April 4, 2017

Download Abstract State Machines, Alloy, B and Z: Second by Marc Frappier, Uwe Glässer, Sarfraz Khurshid, Régine Laleau, PDF

By Marc Frappier, Uwe Glässer, Sarfraz Khurshid, Régine Laleau, Steve Reeves

This publication constitutes the court cases of the second one foreign convention on summary kingdom Machines, B and Z, which happened in Orford, quality control, Canada, in February 2010. The 26 complete papers provided have been rigorously reviewed and chosen from 60 submissions. The booklet additionally includes invited talks and abstracts of 18 brief papers which deal with paintings in development, commercial adventure reviews and gear descriptions. The papers disguise contemporary advances in 4 both rigorous equipment for software program and improvement: summary country machines (ASM), Alloy, B and Z. They proportion a standard conceptual framework, founded round the notions of nation and operation, and advertise mathematical precision within the modeling, verification and development of hugely in charge structures.

Example text

Relative time is used to define the duration of responsibilities and their incured delay. e. MClock). It can be used in start points to record the scenario starting time and to define responsibilities’ deadlines. e. Delay = 0). Alternatively, it is considered as delayable. e. ) are considered as urgent once enabled. Transitions are processed as soon as they are enabled allowing for a maximal progress. 2 Syntax of Timed Use Case Maps The Use Case Maps language provides the stub concept allowing for hierarchical decomposition of complex maps.

MsgPassSema is a correct refinement of MsgPassCtl . Proof. One has to show that given corresponding MsgPassSema , MsgPassCtl runs, for each message exchange triple move in the MsgPassSema run, one can find a corresponding message exchange triple move in the MsgPassCtl run such that the locations of interest in the corresponding states of interest are equivalent. This follows by an induction on runs and the number of message exchange triple moves. The basis of the induction is guaranteed by the stipulation that the two runs are started in equivalent corresponding states.

This decision influences the property that can be proved in the equivalence theorem. Since the usual model of semaphores is that they work with queues, we assume in the following that wtsndr (dest ) is a (possibly priority) queue. ReceiveCtl splits into a step StartSync&WaitCtl followed by PassMsgCtl . To formalize this sequentiality in the context of simultaneous parallel execution of ASM rules, we use the interruptable version of sequential execution introduced for ASMs in [3]7 . It is borrowed from the traditional FSM-control mechanism and denoted step8 .

