Modeling Critical Systems with Timing Constraints in Event-B

The complexity of safety critical systems consisting of software and hardware parts is continuously increasing. Formal methods address the issues of provably correct design offering mathematical techniques to create specifications to develop and verify safety critical systems [1]. They ensure that the implemented systems work correctly according to the defined specifications. In this paper, we study the practical aspects of applying Event-B [1] for modelling and verification of time-critical systems. Event-B has been used for developing industrial strength systems, but it lacks timing support. UPPAAL [8], on the other hand, is a model checker which has a good support for timing. In order to enrich the application areas of Event-B, we aim at extending it with timing aspects from UPPAAL. By adding timing properties to Event-B, we can guarantee provably correct timing design on the same basis as the functional correctness is ensured [3]. Event-B is based on the B-Method and is meant for refinement-based development of distributed and reactive systems where implementation details are added to design specifications in a stepwise manner. The system model is extended with new variables and assignments, and new conditions, e.g. stronger guards and invariants. Event-B comes with the Rodin tool, that provides automatic and interactive discharging of proof obligations [5]. UPPAAL is a model checker with extended timed automata called UPPAAL Timed Automata (UPTA)[2]. Our main contribution is that we exploit the patterns for modeling and refinement of timing properties within UPPAAL and transform these patterns to patterns in Event-B. Hence, we are able to verify that the refined timing specification combined with refined functionality together satisfy the more abstract specification [6]. Our work is exemplified by a case study provided by Danfoss Power Electronics, which was part of the EU-project RECOMP (2010-2013) [4]. The case study is available in detail in [7].