Automatisation des preuves pour la vérification des règles de l'Atelier B / Proof Automation for Atelier B Rules Verification

Jacquel, Mélanie

23 April 2013

Cette thèse porte sur la vérification des règles ajoutées de l'Atelier B en utilisant une plate-forme appelée BCARe qui repose sur un plongement de la théorie sous-jacente à la méthode B (théorie de B) dans l'assistant à la preuve Coq. En particulier, nous proposons trois approches pour prouver la validité d'une règle, ce qui revient à prouver une formule exprimée dans la théorie de B. Ces trois approches ont été évaluées sur les règles de la base de règles de SIEMENS IC-MOL. La première approche dite autarcique est développée avec le langage de tactiques de Coq Ltac.  Elle repose sur une première étape qui consiste à déplier tous les opérateurs ensemblistes pour obtenir une formule de la logique du premier ordre. Puis nous appliquons une procédure de décision qui met en oeuvre une heuristique naïve en ce qui concerne les instanciations. La deuxième approche, dite sceptique,appelle le prouveur automatique de théorèmes Zenon après avoir effectué l'étape de normalisation précédente. Nous vérifions ensuite les preuves trouvées par Zenon dans le plongement profond de B en Coq.  La troisième approche évite l'étape de normalisation précédente grâce à une extension de Zenon utilisant des règles d'inférence spécifiques à la théorie de B. Ces règles sont obtenues grâce à la technique de superdéduction. Cette dernière approche est généralisée en une extension de Zenon à toute théorie grâce à un calcul dynamique des règles de superdéduction. Ce nouvel outil, appelé Super Zenon, peut par exemple prouver des problèmes issus de la bibliothèque de problèmes TPTP. / The purpose of this thesis is the verification of Atelier B added rules using the framework named BCARe which relies on a deep embedding of the B theory within the logic of the Coq proof assistant. We propose especially three approaches in order to prove the validity of a rule, which amounts to prove a formula expressed in the B theory. These three approaches have been assessed on the rules coming from the rule database maintained by Siemens IC-MOL.  To do so, the first approach, so-called autarkic approach, is developed thanks to the Coq tactic language, Ltac. It rests upon a first step which consists in unfolding the set operators so as to obtain a first order formula.  A decision procedure which implements an heuristic is applied afterwards to deal with instantiation.  We propose a second approach, so-called skeptic approach, which uses the automated first order theorem prover Zenon, after the previous normalization step has been applied.  Then we verify the Zenon proofs in the deep embedding of B in Coq. A third approach consists in using anextension of Zenon to the B method thanks to the superdeduction. Superdeduction allows us to add the axioms of the B theory by means of deduction rules in the proof mechanism of Zenon. This last approach is generalized in an extension of Zenon to every theory thanks to a dynamic calculus of the superdeduction rules. This new tool, named Super Zenon, is able to prove problems coming from the problem library TPTP, for example.

Vérification

Déduction automatique

Superdéduction

Méthode B

Règles de l'Atelier B

Coq

Verification

Automated Theorem Proving

Superdéduction

B Method

Atelier B Rules

Zenon

004

Automated deduction and proof certification for the B method / Déduction automatique et certification de preuve pour la méthode B

Halmagrand, Pierre

10 December 2016

La Méthode B est une méthode formelle de spécification et de développement de logiciels critiques largement utilisée dans l'industrie ferroviaire. Elle permet le développement de programmes dit corrects par construction, grâce à une procédure de raffinements successifs d'une spécification abstraite jusqu'à une implantation déterministe du programme. La correction des étapes de raffinement est garantie par la vérification de la correction de formules mathématiques appelées obligations de preuve et exprimées dans la théorie des ensembles de la Méthode B. Les projets industriels utilisant la Méthode B génèrent généralement des milliers d'obligation de preuve. La faisabilité et la rapidité du développement dépendent donc fortement d'outils automatiques pour prouver ces formules mathématiques. Un outil logiciel, appelé Atelier B, spécialement développé pour aider au développement de projet avec la Méthode B, aide les utilisateurs a se décharger des obligations de preuve, automatiquement ou interactivement. Améliorer la vérification automatique des obligations de preuve est donc une tache importante. La solution que nous proposons est d'utiliser Zenon, un outils de déduction automatique pour la logique du premier ordre et qui implémente la méthode des tableaux. La particularité de Zenon est de générer des certificats de preuve, des preuves écrites dans un certain format et qui permettent leur vérification automatique par un outil tiers. La théorie des ensembles de la Méthode B est une théorie des ensembles en logique du premier ordre qui fait appel à des schémas d'axiomes polymorphes. Pour améliorer la preuve automatique avec celle-ci, nous avons étendu l'algorithme de recherche de preuve de Zenon au polymorphisme et à la déduction modulo théorie. Ce nouvel outil, qui constitue le cœur de notre contribution, est appelé Zenon Modulo. L'extension de Zenon au polymorphisme nous a permis de traiter, efficacement et sans encodage, les problèmes utilisant en même temps plusieurs types, par exemple les booléens et les entiers, et des axiomes génériques, tels ceux de la théorie des ensembles de B. La déduction modulo théorie est une extension de la logique du premier ordre à la réécriture des termes et des propositions. Cette méthode est parfaitement adaptée à la recherche de preuve dans les théories axiomatiques puisqu'elle permet de transformer des axiomes en règles de réécriture. Par ce moyen, nous passons d'une recherche de preuve dans des axiomes à du calcul, réduisant ainsi l'explosion combinatoire de la recherche de preuve en présence d'axiomes et compressant la taille des preuves en ne gardant que les étapes intéressantes. La certification des preuves de Zenon Modulo, une autre originalité de nos travaux, est faite à l'aide de Dedukti, un vérificateur universel de preuve qui permet de certifier les preuves provenant de nombreux outils différents, et basé sur la déduction modulo théorie. Ce travail fait parti d'un projet plus large appelé BWare, qui réunit des organismes de recherche académique et des industriels autour de la démonstration automatique d'obligations de preuve dans l'Atelier B. Les partenaires industriels ont fournit à BWare un ensemble d'obligation de preuve venant de vrais projets industriels utilisant la Méthode B, nous permettant ainsi de tester notre outil Zenon Modulo.Les résultats expérimentaux obtenus sur cet ensemble de référence sont particulièrement convaincant puisque Zenon Modulo prouve plus d'obligation de preuve que les outils de déduction automatique de référence au premier ordre. De plus, tous les certificats de preuve produits par Zenon Modulo ont été validés par Dedukti, nous permettant ainsi d'être très confiant dans la correction de notre travail. / The B Method is a formal method heavily used in the railway industry to specify and develop safety-critical software. It allows the development of correct-by-construction programs, thanks to a refinement process from an abstract specification to a deterministic implementation of the program. The soundness of the refinement steps depends on the validity of logical formulas called proof obligations, expressed in a specific typed set theory. Typical industrial projects using the B Method generate thousands of proof obligations, thereby relying on automated tools to discharge as many as possible proof obligations. A specific tool, called Atelier B, designed to implement the B Method and provided with a theorem prover, helps users verify the validity of proof obligations, automatically or interactively. Improving the automated verification of proof obligations is a crucial task for the speed and ease of development. The solution developed in our work is to use Zenon, a first-orderlogic automated theorem prover based on the tableaux method. The particular feature of Zenon is to generate proof certificates, i.e. proof objects that can be verified by external tools. The B Method is based on first-order logic and a specific typed set theory. To improve automated theorem proving in this theory, we extend the proof-search algorithm of Zenon to polymorphism and deduction modulo theory, leading to a new tool called Zenon Modulo which is the main contribution of our work. The extension to polymorphism allows us to deal with problems combining several sorts, like booleans and integers, and generic axioms, like B set theory axioms, without relying on encodings. Deduction modulo theory is an extension of first-order logic with rewriting both on terms and propositions. It is well suited for proof search in axiomatic theories, as it turns axioms into rewrite rules. This way, we turn proof search among axioms into computations, avoiding unnecessary combinatorial explosion, and reducing the size of proofs by recording only their meaningful steps. To certify Zenon Modulo proofs, we choose to rely on Dedukti, a proof-checker used as a universal backend to verify proofs coming from different theorem provers,and based on deduction modulo theory. This work is part of a larger project called BWare, which gathers academic entities and industrial companies around automated theorem proving for the B Method. These industrial partners provide to BWare a large benchmark of proof obligations coming from real industrial projects using the B Method and allowing us to test our tool Zenon Modulo. The experimental results obtained on this benchmark are particularly conclusive since Zenon Modulo proves more proof obligations than state-of-the-art first-order provers. In addition, all the proof certificates produced by Zenon Modulo on this benchmark are well checked by Dedukti, increasing our confidence in the soundness of our work.

Déduction Automatique

Déduction Modulo Théorie

Méthode B

Certification de Preuve

Méthode des Tableaux

Automated Deduction

Deduction Modulo Theory

B Method

Proof Certification

Tableaux Method

005.12

Preuves d’algorithmes distribués par raffinement

Tounsi, Mohamed

04 July 2012

Dans cette thèse, nous avons étudié et développé un environnement de preuve pour les algorithmes distribués. Nous avons choisi de combiner d’une part l’approche "correct-par-construction" basée sur la méthode "B évènementielle" et d’autre part les calculs locaux comme un outil de codage et de preuve d’algorithmes distribués. Ainsi, nous avons proposé un patron et une approche qui caractérisent d’une façon incrémentale une démarche générale de preuve de plusieurs classes d’algorithmes distribués. Les solutions proposées sont validées et implémentées par un outil de preuve appelé B2Visidia. / In this thesis, we have studied and developed a proof environment for distributed algorithms. We have chosen to combine the “correct-by-construction” approach based on the “Event-B” method and the local computations models. These models define abstract computing processes for solving problems by distributed algorithms. Thus, we have proposed a pattern and an approach to characterize a general approach to prove several classes of distributed algorithms. The proposed solutions are implemented by a tool called B2Visidia.

Algorithmes distribués

Calculs locaux

Technique du raffinement

Méthodes formelles

Méthode B évènementielle

Visidia

Distributed algorithms

Local computations

Refinement technique

Formal Methods

Event-B method

Visidia

Beta: uma ferramenta para gera??o de testes de unidade a partir de especifica??es B

Matos, Ernesto Cid Brasil de

10 February 2012

Made available in DSpace on 2014-12-17T15:48:00Z (GMT). No. of bitstreams: 1 ErnestoCBM_DISSERT.pdf: 1152535 bytes, checksum: a61c509f155d27fa9ab04bc69c4607e8 (MD5) Previous issue date: 2012-02-10 / Coordena??o de Aperfei?oamento de Pessoal de N?vel Superior / Formal methods and software testing are tools to obtain and control software quality. When used together, they provide mechanisms for software specification, verification and error detection. Even though formal methods allow software to be mathematically verified, they are not enough to assure that a system is free of faults, thus, software testing techniques are necessary to complement the process of verification and validation of a system. Model Based Testing techniques allow tests to be generated from other software artifacts such as specifications and abstract models. Using formal specifications as basis for test creation, we can generate better quality tests, because these specifications are usually precise and free of ambiguity. Fernanda Souza (2009) proposed a method to define test cases from B Method specifications. This method used information from the machine s invariant and the operation s precondition to define positive and negative test cases for an operation, using equivalent class partitioning and boundary value analysis based techniques. However, the method proposed in 2009 was not automated and had conceptual deficiencies like, for instance, it did not fit in a well defined coverage criteria classification. We started our work with a case study that applied the method in an example of B specification from the industry. Based in this case study we ve obtained subsidies to improve it. In our work we evolved the proposed method, rewriting it and adding characteristics to make it compatible with a test classification used by the community. We also improved the method to support specifications structured in different components, to use information from the operation s behavior on the test case generation process and to use new coverage criterias. Besides, we have implemented a tool to automate the method and we have submitted it to more complex case studies / M?todos formais e testes s?o ferramentas para obten??o e controle de qualidade de software. Quando utilizadas em conjunto, elas prov?em mecanismos para especifica??o, verifica??o e detec??o de falhas de um software. Apesar de permitir que sistemas sejam matematicamente verificados, m?todos formais n?o s?o suficientes pra garantir que um sistema esteja livre de defeitos, logo, t?cnicas de teste de software s?o necess?rias para completar o processo de verifica??o e valida??o de um sistema. T?cnicas de Testes Baseados em Modelos permitem que testes sejam gerados a partir de outros artefatos de software como especifica??es e modelos abstratos. Ao utilizarmos especifica??es formais como base para a cria??o de testes, podemos gerar testes de melhor qualidade pois estas especifica??es costumam ser precisas e livres de ambiguidade. Fernanda Souza (2009) prop?s um m?todo para definir casos de teste a partir de especifica??es do M?todo B. Este m?todo utilizava informa??es do invariante de uma m?quina e das pr?-condi??es de uma opera??o para definir casos de teste positivos e negativos para tal opera??o, atrav?s de t?cnicas baseadas em particionamento em classes de equival?ncia e an?lise de valor limite. No entanto, a proposta de 2009 n?o inclu?a automa??o e possu?a algumas defici?ncias conceituais como, por exemplo, n?o se encaixar exatamente em uma classifica??o de crit?rios de cobertura bem definida. Iniciamos nosso trabalho com um estudo de caso que aplicou o m?todo a um exemplo de especifica??o B proveniente da ind?stria. A partir deste estudo obtivemos subs?dios para o aperfei?o?-lo. Em nosso trabalho aperfei?oamos o m?todo proposto, reescrevendo e adicionando caracter?sticas para torn?-lo compat?vel com uma classifica??o de testes utilizada pela comunidade. O m?todo tamb?m foi melhorado para suportar especifica??es estruturadas em v?rios componentes, utilizar informa??es sobre o comportamento da opera??o durante a cria??o de casos de teste e utilizar novos crit?rios de cobertura. Al?m disso, implementamos uma ferramenta para automatiz?-lo e o submetemos a estudos de caso mais complexos

engenharia de software

m?todo B

testes de software

testes baseados em modelos

testes de unidade

software engineering

B method

software testing

model based testing

unit testing

Formal verification of PLC programs using the B Method / Formal verification of PLC programs using the B method

Barbosa, Haniel Moreira

01 November 2012

Made available in DSpace on 2014-12-17T15:48:03Z (GMT). No. of bitstreams: 1 HanielMB_DISSERT.pdf: 4925062 bytes, checksum: b4c15cc32318b96fa9ccd3be61b6e7e6 (MD5) Previous issue date: 2012-11-01 / PLCs (acronym for Programmable Logic Controllers) perform control operations, receiving information from the environment, processing it and modifying this same environment according to the results produced. They are commonly used in industry in several applications, from mass transport to petroleum industry. As the complexity of these applications increase, and as various are safety critical, a necessity for ensuring that they are reliable arouses. Testing and simulation are the de-facto methods used in the industry to do so, but they can leave flaws undiscovered. Formal methods can provide more confidence in an application s safety, once they permit their mathematical verification. We make use of the B Method, which has been successfully applied in the formal verification of industrial systems, is supported by several tools and can handle decomposition, refinement, and verification of correctness according to the specification. The method we developed and present in this work automatically generates B models from PLC programs and verify them in terms of safety constraints, manually derived from the system requirements. The scope of our method is the PLC programming languages presented in the IEC 61131-3 standard, although we are also able to verify programs not fully compliant with the standard. Our approach aims to ease the integration of formal methods in the industry through the abbreviation of the effort to perform formal verification in PLCs / Controladores L?gico Program?veis (PLCs Programmable Logic Controllers, em ingl?s) desempenham fun??es de controle, recebendo informa??es do ambiente, processando-as e modificando este ambiente de acordo com os resultados obtidos. S?o comumente utilizados na ind?stria nas mais diversas aplica??es, do transporte de massa ? ind?stria do petr?leo, g?s e energias renov?veis. Com o crescente aumento da complexidade dessas aplica??es e do seu uso em sistemas cr?ticos, faz-se necess?ria uma forma de verifica??o que propicie mais confian?a do que testes e simula??o, padr?es mais utilizados na ind?stria, mas que podem deixar falhas n?o tratadas. M?todos formais podem prover maior seguran?a a este tipo de sistema, uma vez que permitem a sua verifica??o matem?tica. Neste trabalho fazemos uso do M?todo B, que ? usado com sucesso na ind?stria para a verifica??o de sistemas cr?ticos, possui amplo apoio ferramental e suporte ? decomposi??o, refinamento e verifica??o de corretude em rela??o ? especifica??o atrav?s de obriga??es de prova. O m?todo desenvolvido e apresentado aqui consiste em gerar automaticamente modelos B a partir de programas para PLCs e verific?-los formalmente em rela??o a propriedades de seguran?a, estas derivadas manualmente a partir dos requisitos do sistema. O escopo do trabalho s?o as linguagens de programa??o para PLCs do padr?o IEC 61131-3, mas sistemas com linguagens que apresentem modifica??es em rela??o ao padr?o tamb?m s?o suportados. Esta abordagem visa facilitar a integra??o de m?todos formais na ind?stria atrav?s da diminui??o do esfor?o para realizar a verifica??o formal de PLCs