what is the b method
play

What is the B-method? Welcome to Provably Correct Software - PDF document

Jun 22, 2023 •350 likes •545 views

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated

  1. What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated 2008-03-18 Provably Correct Software Page 2 Updated 2008-03-18 What is the B-method (really)? The software development process • Requirements capture The B-method is a formal method used for • Specification • Formal specification of software (using the Abstract Machine Traditionally done using plain language, diagrams, tables ... Notation – AMN ) • Validation (are we building the right system?) • Writing executable programs (using the B0 subset of AMN) Traditionally done by inspection, prototyping ... • Proving consistency of specifications and correctness of programs • Design Characteristics: Specify the architecture and data structures of the software • Model-based specification • Implementation • Refinement Programs written in a programming language • Verification (are we building the system right?) The B-method is supported by software tools such as Traditionally done by testing • Atelier B • Debugging • B-Toolkit Try to find out where the program goes wrong • ProB Provably Correct Software Page 3 Updated 2008-03-18 Provably Correct Software Page 4 Updated 2008-03-18 The role of B in software development Model-based specification • Requirements capture The specification gives a mathematical model of the data the • Specification program uses and describes the function of the program in terms of Wholly or in part written in AMN. mathematical operations on that data. • Validation (are we building the right system?) Consider a stack : Proving correctness theorems, animating the specification... • A stack can be modelled as a sequence of objects . • Design • Assume that the top element is always the last element of the Design specifications wholly or in part written in AMN. sequence. • Implementation • Pushing an item onto the stack means the same as adding it to the Programs written in the B0 subset of the AMN. end of the sequence. • Verification (are we building the system right?) • Popping an object off the stack means removing the last element Refinement proof. Testing should not be needed. from the sequence. • Debugging You don � t need this (at least not in the traditional sense) Provably Correct Software Page 5 Updated 2008-03-18 Provably Correct Software Page 6 Updated 2008-03-18

  2. A stack in B (simplified) B ensures error-free execution • There must be a size limit for the stack (as computer memory is A stack can be formally specified by the following B specification finite) machine (or abstract machine) written in AMN. • There must be preconditions on the operators to make sure that MACHINE Stack SETS ELEMENTS they are well-defined. (What happens if you pop an empty stack?) VARIABLES stack INVARIANT stack:seq(ELEMENTS) INITIALISATION stack := <> OPERATIONS xx <-- get = xx := last(stack); push(xx) = stack := stack<-xx; pop = stack := front(stack) END Actually, you would not be able to develop a program conforming to this specification because some important things are missing. Can you see what? (Think about the Prog. Methodology 1 course...) Provably Correct Software Page 7 Updated 2008-03-18 Provably Correct Software Page 8 Updated 2008-03-18 A better specification Implementing Stacks – refinement MACHINE Stack The stack specification does not concern itself with implementation CONSTANTS maxsize SETS ELEMENTS details. Stacks are actually implemented by a B implementation PROPERTIES maxsize:NAT VARIABLES stack machine . This machine must be a refinement of the specification. INVARIANT stack:seq(ELEMENTS) & size(stack)<=maxsize INITIALISATION stack := <> Intuitively, a refinement is something which is the same but more OPERATIONS xx <-- get = PRE stack /= <> concrete . For example: THEN xx := last(stack) END; • undetermined things (e.g. maximum stack size) are decided push(xx) = PRE xx:ELEMENTS & size(stack)<maxsize THEN stack := stack<-xx • algorithms are provided for abstract operations (e.g. a quantified END; pop = PRE stack /= <> expression can be refined by a loop). THEN stack := front(stack) • an operation can be implemented in terms of other simpler END END operations (stepwise refinement). NAT is the set of implementable natural numbers (has upper limit). • mathematical objects like sequences are replaced by B guarantees that preconditions are satisfied when operations are implementable objects like arrays. used ( design by contract ). Provably Correct Software Page 9 Updated 2008-03-18 Provably Correct Software Page 10 Updated 2008-03-18 A stack implementation Sequence of refinements IMPLEMENTATION StackI Sometimes the step from specification to implementation is too REFINES Stack VALUES ELEMENTS = INT; maxsize = 100 large. The refinement can then be done as a series of smaller CONCRETE_VARIABLES array, currentsize INVARIANT array:(1..maxsize)-->ELEMENTS & refinements. The intermediate stages are represented by B currentsize:0..maxsize & !ii.(ii:1..currentsize => refinement machines . stack(ii) = array(ii)) & currentsize = size(stack) In the sequence of refinements, the machines get successively INITIALISATION array := (1..maxsize)*{0}; currentsize := 0 OPERATIONS more concrete, until the implementation machine is reached. xx <-- get = xx := array(currentsize); push(xx) = BEGIN currentsize := currentsize+1; array(currentsize) := xx END; pop = currentsize := currentsize-1 END The stack is stored as an array. When items are pushed on the stack, they are stored in successive array elements. (If you are curious – identifiers must have at least 2 characters.) Provably Correct Software Page 11 Updated 2008-03-18 Provably Correct Software Page 12 Updated 2008-03-18

  3. Algebraic specification Atelier B A different specification technique is to give equations that describe We will use the Atelier B tool. It can: what properties the operations should have. A stack could be • Do syntax and type checking of B machines specified by the following (in)equations: (assuming s ranges over • Generate proof obligations for the consistency of machines stacks, e over elements and empty represents the empty stack). • Generate proof obligations for refinements get(push(s,e)) = e • Prove most proof obligations pop(push(s,e)) = s • Translate implementation machines into C (or C++ or ADA) push(s,e) � empty • Generate basic documentation of machines get(empty) � e • Manage projects with many developers pop(empty) � s See the course web site for instructions on how to run Atelier B! B is not intended for algebraic specifications, but you can with Atelier B is a commercial product used in industrial software difficulty abuse the notation to write such specifications. development. (Unfortunatelty the graphical user interface is somewhat primitive.) Provably Correct Software Page 13 Updated 2008-03-18 Provably Correct Software Page 14 Updated 2008-03-18 ProB About the B-method We will also use the ProB tool to validate specifications. The B method was developed with practical software development Some things it can do: in mind. It brings together ideas from various areas of computer science (and mathematics). Some of them are: • Animate B specification machines • Check internal consistency of a machine by automatic testing • Axiomatic set theory (Zermelo-Fraenkel) • Model-based specifications (Z, VDM-SL) ProB is research software under development. • Pre- and postconditions • It does not implement the full AMN, so not all B specifications • Design by contract can be animated. • Invariants • It requires limites ranges of numbers and sizes of sets to work. • Guarded commands • It does give a very clear view of what the B machine is doing. • Weakest precondition semantics See the course web site for instructions on how to run ProB! • Hoare logic (axiomatic semantics) • Refinement calculus • Stepwise refinement Provably Correct Software Page 15 Updated 2008-03-18 Provably Correct Software Page 16 Updated 2008-03-18 The course The projects • Suggest a small programming task. Get the instructor � s approval. • Lectures outline the material and point out important issues. • Write a B specification machine (or machines) • Students study the details from the textbook and other sources • Validate it, prove its consistency (web resources, research papers…) • Write a B implementation machine (or machines) • Weekly seminars with presentations by students and discussions. • Prove that it is a refinement (possibly using intermediate refinement • During the course groups of 2 (or 3) students carry out a program machines) development project including specification, implementation and • Generate an executable program and run it. Is it bug-free? proof. • Write a project report! • No proper exam. The seminars can be seen as an ongoing oral exam. Provably Correct Software Page 17 Updated 2008-03-18 Provably Correct Software Page 18 Updated 2008-03-18

Recommend

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem

The Scientific Method The Scientific Method The Scientific Method involves 6 steps: Problem /Question Research Hypothesis Experiment Data (Results /Observation) Conclusion The Scientific Method The scientific method idea is the method on

310 views • 11 slides
Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to

Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to

Model Generation Method 2ai The Model Generation (MG) method is an easy method for humans to apply, but it has not been so widely implemented as DP. Similar to DP, MG returns True if given clauses are satisfiable . AUTOMATED REASONING MG

79 views • 7 slides
Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method

Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method

Method Handles Everywhere! Charles Oliver Nutter @headius Method Handles What are method handles? Why do we need them? What's new for method handles in Java 9? InvokeBinder primer Something crazy? Method Handles? History

886 views • 55 slides
* 1 Sequence data Sequence data * 2 Align Sequences Align Sequences 2. The dataset

* 1 Sequence data Sequence data * 2 Align Sequences Align Sequences 2. The dataset

Inferring trees is difficult!!! MODELS OF PROTEIN EVOLUTION: 1. The method problem AN INTRODUCTION TO AMINO ACID EXCHANGE MATRICES A Method 1 Method 1 Dataset 1 Dataset 1 B ? C A Robert Hirt Method 2 Method 2 Department of Zoology,

373 views • 13 slides
Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method :

Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method :

2020/5/20 @ R-CCS Thermodynamics of 2+1 flavor QCD with the SF t X method based on the gradient flow SF t X method : small flow-time expansion method WHOT-QCD Collaboration: K. Kanaya, Y. Taniguchi, A. Baba, A. Suzuki (Univ. Tsukuba) S.

926 views • 50 slides
How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to determine the truth. New theories become accepted when enough evidence is found to prove them, not because well respected scientists propose them. You

591 views • 24 slides
Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero

Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero

Computational Optimization Newtons Method 2/5/08 Newtons Method Method for finding a zero of a function. Recall FONC = f x ( ) 0 For quadratic case: = + 1 g x ( ) xQx bx 2 = + = g x ( ) Qx b 0 =

477 views • 24 slides
How to Memorize Numbers A brief summary of the Peg System 1. Numbers are very difficult to

How to Memorize Numbers A brief summary of the Peg System 1. Numbers are very difficult to

Dynamic Memory Workshop CA Srinivas Vakati | +91 9769064199 | Srinivas@srinivasvakati.com Techniques for Memorizing 1. Linking method / Story method 2. Memory Palace Method 3. Peg Method Rules of Memory ICU 1. Imagination/ Visualization

43 views • 3 slides
Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method Amortized Analysis Potential Method Examples : Binary Counter and Dynamic Table http://www.cp.eng.chula.ac.th/faculty/spj Cost of A Sequence of

332 views • 14 slides
Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method

Outline Analysis of Algorithms Definition Aggregate Method Accounting Method Amortized Analysis Potential Method Examples : Binary Counter and Dynamic Table http://www.cp.eng.chula.ac.th/faculty/spj Cost of A Sequence of

379 views • 21 slides
Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse

Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse

Acceptance-Rejection Method Acceptance-Rejection method The acceptance-rejection method is usually used when the inverse transform method is not directly applicable or is inefficient. To simulate a sample x of X with pdf f X . Aim: 1 Consider a

930 views • 26 slides
Income ome A Appr pproach Three methods to determine: Summation Method (build-up method)

Income ome A Appr pproach Three methods to determine: Summation Method (build-up method)

Income ome A Appr pproach Three methods to determine: Summation Method (build-up method) Band-of-Investment Method Market Comparison Method 1 Income ome A Appr pproach Recapture Rate percentage that allows for return

852 views • 56 slides
The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1

The boundary element method discretised with the space-time method for the heat equation in 2D 1 Kazuki Niino, Olaf Steinbach TU Graz 2 Background Space-time method for a BEM Flexible mesh Stability Large coefficient matrix

286 views • 27 slides
How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has

How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue November 18, 2016 In this class you should learn: How to debug Two more methods: Heuns method ODE methods and the RK4 method (book has Simpsons

165 views • 5 slides
Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c

Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c

Logic of the Scientific Method s e d i l S 2 n o i s s e S - - 0 4 2 k W c S 2 Introduc Intr oduction to the tion to the Sc Scie ientif ntific ic Me Method thod Basic sic R Requir quirements: nts:

142 views • 12 slides
Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be

Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be

2/14/16 Preliminaries: programming as a contract n Specifying what each method does Recursion q Specify it in a comment before method's header n Precondition q What is assumed to be true before the method is executed q Caller obligation Chapter

460 views • 9 slides
The Statistical Method Will Perkins February 24, 2013 What is statistics? A method for

The Statistical Method Will Perkins February 24, 2013 What is statistics? A method for

The Statistical Method Will Perkins February 24, 2013 What is statistics? A method for answering questions using data Qualitative and Quantitative answers Based on probability theory A Simple Example Question: Is this coin a fair coin? How

224 views • 18 slides
A new adaptative numerical method for kinetic equation St ephane Brull, Louis Forestier-Coste,

A new adaptative numerical method for kinetic equation St ephane Brull, Louis Forestier-Coste,

BGK Model Standard method Presentation of the method (1D) 2D method Conclusions A new adaptative numerical method for kinetic equation St ephane Brull, Louis Forestier-Coste, Luc Mieussens MNMCFF2014 - Beijing May 21-27, 2014

853 views • 68 slides
The Suzuki Method More than music Nurtured by Love A. What does the Suzuki Method offer that

The Suzuki Method More than music Nurtured by Love A. What does the Suzuki Method offer that

The Suzuki Method More than music Nurtured by Love A. What does the Suzuki Method offer that is different to other methods? A safe and loving environment that provides your child with care and individual attention to grow and develop with

206 views • 6 slides
Randomness in Computing L ECTURE 21 Last time Probabilistic method Sample and Modify

Randomness in Computing L ECTURE 21 Last time Probabilistic method Sample and Modify

Randomness in Computing L ECTURE 21 Last time Probabilistic method Sample and Modify The Second Moment Method Today Probabilistic method The Second Moment Method Conditional expectation inequality Lovasz Local Lemma

316 views • 16 slides
Chapter 2: Method of Alterations The Probabilistic Method Summer 2020 Freie Universitt Berlin

Chapter 2: Method of Alterations The Probabilistic Method Summer 2020 Freie Universitt Berlin

Chapter 2: Method of Alterations The Probabilistic Method Summer 2020 Freie Universitt Berlin Chapter Overview Introduce the method of alterations 1 Ramsey Revisited Chapter 2: Method of Alterations The Probabilistic Method

656 views • 54 slides
Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications

Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications

Large-scale electronic structure methods Introduction Lanczos method 1D tight-binding model O(N) Krylov subspace method Applications Outlook Taisuke Ozaki (ISSP, Univ. of Tokyo) The Summer School on DFT: Theories and

689 views • 55 slides
Overview/Status of the Bottle Overview/Status of the Bottle Method Method Amherst, Sep. 19,

Overview/Status of the Bottle Overview/Status of the Bottle Method Method Amherst, Sep. 19,

Overview/Status of the Bottle Overview/Status of the Bottle Method Method Amherst, Sep. 19, 2014 Albert Steyerl Department of Physics University of Rhode Island Kingston, RI 02881 Measurement Principle Storage of UCNs (or VCNs) by means

766 views • 53 slides
Comparison of the TDCR method and the CIEMAT/NIST method for the activity determination of beta

Comparison of the TDCR method and the CIEMAT/NIST method for the activity determination of beta

Comparison of the TDCR method and the CIEMAT/NIST method for the activity determination of beta emitting nuclides Ole Nhle and Karsten Kossert Physikalisch-Technische Bundesanstalt (PTB), Braunschweig, Germany LSC 2010, Advances in Liquid

604 views • 26 slides

More recommend