Series ISSN: 2328-3319 CO L L A Z O S Series Editor: Luciano Baresi,Politecnico di Milano Java Software Development with Event B A Practical Guide Néstor Cataño Collazos, Google Inc. The cost of fixing software design flaws after the completion of a software product is so high that it is vital to come up with ways to detect software design flaws in the early stages of software development, for JA V instance, during the software requirements, the analysis activity, or during software design, before coding A S O starts. It is not uncommon that software requirements are ambiguous or contradict each other. Ambiguity F T is exacerbated by the fact that software requirements are typically written in a natural language, which W A is not tied to any formal semantics. A palliative to the ambiguity of software requirements is to restrict R E D their syntax to boilerplates, textual templates with placeholders. However, as informal requirements do E V not enjoy any particular semantics,no essential properties about them (or about the system they attempt E L O to describe) can be proven easily. Formal methods are an alternative to address this problem. They offer a P M range of mathematical techniques and mathematical tools to validate software requirements in the early E N stages of software development. T W This book is a living proof of the use of formal methods to develop software. The particular IT H formalisms that we use are EVENT B and refinement calculus. In short: (i) software requirements as E V written as User Stories; (ii) they are ported to formal specifications; (iii) they are refined as desired; (iv) EN T they are implemented in the form of a prototype; and finally (v) they are tested for inconsistencies. If B some unit-test fails, then informal as well as formal specifications of the software system are revisited and evolved. This book presents a case study of software development of a chat system with EVENT B and a case study of formal proof of properties of a social network. About SYNTHESIS This volume is a printed version of a work that appears in the Synthesis Digital Library of Engineering and Computer Science. Synthesis books provide concise, original presentations of important research and development topics, published quickly, in digital and print formats. M O R G A N & C store.morganclaypool.com LA Y P O O L Java Software Development with Event B A Practical Guide iii Synthesis Lectures on Software Engineering Editor Luciano Baresi, Politecnico di Milano The Synthesis Lectures on Software Engineering series publishes short books (75-125 pages) on conceiving, specifying, architecting, designing, implementing, managing, measuring, analyzing, validating, and verifying complex software systems. The goal is to provide both focused mono- graphs on the different phases of the software process and detailed presentations of frontier topics. Premier software engineering conferences, such as ICSE, ESEC/FSE, and ASE will help shape the purview of the series and make it evolve. Java Software Development with Event B: A Practical Guide Néstor Cataño Collazos 2020 Model-Driven Software Engineering in Practice: Second Edition Marco Brambilla, Jordi Cabot, and Manuel Wimmer 2017 Testing iOS Apps with HadoopUnit: Rapid Distributed GUI Testing Scott Tilley and Krissada Dechokul 2014 Hard Problems in Software Testing: Solutions Using Testing as a Service (TaaS) Scott Tilley and Brianna Floss 2014 Model-Driven Software Engineering in Practice Marco Brambilla, Jordi Cabot, and Manuel Wimmer 2012 Copyright © 2020 by Morgan and Claypool All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means—electronic, mechanical, photocopy, recording, or any other except for brief quota- tions in printed reviews, without the prior permission of the publisher. Java Software Development with Event B: A Practical Guide Néstor Cataño Collazos www.morganclaypool.com ISBN: 9781681736877 paperback ISBN: 9781681736884 ebook ISBN: 9781681736891 hardcover DOI 10.2200/S00957ED1V01Y201910SWE005 A Publication in the Morgan and Claypool Publishers series SYNTHESIS LECTURES ON SOFTWARE ENGINEERING Lecture #5 Series Editor: Luciano Baresi, Politecnico di Milano Series ISSN 2328-3319 Print 2328-3327 Electronic Java Software Development with Event B A Practical Guide Néstor Cataño Collazos Google, Inc. SYNTHESIS LECTURES ON SOFTWARE ENGINEERING #5 M &C MORGAN & CLAYPOOL PUBLISHERS vi ABSTRACT The cost of fixing software design flaws after the completion of a software product is so high that it is vital to come up with ways to detect software design flaws in the early stages of software develop- ment, for instance, during the software requirements, the analysis activity, or during software design, before coding starts. It is not uncommon that software requirements are ambiguous or contradict each other. Ambiguity is exacerbated by the fact that software requirements are typically written in a natural language, which is not tied to any formal semantics. A palliative to the ambiguity of software requirements is to restrict their syntax to boilerplates, textual templates with placeholders. However, as informal requirements do not enjoy any particular semantics, no essential properties about them (or about the system they attempt to describe) can be proven easily. Formal methods are an alternative to address this problem. They offer a range of mathematical techniques and mathematical tools to validate software requirements in the early stages of software development. This book is a living proof of the use of formal methods to develop software. The particular formalisms that we use are EVENT B and refinement calculus. In short: (i) software requirements as written as User Stories; (ii) they are ported to formal specifications; (iii) they are refined as desired; (iv) they are implemented in the form of a prototype; and finally (v) they are tested for inconsis- tencies. If some unit-test fails, then informal as well as formal specifications of the software system are revisited and evolved. This book presents a case study of software development of a chat system with EVENT B and a case study of formal proof of properties of a social network. KEYWORDS correct-by-construction, discrete mathematics, EVENT B, formal methods, Java, programming, refinement, software engineering, verification vii Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preface ix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 An Overview of EVENT B 3 2.1 Relations and Functions .......................................... 5 2.2 EVENT B Mathematical Notation .................................. 8 2.3 Software Development with EVENT B ............................. 14 2.4 A Methodology for Early Validation of Software Requirements ......... 16 2.5 Correctness-by-Construction ..................................... 18 2.6 RODIN ..................................................... 19 2.7 JML ............................................................... 19 2.8 EVENTB2JAVA ...................................................... 20 2.9 A Chat Application ............................................ 21 . . . . . . . . . . . . . . . . . . . . . 3 Software Development of a Chat System with EVENT B 25 3.1 MachineZero ................................................. 26 3.2 MachineOne ................................................. 30 3.3 MachineTwo ................................................. 31 3.4 MachineZero in EVENT B ...................................... 31 3.5 MachineOne in EVENT B ....................................... 39 3.6 MachineTwo in EVENT B ....................................... 43 3.7 The Implementation of the Chat System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.8 Testing and Code Animation of the Chat System .................... 49 3.9 Fixing the Software Requirements ................................ 53 3.10 Lessons Learned .............................................. 56 create-chat-session . . . . . . . . . . . . . . . . 56 3.10.1 Event chatting . . . . . . . . . . . . . . . . . . . . . 57 3.10.2 Event 3.10.3 Events delete-content and remove-content ................... 59 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 The Poporo Social Network 61 4.1 Poporo’s General Structure ...................................... 64 4.2 Poporo’s Formalization in EVENT B ............................... 66 viii 4.3 Invariant POs ................................................. 68 4.4 Discharging POs in Rodin ...................................... 69 4.5 POs for Quantified Expressions .................................. 72 4.6 Strengthening the Specification .................................. 73 4.7 Further Strengthening ......................................... 76 4.8 Refinement Proof Obligations ................................... 78 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Conclusion 81 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bibliography 83 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Author's Biography 89