The Refinement of Embedded Software with the B-Method

This paper describes the use of formal refinement within the MIST project. MIST (Measurable Improvement in Specification Techniques) is ESSI application experiment 10228. It is an 18 month project involving three companies: GEC-Marconi Avionics, who are the prime user; Praxis, who are the main subcontractor, acting as an independent reviewer; and B-Core (UK), who provide the tools used and consultancy. The main aim of MIST is to develop practical procedures for applying formal methods in conjunction with current methods for safety critical avionics software development. The paper describes a specification style developed by the project that models embedded software within a systems context. It also describes a style of refinement, known as structural refinement. The paper illustrate both with a small example and also reports on their application to a large case study within the MIST project. Initially, there were some problems in using the B-Toolkit with structural refinement, but most of these were overcome by a new B-Toolkit. The embedded specification style worked well and allowed the embedded software to be specified with abstract interfaces and refined with concrete interfaces. The structural refinement allowed the design to be partitioned fairly quickly. Overall, refinement was easier than expected, taking 65 days compared to 48 days needed to write the abstract specification. The proof of the refinement was only achieved because the design had been partitioned by the structural refinement.