Table Of ContentSeries ISSN: 2328-3319 CO
L
L
A
Z
O
S
Series Editor: Luciano Baresi,Politecnico di Milano
Java Software Development with Event B
A Practical Guide
Néstor Cataño Collazos, Google Inc.
The cost of fixing software design flaws after the completion of a software product is so high that it is
vital to come up with ways to detect software design flaws in the early stages of software development, for JA
V
instance, during the software requirements, the analysis activity, or during software design, before coding A
S
O
starts. It is not uncommon that software requirements are ambiguous or contradict each other. Ambiguity F
T
is exacerbated by the fact that software requirements are typically written in a natural language, which W
A
is not tied to any formal semantics. A palliative to the ambiguity of software requirements is to restrict R
E
D
their syntax to boilerplates, textual templates with placeholders. However, as informal requirements do E
V
not enjoy any particular semantics,no essential properties about them (or about the system they attempt E
L
O
to describe) can be proven easily. Formal methods are an alternative to address this problem. They offer a P
M
range of mathematical techniques and mathematical tools to validate software requirements in the early E
N
stages of software development. T W
This book is a living proof of the use of formal methods to develop software. The particular IT
H
formalisms that we use are EVENT B and refinement calculus. In short: (i) software requirements as E
V
written as User Stories; (ii) they are ported to formal specifications; (iii) they are refined as desired; (iv) EN
T
they are implemented in the form of a prototype; and finally (v) they are tested for inconsistencies. If B
some unit-test fails, then informal as well as formal specifications of the software system are revisited
and evolved.
This book presents a case study of software development of a chat system with EVENT B and
a case study of formal proof of properties of a social network.
About SYNTHESIS
This volume is a printed version of a work that appears in the Synthesis
Digital Library of Engineering and Computer Science. Synthesis
books provide concise, original presentations of important research and
development topics, published quickly, in digital and print formats.
M
O
R
G
A
N
&
C
store.morganclaypool.com LA
Y
P
O
O
L
Java Software Development with
Event B
A Practical Guide
iii
Synthesis Lectures on Software
Engineering
Editor
Luciano Baresi, Politecnico di Milano
The Synthesis Lectures on Software Engineering series publishes short books (75-125 pages) on
conceiving, specifying, architecting, designing, implementing, managing, measuring, analyzing,
validating, and verifying complex software systems. The goal is to provide both focused mono-
graphs on the different phases of the software process and detailed presentations of frontier topics.
Premier software engineering conferences, such as ICSE, ESEC/FSE, and ASE will help shape
the purview of the series and make it evolve.
Java Software Development with Event B: A Practical Guide
Néstor Cataño Collazos
2020
Model-Driven Software Engineering in Practice: Second Edition
Marco Brambilla, Jordi Cabot, and Manuel Wimmer
2017
Testing iOS Apps with HadoopUnit: Rapid Distributed GUI Testing
Scott Tilley and Krissada Dechokul
2014
Hard Problems in Software Testing: Solutions Using Testing as a Service (TaaS)
Scott Tilley and Brianna Floss
2014
Model-Driven Software Engineering in Practice
Marco Brambilla, Jordi Cabot, and Manuel Wimmer
2012
Copyright © 2020 by Morgan and Claypool
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means—electronic, mechanical, photocopy, recording, or any other except for brief quota-
tions in printed reviews, without the prior permission of the publisher.
Java Software Development with Event B: A Practical Guide
Néstor Cataño Collazos
www.morganclaypool.com
ISBN: 9781681736877 paperback
ISBN: 9781681736884 ebook
ISBN: 9781681736891 hardcover
DOI 10.2200/S00957ED1V01Y201910SWE005
A Publication in the Morgan and Claypool Publishers series
SYNTHESIS LECTURES ON SOFTWARE ENGINEERING
Lecture #5
Series Editor: Luciano Baresi, Politecnico di Milano
Series ISSN 2328-3319 Print 2328-3327 Electronic
Java Software Development with
Event B
A Practical Guide
Néstor Cataño Collazos
Google, Inc.
SYNTHESIS LECTURES ON SOFTWARE ENGINEERING #5
M
&C MORGAN & CLAYPOOL PUBLISHERS
vi
ABSTRACT
The cost of fixing software design flaws after the completion of a software product is so high that it
is vital to come up with ways to detect software design flaws in the early stages of software develop-
ment, for instance, during the software requirements, the analysis activity, or during software design,
before coding starts. It is not uncommon that software requirements are ambiguous or contradict
each other. Ambiguity is exacerbated by the fact that software requirements are typically written
in a natural language, which is not tied to any formal semantics. A palliative to the ambiguity of
software requirements is to restrict their syntax to boilerplates, textual templates with placeholders.
However, as informal requirements do not enjoy any particular semantics, no essential properties
about them (or about the system they attempt to describe) can be proven easily. Formal methods
are an alternative to address this problem. They offer a range of mathematical techniques and
mathematical tools to validate software requirements in the early stages of software development.
This book is a living proof of the use of formal methods to develop software. The particular
formalisms that we use are EVENT B and refinement calculus. In short: (i) software requirements as
written as User Stories; (ii) they are ported to formal specifications; (iii) they are refined as desired;
(iv) they are implemented in the form of a prototype; and finally (v) they are tested for inconsis-
tencies. If some unit-test fails, then informal as well as formal specifications of the software system
are revisited and evolved.
This book presents a case study of software development of a chat system with EVENT B and
a case study of formal proof of properties of a social network.
KEYWORDS
correct-by-construction, discrete mathematics, EVENT B, formal methods, Java, programming,
refinement, software engineering, verification
vii
Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface ix
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Introduction 1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 An Overview of EVENT B 3
2.1 Relations and Functions .......................................... 5
2.2 EVENT B Mathematical Notation .................................. 8
2.3 Software Development with EVENT B ............................. 14
2.4 A Methodology for Early Validation of Software Requirements ......... 16
2.5 Correctness-by-Construction ..................................... 18
2.6 RODIN ..................................................... 19
2.7 JML ............................................................... 19
2.8 EVENTB2JAVA ...................................................... 20
2.9 A Chat Application ............................................ 21
. . . . . . . . . . . . . . . . . . . . .
3 Software Development of a Chat System with EVENT B 25
3.1 MachineZero ................................................. 26
3.2 MachineOne ................................................. 30
3.3 MachineTwo ................................................. 31
3.4 MachineZero in EVENT B ...................................... 31
3.5 MachineOne in EVENT B ....................................... 39
3.6 MachineTwo in EVENT B ....................................... 43
3.7 The Implementation of the Chat System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.8 Testing and Code Animation of the Chat System .................... 49
3.9 Fixing the Software Requirements ................................ 53
3.10 Lessons Learned .............................................. 56
create-chat-session . . . . . . . . . . . . . . . . 56
3.10.1 Event
chatting . . . . . . . . . . . . . . . . . . . . . 57
3.10.2 Event
3.10.3 Events delete-content and remove-content ................... 59
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 The Poporo Social Network 61
4.1 Poporo’s General Structure ...................................... 64
4.2 Poporo’s Formalization in EVENT B ............................... 66
viii
4.3 Invariant POs ................................................. 68
4.4 Discharging POs in Rodin ...................................... 69
4.5 POs for Quantified Expressions .................................. 72
4.6 Strengthening the Specification .................................. 73
4.7 Further Strengthening ......................................... 76
4.8 Refinement Proof Obligations ................................... 78
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5 Conclusion 81
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bibliography 83
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Author's Biography 89
