B (13)...IMPORTS I5-6 ˘˘ M0 I0 M1 M3M2 M6 IMPORTS I1 I3I2 M4 M5 I4 I5-6 REFINES Atelier B Atelier B Introduction “The B Language Reference Manual describes …

��

�� :�� B ��

(13)

��

��

��

2010��

��

�� B ��

• ��• B �� B ��• ��

– ��

– �� IMPORTS ��

• ��– ��

– ��

Formal Methods: Software Development in B Qiu Zongyan (June 7, 2010) 1

B ��

�� B ��B Book��12.2 � “��” � 12.4 � “��”�� Atelier B ��8 � Architecture��

�� B �� Atelier B �� project�� components ��

��safety��

�� B ��

��B �� B �� B ��B ��

�� B ��


B ��

Atelier B �� B �� 3 ��1) ��2) ��3) ��

��\��

��

��

��

��

��

��

�� B ��


B ��

��

��INCLUDES ��

��

��B ��B ��

��

��

�� B �� B �� B0 ��


B ��

�� B �� B ��

��

• ��• ��

• ��• ��

��

• �� INCLUDES ��• �� IMPORTS ��


��

��

• ��• �� “.” ��• ��

��

��

��

��

��


��

��

INCLUDES ��

INCLUDES �� B �� MN��Minst�� MN �� Minst ��INCLUDES ��

USES ��

�� B �� MN��INCLUDES �� USES ��USES ��

INCLUDES � USES �� INCLUDES � USES


��

IMPORTS ��

IMPORTS �� MN �� M ��M ��M ��

MN �� M �� M �� M�� IMPORTS �� B �� IMPORTS ��

B �� IMPORTS �� B �� IMPORTS ��IMPORTS ��

��

�� IMPORTS �� IMPORTS ��

��

�� IMPORTS �� B ��


��IMPORTS ��

�� IMPORTS �� IMPORTS �� IMPORTS ��


��

�� B �� IMPORTS �� IMPORTS ��

�� B ��

�� IMPORTS ��

SEES ��

SEES �� IMPORTS �� B ��

�� SEES �� IMPORTS ��

�� B �� SEES �� SEES ��

�� B �� B �� SEES �� IMPORTS�� B �� SEES��SEES ��

SEES ��


��

� SEES ��

�� B �� SEES ��Mi�� SEES ��Mi ��

��

��


�� IMPORTS �� USES ��

��

�� B ��IMPORTS �� USES ��

��

�� M0�� I0

�� I0 �� IMPORTS �� M1, M2 � M3��

��M1, M2 � M3 �� B ��

I0 �� IMPORTS �� M1, M2� M3 �� M1,M2 � M3 ��

M0

I0

R0

M2M1 M3

REFINES

IMPORTS

REFINES


��

�� M1, M2� M3�� I1,I2 � I3

�� M1 �� I1 �� M4 � M5

�� I2 ��

�� I3 �� M6

M4, M5 � M6 ��

M6

I6

M2M1 M3

REFINES

IMPORTS

REFINES

I2I1 I3

M5M4

I5I4

��M1, M2, M3, M4, M5, M6 �� M6 �� M3 � I3�� I3 �� M6�� I6 ��

�� B �� B ��


��

��

��

�� 6 ��

��

��

M 0

I 0

R 0

M 2M 1 M 3

R E F I N E S

I M P O R T S

R E F I N E S

M 6

I 6

R E F I N E S

I M P O R T S

R E F I N E S

I 2I 1 I 3

M 5M 4

I 5I 4


��

��

�� REFINES ��/��

M 0I 0

M 2M 1 M 3

I M P O R T S

M 6I 6

I M P O R T S

I 2I 1 I 3

M 5M 4I 5I 4

��


M 0

M 2M 1 M 3

I M P O R T S

M 6

I M P O R T S

M 5M 4


��

��


I0

IMPORTS

I6

IMPORTS

I2I1 I3

I5I4

��

• ��• ��• ��

��

��


B �� USES ��

��

�

�� “�” ��

��

��

��

��

��

��

� B �� SEES ��



�� I1 �I3 �� I2 ��

I2 � SEES ��

I 0

I M P O R T S

I 6

I M P O R T S

I 2I 1 I 3

I 5I 4

��

��

M1 � M3 �� M2��

M2M1 M3

SEES SEES

�� SEES ��M1 � M3 �� M2 ��

�� SEES ��



SEES �� M1 � M3 �� M2 ��

�� SEES ��

�� M2 ��M1 � M3 �� M2 �� M2 ��

�� SEES ��

�� M1 � M3 �� M2 �� I0 �� M2 ��

��

�� M2 ��

�� M1 � M3 �� M2��



� M1 � M3 �� M2 ��

�� M1 � M3 �� M2

�� I1 � I3 ��M2 �� I2�� M2 �� I2 ��

M2M1 M3

SEES SEES

M2R1 R3

M2I1 I3

REFINES

REFINES

�� I1 � I3 �� M2 �� I2 ��

�� M2 �� M2 ��

�� I1 � I3 �� I2 �� M2 �� “��” ��


SEES ��

�� B �� SEES ��

• SEES ��• SEES �� B �� SEES• �� SEES ��IMPORTS�� IMPORTS ��

• � SEES �� IMPORTS ��

�� SEES �� B ��B Book�� 12.2.3 �� D��

• SEES ��

��• SEES �� SEES ��

• ��


SEES ��

SEES ��

• �� M �� N�� M �� M’ �� N�� M’ �� SEES �� N

• SEES �� SEES �� SEES ��

� SEES ��

• ��• ��M �� SEES �� N�� M �� M’

�� SEES �� N�� M’ � N ��

• �� M1 � SEES �� N��N�� M ��

�� SEES ��IMPORTS ��


��

�� “��” ��

��

��

��

��

��

��

M 0I 0

M 2M 1 M 3

I M P O R T S

M 6I 6

I M P O R T S

I 2I 1 I 3

M 5M 4I 5I 4

�� M5 � M6��


��

�� I5-6 ��

��

M 0I 0

M 2M 1 M 3

I M P O R T S

M 6

I M P O R T S

I 2I 1 I 3

M 5M 4

I 5 - 6I 4

R E F I N E S

Atelier B ��Atelier B �� Introduction ��

“The B Language Reference Manual describes the B language supported byAtelier B release 3.6. This language is based on the language presented in TheB-Book, however some progresses such as trees, recursivity or multiplerefinements are not currently supported by B language.”


��

�� 8 ��

MACHINE GoodsSETS GOODSEND

MACHINE PriceSEES GoodsVARIABLES priceINVARIANT price ∈ GOODS → N1INITIALISATION price :∈ GOODS → N1OPERATIONS

setprice(item, pr) =PRE item ∈ GOODS ∧ pr ∈ N1 THEN price(item) := pr END;

pr ←− pricequery(item) =PRE item ∈ GOODS THEN pr := price(item) END

END


MACHINE Shop SEES Goods, PriceVARIABLES takings INVARIANT takings ∈ NINITIALISATION takings := 0OPERATIONS

sale(item) =PRE item ∈ GOODS THEN takings := takings + price(item) END;

tt ←− total = tt := takingsEND

MACHINE CustomerSEES Goods, PriceCONSTANTS limitPROPERTIES limit ∈ GOODS → N1VARIABLES purchasesINVARIANT purchases ∈ P(GOODS)INITIALISATION purchases := {}OPERATIONS

pr ←− buy(item) = PRE item ∈ GOODS ∧ price(item) ≤ limit(item)THEN purchases := purchases ∪ {item} || pr := price(item) END

END


Customer ��

�� Customer ��

purchases��

��

��

��

�� Set�

MACHINE Set(ELEM )VARIABLES setINVARIANT set ⊆ ELEMINITIALISATION set := ∅OPERATIONS

add(elm) =PRE elm ∈ ELEM THEN set := set ∪ {elm} END;

res ←− member(elm) =PRE elm ∈ ELEMTHEN res := bool(elm ∈ set) END;

. . . . . .END

�� Customer


Customer ��

�� IMPORTS �� Set�� Goods � PriceIMPLEMENTATION Customer ImpREFINES CustomerSEES Goods, PriceIMPORTS Set(GOODS)VALUES limit = λ g . (g ∈ GOODS | 1000)INVARIANT set = purchasesOPERATIONS

pr ←− buy(item) =BEGIN

pr ←− pricequery(item);IF pr ≤ limit(item) THEN add(item) END

END

END

�� λ �� limit ��


��

��

�� Fifo ��

MACHINE Fifo(ELEM, capacity)CONSTRAINTS capacity : NAT1VARIABLES contentsINVARIANT contents : seq(ELEM) & size(contents)

��

��

��Archive�� input ��

MACHINEArchive(ELEM)

VARIABLES read, entriesINVARIANT read : NAT & entries : seq(ELEM)INITIALISATION read, entries := 0, []OPERATIONS

enter(elm) =PRE elm : ELEM THEN entries := entries

��

��

��

��

�� Fifo ��

��

�� numberQ��

�� add � remove �� ok �� failed ��

remove �� elem0��

�� remove ��


MACHINE RobustFifo(ELEM, capacity, elem0) /* elem0 �� */CONSTRAINTS capacity : NAT1 & capacity < 1000 & elem0 : ELEMSETS REPORT = {ok, failed}VARIABLES queueINVARIANT queue : seq(ELEM) & (size(queue)

��

��

��

��

• �� Fifo ��Counter ��

• �� Fifo �� RobustFifo ��

�� Counter ��

MACHINE CounterVARIABLES counterINVARIANT counter : NATINITIALISATION counter :: NATOPERATIONS

num 0 THEN counter := counter - 1 END

END


��

��

��

��

��

IMPLEMENTATION RobustFifo_Imp(ELEM, capacity, elem0)REFINES RobustFifoIMPORTS count.Counter, Fifo(ELEM, capacity)INVARIANT count.counter = size(contents) &

count.counter = size(queue) & contents = queueINITIALISATION count.setzero

�� Counter �� PROMOTES � RobustFifo ��




OPERATIONSrpt

��

�� Fifo ��

��

�� capacity ��

��

• ��• ��• ��

��

• ��• �� capacity• ��


��

�� array�� pos �� size ��

�� contents ��

contents = ((array ↓ (pos − 1)) ^ (array ↑ (pos − 1))) ↑ size��

• array ↓ (pos − 1) � array �� pos − 1 ��• array ↓ (pos − 1) �� array �� pos − 1 ��• �� size �� Fifo �� IMPORTS �� Fifo ��

��


��

��

��

��

MACHINE Varray( capacity, VALUE )CONSTRAINTS capacity : NAT1VARIABLES arrayINVARIANT array : 1..capacity --> VALUEINITIALISATION array :: 1..capacity --> VALUEOPERATIONS

set(ind, val) =PRE ind : 1..capacity & val : VALUETHEN array(ind) := val END;

val

��

��

��

MACHINE PosCounter (maximum)CONSTRAINTS maximum : NAT1VARIABLES posINVARIANT pos : NAT1 & pos

Fifo ��


OPERATIONSinput(elm) =VAR sz, ps, pp IN

sz

Documents

B (13)...IMPORTS I5-6 ˘˘ M0 I0 M1 M3M2 M6 IMPORTS I1 I3I2 M4 M5 I4 I5-6 REFINES Atelier B Atelier B Introduction “The B Language Reference Manual describes …