Presentation is loading. Please wait.

Presentation is loading. Please wait.

The B-Method of Formal Specification By: Marshall Leitem.

Published byBeatrice Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "The B-Method of Formal Specification By: Marshall Leitem."— Presentation transcript:

1 The B-Method of Formal Specification By: Marshall Leitem

2 Overview Def’n & Uses of the B-Method Explanation of Abstract Machines Overview of Notations used in B  Source form & publication form Example Models (and how they can integrate)  Piggy Bank  Coffee Shop Questions

3 What is the B-Method? a collection of mathematically based techniques for the specification, design and implementation of software components. Systems are modelled as a collection of interdependent Abstract Machines, for which an object-based approach is employed at all stages of development. B is one of the few formal software development methods that covers the complete software lifecycle, from requirements (specification), through design (refinement) to implementation, code generation, and maintenance.

4 Why use the B-Method? Faults in software may lead to  financial loss, loss of business and reputation  loss of human life, to damage to life and limb  harm to the environment  Litigation High integrity can be achieved through using rigorous, mathematically-based development methods. No court of law can argue negligence if best practice has been thoroughly applied.

5 What has been done with B? The B method has been used in various mission critical applications, for example train control systems and smart cards In some countries the use of formal methods is mandatory for certain critical systems. The most famous and significant use of B is for the control system of the Meteor line, a new driverless train line of the Paris metro opened in October 1998. http://www.siemens-ts.com/pagesUS/realisations/Paris.htm http://www.siemens-ts.com/pagesUS/produits/Meteor.htm The distributed control system handled the critical parts of the central control room, the wayside equipment along the track and on the platform, the onboard train control. The Meteor system was developed by Matra Transport, now owned by Siemens. The fol- lowing pages on the Siemens site mention the B-Method in connection with Safety and Innovation http://www.siemens-ts.com/pagesUS/Engagements/Securite.htm http://www.siemens-ts.com/pagesUS/Engagements/Innovation.htm The use of B was mandated by the Paris transit authority, RATP.

6 What is Abstract Machines? An Abstract Machine is described using the Abstract Machine Notation (AMN). A uniform notation is used at all levels of description, from specification, through design, to implementation.

7 Abstract Machines B uses Abstract Machines which are machines that encapsulate:  State - consisting of a set of variables constrained by an invariant  Operations - operations may change the state, while maintaining the invariant, and may return a sequence of results.

8 What is Abstract Machines? (cont) AMN is a state-based formal specification language in the same school as VDM and Z. An Abstract Machine comprises a state together with operations on that state. In a specification and a design of an Abstract Machine the state is modelled using notions like sets, relations, functions, sequences etc.. The operations are modelled using Pre- and Post-conditions using AMN

9 Notation All components of a B development will have a source form, used to specify machines, and a publication form, used in documentation.

10 Source Form The notation for the source form will be ascii. Example: account : ACCOUNT This means the variable account is an element of the set ACCOUNT.

11 Publication Form The notation for publication is known as the LATEX markup, used in mathematical documents. Example: account Є ACCOUNT This has the same meaning as the ascii example.

12 Note on Machine Variables in B Machine variables in B must have at least 2 characters. Example: xx is a valid variable while x is not.

13 Abstract Machine Notation (AMN) Used to describe abstract machines AMN gives B an appearance and a feel of a programming language, although the level of abstraction is not changed.

14 A Simple Model As a first simple model we will take a simple coffee club, but we will do it in two steps. First we will model a “piggy bank” into which we can feed money and also take money out. In our model we will use a variable piggybank whose value is a natural number, representing the contents in cents.

15 A Simple Model (cont.) In our model we will also use operations:  FeedBank(amount) add amount to the piggy bank;  RobBank(amount) take amount out of the piggy bank;  Money ← CashLeft an enquiry operation that returns, in money, the total of the contents of the piggy bank.

16 Let’s step through the specification of a machine that “owns” and manages the piggy bank MACHINE PiggyBankThe name of the machine is PiggyBank VARIABLES piggybankWe need a variable piggybank INVARIANT piggybank : NATpiggybank is a natural number INITIALISATION piggybank := 0We will start with piggybank set to 0 OPERATIONSNow we have the operations FeedBank(amount)= We need an operation FeedBank with a single argument amount PRE amount : NATAmount is a natural number THEN piggybank := piggybank + amountWe set piggybank piggybank + amount END;end of preconditioned substitution

17 RobBank(amount)=now operation RobBank with a single argument amount PRE amount : NAT amount is a natural number THEN piggybank := piggybank – amount we set piggybank END;end of substitution Money <- - CashLeft=an operation CashLeft that returns a value which is the amount in piggybank BEGIN money := piggybank END set the return value money to piggybank ENDend of machine.

18 Let’s put that all together and show the machine marked up.

19 Invariant and Preconditions The invariant of a machine is an expression of safety or integrity conditions. Satisfying the invariant should ensure the integrity or consistency of the information modelled by the state of a machine. It is desired that the invariant is as strong as possible, and the precondition is as weak as possible

20 Modelling a Coffee Club We will now model a coffee club with the following facilities for members:  Joining – a person can join the club  Contributing – members can contribute money to the club. This is used to increase the credit of the member, which is used to pay for cups of coffee.  Buy – a member can buy a cup of coffee, the price is deducted from the member’s credit.  Credit – a member can obtain their current credit balance.

21 A CoffeeClub Machine The PiggyBank machine is included in this machine. This embeds the state of PiggyBank into this machine, and gives CoffeeClub access to the operations of PiggyBank. A constant coffee is used for the cost of a cup of coffee.

22

23

24 Tools The B-Tool is a language interpreter and a run-time environment for supporting B. The B-Toolkit is a set of integrated tools which fully supports the B-Method for formal software development, built on top of the B-Tool.

25 Advantages of Software Can automatically check for mistakes in your code. Can generate source code from your specification The B-Toolkit generates C code.

26 Questions?

Download ppt "The B-Method of Formal Specification By: Marshall Leitem."

Similar presentations

Where Agile Meets Formal Methods

Where Agile Meets Formal Methods
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.
Design by Contract.

Design by Contract.
Formal Methods in Software Engineering

Formal Methods in Software Engineering
Component Oriented Programming 1 Chapter 2 Theory of Components.

Component Oriented Programming 1 Chapter 2 Theory of Components.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
© Colin Potts C6-1 Some future trends in requirements engineering Colin Potts Georgia Tech.

© Colin Potts C6-1 Some future trends in requirements engineering Colin Potts Georgia Tech.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
SD3049 Formal Methods Module Leader Dr Aaron Kans Module website www.homepages.uel.ac.uk/A.Kans/sd3049.

SD3049 Formal Methods Module Leader Dr Aaron Kans Module website
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
UML – Class Diagrams.

UML – Class Diagrams.
Chapter 15 Design, Coding, and Testing. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 15-2 Design Document The next step in the Software.

Chapter 15 Design, Coding, and Testing. Copyright © 2005 Pearson Addison-Wesley. All rights reserved Design Document The next step in the Software.
Knowledge and Systems Research Group, University of Huddersfield B vs OCL: Comparing Specification Languages for Planning Domains Diane Kitchin, Lee McCluskey,

Knowledge and Systems Research Group, University of Huddersfield B vs OCL: Comparing Specification Languages for Planning Domains Diane Kitchin, Lee McCluskey,
Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Similar presentations

Ads by Google