Lecture Notes in 5902 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Marcel Vinícius Medeiros Oliveira Jim Woodcock (Eds.)

Formal Methods: Foundations and Applications

12th Brazilian Symposium on , SBMF 2009 Gramado, Brazil, August 19-21, 2009 Revised Selected Papers

13 Volume Editors

Marcel Vinícius Medeiros Oliveira Universidade Federal do Rio Grande do Norte Departamento de Informática e Matemática Aplicada Campus Universitário, Lagoa Nova, 59078-900 Natal, RN, Brazil E-mail: [email protected]

Jim Woodcock Department of Computer Science Heslington, YorkYO1 7BZ, UK E-mail: [email protected]

Library of Congress Control Number: 2009938928

CR Subject Classification (1998): D.2.4, D.2, F.3, D.3, D.1, K.6, F.4

LNCS Sublibrary: SL 2 – Programming and

ISSN 0302-9743 ISBN-10 3-642-10451-7 Springer Berlin Heidelberg New York ISBN-13 978-3-642-10451-0 Springer Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com © Springer-Verlag Berlin Heidelberg 2009 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 12793839 06/3180 543210 Preface

This volume contains the papers presented at SBMF 2009: the Brazilian Sym- posium on Formal Methods, held during August 19–21, 2009 in Gramado, Rio Grande do Sul, Brazil. The SBMF programme included three invited talks given by Leonardo de Moura (Microsoft Research), Sebastian Uchitel (University of Buenos Aires and Imperial College London), and Daniel Kr¨oning (). The symposium was accompanied by two short courses: – Introduction to Software Testing, given by M´arcio Eduardo Delamaro (Uni- versity of S˜ao Paulo) – Formal Models for Automatic Test Case Generation, given by Patr´ıcia Machado and Wilkerson Andrade (Federal University of Campina Grande) This year, the SBMF symposium had a special section on the Grand Chal- lenge in Verified Software, inspired by recent advances in theory and tool sup- port. Work on the grand challenge started with the creation of a Verified Software Repository with two principal aims: – To collect a set of verified software components – To conduct a series of industrial-scale verification experiments with theoret- ical significance and impact on tool-support This special session on the grand challenge was dedicated to two pilot projects currently underway: – The Flash File Store. The challenge is to verify the correctness of a fault- tolerant, POSIX-compliant file store implemented on flash memory. Verifica- tion issues include dependability guarantees as well as software correctness. Levels of abstraction include requirements specification, software design, ex- ecutable code, device drivers, and flash translation layers. The challenge was inspired by the requirements for forthcoming NASA space missions. – FreeRTOS. The challenge is to verify the correctness of an open source real- time mini-kernel. FreeRTOS is designed for real-time performance with lim- ited resources, and is accessible, efficient, and popular: it runs on 17 different architectures and is very widely used in many applications. There are over 5,000 downloads per month from SourceForge, making it the repository’s 250th most downloaded code (out of 170,000 codes). FreeRTOS presents a significant verification challenge, in spite of it containing less than 2,500 lines of pointer-rich code. Attendance at the session gave speakers and participants an opportunity to discuss the state of the art in software verification and to discuss open problems in need of solutions. In particular, it helped to contribute to an open agenda of VI Preface research actions for the grand challenge. The papers in the session are of interest to theoreticians, tool builders, tool users, and industrial practitioners. SBMF was co-located with SAST 2009, the Brazilian Workshop on System- atic and Automated Software Testing. There was a joint technical session on formal aspects of testing, and a joint panel on Academic and Industrial Research Directions in Software Verification. SBMF was organized by the Instituto de Inform´atica at the Federal Univer- sity of Rio Grande do Sul (UFRGS) under the auspices of the Brazilian Computer Society (SBC). It was sponsored by the following organizations:

– CNPq, the Brazilian Scientific and Technological Research Council – CAPES, the Brazilian Higher Education Funding Council – Banrisul, the Rio Grande do Sul state bank – The Governor of the State of Rio Grande do Sul – Microsoft Research – The Federal University of Rio Grande do Norte (UFRN) – The University of York The deliberations of the Programme Committee and the preparation of these proceedings were handled by EasyChair, which made our lives much easier.

September 2009 Marcel Vin´ıcius Medeiros Oliveira James Charles Paul Woodcock Conference Organization

Programme Chairs

Marcel Oliveira and Jim Woodcock

Programme Committee

Aline Andrade Luis Lamb David Aspinall Gerald L¨uttgen Luis Barbosa Patr´ıcia Machado Roberto Bigonha Ana Melo Michael Butler Anamaria Moreira Andrew Butterfield Alvaro´ Moreira Ana Cavalcanti Arnaldo Moura Andrea Corradini Alexandre Mota Jim Davies David Naumann David D´eharbe Daltro Nunes Ewen Denney Jos´e Nuno Oliveira Clare Dixon Alberto Pardo Adolfo Duran Alexandre Petrenko Jorge Figueiredo Leila Ribeiro Leo Freitas Augusto Sampaio Rohit Gheyi Leila Silva Rolf Hennicker Adenilso Sim˜ao Juliano Iyoda Willem Visser Moonzoo Kim Heike Wehrheim

Steering Committee

AnaC.V.deMelo(USP) Jim Woodcock (University of York) Leila Ribeiro (UFRGS) Marcel Oliveira (UFRN) Patr´ıcia Machado (UFCG)

Organizing Committee

Alvaro´ Freitas Moreira (Chair; UFRGS) Cl´audio Fuzitaki (UFRGS) VIII Organization

Fabiane Cristine Dillenburg (UFRGS) Germano Caumo (UFRGS) Luciana Foss (UFRGS) Lucio Mauro Duarte (UFRGS) Olinto E. David de Oliveira (UFRGS) Table of Contents

Speeding Up Simulation of SystemC Using Model Checking ...... 1 Nicolas Blanc and Daniel Kroening

Partial Behaviour Modelling: Foundations for Incremental and Iterative Model-Based Software Engineering ...... 17 Sebastian Uchitel

Satisfiability Modulo Theories: An Appetizer ...... 23 Leonardo de Moura and Nikolaj Bjørner

Interruption Testing of Reactive Systems ...... 37 Wilkerson L. Andrade and Patr´ıcia D.L. Machado

Test Case Generation of Embedded Real-Time Systems with Interruptions for FreeRTOS ...... 54 Wilkerson L. Andrade, Patr´ıcia D.L. Machado, Everton L.G. Alves, and Diego R. Almeida

Concurrent Models of Flash Memory Device Behaviour ...... 70 Andrew Butterfield and Art O´ Cath´ain

Corecursive Algebras: A Study of General Structured Corecursion ...... 84 Venanzio Capretta, Tarmo Uustalu, and Varmo Vene

Formalizing FreeRTOS: First Steps ...... 101 David D´eharbe, Stephenson Galv˜ao, and Anamaria Martins Moreira

A Mechanized Strategy for Safe Abstraction of CSP Specifications ..... 118 Adriana Damasceno, Adalberto Farias, and Alexandre Mota

Applying Event and Machine Decomposition to a Flash-Based Filestore in Event-B ...... 134 Kriangsak Damchoom and Michael Butler

An Integrated Formal Methods Tool-Chain and Its Application to Verifying a File System Model ...... 153 Miguel Alexandre Ferreira and Jos´e Nuno Oliveira

Towards Safe Design of Synchronous Bus Protocols in Event-B ...... 170 Ricardo Bedin Fran¸ca, Leandro Buss Becker, Jean-Paul Bodeveix, Jean-Marie Farines, and Mamoun Filali

Mechanising Data-Types for Kernel Design in Z...... 186 Leo Freitas X Table of Contents

A Complete Set of Object Modeling Laws for Alloy ...... 204 Rohit Gheyi, Tiago Massoni, Paulo Borba, and Augusto Sampaio

Undecidability Results for Distributed Probabilistic Systems ...... 220 Sergio Giro

Formalisation and Analysis of Objects as CSP Processes ...... 236 Renata Kaufman, Augusto Sampaio, and Alexandre Mota

Concolic Testing of the Multi-sector Read Operation for Flash Memory File System ...... 251 Moonzoo Kim and Yunho Kim

Low-Level Code Verification Based on CSP Models ...... 266 Moritz Kleine and Steffen Helke

Formal Modelling of a Microcontroller Instruction Set in B ...... 282 Val´erio Medeiros Jr. and David D´eharbe

Defining Behaviours by Quasi-finality ...... 290 Elisabete Freire and Lu´ıs Monteiro

Verifying Compiled File System Code...... 306 Jan Tobias M¨uhlberg and Gerald L¨uttgen

Reasoning about General Quantum Programs over Mixed States ...... 321 Juliana Kaizer Vizzotto, Giovani Rubert Librelotto, and Amr Sabry

A Simple and General Theoretical Account for Abstract Types ...... 336 Hongwei Xi

Author Index ...... 351