By Yamine Ait Ameur, Klaus-Dieter Schewe

This publication constitutes the completely refereed court cases of the 4th foreign convention on summary nation Machines, B, TLA, VDM and Z, which happened in Toulouse, France, in June 2014. The thirteen complete papers offered including three invited talks and 19 brief papers have been rigorously reviewed and chosen from eighty one submissions. The ABZ convention sequence is devoted to the cross-fertilization of six comparable state-based and machine-based formal tools: summary country Machines (ASM), Alloy, B, TLA, VDM and Z. They percentage a typical conceptual starting place and are time-honored in either academia and for the layout and research of and software program platforms. the most objective of this convention sequence is to give a contribution to the mixing of those formal tools, clarifying their commonalities and alterations to raised know the way to mix diverse ways for reaching a few of the initiatives in modeling, experimental validation and mathematical verification of trustworthy fine quality hardware/software systems.

2. Minimize cognitive burden. Engineers already have their hands full with the complexity of the problem they are trying to solve. To help them rather than hinder, a new engineering method must be relatively easy to learn and easy to apply. We need a method that avoids esoteric concepts, and that has clean simple syntax and semantics. We also need tools that are easy to use. In addition, a method intended for specification and verification of designs must be easy to remember. Engineers might use a design-level method for a few weeks at the start of a project, and then not use it for many months while they implement, test and launch the system.

TLA+ supports defining second-order operators [20, p. 318] and recursive functions and operators with a few restrictions. Taking approximately 5 weeks on a single EC2 instance with 16 virtual CPUs, 60 GB RAM and 2 TB of local SSD storage. Why Amazon Chose TLA+ 29 model checker. However, we found that the SAT solvers often crash or hang when asked to solve the size of finite model that is necessary for achieving reasonable confidence in a more complex concurrent or distributed system. When we were preparing this paper, Daniel Jackson told us [14] that Alloy was not intended or designed for model checking such algorithms.

Here, we benefit from the refinement-based approach that supports well isolating difficult aspects of the verification in dedicated models. For example, the abstract log as specified in LogFS is actually encoded in the headers of nodes in UBIFS. It proved beneficial that we have initially started with the core concepts of the UBIFS file system and derived an abstract model [39]. This model has served as an anchor-point to incrementally develop the rest of the model hierarchy. Our experience is that models tend to change frequently.

