Using the B-Toolkit to Ensure Safety in SCR Speci cations

SCR (Software Cost Reduction) speciications are useful for specifying event-driven systems. To use SCR eeectively for critical applications, automated veriication of safety properties is important. Towards this end, Atlee and others proposed model checking and symbolic model checking approaches. The fact that these approaches are sometimes problematic motivates our alternative approach based on theorem proving. Theorem proving, in general, is a diicult task; however, the regular structure of the proof obligations generated from SCR speciications suggests that relatively unsophisticated theorem provers can discharge many of these obligations. As a feasibility study, we use the B-Toolkit to detect safety violations in an example SCR speciication. The B-Toolkit is a good choice because it is commercially available and supports veriied reenement to executables in a commercial programming language (C). We convert the mode transition table in the example SCR speciication to an AMN (Abstract Machine Notation) speciication and analyze the result with the B-Toolkit. The B-Toolkit generates 120 proof obligations of which 113 are automatically discharged by the theorem prover. The remaining 7 proof obligations are, in fact, not theorems and correspond to the 3 problems in the SCR speciication detected by the model checking approaches. For the corrected SCR speciication, the B-Toolkit automatically discharges all proof obligations. The example shows that even simple theorem provers are a viable approach to automated analysis for SCR speciications.