Abstract
The use of formal method techniques can contribute to the production of more reliable and dependable systems. However, a common bottleneck for industrial adoption of such techniques is the needs for interactive proofs. We use a popular formal method, called Event-B, as our working domain, and set invariant preservation (INV) proofs as targets, because INV proofs can account for a significant proportion of the proofs requiring human interactions. We apply an inductive theorem proving technique, called rippling, for Event-B INV proofs. Rippling automates proofs using meta-level guidance. The guidance is in particular useful to develop proof patches to recover failed proof attempts. We are interested in the case when a missing lemma is required. We combine a scheme-based theory-exploration system, called IsaScheme [MRMDB10], with rippling to develop a proof patch via lemma discovery. We also develop two new proof patches to unfold operator definitions and to suggest case-splits, respectively. The combined use of rippling with these three proof patches as a proof method significantly improves the proof automation for our evaluation set.
Highlights
Event-B [Abr10] is a state-based and refinement-based technique to formally model and reason about systems
We have illustrated the use of rippling for invariant preservation (INV) proof obligations (POs), and we have presented two proof patches to recover blocked rippling by rewriting the skeleton or to suggest a case split for the failures of type (i) and (ii)
We have illustrated that invariant proofs in Event-B can be considered as inductive proofs
Summary
Event-B [Abr10] is a state-based and refinement-based technique to formally model and reason about systems. [LBG12], we have reported the use of an automated theorem proving technique for inductive proofs, called rippling [BBHI05], to prove Event-B INV POs. Rippling automates proofs using meta-level guidance which rewrites a goal towards a structurally similar hypothesis. Our hypothesis is: Combining rippling with the AhLemma, Skeleton Rewrite and Case Split can significantly improve proof automation for INV POs in the Event-B domain, and potentially for other formal methods. We combine rippling and IsaScheme to develop a proof patch for lemma discovery. We develop two other proof patches to rewrite a goal and a hypothesis and to suggest case-splits. They are effective and essential to recover 26 and 3 failed proofs, respectively, when rippling succeeds. The source code and the evaluation data are available online at [pap04], and the implementation details can be found in [Lin15]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
