A !"! ) " ! "& !"! %" ! $

!" " " !"! $"! !" " " ""

B

"! *!! ) $% $ %%! (!" "

&" 0%") " $! "

B

+%+ % ! " "! &" !!


!" " !

∧#

0%"( !

∃x.P

∨# # ∀x.P #

15

%" ! &" 0%") "

!"" $ (+% # ! " ! $"

B

$" "

$ ! !)!"$ ! ) !" " ! ) " " ! ! ! " "" $ ) " !"" " % !"" $ ! $ !

A

!""$"! "A

•

$"!

•

!

•

!""!

" & !!"! " " %!) $"! +! " ")!

(" " " !""

" ! "" ( " " ! $ + " !"" +! !"" $ $ ! " % " !( !)!"$

"& ! "! $ ! ( !"" $ ! $ ! C " %!! !"+ " " " !( !)!"$

B

!""!

!"! !" %++ " " !)!"$ $ ! ( ) "! $ $"! + "! "! $"!

1! 2-/3!2 !"! ! " !""!# !( " %! 42 ! 1! 2/!2 # " + "! " %! -1 4-234 %! 5/-3/64 +! $ !( " %!

! & !" $"! " !)!"$ ! !""! ! ( ) @%" "! %!

3!5/-3/!2 !

%! +! " "! "" " %! " ! " !"! ) " ) "$ ) ! % " %!

B

3!323/63 /231! 43!3231! " ! )

+%+ " ! *" %!

! $ " !

#

(" " %! " "%) &" $

"! " *!! !%!""%" (" %! " %!! " $ " %! (" ! ) " ! + "*" & $ $"! "' " $"! (" ) %! " $ " & " ! ( & " !"" " !)!"$ $ )$ ! ! ( ) " ! & ! " " ! " $ ) " !)!"$ " " ! " % $" "

B

+%+ ! %! A " "


16

& 7 0 +! !%!""%" "" &! %! $ + !! & " $ ) " !)!"$ " ! ') " "

#

B

" !#

+! !%!""%" ! " "! $ &

& " ! " "! "!+ " + ! " " %! " "! "!+ " " " ! $" " & !

S

! !%!""%"

" " )+

S

"

P

" "

S[P ]

! "

P

+! !%!""%" ! *"! " $") !%!""%" ( ! &!A

# !%!""%"

x x := e

!

e

! *!! " " $")

" "

" ) !%!""%"+

P

"! $!

P

( " !%!""%" ! %! "

B

e

" %!

P

x

"

P

+%+ "

!" 1 264 1 264

& -# ! $" "

B

$" %!! " " ($" &

! $" $" $ " !(" ! " " !+

$!$ ($" !! ! " !" !%!! "! $" ! " " $ ! "! $" ! $ " %" " $ " $%" !"%"%! ! "$!$ " " ! " & &"" $$ +$$+ +%+ ! !

($" " !" ! $$""

+% +! & ($"

N

$ !""

M

" C

! "& " "& $ "!

) "

B

$" !! ) %!+ "

! & & %! "

+" %" $") "

+" ! !"" $ " " !" ($" " $$"" & " ! ! "& 1

,

- ,.. . - ,.. .


M (p) C St k B v D I T 1 /0 !"#$ S

P

17

N M St1 k1 B1 w D1 J T1 1 /0 !"#$ P 1 S1

%& ' 23 2

& "! $" + "$ ! " " -" " $ "

"!" " "

B

!"" $ ! +! ) %

+ " !"" $ ! + " " ! -" " $ ! !" ! ! $ $$") $" !%+ $ " !"%"%

) " % "! " -" " $ " % "

B

$ 1? 84

' 8 # ! + -" "! $'+ ! ! " $%"!" $) "!' ! " " " !(" $%"!"! ! " ! " ( " "! !! " &" $%"!" " 1? 84 " $ $"

B

")+ ! ! " ! " !! " ( !"" $

& "'! " %" ")! $%"!"! $%"!"! " !! " "! " ! !( &" $"! (" ! ! (" ! " % ! !!) +% 6 +! " !"" $

) $ !

B

(" ! ! )+ $%"!"!


18

M ultiset M s(ss) == ss ↔ N AT 4

M s&Empty(ss) == {elt|elt : ss × {0}} M s&In(elt, ms, ss) == ∃n.(n ∈ N AT1 ∧ (elt → n) ∈ ms) M s&Subset(ms1, ms2, ss) == ∀elt.(M s&In(elt, ms1, ss) ⇒ ms1(elt) ms2(elt)) M s&Add(ms1, ms2, ss) == λee.(ee ∈ ss|ms1(ee) + ms2(ee) M s&Less(ms1, ms2, ss) == λee.(ee ∈ ss|ms1(ee) − ms2(ee)

5 ",

" !"%"% "! " %( ) " -" "! $ " !"

' " % % 0 B

!" " "!" " !"%"% !"! " -" " $ ! ! !"" ! " " -" " " "!" -" " "!" "

B

" ! $

$" ! "! $" "'! " %" " " "" " $"

" " !"" ! " !$ ! " ! + "!" (+

'

%

$ !! " !"%"%

" -" " $ + " !

!)!"$ " !$! " "% " "!" " $'+ ) !"" "

B

!"" $ ! " $'+ ! $%"!" " '!

" ' ! "% $ !

s $"! & " %! "! p !"" StateRp ! % ! ! ( ! $%"!" ! " ColorF Rp !! " " " p 9 !0%")

p " &+ !$ ! " % A

5/-3/64

StateRp

3!5/-3/!2

StateRp ∈ M S(ColorF Rp) ! " "& C" ! " ! &) *$ " ! ! " A


19

5/-3/64

StateRBusy StateRF ree

3!5/-3/!2

StateRBusy ∈ M S(ColorF RBusy) ∧ StateRF ree ∈ M S(ColorF RF ree) " " "" ! " (!" " "!" ! &! " "! $ " !!"! !$ !)"* "! $" $ -" " ! "

B

+%+ $ " !"%"% (" % -" " "! $" % ! %! " ! " A #

Σ

! $") (" !" ")!

#

P

! (" !" !

#

T

! (" !" "!" !

#

A

! (" !" ! !A

#

N

# #

P ∩ T = P ∩ A = T ∩ A = ∅,

%" ( $ A " P × T ∪ T × P C ! " %" ( $ P " Σ G ! " %" ( $ P " *!! ! !A "

∀t ∈ T : [T ype(G(t)) = B ∧ T ype(V ar(G(t))) ⊆ Σ], #

E

!

$ %

%" ( $

A

" *!! ! !A

∀a ∈ A : [T ype(E(a)) = C(p(a))MS ∧ T ype(V ar(E(a))) ⊆ Σ] *#

I

%" ( $

P

" ! *!! ! !A

∀p ∈ P : [T ype(I(p)) = C(p)MS ]. $

Σ ")

" !"" $ ! !! " " !

!"% ) " !" "! ! %$" "'! ( &" !"" $ "%!A

8/ 3!4 RdP train 3! 694 M ultiset

42

T rains = {ta, tb}

1! 2/!2

CdV

-1 4-234

CdV = {elt|elt ∈ N AT ∧ elt 0 ∧ elt 6}


20 "!

P T

$

A

%"

N

" *") " !""

" " $ "! "! $" ! " "% " %

" $ " " !"%"% " !$ ) " "!" " !"%"% ! " "!"

%" ! " %"

I

C G

E

!( ) $!

! !( "

B

3!323/63 /231!

(" ! () %!

' % $ "! "!" ! !!") " "% " % " !)!"$ ? ! )+ " % ! $ $" "!" ! ! " " % !" ! !! " " "!" ! $ ! ) ! + " "!" +% ! %! ) *!!

! ' " " "!" A

∀t ∈ T : V ar(t) = {v|v ∈ V ar(G(t)) ∨ ∃a ∈ A : v ∈ V ar(E(a))}. !" ! ! "!" " !" "(! ! ! ") ) $! (" &" ") )+ " "!" " EnabledRt "+ " "!" t + " %" !"" ! !( " ! !"% ) " ! ) "!" &" "& %" !A

Enabled&M oving == ∃V ar &M oving.( T ype&V ar &M oving ∧ Guard&M oving ∧ M s&Subset(ArcExpr &F ree&M oving, State&F ree, Color &F ree) ∧ M s&Subset(ArcExpr &Busy &M oving, State&Busy, Color &Busy))

; "!" + " ! !( " " &+ " -" " %" !( ! $" + J8J " " ' !%$" ! %" # ! 0%" " !%"" ! " #

$%"!"! " "!" " !+ " $'+ %" %+ " "!" (+ ! !( ) (+% 3 +! " "!"

" % -" " $ " ! !"% ) "! !" " % $" " ) & " "!" $" +) ! ! ! !" ! "!" ! %!"" $") &) *$ %" "

! " "! $" " !" > & " $"$" !"! "

1? 84 "! "%" " 0%$" ++ " & ! " 9 ! + "! !" " & " $ !" "!"+ "%" ! " !!") "! $+ "

B

I

" ( ) -" " "

!"" $ " %! %" $"

"

! !! " &"


21

MACHINE RdPtrain INCLUDES Multiset SETS Trains = {ta, tb} CONSTANTS CdV PROPERTIES CdV = {elt | elt ∈ NAT ∧ elt 0 ∧ elt 6} DEFINITIONS Var Moving == i, j , k , x ; Type Var Moving == i ∈ CdV ∧ j ∈ CdV ∧ k ∈ CdV ∧ x ∈ Trains ; Guard Moving == i = ((j − 1) mod 7) ∧ (kk = (jj + 1) mod 7) ; ArcExp Busy Moving == Ms Empty(ColorF Busy) 1 ∧ (j − i) mod 7 < 6) ! " "'! " %" "" " &) *$ ! % $ ! 3 "'!

" " & ) "

B

"

! & %! " $ " "!! " -" " $ &"

+ ! " " ! ! ") 0%$"

B

"

! !! " +

"

! > + ! "

& +"

+" ! !%+ $ " " ! $ ! " "

! " !!!" ) %$ *" " " $"$" ' & + )&)

B

"

*"! %! "

$%" "! " " + "

" !%

/ "" ! $* ! " %! C" $ + "

! " "*" ! ") 0%$"! ++ ! !" " (!" "

"! ! !%!! %" $!! " " "!' & "'! " !"! " $ $ " 0%$"! )!! " & ! $$""

!)!"$ "%) " ! !&"+ " & $$"" ! " ! " % -!) " "! !"+ " !+ !! " %!! $ "! $" ! "!' $) !!!" " !+ " &) $ )!! " $$"" 9 ! + ! ") 0%$"! +% "! "! "! $" $ + -" "! "

B

!"" $!

! ! ! ! &) '+ " !$ 0%$"! & !&"+ "! &! !"" "

B

B

$! %" " )!! ! "

!! $$"" !)"!!

?! !$ *$ !" $%"% *%! &) $ " + -" " $ & %!! ! %!"" / " !") !!! " % $ * % $" (" !

" -" "!

B

!"" $! !" !% &) ""

!)!"$" "!" " % ! "!" ! !" %!"" " !$ *$ & !""+ $ " *$ "+"+ "$" !""! " " & $ $ " " & " + ++ !! (+% 2# (+ $$"" $" " " $ )!! !" ! " " " @%!" ! "" + -" "! %! " (" $! ! ! " ! " " (" %$ %! & !!+ " "% %! ++ " " " ! "$ !""! " !"( ""% ! ! $ !" ! " %+ ! $ "!"+ !"! 1? " 8B4


23

/ " ""% "! % )!! !%"! " & ! + "% %! $"! 17 % " 8B4 + " %"

$

" )!! !! " & ! $$"" !! ! " ) " "$ $" F %!) $ !(" ! " 0%$"! + "$ !" ! $! ! !"! ! " ) ! "

%! " *") ( " " $$"" ! $ " " " & + &" "! ' !""! " " $ !(" " $$"" !$! " *!" > & %" ! ! " %" ! + $ " !"!

6 '77"8 ! 9, 2 --,

$ 2 : ;

'77" 6- '7778 - - 5 $ ! $, 2$

From a Solution Model to a B Model for Verification of Safety Properties

From a Solution Model to a B Model for Verification of Safety Properties

Suggest Documents

MPEG-4 Video Verification Model: A Solution for ... - CiteSeerX

A WSAN Solution for Irrigation Control from a Model

A systematic approach for model verification

MODEL CHECKING PSL SAFETY PROPERTIES

A model-based design-for-verification approach to checking for ...

A Functional Correctness Model of Program Verification

Documentation and Verification of VST2D: A Model

Development and verification of a simulation model

A Functional Correctness Model of Program Verification

Model Checking Safety Properties of Servo-Loop

Efficient Model Checking of Safety Properties - Spin

Model Checking of Safety Properties - Semantic Scholar

To Topo Two Model a model of a model.

A safety culture maturity model for petrochemical

Incorporating Resource Safety Verification to Executable Model-based ...

A Model for Migratory B Cell Oscillations from Receptor Down ...

From the nominal model to a model of manufactured ...

Numerical solution of a logistic growth model for a

A Solution Architecture to Support the C.A.R.S Conceptual Model for ...

Exact solution to a generalized model for compact stars

A SIMPLIFIED MODEL FOR MEASURING THERMAL PROPERTIES

Development and verification of a pharmacokinetic model to optimize ...

A Model-Driven Engineering Approach to Support the Verification of ...

Directions for model building from asymptotic safety