atelier b - clearsy · 2.1 role of atelier b atelier b is a set of software tools that allows the...

Atelier B

Atelier BUser Manual

version 3.7

ATELIER BAtelier B User Manualversion 3.7

Document made by CLEARSY.

This document is the property of CLEARSY and shall not be copied, duplicated ordistributed, partially or totally, without prior written consent.

All products names are trademarks of their respective authors.

CLEARSYATELIER B maintenanceParc de la Duranne

320 avenue ArchimedeA.taB-IIIsedaielPseL

13857 Aix-en-Provence Cedex 3France

Fax 33 (0)4 42 37 12 71Tel 33 (0)4 42 37 12 70

mail : [email protected]

Contents

1 Introduction 1

1.1 Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Layout Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 Presentation 3

2.1 Role of Atelier B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2.2 Objects Handled by Atelier B . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2.3 Using modes of Atelier B . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.4 Motif User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.4.1 Start-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.4.2 Projects Window Layout . . . . . . . . . . . . . . . . . . . . . . . . 4

2.4.3 Components Window Presentation . . . . . . . . . . . . . . . . . . . 5

2.4.4 Using the Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.4.5 Using the Interactive Help . . . . . . . . . . . . . . . . . . . . . . . . 7

2.5 Command Mode User Interface . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.5.1 Start-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.5.2 Using the Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Using a Command File . . . . . . . . . . . . . . . . . . . . . . . . . 8

Using the Interpreter . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.5.3 Using Interactive Help . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.6 Atelier B customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.6.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.6.2 Resource file description . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.6.3 Creating a resource file . . . . . . . . . . . . . . . . . . . . . . . . . 10

Command Mode User Interface . . . . . . . . . . . . . . . . . . . . . 11

Motif User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6.4 Resource file loading . . . . . . . . . . . . . . . . . . . . . . . . . . . 11



2.6.5 Display resource values and AtelierB version . . . . . . . . . . . . . 12

1

ii CONTENTS



3 Getting Started 13

4 Project Management 15

4.1 Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4.2 Display the List of Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Command mode user interface . . . . . . . . . . . . . . . . . . . . . 17

Motif user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.3 Creating a Project In Atelier B . . . . . . . . . . . . . . . . . . . . . . . . . 18

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4.4 Deleting a Project In Atelier B . . . . . . . . . . . . . . . . . . . . . . . . . 22

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.5 Adding Users to a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.6 Removing Users from a Project . . . . . . . . . . . . . . . . . . . . . . . . . 26

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

4.7 Listing the Users of a Project . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

4.8 Adding Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30


2

CONTENTS iii


Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

4.9 Removing Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4.10 Listing the Libraries of a Project . . . . . . . . . . . . . . . . . . . . . . . . 35

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

4.11 Adding definition files directories . . . . . . . . . . . . . . . . . . . . . . . . 37

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37



4.12 Removing definition files directories . . . . . . . . . . . . . . . . . . . . . . . 38

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38



4.13 Archiving a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.14 Restoring a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4.15 Reading Properties of a Project . . . . . . . . . . . . . . . . . . . . . . . . . 49

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

4.16 Opening a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51


3

iv CONTENTS


Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.17 Closing a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5 Managing Project Components 55

5.1 Adding Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.2 Suppressing Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.3 Displaying the List of Components . . . . . . . . . . . . . . . . . . . . . . . 60

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60



5.4 Reading Information on the Components . . . . . . . . . . . . . . . . . . . . 63

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

5.5 Editing a Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64



Usable parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

5.6 Restoring a Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65



4

CONTENTS v

Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6 Applying the B Method 69

6.1 Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.2 Syntax and Type Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

6.3 Generating Proof Obligations . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.4 Displaying Proof Obligations . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

6.5 Automatic Demonstration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.6 Interactive Demonstration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

6.7 Canceling Demonstrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

5

vi CONTENTS

6.8 Checking the Translatable Language (B0) . . . . . . . . . . . . . . . . . . . 91

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

6.9 Project Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

6.10 Translating into C, C++, ADA or HIA . . . . . . . . . . . . . . . . . . . . 97

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

6.11 Applying a Tool to all the Components of a Project . . . . . . . . . . . . . 102

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

6.12 Updating a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

6.13 Tools interruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

User Interface in Command mode . . . . . . . . . . . . . . . . . . . 106

Motif User interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 106


6.14 Dependencies management . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108



7 Analysing B Developments 111

7.1 Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

6

CONTENTS vii

7.2 Project Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112



7.3 Component Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114



7.4 Animation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116



Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

7.5 Dependency Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118



A few useful VCG commands . . . . . . . . . . . . . . . . . . . . . . 121


7.6 Operation call graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123




7.7 Formula graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

7.8 Homonymy graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132




7.9 Cross References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136


7

viii CONTENTS


Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

7.10 Extracting Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

8 B Project Documentation 147

8.1 Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

8.2 Displaying a B Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148




Possible errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

8.3 Creating Complete Documents . . . . . . . . . . . . . . . . . . . . . . . . . 151


A Limitations of Project Documentation Tools 153

B Files Created by Atelier B 155

8

Chapter 1

Introduction

1.1 Document Organization

This document contains three parts, that progressively initiate the reader to the use ofAtelier B.

• Part 1 describes the general principles of Atelier B and its user interfaces. It alsodescribes how to customize it through resources.

• Part 2 presents the general overview of Atelier B functions.

• Part 3 covers in full detail the description of the functions of Atelier B using theMan-Machine Interfaces.

1

2 Atelier B - User Manual

1.2 Layout Conventions

Each function of Atelier B is presented in the following manner:

• A Description sub-section presents the characteristics of the command.

• A Command Mode User Interface sub-section describes how to use the commandwith the batch mode interface.

• A Motif User Interface sub-section presents the procedure to follow when using thecommand with the graphic interface.

• A Customization sub-section presents the resources which allow to alter the com-mand.

• A Possible Errors sub-section presents the error messages generated by Atelier B ifan error occured when using the command.

Resources are presented as follows:Example CommentATB*POG*Generate Obvious PO resource namePositionned at Atelier B installation. Default valueGenerate or not obvious proof obligations. resource description

Error messages are presented as follows:Example CommentClause <clause name> has no such PO message textThe clause that you requested does not contain anyPO of the type specified in the parameters.

description of the errormade

For example:If the list contains: b_init(0 unproved,1 proved, 2 obvious) and display "unproved"PO only is requested.

example producing themessage

In the description of the Motif user interface, the names of buttons are always in italics.For example, the Help... button.The messages displayed by Atelier B in the start-up screen are always shown in the fol-lowing way:

Type checking machine B_Keyboard_code

Loading referenced_machines

Checking names clashes

...

Checking operation b_code_entered

Normalising B_Keyboard_code

Saving data of component B_Keyboard_code

End of Type checking

Chapter 2

Presentation

2.1 Role of Atelier B

Atelier B is a set of software tools that allows the development of applications using the“B Method”.

Atelier B assists designers in formalizing their application by:

• Applying automatically the actions described in the B method on components.

• Proposing services to help the development of the project, such as management,analysis and project documentation.

2.2 Objects Handled by Atelier B

This sub-section introduces the main objects handled by the Atelier B functions.

Component A UNIX file that contains a source written in the B language. This is thebasis of a development using the B method.Component is a generic term representing:

• a B specification (abstract machine),

• a refinement of this specification,

• its implementation (the last level of refinement).

Components can be written with any text editor, outside Atelier B.

Project A project is a set of files (components, related files, C, C++, HIA or ADAsources, makefile) used or produced during the development of an application usingthe B method, with additional information as necessary for handling these sourcefiles in Atelier B (refer to the PDB).

Manager The creator of a project, possessing privileged rights compared to a simpleuser.

3


User A user can be either the creator (and therefore the Manager) of a project, or thedeveloper to whom the creator of a project has granted access rights to this project.

Project Data Base (PDB) Internal files produced by Atelier B tools are stored in adirectory called the PDB. This directory also contains files produced by the Atelier Bdocumentation tools.

2.3 Using modes of Atelier B

In this manual, the term tools refers to all tools that relate to the application of the Bmethod, as well as to the analysis, debugging and documentation of programs written inB. The B environment presented in this manual offers two modes of usage for these tools:

• An interactive mode, using a graphical interface based on windows and commandbuttons; in the remainder of this document, we will refer to this mode as the MotifUser Interface.

• A batch mode, based on a language called the command language; in the re-mainder of this document, we will refer to this mode as the Command Mode UserInterface.

2.4 Motif User Interface

2.4.1 Start-up

To start-up the Motif User Interface, perform the following operations:

1. Open a shell window with scroll bars (start-up window). This is the window wherethe Atelier B information and error messages will be displayed.

2. Type the command startAB in the start-up window. This script shell is located inthe <atelierb_dir>/AB/bbin directory.After a few moments the Atelier B projects window will be displayed in the top leftof the screen.

If your Atelier B license is no longer valid or if there are no more license available, amessage is displayed in the start-up window and no window is displayed.

2.4.2 Projects Window Layout

The projects window grants you access to the project management functions (refer tosub-section 4).

Figure 2.1 on page 5 shows the main fields in this window:

1. The data part contains the name of the UNIX user who started Atelier B, in thiscase cc.

PRESENTATION 5

information part

Projects List Commands Part

Header

Figure 2.1: Project window

2. The projects list contains the names of all the projects that are accessible to the userwho started Atelier B, in this case MyProject and DAB.

3. The commands part gives access to the project management functions described insub-section 4.

4. The header contains three buttons: the Quit Environment button to quit Atelier B;the Help button to display Atelier B on-line help; the Preferences button to customizeAtelier B.

2.4.3 Components Window Presentation

The components window gives you access to management, processing, analysis and docu-mentation functions relating to the Atelier B components. These functions are describedin the following sections and sub-sections 5, 6, 7 and 8.

Figure 2.2 on page 6 shows the main parts of this window:

1. The information part contains the name of the current project, as well as the accesspath for the current directory; in this example the project is called DAB and thecurrent directory is /users/cc/tmp/src.

2. The components list contains the names of the project components, for exampleB Clavier code is one of the project components.

3. The filters for the components list are used to reduce the number of componentsdisplayed in the components list by selecting a sub-set of them.

4. The commands part gives access to the component processing functions.

The left buttons correspond to functions that are used to apply the B method.


partinformation

filterscomponents

Header

Commands PartComponents List

Figure 2.2: Components window

The right buttons correspond to component management, analysis and documenta-tion functions.

5. The header contains three buttons: the Quit Project button quits the componentswindow; the Help button calls-up Atelier B on-line help; the Preferences buttonallows to customize Atelier B.

2.4.4 Using the Interface

This sub-section describes the general principles to use the Motif user interface. It definesa number of terms that will be used in the following sections.

Click: Press the left mouse button.

Double-click: Press the left mouse button twice in quick succession.

Select from a list:

• To select an element from the list, click on the element; it will be displayed inreverse video.

• To select several successive elements, click on the first element, then click onthe last one while holding the Shift key down; all of the elements betweenthe first one and the last one will be displayed in reverse video. You can alsoclick on the first element and drag the mouse cursor to the last one (”dragging”means moving the mouse while holding down the mouse button).

• To select a number of non-successive elements, click on the first element, thenclick on the next elements while holding the Ctrl key down; each elementselected will be displayed in reverse video.

PRESENTATION 7

The interface buttons with names followed by ”...” have a second menu level. To usea menu-button click on the button to display the menu, then, click on the requiredfunction in the menu.In the rest of this document, this type of action will be expressed as follows: Click on theAnalysing ... button, select Project Status.

2.4.5 Using the Interactive Help

To use this function, your machine must be equipped with a Hypertext browser (Netscape,Arena, Mosaic, ...).

The browser used is declared during the set-up of Atelier B (refer to the Administrator’sManual).

It can be altered thanks to the following resource (refer to sub-section 2.6):

ATB*OPT_TOOLS_<SYSTEM>*HTML_Viewer_Path

Clicking on the Help button, selecting Help Contents in the components window or theprojects window, gives access to the list of Manuals delivered with Atelier B and availablein-line.

The Help buttons in the data entry and error windows give access to the correspondingsection of this document.

Each time you click on a Help button, Atelier B calls-up the hypertext browser with therequested document as a parameter.

The only document available in hypertext format is the User’s Guide, every other docu-ments are available in “PDF” format.

2.5 Command Mode User Interface

This user interface allows Atelier B to be used on a VT100 type terminal as well as insemi-automatic mode with a command file.

This interface is a command interpreter (like a shell), with the same features as the AtelierB Motif interface.

2.5.1 Start-up

To start up the command mode user interface:

1. Open a shell window with scroll bars (start-up window).

2. Type the command startBB in the start-up window. This script shell is located indirectory <atelierb_dir>/AB/bbin.After a few moments the interpreter prompt is displayed:

Beginning interpretation ...

bbatch 1>

To quit the command mode user interface, type quit or q.

If your Atelier B license is no longer valid or if there is no more license available, a messageis displayed in the start-up window and the prompt is not displayed.


2.5.2 Using the Interface

You can use this interface in two different ways:

1. interactively, or

2. with a command file.

The syntax of all commands is described in the following sections. Each command has along name and an abbreviation. For example, show_projects_list (long name) and spl(abbreviation).

Using a Command File

A command file can contain:

• Comments: lines starting with “#”.

• Atelier B commands: long name or abbreviation.

• Calls to the UNIX shell: lines starting with “\”.

Example of a command file:

The file below displays the list of projects, then the list of users of the LIBRARY projectand the contents of the current directory:

#--------------------------

# This is a comment

#--------------------------

# list of projects

show_projects_list

# users of the LIBRARY project

spul LIBRARY

# contents of the current directory

\ls -l

# end of the command file

To execute a command file, type one of the following commands:startBB -i=file_nameorstartBB < file_nameorstartBB << ENDlist of commands...END

Using the Interpreter

This sub-section provides some hints on how to use the command interpreter.

To call-up the last command entered, type the command “!”. The last command isdisplayed, then executed.

PRESENTATION 9

To call-up the UNIX shell without exiting the interpreter, enter this command preceededby the character “\” (example: \ls -l).

Some commands have default parameters. For project management commands, the inter-preter stores the last project name entered. In the same way, the interpreter stores thelast component name entered. To use this default parameter, simply type <return>.

Example:

bbatch 3> typecheck MM_1

....

bbatch 4> pogenerate

pogenerate MM_1 ? (yes=return)

...

2.5.3 Using Interactive Help

The help command displays the list of commands available. This list is displayed in thefollowing format:

General commands :

(cd ) change-directory

...

(v ) version-print

Project level commands:

(add ) add-definitions-directory

(apl ) add-project-lib

...

(spl ) show-projects-lists

Machine level commands (available after open_project):

(aa ) ada-all (a ) adatrans

(af ) add-file (ani ) animator

....

....

(s ) status (sg ) status-global

(t ) typecheck (u ) unprove

The commands are presented in the following order:

1. General commands,

2. Project management commands,

3. Commands that apply to components: A project must be opened to be able to usethese commands.

Command abbreviations are indicated within parenthesis () before the command name.

You can also obtain help on a specific command by typing the command: help command_name,or h command_name.For example:

bbatch 9> help help

help [command] get help on commands


2.6 Atelier B customization

2.6.1 Description

There are three ways for the user to customize Atelier B :

• create a resource file $HOME/.AtelierB which customizes all Atelier B for the currentuser,

• create an AtelierB file in the PDB directory of a project. This file customizesAtelier B when the user opens this project,

• create any file that the user has to specify explicitly when its use is requested.

When the same resource is specified in several of those files, the priority order is thefollowing (from highest to lowest) :

• the explicit file,

• the file associated to the project,

• the file associated to the user.

When two files are given explicitly, the second one takes precedence.

When a resource is described in none of those files, a default value is taken, which is presentin the Atelier B general resource file : refer to Atelier B - Administrator’s Manual.

2.6.2 Resource file description

All resource files have the same format. Lines starting with an exclamation mark ! or ahash sign # are comments. The others contain a resource name followed by its value.

The resource names for the Atelier B tools are as follows :ATB*<_tool>*<resource_name>.

For Atelier B foreign and optional tools (Latex, Da Vinci, ...), syntax is:ATB*OPT_TOOLS_<system>*<resource_name>.

<system> is LINUX for Linux operating system and SUN5_6 for Solaris 6 or greater.

Examples :

ATB*POG*Generate_Obvious_PO: FALSEWhen this resource is positioned to FALSE, the obvious proof obligations are not savedby Atelier B.

ATB*OPT_TOOLS_LINUX*HTML_Viewer_Path: /usr/local/netscape/netscapeThis resource describes the access path to the hypertext browser for Linux operatingsystem.

2.6.3 Creating a resource file

This function allows to edit the resource file. If the file does not exist, it is created andinitialized from a model. The model contains the list of all resources. Displaying a resourcecan be made by uncommenting the line and updating the resource value.

PRESENTATION 11

Command Mode User Interface

The user interface has already been started up.

To edit the user resource file, type the following:edit_users_resoreur

To edit a project resource file, open the project and type the following:edit_project_resorepr

To edit an explicit resource file named filename, type the following:edit_res_file filenameorerf filename

Motif User Interface

To edit the user resource file:

• In the header of the projects window or components window, click on the Prefer-ences... button and select Edit User Resource File

To edit the project resource file:

• In the header of the components window, click on the Preferences... button andselect Edit Project Resource File

To edit a named resource file:

• In the header of the projects window or components window, click on the Prefer-ences... button and select Edit Explicit Resource File.

2.6.4 Resource file loading

The user resource file is automatically loaded when starting Atelier B or quitting a project.

A project resource file is automatically loaded when opening the corresponding projectand unloaded when quitting it.

Explicit resource files are loaded when requested by the user. They are automaticallyunloaded when quitting a project.


To load the explicit resource file filename, type the following :load_res_file filenameor :lrf filename



To load an explicit resource file :

• Edit the resource file (refer to the previous sub-section).

• In the header of the projects window or components window, click on the Preferences... button and select Load Explicit Resources File.

2.6.5 Display resource values and AtelierB version

The version display command shows :

• the global version of Atelier B,

• the version of all Atelier B tools,

• the current values of resources.


To display the Atelier B version, type the following :version_printorv


To display the Atelier B version :

• In the header of the projects window or components window, click on the Help ...button and select About Atelier B.

Chapter 3

Getting Started

The following sections of this document describe all the functions provided by Atelier B.

This section gives an overview of the functions of Atelier B.

To start a new development using Atelier B, you will need to:

1. Create a project (refer to sub-sections 4.1 and 4.3),

2. Open this project (refer to sub-section 4.16),

3. Add components to this project (refer to sub-section 5.1).

You can now start to apply the B method to your components; you can:

1. perform a syntax analysis and type check (refer to sub-section 6.2).

2. generate proof obligations (refer to sub-section 6.3),

3. automatically prove part of these proof obligations (refer to sub-section 6.5),

4. display the proof obligations (refer to sub-section 6.4),

5. use the interactive prover to prove the remaining proof obligations (refer to sub-section 6.6).

After creating the implementations for your project, you can:

1. check that the implementations are correctly written in the B0 language (refer tosub-section 6.8),

2. translate the project into C, C++, ADA or HIA (refer to sub-section 6.10).

During these development phases, you can use the Atelier B analysis functions, to:

• display progress on a project or a component (refer to sub-section 7.2 and 7.3),

• animate a specification (refer to sub-section 7.4

• display the dependencie graph between components (refer to sub-section 7.5),

13


• display graphs to visualise peculiarities of a B model (refer to sub-section

• search for identifiers defined in components (refer to sub-section 7.9),

• check that your components follow some programming rules (refer to sub-section 7.10).

You can also use the documentation functions to automatically produce documentationin LATEXor Word formats (refer to sub-section 8.2 and 8.3).

When your projects reach large sizes, you can:

1. perform archive storage to create back-ups (refer to sub-section 4.13),

2. split your large scale projects into several smaller projects using the libraries (referto sub-section 4.8),

Chapter 4

Project Management

4.1 Presentation

A project managed by Atelier B is defined by:

• Its name

• A Project Data Base where all the files created by Atelier B are stored (PDB).

• A directory where the translations of components to the C, C++, HIA or ADAlanguages are stored.

• A set of B source files; these files can be located in different directories.

The creation of these directories and B source files is entirely up to the user. Atelier Bdoes not provide a tool for their creation, the user must use UNIX commands.

The projects managed by Atelier B are multi-user projects. Many users can work on thesame project simultaneously. Atelier B uses the rights of the atelierb UNIX group to solveUNIX rights problems between users (refer to the Atelier B - Administrator’s Manual).

A B project, managed by Atelier B, can also use other projects regarded as libraries.Libraries may be used to split industrial size projects into some smaller projects.

Atelier B also offers functions to archive projects. These functions are used to back-up orcopy projects.

For project archiving and portability reasons, we encourage Atelier B users to adopt aproject layout that obeys the following rules:

• All users of the same project should be in the same UNIX group (the Atelierb group).

• The project directories must have a common root. If project_dir is this directory,the PDB and the translation directory must be sub-directories of project_dir. Forexample: project_dir/pdb and project_dir/lang.

• The B source files must be located in sub-directories of project_dir. You can forexample define a sub-directory for each software element, especially if the users whoare responsible for them are different.

15


Elem1 Elem2

project dir

PDB TRANS SRC

OWNER

files produced

by Atelier B

C, C++ or ADA

translations

B sources of

program element 1

B sources of

program element 2

User 1 User 2

Figure 4.1: Project layout

• The directories containing definition files (see 4.11) must also be sub-directories ofproject_dir.

If a project does not follow these rules, it cannot be archived.

Figure 4.1 on page 16 shows an example of a project that follows these rules.

PROJECT MANAGEMENT 17

4.2 Display the List of Projects

Description

This function is used to display the list of projects accessible to the Atelier B user (referto sub-section 4.5 for information on visibility rules).

The project names are always displayed sorted in alphabetical order.

Command mode user interface

The user interface has already been started up.To view the list of projects, type the following command:show_projects_listorspl

The list is displayed as shown below:

Printing Projects list ...

projet1projet2

End of Projects list

Motif user interface

In the Atelier B projects window, the list of projects is always displayed.

Warning: This list is not always up to date. It is possible that another user has added ordeleted a project after the list was displayed. To update the list you must use the Refreshbutton (refer to figure 2.1 on page 5).


4.3 Creating a Project In Atelier B

Description

The Attach project function allows all users to declare a new project in Atelier B. Theinformation required to declare the project is:

• the name of the new project and its owner,

• the Project Database directory (PDB) used by Atelier B to store internal files,

• the translation directory used by Atelier B to store translated files.

The user who created the project becomes its manager. He is the only one allowed toperform certain add/delete users, libraries and archive operations.

To reference a given project, only the PDB and translation directories are required byAtelier B (refer to the directions below). The creation of these two directories is up tothe user. The project components can be ”scattered through” the file system, their accesspath and names are stored in a file located in the PDB and called project_name.db.


To create a project:

1. Choose and create a Project Data Base directory. Sub-section 4.1 provides recom-mendations for the layout of B projects.If path_pdb is the path to this directory.To create the directory, type the UNIX command:mkdir path_pdb

2. Choose and create a translations directory.If path_lang is the path to this directory.To create the directory, type the UNIX command:mkdir path_lang

3. Start the command mode interface:startBB

4. Create the project by typing the following command:create_project project_name path_pdb path_langorcrp project_name path_pdb path_lang

5. Check that the project has been created by typing the command:show_projects_listor spl

Remark: You do not have to type the full path to directories, you can specify a pathrelatively to the directory where Atelier B was started up.For example, if Atelier B was started when you were in directory /home/project, youcould have type pdb and lang directories.


Figure 4.2: Attach Project window


To create a project, perform the following operations:

1. Choose and create the project data base directory. Sub-section 4.1 provides recom-mendations on the layout of B projects.

If path_pdb is the path to this directory.To create the directory, type the UNIX command:mkdir path_pdb

2. Choose and create a translations directory.If path_lang is the path to this directory.To create the directory, type the UNIX command:mkdir path_lang

3. Start the Motif user interface:startAB

4. From the projects window click on the Attach Project button.The window shown in figure 4.2 on page 19 is displayed.

5. Type the project name in the Project Name field, for example MyProject.

6. Type the access path to the PDB directoryin the Project Database Directory path, for example /home/project/pdb.

You can also choose the directory by clicking on the Browse button. The windowshown in figure 4.3 on page 20 is displayed.

In this window choose the directory by clicking in the Directories: list.


Figure 4.3: Choose directory window

7. Type the access path to the translations directoryin the Translations Directory field, for example /home/project/trans.

You can also chose the directory by clicking on the Browse button.

8. Click on the OK button to create the project.

9. Check the projects list to ensure that your project name is displayed. This list issorted by alphabetical order.

Remark: You do not have to type the full path to directories, you can specify a pathrelative to the current directory.For example, if Atelier B was started when you were in directory /home/project, youcould type pdb and lang directory.

Possible errors

Cannot Attach project Cannot access directory <dir>The directory <dir> specified for the PDB or for the translations does not existor cannot be accessed. Check the access path for the directory specified in theparameter as well as its UNIX rights. The directory must be accessible in writemode to the user who creates the project.

Cannot Attach project Directory <dir> is already usedThe <dir> directory specified for the PDB or for the translations is already usedby another project managed by Atelier B. The directory contains a ”marker” filenamed ”.project” which is used by Atelier B.


Cannot attach project, directory <dir> is used twiceYou have specified the same directory for the PDB and the translations directory.These two directories must be different.

Cannot attach project, project name <name> is already usedThe project name that you gave is already used by another project. Warning, theproject may not be in the list of projects. In this case it is a project created byanother user.


4.4 Deleting a Project In Atelier B

Description

The Detach project function deletes an existing project. Only the project manager, i.e.the person who created the project is allowed to delete it.

The intermediate files produced by Atelier B in the project data base will then be deleted.

The following files are not deleted:

• B source files,

• user rules files (*.pmm),

• the project documentation that is automatically generated,

• the translations,

• the project data base directory,

• the translations directory.

To completely clear the project you should delete manually those files and directories afterdeleting the project using Atelier B.


The user interface has already been started up.To delete a project named proj, type the following command:remove_project projorrp proj


The user interface is started up. To delete a project, perform the following operations inthe projects window:

1. Click on the project to delete in the projects list,

2. Click on the Detach Project button.a confirmation window is displayed

3. Confirm the deletion by clicking on Ok orcancel the action by clicking on Cancel.The project is deleted from the projects list.


Possible errors

Allowed only for the manager of the project <proj>Only the manager of the project (the UNIX user who created the project) is allowedto delete it.

Cannot remove <proj1>: Project is used as a library of <proj2>

The <proj1> project cannot be deleted since it is used by the <proj2> projectas a library. If it were deleted, the <proj2> project would be incomplete. Beforedeleting it, the <proj1> library must be removed from the list of libraries declaredin the <proj2> project.

Cannot access the components list file of the project <proj>This warning message is generated if the project components description file is nolonger accessible. This file named <proj>.db is normally in the project data basedirectory. The file or the directory may have been deleted by mistake. This messagedoes not stop deletion of the project.

No such project: <proj>There is no project with this name. In the projects list, check the name of theproject to delete.

Someone is currently using the project <proj>Before deleting a project, Atelier B checks that no user is currently working on theproject. This is tested by checking the presence of the “.usedby_<user>_xxxx” filesin the project data base directory. Such files may remain if Atelier B was shut-downincorrectly (by kill -9, or a power failure for example). In this case, these files mustbe deleted manually.


4.5 Adding Users to a Project

Description

By default, a project is only accessible to the user who has created it. This user isconsidered the project manager by Atelier B.

If necessary, the project manager can make his project accessible to other users. It ispossible to grant access:

• In read and write modes: In this case the user can perform the same operations asthe project manager on the project components (attach/detach components, typecheck, etc).

The project manager remains the sole person authorized to perform operations onthe project (deleting or adding libraries or users, etc).

• In read mode only: In this case the user can only view project components. Onlydocumentation functions will be accessible.

The user can add this project as a library to the projects that he owns.

Warning, the user is added, even if he does not exist on the machine UNIX system.

The manager can grant access to all system users by adding a user named “*”.

Atelier B uses the rights of the atelierb group in order to solve problems with UNIX rightsbetween project users (refer to Atelier B - Administrator’s Manual).

Users can protect their B source files, even when some users have read and write modeaccess rights to a project.


The user interface has already been started up.To grant access in read-write mode to user user_name, for project proj, type the followingcommand:add_project_user proj user_nameorapu proj user_name

To grant access in read mode only to user user_name, for project proj, type the followingcommand:add_project_reader proj user_nameorapr proj user_name

If you put the character “*” instead of user_name, you grant access to all users.


The user interface is started up you are in the projects window.To add a user to a project, perform the following operations :

1. Click on the project in the projects list.


Figure 4.4: New User window

2. Click on the Users ... button, select Add.The window shown in figure 4.4 on page 25 is displayed.

3. Type the user name in the New User field.You can type “*” to grant access to all users.

4. Click on the type of access required read only or read write

5. Confirm by clicking on Ok or cancel by clicking on Cancel.

Possible errors

Allowed only for the manager of the project <proj>Only the manager of the project (the UNIX user who created the project) has theright to add a user to the project.

No such project: <proj>There is no project with this name. Check the projects list for the name of theproject that you want to add a user to.

Someone is modifying the project <proj>Another user is simultaneously performing an action on the project (add/deleteuser, library or archiving). During these operations, the project description file(<proj name>.desc) is locked by a file named: <proj name>.desc.lock. Wait untilthe action is over.

User <name> is already present in the projectThe user specified as a parameter is already present in the list of users authorizedto use the project. If you wish to change the access type of a user grant writepermission to a user with only read permission), delete the user then add him onceagain with the new permissions.


4.6 Removing Users from a Project

Description

The Remove User function is used to remove a user from the users list of a project.

Only the project manager can use this function, and he cannot exclude himself from theproject.

Warning, it is not possible to delete a user who has added components to the project as inthis case it would no longer be possible to access these components. To delete this user,the only solution is to delete the components owned by the user.


With the user interface running. To delete a user user_name, from project proj, type thefollowing command:remove_project_user proj user_nameorrpu proj user_name


To delete the user of a project, perform the following operations in the projects window:

1. Click on the project name.

2. Click on the Users ... button, select Remove.A data entry window is displayed.This window contains the list of all the users of the project.

3. Click on the user to remove.

4. Confirm by clicking on Ok orcancel by clicking on Cancel.A confirm window is displayed.

5. Confirm by clicking on Ok orcancel by clicking on Cancel.

Possible errors

Allowed only for the manager of the project <proj>Only the manager of a project (the UNIX user who created the project) is allowedto delete a user from the project.

Cannot suppress project manager <name>The user specified in the parameter is the project manager. He cannot be removed.


Cannot access the project components description fileThis error message is generated if the project components description file is no longeraccessible. The <proj>.db file is normally in the project data base directory. Thefile or the directory may have been accidentally deleted. If this file is not accessible,Atelier B cannot check whether the user has components or not. In general, if thisfile is no longer accessible, it is preferable to delete the project, as no more actionswill be possible on this project.

No such project: <proj>There is no project with this name. Display the projects list to check the name ofthe project from which you want to remove a user.

Someone is modifying the project <proj>Another user is simultaneously performing an action on the project (adding/deletinga user, a library or an archive storage). During these operations, the project de-scription file (<proj name>.desc) is locked by a file called: <proj name>.desc.lock.Wait until the operation is over.

User <name> owns a component of the project, it cannot be removedThe user specified owns components in the project. This user cannot be deletedsince his components would no longer be accessible to other users.

User <name> is not present in the project read/write users listThe user specified is not present in the list of project users. This error may onlyoccur in the command mode user interface.


4.7 Listing the Users of a Project

Description

This function lists all the users of a project. The following data are displayed:

• name of the project manager.

• name of the users in read and write access modes.

• names of the users in read only access mode.

Sub-section 4.5 describes the various rights that are available to project users.


The user interface has already been started up.To display the list of users in read access mode, type the following command:show_project_readers_list proj_nameorsprl proj_name

The list is displayed as follows:

Printing Project proj_name readers list ...

user1user2

End of Project proj_name readers list

To display the list of users in read and write access modes, type the following command:show_project_users_list proj_nameorspul proj_name

The list is displayed as follows:

Printing Project proj_name read-write users list ...

user1 (manager)user2

End of Project proj_name read-write users list

The project manager is displayed first.


The user interface is started up, you are in the projects window.To obtain the list of users of a project, perform the following operations:


Figure 4.5: Users List window

1. Click on the project name in the projects list.

2. Click on the Users ... button, select List.The window shown in figure 4.5 on page 29 is displayed.

This window displays the list of users.The project manager name is preceded by (manager).Users with read and write access are prefixed by (rw)Users with read only access are precededd by (r-)

3. Click on Ok or Cancel to close the window.

Possible errors

Cannot read file <ATB dir>/<proj name>.descThe project description file has been damaged. You must delete the project as itcannot be used anylonger.

No such project: <proj>There is no project with this name. Display the projects list to check the name ofthe project.


4.8 Adding Libraries

Description

When developing large size projects, you may:

• use predefined component libraries,

• structure a large project into a number of sub-projects.

The manager of the project can link his project to other projects managed by Atelier B,by using the Add Library function.

Any project accessible in read mode to the manager (refer to sub-section 4.5) can becomea project library.

When a library is linked to a project, the project user can establish links (SEES, IM-PORTS, ...) to the components of this library.

The Add Library function checks that the library to add is not already linked to theproject.

For example:

If project <proj1> uses project <proj2> as a library and ifproject <proj> uses library <proj1> ,thenlibrary <proj2> cannot be added to project <proj> , because <proj2> is already used bytransitivity.

If a component is defined in several libraries, then the component that will be taken intoaccount is the one defined in the library that was added first. If there is any doubt on thecomponents taken into account, display the project dependency graph.


With the user interface running. To add the lib_name library to the proj project, typethe following command:add_project_lib proj lib_nameorapl proj lib_name


The user interface is already started up, you are in the projects window. To add a libraryto a project, in the projects window:

1. Click in the projects list, on the name of the project you want to add libraries to.

2. Click on the Libraries ... button, select Add.The window shown in figure 4.6 on page 31 is displayed.

This window contains the list of projects that you have the right to read.


Figure 4.6: Add Libraries window

3. From the list, select the libraries to add.

4. Click on OK to complete linking.

Possible errors

Allowed only for the manager of the project <proj>Only the manager of a project (the UNIX user who created the project) has theright to add a library to the project.

Bad file format for <ATB dir>/<lib name>.descThe data present in the project description file that you want to add as a libraryis incorrect. The file might have been modified or overwritten by mistake. Thisproject is no longer valid. You should delete it.

Cannot create file <proj pdb>/.libThe ”.lib” file present in the project data base is used by some Atelier B toolsto search for components in the libraries. This file contains the PDB access pathof the project libraries. When a library is added or deleted, this file is modified.This message is generated if Atelier B cannot write into the PDB. Check the PDBdirectory access rights. The PDB directory must belong to the manager and to theatelierb group. The access rights should be:PDB rwxrwxr– atelierb manager

<lib name> is a library of the project <proj name>The project that you want to add as a library is already present in the list of projectlibraries.

No such project : <proj>There is no project with this name. Display the list of projects and check the nameof the library you want to add or the name of the library project.


Cannot access project <lib name>You are not authorized to read the library that you want to add to the project. Youshould ask the manager of this project to give you read access to it.

Someone is modifying the project <proj>Another user is simultaneously performing an action on the project ( adding/deletinga user or library). During these actions, the project description file(<proj name>.desc) is locked by a file named: proj name>.desc.lock. You mustwait until the other user action is over.

The library <lib name> is already included in the project <proj name>The project you want to add as a library is already present in the list of projectlibraries.


Figure 4.7: Remove Libraries window

4.9 Removing Libraries

Description

The Remove Library function is used to remove a library from the list of libraries of aproject.

The operation is only performed if it is requested by the project manager.

Warning, before removing a library you should check that no component of the projectdepends on a component of this library. Otherwise, the project will be in an incoherentstate after the library is removed. To check this, use the dependencies graph described insub-section 7.5.


The user interface is already started up.To remove the lib_name library from the proj_name project, type the following command:remove_project_lib proj_name lib_nameorrpl proj_name lib_name


The user interface is already started up, you are in the projects window.To remove a library from a project, perform the following operations :

1. Click on the project name.

2. Click on the Libraries ... button, select Remove.The window shown in figure 4.7 on page 33 is displayed.

This window contains the list of all project libraries.

3. Click on the library to remove from the list.


4. Confirm by clicking on Ok.

Possible errors

Allowed only for the manager of the project <proj>Only the manager of a project (the UNIX user who created the project) is allowedto delete a project library.

Cannot create file <proj pdb>/.libThe ”.lib” file present in the project data base is used by some Atelier B tools tosearch for components in the libraries. This file contains the PDB access paths forthe project libraries. When a library is added or deleted, this file is modified. Thismessage is generated if Atelier B cannot write into the PDB. Check the access rightsof the PDB. The PDB directory must belong to the manager and to the atelierbgroup. The access rights should be:PDB rwxrwxr– manager atelierb

No such project: <proj>There is no project with this name. Display the projects list to check the name ofthe project.

Project <lib name> is not present in the project libraries listThe library given as a parameter does not belong to the list of libraries.

Someone is modifying the project <proj>Another user is simultaneously performing an action on the project(adding/removing a user, library or archiving). During these actions, the project de-scription file (<proj name>.desc) is locked by a file named: <proj name>.desc.lock.You will have to wait for the action to be over.


4.10 Listing the Libraries of a Project

Description

This function lists all the libraries of a project. The library names are sorted in alphabeticalorder.


The user interface is already started up.To display the list of libraries of project proj_name, type the following command:show_project_libs_list proj_nameorspll proj_name

The list is displayed as shown below:

Printing Project proj_name libs list ...

lib1lib2

End of Project proj_name libraries list


The user interface is already started up, you are in the projects window.To access the list of libraries for a project, perform the following operations :

1. Click on the project name in the list of projects.

2. Click on the Libraries ... button, select Display List.The window shown in figure 4.8 on page 36 is displayed.

This window shows the list of libraries sorted in alphabetical order.

3. Click on Ok or Cancel to close this window.

Possible errors

Bad file format for <ATB dir>/<lib name>.descThe data present in the project description file is incorrect. The file might havebeen modified or overwritten by mistake. This project is no longer valid. Youshould delete it.

No such project: <proj>There is no project with this name. Check the list of projects, for the project thatyou want the list of libraries for.


Figure 4.8: Libraries List window

Cannot access project <lib name>You are not authorized for read mode access to the project that you want the listof libraries for. You will have to ask the manager of this project to grant you readaccess.


4.11 Adding definition files directories

Description

Definition files are a means to share common definitions for several components.

Their description are given in chapter 2.3 The DEFINITIONS clause of the documentReference Manual for B language .

This section describes the procedures to follow so as to add a new directory to a B project,which can contain definition files used by the components of this project.

The operation only takes place if it is requested by the manager of the project.



To add the dir directory to the proj project, you must type the following command :add_definitions_directory proj diroradd proj dirBeware, you must indicate the absolute path of the directory.


The user interface has already been started up, you are in the projects window.

To add a directory to a project, you must :

1. In the list of projects, click on the name of the project you wish to add to a directory.

2. Click on the Libraries ... button, select Add definitions directory.The window shown in figure 4.9 on page 38 is displayed.

3. Select in the Directories: list, the directory you wish to add.

4. Click on OK to complete the operation.


Figure 4.9: Add definition directories Window

4.12 Removing definition files directories

Description

The function Remove definition directories permits the exclusion of several directoriesfrom the list of definition directories of a project.

The operation only takes place if it is requested by the manager of the project.

Beware, before deleting a directory, it is advised to verify that no component of the projectdepends on a definition file present in this directory.


The user interface has already been started up.To delete the dir directory from the project name proj_name, you must type the followingcommand :remove_definitions_directory proj_name dirorrdd proj_name dir.

Beware, you must indicate the absolute path of the directory.


The user interface has already been started up, you are in the projects window.To delete a definition directory from a project, you must perform the following operations:


Figure 4.10: Remove definitions directories window

1. Click on the name of the project.

2. Click on the Libraries ... button, select Remove definition directories.The window shown in figure 4.10 on page 39 is displayed.

This window contains the list of all the definition directories of the project.

3. Click on the directories to be deleted from the list.

4. Confirm by clicking on Ok.


4.13 Archiving a Project

Description

This function is used to archive all the files of a project managed by Atelier B.

The archive created is a file in tar format with a .arc extension and a tar prefix, forexample tarLIBRARY.arc.

This function can be used to:

• back-up a project,

• make a copy of a project (e.g., to transfer it to another machine).

There are three options for archiving:

• Save all the B source files (.mch, .ref and .imp and definition files).

• Save all the B source files and the proof files.With this option, Atelier B also saves the files in the project data base used by theproof tools:

– .po files: proof obligations,

– .pmi files: demonstrations,

– .pmm files: user rules,

– PatchProver file: user tactics,

– AtelierB file: project resource file.

• Save the entire project:

– B source files,

– files present in the project data base directory,

– files present in the translation directory.

When “all” the project is archived, all data is stored. As a result, when the project isrestored (refer to sub-section 4.14) the user will retrieve it in the same state; and will nothave for instance to type check again what was already type checked.

Warning, only projects with a layout like that described in sub-section 4.1 can bearchived. All the project directories must have a common root.

Examples:

1. The following project cannot be archived as its PDB directory and its translationdirectory are not in the same directory:

Project : proj_namePDB : /home/projects/proj_name/pdbTRAD : /home/projects/trad

2. The following project cannot be archived as the components are in directories abovethe PDB and TRAD directories:


Project : proj_namePDB : /home/projects/proj_name/pdbTRAD : /home/projects/proj_name/tradM1.mch : /home/projects/spec/M1.mchM2.mch : /home/projects/spec/M2.mch

3. The following project cannot be archived as a definition file is in a directory abovethe PDB and TRAD directories:

Project : proj_namePDB : /home/projects/proj_name/pdbTRAD : /home/projects/proj_name/tradMM.defs : /home/projects/defs/MM.defsM1.mch : /home/projects/proj_name/spec/M1.mchM2.mch : /home/projects/proj_name/spec/M2.mch

4. The following project can be archived as the source files are all in sub-directories ofthe common root.

Project : proj_namePDB : /home/projects/proj_name/pdbTRAD : /home/projects/proj_name/tradM1.mch : /home/projects/proj_name/spec/M1.mchM2.mch : /home/projects/proj_name/spec/M2.mchM3.mch : /home/projects/proj_name/spec_bis/M3.mchM4.mch : /home/projects/proj_name/spec_bis/spec/M4.mch


The user interface is already started up.To archive a project, use the archive or arc command.

This command has three parameters:

• The project name,

• The path to the archive file,

• The type of archival:

0 B source files archive,

1 entire project archive,

2 B source and proof files archive.

Example:To archive the entire project proj_name, type the following command:archive proj_name /home/project/tarPROJ.arc 1

The archive created is named /home/project/tarPROJ.arc.


Figure 4.11: Archive window


The user interface is already started up, you are in the projects window.To archive a project, perform the following operations:

1. Click on the name of the project to archive in the list of projects.

2. Click on the Archive Project button.The window shown in figure 4.11 on page 42 is displayed.

This window contains two parts:

(a) The upper part permits you to choose the file and the directory where to createthe archive.

(b) The lower part permits you to choose the type of archive.

3. Choose the directory where the archive file will be created. To make the selectionyou can:

• “double-click” on the directories in the Directories list, or

• directly type the directory path into the Archive Directory field.

Each time the directory changes, the Archive list displays the list of the “.arc” filesof the directory.

4. Choose the archive file name. To do this you can:

• click on one of the file names in the Archives list, or


• directly type the file name into the Archive Name field without the“.arc”extension. By default the archive name is tar<project_name>

5. In the lower field, click on the button that corresponds to the type of archive.

6. Click on OK to archive the project.A confirm window is displayed.

7. Click on OK to confirm.The list of archived files will be displayed in the Atelier B start-up window.

a /tmp/atelierb.tar 1Ka spec/BASIC_STATUS.mch 1K....a pdb/ 0Ka pdb/.project 0Ka pdb/.lib 0Ka pdb/INNER_INTERFACE.bpp 1Ka pdb/TOTAL_OBJECT.bpp 1K....a lang/ 0Ka lang/BASIC_COMMAND.c 2K....

Possible errors

A project is being archived/restoredEvery archive contains a /tmp/atelierb file that describes the project archived. Atthe start of the archive or restore procedure, this file is copied to a temporary file.If two users archive or restore at the same time, this message is generated as AtelierB cannot copy the file. Try again later and check that there is no file called atelierbin the /tmp directory.

Cannot access directory <dir name>One of the directories to archive is no longer accessible. Check that this directoryhas not been removed.

Cannot create the file /tmp/xxx (check for directory permissions)Atelier B uses temporary files during archiving. The /tmp directory must be acces-sible in write mode for all users.

Cannot access the project description file of <proj>This error message is generated if the project components description file is no longeraccessible. This file called <proj>.db is normally in the project data base directory.<proj>.db. The file or the directory has perhaps been removed by mistake. If thisfile is no longer accessible, Atelier B cannot read the information on the components.In general, if this file is no longer accessible, it is better to delete the project, as nomore actions will be possible on this project.


No such project <proj>There is no project with this name. Display the projects list to check the name ofthe project to archive.

tar errorThe message is displayed when a tar command performed by Atelier B has sentback an error message. In the Atelier B start-up window, check the tar commandmessages.

Invalid directories structure of the project <proj>The project that you wish to archive has a layout that makes archiving impossible.To be archived, a project must comply with the following conditions:- the PDB and TRAD directories be in the same directory.- the B source files must be in the sub-directories of the previous directory.


4.14 Restoring a Project

Description

This function is used to restore a project managed by Atelier B from the data stored inan archive created using the function described in the previous sub-section.

Three restore options are available:

• restore B source files,

• restore B source files and proof files,

• restore the entire project.

A restoring always creates a new project. When a project is restored the following datafrom the archived project are lost:

• the list of project libraries,

• the name of the project manager; the user who is restoring the project automaticallybecomes the manager of the created project,

• the list of users authorized to access the project.

Remark: You can restore the B source files and the proof files of a project archived witha previous version of Atelier B.


The user interface is already started up.To restore a project, use the restore or res command.

This command requires four parameters:

• the archive file access path,

• the type of restore:

0 restore B source files,

1 restore the entire project,

2 restore B source files and proof files.

• the name of the restored project: you must give the name of a new project.

• the project base path, if you do not wish the directories to be created in the currentdirectory.

Example:To restore and create the COPY project, type the following command:restore /home/project/tarPROJ.arc 1 COPY /home/COPY

A new project called COPY is created in the /home/COPY directory.


Figure 4.12: Restore window


The user interface is already started up, you are in the projects window.To restore a project, perform the following operations:

1. Click on the Restore Project button.The window shown in figure 4.12 on page 46 is displayed.


(a) The left part to choose the archive file and directory as well as the type ofrestore.

(b) The right part to choose the new project to create.

2. Choose the archive file directory. To make this selection you can:

• “double-click” on the directories in the Directories list, or

• directly type the access path to the directory in the Archive Directory field.

Each time a directory is selected, the Archives list displays the list of “.arc” files ofthe directory.

3. Click on the archive in the Archives list field.

4. In the lower field, click on the button that corresponds to the type of restore required.

5. In the Project Name field, type the name of the restored project. You must type ina new project name.


6. Choose the directory where the new project will be installed. To make this choice,you can:

• ”double-click” on the directories in the Project Directories list, or• directly type the access path to the directory in the Project Directory field.

You can specify the name of a directory that does not exist in the Project Directoryfield, it will be created by Atelier B.

7. Click on OK to restore the project.A confirm window is displayed.

8. Click on OK to confirm.The list of restored files will be displayed in the Atelier B start-up window.

x /tmp/atelierb.tar 1Kx spec/BASIC_STATUS.mch 1K.....x pdb/OKx pdb/.project OKx pdb/.lib OKx pdb/INNER_INTERFACE.bpp 1Kx pdb/TOTAL_OBJECT.bpp 1K....x lang/OKx lang/BASIC_COMMAND.c 2K....

The project will then be displayed in the list of projects; the various componentsand the definitions files directories are automatically attached to the project.

Possible errors

A project is being archived/restoredAll archives contain a /tmp/atelierb file that describes the archived project. At thebeginning of the archive or restore action, this file is copied to a temporary file. Iftwo users are performing archive or restore actions at the same time, this messageis generated since Atelier B cannot make a copy. Try again later and ensure thatthere is no file called atelierb in the /tmp directory.

Cannot create directory <dir path>

You have requested a restore to a new project. Atelier B cannot create the newproject directory. Check the directory access path and the UNIX rights of the hostdirectory.

Cannot create the file /tmp/xxx (check for directory permissions)Atelier B uses temporary files during the restore action. The /tmp directory mustbe accessible in read mode to all users.


Cannot read file <archive file>The archive file that you specified in the parameters does not exist or cannot beaccessed in write mode.

Cannot restore project. Project name <proj name> is already usedThe project name you have chosen to restore your archive into already exists. Youmust chose an unused project name.

Only B sources and proof files have been archived in <archive file>The archive that you selected contains only B source files and proof files. You cannottherefore restore it using the entire project restore option. You can only:- restore B source files or- restore B source files and proof files.

Only B sources have been archived in <archive file>The archive that you selected contains only B source files. You cannot thereforerestore using:- restore B source files and proof files,- restore the entire project. You can only restore the B sources.

tar errorThis message is displayed when a tar command performed by Atelier B sends backan error. Check the Atelier B start-up window for the tar command messages.

the archive was built by another version of atelier BThis message is displayed only when the archiving was done with a previous versionof Atelier B, and when you try to restore the entire project. In this case, you canonly restore B source files and/or proof files.


Figure 4.13: Project Properties window

4.15 Reading Properties of a Project

Description

This function displays the following properties of a project:

• the access path to the project database,

• the access path to the translations directory,

• the name of the project manager,

• the list of project libraries.


The user interface is already started up.To view the properties of project proj_name, type the following command:project_infos proj_nameorip proj_name

The properties are displayed as follows:

Name : LIFTDatabase path : /home/projects/pdbTranslations path : /home/projects/translManager : fbLibraries : LIBRARY


The user interface is already started up, you are in the projects window: To display theproperties of a project, perform the following operations:

1. Click on a project name in the projects list.

2. Click on the Project Properties button,The window shown in figure 4.13 on page 49 is displayed.


3. Click on OK to close this window.

Possible errors

No such project: <proj name>The project <proj name> does not exist.


4.16 Opening a Project

Description

This function grants access to the components of a project.


The user interface is already started up.To open project proj_name, type the following command:open_project proj_nameorop proj_name


The user interface is already started up, you are in the projects window.To open a project, perform the following operations :

1. Click on the project name in the projects list,

2. Click on the Open Project button.

or

1. ”double-click” on the project name in the projects list.

The projects window is replaced by the components window.

Section 5 describes how to manage components.

Possible errors

Bad file format for <ATB dir>/AB/press/bdb/<lib name>.descThe data of the description file of the project you try to open have been damaged.The file may have been modified or overwritten. This project is no longer valid. Youshould delete it.

Cannot access Project database directory <pdb dir>The project data base directory is no longer accessible. The directory has probablybeen deleted. You should detach the project.

Cannot access Project translation directory <trad dir>The project translation directory is no longer accessible. The directory has probablybeen deleted. You should detach the project.


Cannot launch Logic Solver (check if there is enough memory)When a project is opened, Atelier B launches the Logic Solver. This tool requiresa lot of memory. This message is displayed when the tool could not be started.Generally this is due to a memory problem. Look at the messages in the Atelier Bstart-up window. If your machine does not have enough memory, you can modifythe tool configuration by following the instructions provided in the Administrator’sManual.

Cannot open project, Project database directory <pbd dir> is not writableThe project data base directory can no longer be accessed in write mode. Thedirectory rights have probably been modified. Normally this directory must belongto the project manager and the atelierb group. Only the manager and the atelierbgroup are allowed to write in this directory. These rights are automatically set-upwhen the project is created.

Cannot open project, Project translation directory <trad dir> is not writableThe project translations directory can no longer be accessed in write mode. Thedirectory rights have probably been modified. Normally this directory must belongto the project manager and the atelierb group. Only the manager and the atelierbgroup are allowed to write in this directory. These rights are automatically set-upwhen the project is created.

No such project: <proj>There is no project named <proj>. Display the projects list to check the name ofthe project to open.

Cannot access project <lib name>You are not authorized to access the project in read mode . You must ask themanager of this project to grant you read access.

Someone is modifying the project <proj>Another user is simultaneously performing an action on the project(adding/removing users, library or archiving). During these operations,the project description file (<proj name>.desc) is locked by a file named:<proj name>.desc.lock. Wait until the action is over.

A project is already opened <proj name>You are using the command mode user interface. Only one project can be open atone time. Close the project, before opening another project.


Cannot access the project components description fileThis message is displayed if the project components description file is no longeraccessible. This file is normally present in the directory of the project database; itis named <proj>.db. The file or the directory may have been deleted by mistake. Ifthis file is not accessible, the Atelier B can’t check if the user has some componentsor not. In general, if this file is no longer accessible, it is better to delete the project,because none action will be possible to perform on this project.


4.17 Closing a Project

Description

This function closes the previously opened project.


The user interface is already started up.To close a project, type the following command:close_projectorclp


The user interface has already been started up, you are in the projects window.To close a project, click on the Quit Project button in the components window.

The components window is replaced by the projects window.

Possible errors

No current projectThere is no project previously opened. This message also occurs when you clickmany times in a row on the Quit Project button.

Chapter 5

Managing Project Components

5.1 Adding Components

Description

A B project is made up of a list of B components located in text files.

These components are either directly linked to the project, or accessible through libraries.

The B source files are text files containing one or several components.

Atelier B does not supply a specific editor. Any text editor can be used to create, modifyor visualise the B source files.

Once a source file has been attached to a project, the project manager analyses whichcomponents are contained in the file and permit the management of these components.

For Atelier B, the owner of a component is the person who attached it to the project.

This can cause a potential problem if the B source file is not accessible by the user in theUNIX sense, either for reading, or even for writing (see chapter 4.1).

Atelier B only accepts as B source files those whose name ends in one of the four followingsuffixes : .mch, .ref, .imp, .mod. The contents of each type of file is as follows :

• A file named Ident.mch must contain one and only one component : an abstractmachine named Ident.

• A file named Ident.ref must contain one and only one component : a refinementnamed Ident.

• A file named Ident.imp must contain one and only one component : an implemen-tation named Ident.

• A file named Ident.mod must contain a component named Ident. It can also containthe refinements of this component, as well as modules (an abstract machine and allits refinements) imported by the implantation of the component. Finally, for eachmodule present in the file, the modules imported by this module can also be present.A suffix file .mod permits the storage in a single file of a B module, or a sub-partof the project made up of a module and the modules imported by this module.

55


If the contents of the files do not respect these rules, the file will still be attached to theproject. An error message is then displayed in the start up window. No other operationwill be possible on the component before its correction.


The user interface is started up, you already have opened a project.To add a component to the current project, perform the following operations:

1. Go to the directory where the B source file is located, using the commandcd orchange_directory

2. Display the list of B sources present in this directory, using the command lsb orlist_sources_b.This command displays the list of files with .mch, .ref, .imp or .mod extensionspresent in the current directory.

3. Add a component using command:af file_name or add_file file_nameExample:af AA.mch


The user interface has already been started up, you are in the projects window.To add components to a project, perform the following operations in the componentswindow:

1. Click on the Components ... button, select Add. The window shown in figure 5.1 onpage 57 is displayed:

2. Go to the directory where the B source files are located:

• “double-click” on the directories displayed in the list Directories List or

• type the path to the directory of your source file in Current Directory field.

Components List displays a list that is updated every time the directory changes. Itcontains a list of B source files present in the directory. Atelier B removes from thelist the components which are already present in the project.

3. Select from the list displayed by Components List the files that contains the compo-nents to add.

4. Click on OK to add the components.

MANAGING PROJECT COMPONENTS 57

Figure 5.1: Add Components window

Possible errors

Unable to open input file <filename> (<error>)The file specified as a parameter cannot be accessed in read mode by the Atelier Buser. Check the UNIX rights of the B source file.

Someone is adding or removing a component in the projectAnother user simultaneously working on the same project is adding or removinga component. Wait until the action is over to ensure data coherence. During theoperations to add/remove components, mutual exclusion between user is ensured bya file in the PDB directory named “project name.lock”.

Component <comp name> can not be part of this fileThe file .mod specified as a parameter contains a component which does not respectthe rules for this type of files.

File <comp name> can’t be added, there is already a file with the same name inthe projectThe project already contains a component with the same name. Check the list ofproject components.


5.2 Suppressing Components

Description

This function permits to suppress one or several components from the current project .

B source files themselves are not deleted, they are just removed from the list of componentsof the project.

The components selected are only suppressed if the user is the owner of the componentsor the manager of the project.

When a component is suppressed, all the information related to this component are deletedfrom the PDB, except the following ones:

• B source files,

• user rule files (*.pmm),

• automatically generated project documentation,

• translations.


The user interface is started up, you already have opened a project.To suppress a component from a project, type the following command:remove_component comp_nameorrc comp_nameIf comp_name corresponds to a component part of a .mod file then all the componentsincluded in the .mod file will be deleted.


The user interface has already been started up, you are in the components window.To suppress components from a project, perform the following operations :

1. From the list of components, select the ones to suppress.

2. Click on the Components ... button, select Suppress.A confirmation window is displayed.

3. Click on OK to confirm.The components are suppressed from the list of components.

If some of the components of a .mod extension file are selected, then all the compo-nents included in the file will be detached.


Possible errors

Cannot find component <comp name> in the projectComponent <comp name> is not present in the projectThe component specified as a parameter is not part of the project. Check the nameof the component by displaying the list of the project components.

Someone is adding or removing a component in the projectAnother user working simultaneously on the same project is adding or removing acomponent. Wait until the action is over to ensure data coherence. During compo-nent add/remove operations, mutual exclusion between users is ensured by a file inthe PDB directory named ”project name.lock”.

Suppression is allowed only for the project manager or the machine managerYou cannot suppress this component. A component can only be suppressed by:- the user who is the component manager (the user who added it to the project).- the user who is the project manager.


5.3 Displaying the List of Components

Description

This function displays the list of components of a project, grouped by B source files names.

The components are displayed in alphabetical order, according to the names of B sourcefiles.

If the components BB, BB_1 and AA are present in the same B source file (file .mod) thenthe components will be displayed in the following way:

BB AA

BB

BB_1

On large scale projects, the number of components is often very important. This func-tion offers several filters permitting to reduce the number of components and to searchcomponents by their names.

The available filters are:

• Filter according to the component manager user.

• Filter by type of component: machine, refinement, implementation.

• Filter by component name.


The user interface is started up, you already have opened a project.To display the list of project components, use the following command:show_machine_list or sml.

This function accepts five optional parameters:

own If this parameter equals 1 only the components that you are manager of are displayed.

mch If this parameter equals 0 the machines are not displayed.

ref If this parameter equals 0 the refinements are not displayed.

imp If this parameter equals 0 the implementations are not displayed.

name This parameter allows to filter the list by component names. Use the * character.For example, to display all components with a name starting with a S letter, specifythe S* value.

Examples:To obtain the list of the components that you manage:

bbatch 2> sml 1

Printing Own machines list ...

B_Site_central


Filter by

component typeFilter by

owner

Filter byname

Figure 5.2: Filters on the components list

Card Card

Card_imp

Keyboard_code

Keyboard_code_ref

End of machines list

To list machines only:

bbatch 2> sml 0 1 0 0

Printing machines list ...

B_Site_central

Card Card

Keyboard_code


To list only machines with a name starting with K and ending with code:

bbatch 2> sml 0 1 0 0 K*code

Printing Own machines list ...

Keyboard_code



The user interface is already started up, you are in the components window.The list of components is permanently displayed in the window. The Refresh button thelist. This functionality makes easier the multi-user work.The buttons and entry field on the left of the list allow you to apply the filters.

Figure 5.2 on page 61 shows the filters available:

• Click on Own to see only the components that you manage, All displays all theproject components.


• Click on Machine to remove the machines from the list.

• Click on Refinement to remove the refinements from the list.

• Click on Implementation to remove the implementations from the list.

• Type the first letters of the component name, the list is modified at each new typedletter.For example, type C, and all components beginning with a C will be displayed.Add an a, and the components with a name starting with Ca will be displayed.


5.4 Reading Information on the Components

Description

This function displays the following properties of components:

• the name of the component manager,

• the entire access path of the B source file,

• the type of the component: machine, refinement or implementation.


To get information on a component called comp_name, a project should be opened, thentype the following command:infos_component comp_nameoric comp_name

The properties are displayed as follows:

MACHINE --> MainLOCATION --> /home/project/specOWNER --> user1


To obtain properties on components, the following operations must be performed in thecomponents window:

1. Select components from the components list.

2. Click on the Components Properties button.A window containing the properties of the selected components will be displayed.

3. Click on OK to close the window.

Possible errors

Cannot find component <comp name> in the projectThe component specified as a parameter is not part of the project. Check the nameof the component by displaying the list of project components.


5.5 Editing a Component

Description

This function allows you to edit the source file corresponding to a component.

The editor used is set up during Atelier B installation. Sub-section 7.2 in the Atelier B -Administrator’s Manual explain you how to modify it.


The user interface is started up, you already have opened a project.To edit the comp_name component, a project should be opened, then type the followingcommand:edit comp_nameore comp_name


The user interface is already started up, you are in the components window.To edit a component, ”double-click” on the component name in the components list.

Usable parameters

ATB*OPT TOOLS <SYSTEM>*Editor PathPositioned at the Atelier B set upAccess path to the text editor.

Possible errors

Cannot find component <comp name> in the projectThe component given as a parameter is not part of the project. Check the name ofthe component by displaying the list of project components.


5.6 Restoring a Component

Description

This function is used to restore B source files or definitions files from an archive createdusing the function described in sub-section 4.13.

Restore is performed in the current project.

If the restored component is not in the current project, the function add it automatically.If the component is already present in the project, it is replaced by the restored component.


The user interface is started up, you already have opened a project.To restore a component, use the get_list_from_archive command, followed by therestore_source command.The get_list_from_archive command displays the list of files in a project archive:

bbatch 2> get_list_from_archive /home/project/tarPROJ.arc

x /tmp/atelierb.tar, 486 bytes, 1 tape blocks

Printing Components in archive file

tarPROJ ...

Acq_1.mch

Arithmetic_1.mch

Arithmetic_2.imp

End of List

The restore_source command performs the restore. For example, to restore the Acq_1.mchcomponent in the MyProj project, you must type:

bbatch 3> restore_source /home/projet/tarPROJ.arc Acq_1.mch

x /tmp/atelierb.tar, 486 bytes, 1 tape blocks

x spec/Acq_1.mch, 342 bytes, 1 tape blocks


The user interface is already started up, you are in the components window.To restore a component, perform the following operations:

1. Click on the Components ... button, select Restore.The window shown in figure 5.3 on page 66 is displayed.


(a) The left part lets you choose the archive file and directory.

(b) The right part lets you choose the file to restore.

2. Choose the directory where the archive file is located. To do this selection you can:


Figure 5.3: Restore window

• “double-click” on the directories in the Directories List, or

• directly type the directory access path in the Archive Directory field.

When the directory changes, the Archives List displays the list of “.arc” files presentin the directory.

3. Choose the archive file name by clicking on one of the files of the Archives List.The Components List displays the list of components present in the archive.

4. Click on the file to restore in the Components List.

5. Click on OK to restore the component.

Possible errors

Allowed only for the manager of the project <proj>Only the manager of this project (the user who created it) is allowed to restorecomponents in this project.

A project is being archived/restoredThe archives contain a /tmp/atelierb file that describes the archived project. Whenarchive or restore begins, this file is copied in a temporary file. If two users archiveor restore at the same time, this message is generated as Atelier B cannot copy the/tmp/atelierb file. Try again later and check that there is no file called atelierb inthe /tmp directory.


Cannot create the file /tmp/xxx (check for directory permissions)Atelier B uses temporary files while restoring. The /tmp directory must be accessiblein write mode for all users.

Cannot read file <archive file>The archive file that you entered as a parameter does not exist or cannot be accessedin read mode.

Cannot restore source to project <name1>:project <name2> is openedYou want to restore a component in the <name1> project, but you already haveopened the <name2> project. Close the <name2> project, then redo the restoring.

Component <comp name> is not present in the archive file <archive name>The component that you entered as a parameter is not in the archive file list ofcomponents. Check the name of the component.

tar errorThis message is displayed when a tar command performed by Atelier B sent backan error. Check the Atelier B start-up window for tar command messages.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component you try torestore. Wait until the action is over to avoid interfering with the processing. Thecomponents are locked by a file named “comp name.lock” in the PDB.

Chapter 6

Applying the B Method

6.1 Presentation

To develop programs using the B method, Atelier B proposes a set of commands allowing:

• syntax and type checking of components,

• automatic generation of proof obligations (PO),

• analysis of proof obligations,

• automatic demonstration of POs,

• interactive demonstration of POs that are not automatically demonstrated,

• translatable language checking,

• translating implementation into one of the following programming language (C,C++, ADA or HIA).

The presentation of these commands assumes that the reader is familiar with the Bmethod.

This manual therefore only covers the implementation conditions for the functions listedpreviously and not their aims in relation to the method.

In the basic version of Atelier B, translation to standard computer languages (C, C++,ADA or HIA) is not included. The C, C++, ADA or HIA translators must be installedseparately.

69


6.2 Syntax and Type Check

Description

This function combines the syntax analysis and the type checking of B components.

The syntax checking ensures that the sources for the selected machines comply with theB language syntax. On this subject, the reader can refer to the B language - ReferenceManuel.

Type checking controls:

• identifier conflicts,

• typing rules,

• missing declarations,

• language restrictions,

• visibility rules,

• etc ...

This type check is necessary for the PO generation.The type check of a component is automatically applied to all the components “required“by the current component, through the following links SEES, USES, INCLDES, IMPORT,EXTENDS, REFINES.This type check on the required components is only applied when necessary, i.e. if acomponent change was made since the last type check.

Modifications of “form” (comments, spaces, ...) are not taken in account.

Syntax errors are displayed in an error window and in the start-up window.They are displayed as following:

<file>:<line number>:<column number> <error description>

Example:

AA.mch:6:17 Sequential (’;’) substitution is not allowed in a specification

Line and column numbers show exactly the location in the source file where the erroroccurs.

Semantic errors are displayed in the Atelier B start-up window.They are displayed as following:

Type checking machine AA

Loading referenced_machines

Checking name_conflicts

Checking constraints clause

...

Checking INVARIANT clause

Error: 1+2 in ( aa: 1+2 ) should be a set

Error: Variable aa has not been typed

Checking operation b_ask_code

APPLYING THE B METHOD 71

Checking operation b_code_typed

No information saved for AA

End of Type checking

The type checker displays an information message for each processed clause.

The Type checker - Error messages manual describes in detail all the error messagesgenerated during this phase.


The user interface is started up, you already have opened a project.To perform a syntax analysis and a type check on component comp_name, type the followingcommand:typecheck comp_nameort comp_name

The information and error messages from the type checker are displayed in the start-upwindow.


The user interface is already started up, you are in the projects window.To perform a syntax analysis and type check some components, perform the followingoperations:

1. Select components from the list of components.

2. Click on the Type Check button.Each component is type checked, one by one.

If there is a syntax error, an error window will be displayed. This window containsthe description of the detected errors.

If there is a semantic error on one of the components, a warning window will bedisplayed. In this case, check the type of error according to the messages displayedin the start-up window.

Remark : You can interrupt the treatment by using the function described in chapter6.13 on page 106.

Usable parameters

ATB*BCOMP*Allow ANYFALSEAllow or not the ANY substitution in implementation.


ATB*BCOMP*Allow Becomes Member OfFALSEAllow or not the “becomes member of” substitution in implementation.

ATB*BCOMP*Allow Becomes Such ThatFALSEAllow or not the “becomes as” substitution in implementation.

ATB*BCOMP*Allow CHOICEFALSEAllow or not the CHOICE substitution in implementation.

ATB*BCOMP*Allow LETFALSEAllow or not the LET substitution in implementation.

ATB*BCOMP*Allow ParallelFALSEAllow or not the Parallel substitution in implementation.

ATB*BCOMP*Allow PreFALSEAllow or not the PRE substitution in implementation.

ATB*BCOMP*Allow Read In ValuesFALSEAllow or not using previously valued constants in the VALUES clause.

ATB*BCOMP*Allow SELECTFALSEAllow or not the SELECT substitution in implementation.

ATB*BCOMP*Tab Width8Number of character needed to obtain a tabulation.


Possible errors

This section does not describe type checker error messages as these messages are describedin the Type checker - Error message manual

<comp name> is already Type CheckedThis warning message is displayed if the component specified as a parameter hasalready been successfully checked.You can force checking by using the function described in chapter 6.14 page 108.

Cannot update component <comp name>, it belongs to library project <lib name>.The component that you tried to type check belongs to a library. This library isnot updated, the components that it contains have not been type checked. Ask thelibrary manager to update it.

Component <comp name>: someone is modifying component <depend comp>

You required the type check of the first component but the type check of a componentwhich the first one depends on, is impossible to perform since an action is beingperformed on it by another user. Wait until the action is over and try again.

Component <comp 1> is referenced several times by <comp>

A component cannot be seen (SEES) and imported (IMPORT) by the same imple-mentation. This message is displayed when this rule is violated.

IMPLEMENTATIONM_1

REFINESMM

SEESNN

IMPORTSNN

END

Component <comp 1> is seen by <comp> but is not seen by its refinement<comp ref>If a MM component sees (SEES) a NN machine , then all the refinements of MMmust also see (SEES) this machine. This message is displayed when this rule isviolated.

Component <comp name>: Type Check error in <depend comp>

You required the type check of the first component, and an an error occured on onecomponent which this component depends on. Refer to the messages displayed bythe tool in the start-up window.


Infinite loop between <comp 1> and <comp 2>

Atelier B detected a loop in the dependencies of the component that you requesteda check on. Loops between components are not allowed. There are two possibletypes of loops:1 - loop between components: M1 —> M2 —> M12 - loops between modules: M1 refined by M1 1 –> M2 —> M1

Examples of loops:M1 --> M2 ---> M1M1 --> M2 ---> M3 ---> M1

seesM1 <------------ M2^ ^| sees |M1_1 ------------+

Infinite loop in components dependenciesAtelier B has detected a loop in the dependencies of the component that you requireda type check on. Loops between components are not allowed.

Examples of loops in dependencies:M1 --> M2 ---> M1M1 --> M2 ---> M3 ---> M1etc ...

Someone is modifying component <comp name>Another user is performing at the same time, an action on the component that youwish to check. Wait until the action is over to avoid disrupting its processing. Thecomponents are locked by a file named “comp name.lock” present in the PDB.

The following components are not present in the project : <MachineList>Machine <MachineName> is not present in the projectComponents “required” by the component that you have requested a type check on,are not present in the project. You must attach these components before performingthe type check.

Type Check error in <comp name>A syntax or type check error was detected on the component specified as a parameter.Refer to the messages displayed by the tool in the start-up window.


WARNING: Name clash between <comp 1> and <comp 2>

If in a project two machines have the same name regardless of lower and upper case,then Atelier B will not be able to translate them into the ADA language. Thismessage is displayed if such a conflict does exist.

Project containing:M1 and m1DaB and daBetc ...


6.3 Generating Proof Obligations

Description

This function produces the proof obligations of a component. The component must betype checked (refer to the previous sub-section).

The proof obligations are defined by the B method. They depend on the level of thesoftware development:

• In machines, the selected mathematical model must be consistent.

• In the following steps, you must prove that refinements keep the properties of theprevious step model.

The document Proof Obligations Reference Manual describes the PO in a theoric way.In theory there is a proof obligation for initialization and a proof obligation for each ofthe operations.In practice, these obligations can be ”large” and complex formulas. The Proof ObligationsGenerator function split the theoretical PO into many simpler PO. Some PO are so easyto prove that the PO Generator can prove them by itself. In return, the initially foreseennumber of formula increases. Some PO defined as obvious are automatically eliminatedby the tool.

Before generating the proof obligations for a component, Atelier B ensures that the com-ponent is type checked. Otherwise, the type check is automatically performed.

Generating proof obligations creates four files in the PDB:

• the comp_name.po file contains the PO of the comp_name component.

• the comp_name.opo file contains the obvious PO of the comp_name component.

• the comp_name.pmi file contains the status of the proof obligations (proved/notproved) as well as the interactive demonstrations.

• the comp_name.stc file contains a description of the component.

If the Differential option is used, and if the PO of the component have already been gen-erated at least once, Atelier B compares the component with the description saved in thecomp_name.stc file.For each operation, and for the initialization, it generates the PO only if one of the in-formation occuring in their construction has been modified. Otherwise, it copies the POfrom the ancient files.If the full option is used, the Atelier B generates all the PO again, even if they haven’tbeen modified.

After the new PO generation, and if they have already been modified before, they are au-tomatically compared to the ancient ones, in order to keep the associated demonstrations.The comparison rule is the following one:


A P.O.B deducts itself from a P.O.A if they have the same goal, and if the assumption ofB contains the assumption of A.If a PO can deduct itself from one or several ancient PO, it receives by preference order:

• the demonstration of the ancient PO with the same number if this PO would end,

• the first one of the ancient PO demonstrations proved of the same clause,

• the first one of the ancient PO demonstrations proved of a different clause,

• the demonstrations of the ancient PO with the same number wich was not ending.

If a new PO can’t deduct itself from an ancient one, but if its number and pertenancyclause do exist, it receives the demonstration of the ancient PO with the same numberand clause. In this way, the user retrieves his demonstation even if he renamed someidentificators.Thanks to this mecanism, the user can keep the interactives demonstrations (and auto-matics) if the PO are the same.

The messages of PO generator are displayed in the start up window as following:

Generating proof obligations of Machine B_Keyboard_code

Initialisation :

......

proof obligations: 3

obvious proof obligations: 3

b_input_code :

..

proof obligations: 0

obvious proof obligations: 2

3 proof obligations generated

11 obvious proof obligations generated

Generation complete

Normalising...

b_check_code: unchanged

Merging...

Done

For each clause present in the component, Atelier B displays the number of proof obliga-tions to be proved (proof obligations:) and the number of obvious proof obligationsdeleted (obvious proof obligations:).


Atelier B displays a character “.” each time a new PO is generated.The PO clauses that have been copied are listed at the end of generation.


The user interface is started up, you already have opened a project.To generate the proof obligations for component comp_name, with the Differential option,type the following command:pogenerate comp_name 1orpo comp_name 1

To generate the PO for component comp_name, with the full option, type the followingcommand:

pogenerate comp_name 0orpo comp_name 0

The option by default proposed by Atelier B is the Differential mode.


The user interface is already started up, you are in the components window.To generate proof obligations for components, perform the following operations:

1. Select the components from the components list.

2. Click on the PO Generate button.The proof obligations are generated for each component.The results are displayed component by component, clause by clause, in the start-upwindow.

If there is an error on one of the components, a warning window is displayed. Thenlook at the error messages displayed in the start-up window.

Remark : You can interrupt the treatment by using the function described in chapter6.13 page 106.

Usable parameters

ATB*POG*Generate Obvious POPositioned at Atelier B installation.The maximum number of PO generated for one component is 10,000.

Possible errors

Generating proof obligations does not cause errors.The only possible error is an exceeding of the tool ability. If the number of PO on a com-ponent is greater than 10000, the tool exits as an error. The only solution is to modify the


project, to generate less POs. Warning, if the ressource ATB*POG*Generate Obvious POis modified, even though the PO have already been generated at least once, Atelier B dis-plays a message such as “Missing Atomic...”. In this case, don’t take this message intoaccount.PO Generate error in <comp name>An error occurred when generating the proof obligations.Refer to the messages displayed in the start-up window.This error is caused by exceeding the tool capacity.

Proof obligations already generated for <comp name>This warning message is displayed if the proof obligations have already been gener-ated for this component.You can force the generation of proof obligations by using the function described inchapter 6.14 page 108.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the <comp name> compo-nent you want to generate the PO.Wait until the action is over to avoid affectingprocessing.The components are locked by a ”comp name.lock” filein the PDB.


6.4 Displaying Proof Obligations

Description

Atelier B provides two methods for displaying proof obligations:

• Using the PO Viewer

• Using the interactive prover

Using the interactive prover is recommended in the following cases:

• complex assumptions: in this case the search functions of the interactive prover arerequired to analyse these proof obligations.

• the number of proof obligations is high. The PO would rather be displayed one byone which is impossible using the POViewer.

The Interactive Prover - User’s Manual sub-section 5.4 describes the different methodsavailable for viewing proof obligations.

This sub-section describes the use of the POViewer.

This tool enables:

• displaying the proof obligations of a component clause by clause,

• displaying obvious proof obligations, i.e. those that were eliminated by the proofobligations generator,

• displaying and printing proof obligations using mathematical fonts via a word pro-cessing program (LATEXor Word).

The proof obligations include comments that specify:

• the origin of the assumptions (for example: Component invariant),

• the theoretical justification of the proof obligation.In this case the comment refers to a sub-section in the Proof obligations - Referencemanual.


This function is mainly used via the Motif user interface.

Using the command mode is much more difficult.

To display the proof obligations of component comp_name, type the following command:po_view comp_nameorpov comp_name

The PO Viewer prompt is displayed: POV>.You should then request the list of clauses and the number of proof obligations per clause,using the command:


POV> get_clausesB_Delais clauses listInitialisation (0 unproved, 0 proved, 4 obvious)b_init_delai (0 unproved, 1 proved, 4 obvious)b_stopper_delai (0 unproved, 0 proved, 5 obvious)b_delai_ecoule (0 unproved, 3 proved, 2 obvious)End of list

To display the proof obligations for the Initialisation clause, type the following com-mand:

POV> view(true, true, true, Initialisation)

Clause Initialization

Obvious PO1 :

"‘Check that the invariant (delai: NATURAL) is established ...

=>

0: NATURAL

PO end

....

....

Obvious PO2 :

....

....

PO end

End of PO list

The first parameter must be set to true otherwise, use false if you want the unprovedPO to be displayed.The second parameter must be set to true otherwise, use false if you want the provedPO to be displayed.The third parameter must equals true otherwise, use false if you want the obvious POto be displayed.The last parameter is the name of the clause.

To exit the POViewer type the command: Quit.


The user interface has already been started up, you are in the component window.To display the proof obligations of a component, perform the following operations:

1. Click on the component in the list of components.

2. Click on Analysing ..., select Show/Print PO.The window shown in figure 6.1 on page 82 is displayed.

This window contains two fields:

(a) The left field displays the list of clauses that contain proof obligations.

(b) The right field allows you to choose the type of proof obligations to display.

3. Select a clause from the Clauses list.

4. Click on the buttons in the PO status field to choose the types of PO to display.


Figure 6.1: Show/Print PO window

5. Click on the Display button to display the selected PO.The window shown in figure 6.2 on page 83 is displayed.

This window contains the selected PO.Use the scroll bars to display all the text.

Warning: If the number of PO to display is very high or if the PO contain complexassumptions, it may require a long time to display this window.

6. Click on the PrettyPrint button to display the PO using a word processor program.The window shown in figure 6.3 on page 83 is displayed.

7. Select the output format in the Output Format field.

8. Select the output type in the Output field.

9. Click on OK to confirm the selection.Proof obligations are saved in a file of the PDB directory, named comp_name.pov.This file is then translated into the selected word processor format, the name of thefile generated is displayed in the start-up window.If the LATEX output format is used, the file is sent to latex, then to xdvi or todvips.

Usable parameters

ATB*OPT TOOLS <SYSTEM>*Latex Binary DirectoryPositioned at Atelier B installation.Directory where it is possible to find the Latex binaries.


Figure 6.2: Display PO window

Figure 6.3: PrettyPrint window


ATB*OPT TOOLS <SYSTEM>*Latex Postscript TranslatorPositioned at Atelier B installation.Name of the Latex Postscript translator.

ATB*OPT TOOLS <SYSTEM>*Latex ViewerPositioned at Atelier B installation.Name of the Latex viewer.

Possible errors

B Pretty Printer error while translating into LATEX format file <filename>You requested a display or print-out of the proof obligations using LaTeX. B PrettyPrinter is the tool used to convert B formulae into various word processor formats.This message is displayed if this tool fails.It is a malfunction.

B Pretty Printer error while translating into RTF format file <filename>You requested a display or print-out of the proof obligations using Word (RTF). BPretty Printer is the tool used to convert B formulae into various word processorformats. This message is displayed if this tool fails.It is a malfunction.

Clause <clause name> has no such POThe clause that you requested does not contain any PO of the type specified in theparameters.

For example:If the list contains: b_init(0 unproved, 1 proved, 2 obvious)and display "unproved" PO only is requested.

latex error in file <comp name>.pov.texYou requested a display or print-out of the proof obligations using LaTeX. Thismessage is displayed if LaTeX sends back an error. Check your installation of LaTeX,and try to run the command outside of Atelier B, directly in the PDB:cd PDBlatex <comp name>.pov.tex

Problem with LATEX PostScript translator for <comp name>You requested a display or print-out of the proof obligations using LaTeX. This mes-sage is displayed if the dvips program sends back an error. Check your installationof LaTeX, and try to run the command outside of Atelier B, directly in the PDB:cd PDBdvips <comp name>.pov.dvi -o <comp name>.pov.ps


6.5 Automatic Demonstration

Description

This function automates, in the limit of its ability, the demonstration of the proof obliga-tions for each B component.

The proof activity is essential to the B method. This is the reason why two manuals arededicated to this subject:

• Interactive Prover - User’s Manual

• Interactive Prover - Reference Manual

The Atelier B automatic prover has different levels of force. These forces are described insub-section 3.1.1 of the Interactive Prover - User’s ManualThe messages of the automatic prover are displayed in the start-up window as shownbelow:

Proving B_Delays

Proof pass 0, still 3 unproved PO

clause b_init_delas

-+

End of Proof

Initialisation Proved 0 Unproved 0

b_init_delay Proved 1 Unproved 0

b_stop_delay Proved 0 Unproved 0

b_delay_is_up Proved 3 Unproved 0

TOTAL for B_Delays Proved 4 Unproved 0

For each clause of the component, Atelier B displays a + each time a proof obligation isproved and a - each time the prover fails.


The user interface is started up, you already have opened a project.To run the automatic prover on component comp_name, type the following command:prove comp_name <force>orpr comp_name <force>the <force> value could be:

0,1,2,3 for the different prover force levels,

-1 for “Fast” prover level.

-2 for the “Replay” option.

-3 for the “User Pass” option.



The user interface has already been started up, you are in the components window. Torun the automatic prover on components, perform the following operations:

1. Select the components from the list of components.

2. Click on the Prove ... button and select Automatic(force), the force level of theautomatic prover to apply.The automatic prover will be run on each component.The results are displayed component by component, clause by clause, in the start-upwindow.

If an error occurs on one of the components, a warning window is displayed. In thiscase, look up the error type in the messages displayed in the start-up window.

Remark : You can interrupt the treatment by using the function described in chapter6.13 on page 106.

Possible errors

Nothing to Prove in <comp name>This warning message is displayed if there is no, or no more, proof obligation toprove for a component.

Proof error in <comp name>An error occurred during the component automatic proof procedure. Look at themessages displayed in the start-up window. Errors may occur when using higherforce levels.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component. Wait untilthe action is over. The components are locked by the ”comp name.lock” file in thePDB.


6.6 Interactive Demonstration

Description

The primary goal of this function is to allow the user to prove manually the proof obliga-tions that were not proved automatically.

The proof activity is essential in the B method, and for this reason two manuals arededicated to this subject:

• Interactive Prover - User’s Manual

• Interactive Prover - Reference Manual


The user interface is started up, you already have opened a project.To run the interactive prover on component comp_name, type the following command:browse comp_nameorb comp_name

After typing this command the interactive prover prompt is displayed: PRI >.

You can then type the various interactive prover commands.

Type qu to quit.


The user interface has already been started up, you are in the components window.To run the interactive prover on a component, perform the following operations:

1. Click on the component in the list of components.

2. Click on the Prove ... button, select Interactive.The Atelier B main window is automatically reduced to an icon.The window shown in figure 6.4 on page 88 is displayed.

Refer to Interactive Prover - User’s Manual to use this interface.

Usable parameters

ATB*OPT TOOLS <SYSTEM>*Da Vinci PathPositioned at Atelier B installation.Entire path to the da Vinci executable.

ATB*OPT TOOLS <SYSTEM>*Editor PathPositioned at Atelier B installation.Access path to the text editor.


Figure 6.4: Interactive Proof window


ATB*OPT TOOLS <SYSTEM>*HTML Viewer PathPositioned at Atelier B installation.Entire path of the HTML viewer.

Possible errors

All PO of component <comp name> were discharged by the PO GeneratorThis warning message is displayed if there is no P.O to prove on a component.Allthe P.O were automatically discharged by the P.O generator. It is not necessary tocall-up the interactive prover.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component. Wait untilthe action is over. The components are locked by a ”comp name.lock” file in thePDB.


6.7 Canceling Demonstrations

Description

This function is used to cancel the demonstrations performed on a component in order torepeat interactive proofs.

The interactive demonstrations are not lost. Only the status of the proof obligations ischanged.


The user interface is started up, you already have opened a project.To cancel demonstrations of the component comp_name, type the following command:unprove comp_nameoru comp_name

The following message is displayed in the start-up window:Unproving successful


The user interface has already been started up, you are in the components window.To cancel the component demonstrations, perform the following operations:


2. Click on the Prove ... button, selectUnprove.A confirmation window is displayed.

3. Confirm by clicking on OK.The following message is displayed in the start-up window:Unproving successful

Possible errors

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component. Wait untilthe action is over. The components are locked by the ”comp name.lock” file presentin the PDB.


6.8 Checking the Translatable Language (B0)

Description

Before using the translators for exporting to standard computer programming languages(C, C++, ADA or HIA), check that the language used in the implementations can betranslated.

The constructions authorized in the implementations are described in the B Language -Reference Manual.The error messages from the B0 checker are displayed in an error window and in the start-up window as following:

<file>:<line number>:<column number>(BO check)<error description>

Exemple:

BO Checking Machine B_Keyboard_code_1

B_Keyboard_code_1.imp:5:11 (BO Check) binary expression is not a simple term

B_Keyboard_code_1.imp:5:19 (BO Check) binary expression is not a simple term

B0 Check error in B_Keyboard_code_1

Column and line numbers allow an exact location of the place where the error was detected.When the component is correct, the following message is displayed in the start up window:

B0 Checking B_Keyboard_code_1

B0 Checking B_Keyboard_code_1 successful

remark: To use the HIA translator, it is necessary to type the array with concrete con-stants. By default, the B0 checker indicates that the concrete constant is not imple-mentable. In that case, to pass over the B0 checker, the following resource has to bepositioned:

ATB*BCOMP*Enable Typing Identifiers: TRUEIt is easier to save this resource in the project resource file of the projects wich will betranslated into the HIA language.


The user interface is started up, you already have opened a project.To B0 check component comp_name, type the following command:b0check comp_nameorb0c comp_name


The user interface has already been started up, you are in the components window.To check the translatable language on the components, perform the following operations:



2. Click on the B0 Check button.Components are checked one by one.The result of all checks is displayed, component by component, in the start-upwindow.

If there is an error on one of the components, a warning window is displayed. Inthis case you should check the type of error in messages displayed in the start-upwindow.

Usable parameters

ATB*COMP*Disable Array Compatibility CheckFALSEPerform or not compatibility checks of array indexes.

ATB*COMP*Disable Concrete Constants Type CheckFALSEPerform or not type checks of concrete constants.

ATB*COMP*Disable Expression Syntax CheckFALSEPerform or not expression syntax checks .

ATB*COMP*Disable Formal Params Type CheckFALSE.Perform or not type checks of formal parameters .

ATB*COMP*Disable Variables Initialisation CheckerFALSEPerform or not variables initialisation checks.

ATB*COMP*Disable Locale Variables Type CheckFALSEPerform or not variables type checks.

ATB*COMP*Disable Operation Input Parameters Type CheckFALSEPerform or not operation input parameters type checks.

ATB*COMP*Disable Operation Output Parameters Type CheckFALSEPerform or not operation output parameters type checks.


ATB*COMP*Disable Parameters Instanciation CheckFALSEPerform or not machine parameters instanciation checks.

ATB*COMP*Disable Predicate Syntax CheckFALSEPerform or not predicate syntax checks.

ATB*COMP*Disable Valuation CheckFALSEPerform or not VALUES clause checks.

ATB*COMP*Enable Typing IdentifiersFALSE.Variables of array, record or interval type must be typed with an identifier if thisresource is TRUE (special case for HIA translations) .

Possible errors

<comp name> already B0 CheckedThis warning message is displayed if the translatable language check has alreadybeen performed for this component.You can force the B0-check by using the function described in chapter 6.14 page108.

B0 Check Error in <comp name>An error occurred during B0 checking. Look at the messages displayed in the start-up window.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component to B0check. Wait until the action is over. The components are locked by a file named”comp name.lock” in the PDB.


6.9 Project Checking

Description

This function performs checks on all the project components.

The rules checked by this function are:

• a machine can only be imported once in a project,

• a seen machine must be imported by a project component,

• the SEES clause must be transversal to a component,

• a component cannot be seen and imported at the same time,

• the SEES clause is not allowed to an ancestor,

• the dependency graph must not contain cycles,

• the names of project components must be differents (an upper/lower case differenceis not enough).

These checks are described in the B language - Reference Manual.

These checks are required to translate the project. They are run automatically by AtelierB before project translation.

Some of these checks are performed automatically before the syntax analysis and the typecheck of components in order to warn the user as soon as possible.

The user can also perform these checks on demand by following the procedures describedbelow.


The user interface is started up, you already have opened a project.To perform the checks on this project, type the following command:project_check comp_nameorpchk comp_name

The parameter of this command is the name of the implementation that is the projectentry point.


The user interface is already started up, you are in the components window.To start checks on the project, perform the following operations:

1. Select from the list of components, the implementation that is the project entrypoint.

2. Click on the Project ... button in the Project Check menu.Possible error messages will be displayed in the start-up window.


Possible errors

Component <comp name> is imported several times by : <comp>

A machine can only be imported once in a project. This error message indicates aviolation of this rule.

Component <comp 1> is referenced several times by <comp>

A component cannot be seen (SEES) and imported (IMPORT) in the same imple-mentation. This error message indicates a violation of this rule.

IMPLEMENTATIONM_1

REFINESMM

SEESNN

IMPORTSNN

END

Component <comp name> is seen by <comp> so it should be imported in the projectA machine that is seen must be imported by a component in the project. This errormessage indicates a violation of this rule.

Component <comp 1> is seen by <comp> so its refinement <comp ref> should seeit tooIf a component MM sees (SEES) a machine NN, then every refinement of MM mustalso see (SEES) this machine. This error message indicates a violation of this rule.

The dependence graph contains a loopAtelier B has detected a loop in the dependencies of the component that you haverequested a check on. Loops between components are not allowed. There are twokinds of possible loops:1 - loops between components: M1 —> M2 —> M12 - loops between modules: M1 refined by M1 1 –> M2 —> M1These types of loops are not allowed by translators.

Examples of loops:M1 --> M2 ---> M1M1 --> M2 ---> M3 ---> M1

seesM1 <------------ M2^ ^| sees |M1_1 ------------+


<comp1> is imported by <comp2> and is seen by its ancestor <comp3>

A machine imported into the project must not be seen by any of the ancestors ofthe machine that imports it. This error message indicates a violation of this rule.

WARNING: Name clash between <comp 1> and <comp 2>

If in a project, there are components with names that differ only in upper or lowercase letters, then the translation into the ADA language of these components isimpossible. This error message is generated if such a conflict exists.

Project containing:M1 and m1DaB and daBetc ...


6.10 Translating into C, C++, ADA or HIA

Description

In the basic version of Atelier B, translators are not included. Translators must be installedseparately. Their installation is described in the Atelier B - Administrator’s Manual

This function translates project implementations into C, C++, ADA or HIA language.

For further information, refer to the translators user’s manual.


The user interface is started up, you already have opened a project.To translate the implementation named imp_name, type the following command:

For translation into C:ctrans imp_nameorct imp_nameFor translation into C++:c++trans imp_nameorc++t imp_nameFor translation into ADA:adatrans imp_nameora imp_nameFor translation into HIA:hiatrans imp_nameorhia imp_name

The following messages are displayed in the start-up window:

Translating into ADA the file imp_nameTranslation into ADA successful

If the implementation specified as a parameter is not fully proved, a warning message isdisplayed in the start up window, and also written in generated files.

Translating into ADA the file imp_nameWarning : this implementation has not been fully provedAda code will be generated but it might not be secureTranslation into ADA successful

To translate all the project implementations and perform link editing, first indicate if theproject is autonomous or heteregeneous: :

For an autonomous project:set_native 0or


sn 0For an heterogeneous project:set_native 1orsn 1

If it is not indicated, the project is considered as autonomous.Then, type the following command:For the translation into C:cc imp_nameFor translation into C++:c++all imp_nameorc++a imp_nameFor translation into ADA:ada_all imp_nameoraa imp_nameFor translation into HIA:hia_all imp_nameorhiaa imp_nameThe parameter must be the name of the implementation that is the project entry point.


The user interface is already started up, you are in the components window.To translate the project implementations, perform the following operations:

1. Select the implementations to translate from the list of components.

2. Click on the Translator button.

The window shown in figure 6.5 on page 99 is displayed. This window contains threefields:

3. The upper field allows you to choose the translation language C,C++,ADA or HIA.

4. The lower field allows you to choose between a global project translation or thetranslation of the selected implementations.

5. The field allows you to indicate if your project is autonomous or heterogeneous.

6. Click on C, C++, Ada or HIA in the upper field.

7. Click on Selected Only to translate the selected implementations only.

8. Click on OK to perform the translation.The translation results are displayed in the start-up window.

To translate the entire project and perform links editing, perform the following operations:


Figure 6.5: Translator window

1. From the list of components, select the project entry point implementation.

2. Click on the Translator button.The window shown in figure 6.5 on page 99 is displayed.

3. Click on C, C++, ADA or HIA in the upper field.

4. Click on All to translate the entire project.

5. Click on Native to indicate that your project is autonomous.

6. Click on OK to perform the translation.The result of the translation and link editing actions are displayed in the start-upwindow.

To translate the entire project in order to make it a library which will be used by anotherproject developed independently of Atelier B, you must perform the following operations:

1. From the components list, select the implementation that is the project entry point.

2. Click on the Translator button.The window shown in figure 6.5 on page 99 is displayed.

3. Click on C, C++, ADA or HIA in the upper field.

4. Click on All to translate the entire project.


5. Click on Heterogeneous to indicate that your project is heterogeneous.

6. Click on OK to perform the translation.The result of the translation and link editing actions are displayed in the start-upwindow.

Possible errors

ADA translator error in <comp name>HIA translator error in <comp name>C translator error in <comp name>C++ translator error in <comp name>An error occurred while translating the implementation. Refer to the messagesdisplayed in the start-up window.

Component <comp name> is already translatedThis warning message is displayed if the selected implementation has already beentranslated. You can force the translation by using the function described in chapter6.14 on page 108.

Component <comp name> is imported several times by <comp>

A machine can only be imported into a project once. This error message indicatesa violation of this rule.

Component <comp 1> is seen by <comp> so its refinement <comp ref> should seeit tooA machine that is seen must be imported by a project component. This errormessage indicates a violation of this rule.

Component <comp name> is not an implementationThe component that you selected is not an implementation. Select another compo-nent.

<comp1> is imported by <comp2> and is seen by its ancestor <comp3>

A machine imported into the project must not be seen by one of the ancestors ofthe machine that imports it. This error message indicates a violation of this rule.

Someone is modifying component <comp name>Another user is simultaneously performing an action on the component. Wait untilthe action is over. The components are locked by the ”comp name.lock” file in thePDB.


TOOL not installed (cf. resource file Atelier B)The translator has not been installed within Atelier B. Refer to the Administrator’sManual for its installation procedure.


6.11 Applying a Tool to all the Components of a Project

Description

The Make project function is used to perform, on all the components of a project, thefollowing operations:

• syntax analysis and types check,

• generating proof obligations,

• proof,

• checking the translatable language (B0),

This function takes into account the links between project components; its operation issimilar to the UNIX ”make” function.

This function proposes two options:

forced mode The requested operations will be performed regardless of the state of thecomponents. For example, if a component is already in TypeChecked state and theuser requests Forced Make on the project, then the type check will be repeated onthis component.

normal mode The requested operations are only performed if necessary.

Warning: When a Forced Make is requested on the project, only the requested operationwill be systematically repeated on all the project components.

For example: If you request a Forced Make for the POgenerate operation, then the gener-ation of proof obligations will be repeated on all the project components. The type checkwill not be repeated.


The user interface is started up, you already have opened a project.To perform an operation on all the project components, type the following command:make_all operation forceorm operation force

The operation parameter can take one of the following values: typecheck, pogenerate,b0check, prove.

The force parameter must equal 0 in normal mode and 1 in forced mode.

If the requested operation is prove, you must give a third parameter which is the proverforce level to apply (-3,-2,-1,0,1,2 or 3. Refer to sub-section 6.5).


Figure 6.6: Make Project window


The user interface is already started up, you are in thecomponents window.To start an operation on all of the components of a project, perform the following opera-tions:

1. Click on the Project ... button, select Make Project.The window shown by figure 6.6 on page 103 is displayed.

2. Click on the type of operation to perform in the Operations field.

3. Click on Yes in the Forced field if you wish to use the ”forced” mode.

4. Click on OK to validate the selection.The messages from the various tools are displayed in the Atelier B start-up window.

Possible errors

Except for the error message shown below, the error messages displayed by this functioncorrespond to the error messages displayed for the requested operations.

Project already up to dateYou requested ”Make Project” in normal mode. This warning message indicatesthat it is not necessary to perform this operation on the project, since all of itscomponents are updated.


6.12 Updating a Project

Description

When several users are simultaneously working on a large scale project, modifying a com-ponent can have effects on several other project components (on all the components linkedto this component).

The Remake project function is used to update all the components of a project.

It takes into account the dependencies between the project components and the status ofeach component.

This function “redoes” for each component, all the actions that have already been per-formed at least once.

This function offers two options:

forced mode Operations that have already been performed at least once will be repeated,regardless of the status of the components. For example, if a component is alreadyin the Type Checked state and the user requests a Forced remake on the project, thenthe type check will be redone on this component.

normal mode The operations that have been performed at least once in the past will berepeated only if necessary.


The user interface is started up, you already have opened a project.To update all the project components, type the following command:remake forceorr force

The force parameter must equal 0 in normal mode and 1 in forced mode.


The user interface is already started up, you are in the components window.To update all the components of a project, perform the following operations:

1. Click on the Project ... button, select Remake Project.The window shown in figure 6.7 on page 105 is displayed.

2. Click on Yes in the Forced field, to use the ”forced” mode.

3. Click on OK to validate the selection.The messages from the various tools are displayed in the Atelier B start-up window.

Possible errors

Except for the error message below, the error messages displayed by this function corre-spond to error messages displayed for the requested operations.


Figure 6.7: Remake Project window

Project already up to dateYou requested a “Remake Project” in normal mode. This warning message indi-cates that it is not necessary to perform this operation on the project, since all thecomponents are updated.


6.13 Tools interruption

Description

This function permits the interruption of some actions.

According to the executed action, this interruption is either automatic or manual.

• The manual interrupt works with the following actions :

– Syntax analysis and type checking,– Generation of proof obligations,– Automatic demonstration,

It offers different possibilities according to the action that is executing.

• The automatic interrupt is used with the automatic demonstration.

A timeout can be defined for the automatic demonstartion in order to try some provetactics which can loop or take too much time.

User Interface in Command mode


To set the timeout for the automatic demonstration, type the following command :timeout[value]orto[value]The value 0 is used to disable this functionality. Warning the timer is based on a ”cputime”, therefore the result will be function of the cpu charge.

The manual interrupt is not available in the command mode interface.

Motif User interface

The user interface has already been started up, you are in the components window.

For the automatic interrupt, there is an area Proof Timeout where you can

• set the timeout

• turn on the functionality

• turn off the functionality

For the manual interrupt, perform the following operations:

After selecting one or several components, click on the button corresponding to the actionof your choice : TypeCheck, PO Generate, Prove Automatic, Make Project, Remake Project.

When the action starts up, four buttons are displayed next to the Quit Project button.The figure 6.8 on page 107 describes this zone.

These buttons stay grey until you move the mouse over them. These buttons permit :


Figure 6.8: Interruption buttons

• Stop button : This button stops right away all treatments asked for.

• Next Component button : This button stops the current treatment on the currentcomponent. If several components were selected, Atelier B continues on the followingcomponent.

• Next Operation button : This button is only available during a phase of automaticdemonstration. It permits the stopping of demonstrations on the current operation;Atelier B continues on the following operations.

• Next PO button : This button is only available during an automatic demonstrationphase. It permits the stopping of the current demonstration, Atelier B continues onthe following proof obligation.

After the end of treatment, the following messages are shown in an alert window :Type Check interrupted in xxx orPO generate interrupted in xxx orProver interrupted in xxx.

Usable parameters

ATB*PR*Time Out Auto0 (fonctionality disabled)Timeout for the automatic prove.


6.14 Dependencies management

Description

For each of the actions described in this chapter, Atelier B checks that this action has notalready been performed on this component.

The action is only carried out if the component, or the components it depends on, havebeen modified.

If this is not the case, the following messages are displayed :Component <comp name> is already Type CheckedorProof obligations already generated for <comp name>

The functions described below permit you to ”force” the accomplishment of the action.



To stop the management of dependencies and therefore be able to force an action, youmust type the following command :disable_dependence_modeorddmYou can then type your command.For example : typecheck AA.

To bring the management of dependencies back into function, you must type the followingcommand :enable_dependence_modeoredm


The user interface has already been started up, you are in the components window.

Under the list of components, there are two buttons which permit to enable or disable themanagement of dependencies (see figure 6.9 on page 109).

To disable the management of dependencies, click on the Inactive button.

To enable the management of dependencies, click on the Active button.


Figure 6.9: Dependencies management

Chapter 7

Analysing B Developments

7.1 Presentation

“Analysing a B development” is a set of six commands used to obtain information on thecomponents of a project.

The analysis commands are used to:

• determine the status of a project (syntax checked, proven, etc.),

• determine the proof status of a component (number of proof obligations per opera-tion, etc.),

• animate a specification

• create a dependency graph between the components,

• create a homonymy graph between the identifiers of a project,

• create a call graph between different operations of a project,

• create a formula graph of one of the clauses of a component,

• search among the components of a project, declarations and common uses of consti-tuants such as variables, functions,...

• calculate metrics on project implementations (number of seen machine, operations,instructions, etc).

111


7.2 Project Status

Description

This function is used to create a summary table that provides information on all thecomponents of a project.

It is used to determine project progress.

This function takes into account the dependencies between project components. If somecomponents are not yet present in the project, a warning message is displayed.

The results table is displayed in the Atelier B start-up window. This table can also beused by the Atelier B documentation tools (refer to sub-section 8.1).Example:

+-------------------+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

| COMPONENT | TC | POG | Obv | nPO | nUn | %Pr | B0C | C | Ada | C++ | HIA |

+-------------------+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

| BASIC_COMMAND | OK | OK | 6 | 0 | 0 | 100 | - | | | | |

| BASIC_STATUS | OK | OK | 6 | 0 | 0 | 100 | - | | | | |

| DATA_BASE | OK | OK | 142 | 28 | 5 | 82 | - | | | | |

| DATA_BASE_1 | OK | OK | 136 | 112 | 23 | 79 | - | - | - | - | - |

| DFILE | OK | OK | 8 | 6 | 1 | 83 | - | | | | |

| DFILE_1 | OK | OK | 42 | 16 | 6 | 62 | - | - | - | - | - |

| FILE_ACCESS | OK | OK | 40 | 13 | 2 | 84 | - | | | | |

| FILE_ACCESS_1 | OK | OK | 57 | 19 | 8 | 57 | - | | | | |

| FILE_ACCESS_2 | OK | OK | 68 | 19 | 1 | 94 | - | - | - | - | - |

| FILE_BUFFER | OK | OK | 13 | 7 | 2 | 71 | - | | | | |

| FILE_BUFFER_1 | OK | OK | 53 | 4 | 1 | 75 | - | - | - | - | - |

| INNER_INTERFACE | OK | OK | 11 | 0 | 0 | 100 | - | | | | |

| INNER_INTERFACE_1 | OK | OK | 52 | 0 | 0 | 100 | - | - | - | - | - |

| MAIN_INTERFACE | OK | OK | 3 | 0 | 0 | 100 | - | | | | |

| MAIN_INTERFACE_1 | OK | OK | 32 | 18 | 0 | 100 | - | - | - | - | - |

| PARTIAL_OBJECT | OK | OK | 18 | 9 | 1 | 88 | - | | | | |

| PARTIAL_OBJECT_1 | OK | OK | 42 | 27 | 8 | 70 | - | - | - | - | - |

| QUERY | OK | OK | 41 | 0 | 0 | 100 | - | | | | |

| QUERY_1 | OK | OK | 137 | 75 | 9 | 88 | - | - | - | - | - |

| TOTAL_OBJECT | OK | OK | 11 | 8 | 2 | 75 | - | | | | |

| TOTAL_OBJECT_1 | OK | OK | 17 | 13 | 3 | 76 | - | - | - | - | - |

+-------------------+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

| TOTAL | OK | OK | 941 | 374 | 72 | 80 | - | - | - | - | - |

+-------------------+----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

The columns in this table indicate:

TC An OK value means that the syntax analysis and type check of the component andall the components it depends on were successfully performed.

POG An OK value means that the proof obligations were generated for the component.

Obv This column contains the number of obvious proof obligations of the component. Itconcerns the P.O simple enough to be discharged automatically by the P.O generator.

nPO This column contains the number of non obvious proof obligations of the component.

ANALYSING B DEVELOPMENTS 113

nUn This column contains the number of proof obligations for the component that havenot yet been proved.

%Pr This column contains the percentage of proof obligations already proven. Thispercentage does not take into account the obvious POs.

B0c An OK value means that the B0 check was performed successfully on this component.

Ada An OK value means that the implementation was translated into ADA. If the ADAtranslator has not been installed, this column is not displayed.

C An OK value means that the implementation was translated into C. If the C translatorhas not been installed, this column is not displayed.

C++ An OK value means that the implementation was translated into C++. If theC++ translator has not been installed, this column is not displayed.

HIA An OK value means that the implementation was translated into HIA. If the HIAtranslator has not been installed, this column is not displayed.

The last line in the table, named (TOTAL), sums up the information for the whole project.


The user interface is started up, you already have opened a project.

To obtain the project status, type the following command:status_globalorsg


The user interface has already been started up, you are in the components window.To obtain the project status, perform the following operations:

1. Click on the Analysing ... button, select Project Status.The project status table is displayed in the Atelier B start-up window.

To obtain the unproved project status (i.e. show only the unproved components), performthe following operations:

1. Click on the Analysing ... button, select Project Status Unproved.The project status table is displayed in the Atelier B start-up window.


7.3 Component Status

Description

A component with the B method applied on pass through several states:

Modified after modification of the component source,

Parsed after a syntax analysis of the component,

TypeChecked after type checking of the component,

POGenerated after generating of component proof obligations,

AutoProved after an automatic or interactive demonstration of all the proof obligationsof the component.

These states are exclusive. A component loses its Modified state as soon as it is successfullytype checked.This function displays the component state as shown below:

Printing the status of QUERY

QUERY TypeChecked /home/project/spec/QUERY.mch

End of Printing the status

If the component is the POGenerated status, the function displays a table showing moreprecise information on the component proof obligations.

Example:

Printing the status of FILE_BUFFER_1

FILE_BUFFER_1 POGenerated /home/projet/spec/FILE_BUFFER_1.mxh

+-----------------------+-------+------+-------+-------+-----+

| | NbObv | NbPO | NbPRi | NbPRa | %Pr |

+-----------------------+-------+------+-------+-------+-----+

| Initialisation | 3 | 0 | | | |

| load_buffer | 12 | 3 | 0 | 3 | 100 |

| create_record | 4 | 1 | 0 | 0 | 0 |

| not_in_buffer | 7 | 0 | | | |

| mod_buffer | 8 | 0 | | | |

| val_buffer | 8 | 0 | | | |

| size_file | 5 | 0 | | | |

+-----------------------+-------+------+-------+-------+-----+

| FILE_BUFFER_1 | 47 | 4 | 0 | 3 | 75 |

+-----------------------+-------+------+-------+-------+-----+

End of Printing the status

The columns in this table show, for each operation on the component:

NbObv This column contains the number obvious proof obligations of the operation.These proof obligations are eliminated automatically by the generator of proof obli-gations.


NbPO This column contains the number of not obvious proof obligations of the operation.

NbPRi This column contains the number of proof obligations proved by the interactiveprover.

NbPRa This column contains the number of proof obligations proved by the automaticprover.

%Pr This column contains the percentage of proof obligations on the operation alreadyproved. This percentage does not take in account POs eliminated by the proofobligation generator.

The last line in the table, (TOTAL) sums up each information for all operation of thecomponent.

This information can be included in the documents automatically generated by Atelier B(refer to sub-section 8.1).


The user interface is started up, you already have opened a project.To obtain the status of the comp_name component, type the following command:status comp_nameors comp_name


The user interface has To obtain the status of a component, perform the following opera-tions, in the components window:

1. Select the component from the list of project components.

2. Click on the Analysing ... button, select Component Status.The component status is displayed in the Atelier B start-up window.

To obtain the unproved component status (i.e. show only the unproved operations),perform the following operations:

1. Click on the Analysing ... button, select Component Status Unproved.The project status table is displayed in the Atelier B start-up window.


7.4 Animation

Description

This function is used to animate a B specification.

This animation allows you to validate a specification by viewing the evolution of variablesand properties through operation calls. For further information, the reader, is refered tothe Animator - User’s Manual document.


The user interface is started up, you already have opened a project.

To perform the animation of a specification comp_name, type the following command:animator comp_nameorani comp_name

After typing this command, the prompt of the animator is displayed: ANI>.

Then, you can type the various commands of the animator.

Type qu to quit.


This function is not available with the Motif user interface.

Possible errors

No current projectYou requested the animation of a component without first opening a project. Youmust open a project before launching an animation.

Cannot access the project components description file <proj name>This error message is sent if the description file of the project components is nolonger accessible.This file is normally present in the project PDB; it is named<proj>.db.The file or the directory may have been deleted by mistake. If thisfile is not accessible, Atelier B cannot check if the user has or not some components.In general, if this file is no longer accessible, it is better to delete the project, becausenone action will be possible to perform on this project.

Cannot find component <comp name> in the projectThe component specified as a parameter is not attached to the project. Check thename of the component by displaying the project components list.


Component <comp name> is not a machineThe component specified as a parameter is a refinement or an implementation. Asonly abstract machines can be animated, start the animator with the name of anabstract machine.


IMPORTS

EXTENDS

SEES

USES

INCLUDES

Figure 7.1: Line styles for links between components

7.5 Dependency Graphs

Description

This command is only available if the workstation has the VCG freeware tool installed(refer to the Atelier B - Administrator’s Manual).

A dependencies graph is provided for the selected component or for the whole project.

The search for dependencies is recursive. Therefore if component X depends on componentY (for example via an ”IMPORTS” link), and component Y depends on component Z (forexample via a ”SEES” link), then components X, Y and Z will be present in the graph.

The components are grouped by module. A module contains a machine, its refinementsand its implementation.

When a component is linked to another component with a renaming (for example IMPORT nn.machine),the link between the two components gives the renaming prefix (nn in this case).

Each type of link is shown with a different line style. Figure 7.1 on page 118 shows thedifferent line styles.

Given the complexity of the projects, a number of options are available for filtering thelinks and the modules displayed:

Components filtering: The user can choose between several options for the components.The available options are:

All: All the project components are present.

Selected only: Only the selected component is displayed.

Selected and transitively linked: Only the selected component and all its refinementsand abstractions are displayed.

Link filtering: The user can choose the types of links (SEES, IMPORTS, ...) displayed.

Graph direction: The user may choose to do a graph:


ascending: In this case, the components that are dependent on the selected componentare displayed. This shows the impact of a modification to this component on theother project components. All the component incoming links are displayed.

descending: In this case the component linked to the selected component are displayed.All the components outgoing links are displayed.

Library components filtering: The user may choose between several options for thecomponents linked to the project and that are in a library. The options availableare:

Show All: In this case the components present in libraries are handled in the same wayas the other components. If these components depend on other components, theywill also be included in the graph.

Show: In this case only components directly linked to project components will be dis-played. If these components depend on other components, they will not be displayed.

Group: In this case all the components in the same library are combined in the samenode of the graph.

Hide: In this case the components present in libraries will not be displayed.

For all components present in libraries, the library name is given in brackets.

Components not linked filtering: The user can choose to not see the isolated compo-nents, in other words, the components that are not linked to other components.

Instanciation graph: The user can choose to visualise only the instanciation graph, inother words, only the IMPORTS links between the different modules.

Figure 7.2 on page 120 shows an example of a project graph.

Dependency graphs can be included in the documentation automatically generated byAtelier B (refer to section 8.1).


The user interface is started up, you already have opened a project.To obtain a dependency graph, use the following command: project_status.

This command uses seven parameters:

1. The name of the component or the “*” value to obtain a graph for the entire project.

2. The option on components: A for All, S for Selected only, G for Selected and tran-sitively linked. The library option: A for Show All, S for Show, G for Group N forHide.

3. The direction of the graph: U for up, D for down.


Figure 7.2: Example of a dependency graph

4. The types of links to display. The links are in the following order: EXTENDS,IMPORTS, INCLUDES, SEES, USES. The value 0 deletes the displaying of thelink.Example: To display only IMPORTS and SEES: 01010.

5. The option on the components not linked: 1 to hide the isolated components, 0 toshow them.

6. 1 to see only the instanciation graph, otherwise, 0.

Example: To display the project graph with all the links, type the command:project_status * A D 11111 0 0


The user interface is already started up, you are in the components window.To obtain a dependency graph, perform the following operations:

1. To obtain a graph from a specific component, select it from the list of components.

2. Click on the Analysing ... button in the Dependence Graph menu.The window shown in figure 7.3 on page 121 is displayed.

3. Click on All in the Components field to display a graph on the entire project.

4. Click on the type of links you wish to display in the Links field.

5. Click on the Instanciation graph field, or, if you want only the instanciation graphto be displayed.


Figure 7.3: Dependence Graph window

6. Click on the type of graph you wish to display in the Browse field.

7. Click on the Options field if you want to hide the isolated components.

8. Click on one of the displaying options for the components present in the libraries, inthe Library Components field.

9. Click on OK to display the graph.The VCG tool window is displayed.

A few useful VCG commands

To quit the tool, you can type q.

To move around in the graph you can use the up or down scroll bars or the cursor keyson the keyboard.

To enlarge/reduce the graph you can use the scroll bar to the left or the + and - keys onthe keyboard.

You can also click on the small box in the lower left corner and VCG will ensure that theentire graph will fit in the screen.

To print the graph, select the Export Graph ... option from the screen background menu,then choose the output format, PostScript for example; you can then modify the orienta-tion of the graph and its position on the paper.

For more information, refer to the VCG user’s manual.


Usable parameters

ATB*OPT TOOLS <SYSTEM>*VCG PathPositioned at Atelier B installation.Entire path to the vcg executable.


Figure 7.4: Example of an operation call graph

7.6 Operation call graph

Description

This command is available only if the workstation has the DaVinci tool installed (refer toAtelier B - Administrator’s manual).

The operation call graph permits to visualise the cascades of operation calls in the OP-ERATIONS, LOCAL OPERATIONS and INITIALISATION clauses of a B component.This type of graph is useful during the proof phase, as it allows to better understand wherethe elements of an operation PO come from.

To distinguish the specifications and implementations of local operations, the name of theimplementation of a local operation is preceded by refinement_of_ in this graph.

The operation call graph is provided for some selected components, for these componentsand all those they depend on or for all the components of a project.

The figure 7.4 on page 123 gives an example of an operation call graph.

The operation call graph can be included in the documentation automatically producedby Atelier B (refer to chapter 8.1).


The user interface is started up, you already have opened a project.To obtain an operation call graph, type the following command:


op_call_graph.or :ocg.

This command include three parameters:

1. the name of a component or the “*” value to have a graph on all the project.

2. the name of an operation, the INITIALISATION key word, or the “*” value to havethe graphs of all the operations.

3. 1 if you wish to extend the graph to the refinements and to the operation abstrac-tions, otherwise, 0.

Example : To display the operation call graph of operation op_name of component comp_nameand all its refinements and abstraction, type the following command :op_call_graph comp_name op_name 1or :ocg comp_name op_name 1


The user interface has already been started up, you are in the components window.To obtain an operation call graph, perform the following operations:

1. If you want to obtain a graph for only some components, select them in the compo-nents list.

2. Click on the Analysing ...button, select Operations Call Graph.The window shown in figure 7.5 on page 125 is displayed.

3. Click in the Component field:

• on All to obtain the operation graph for the whole project,

• on Selected Only to obtain the operation call graph derived from the selectedcomponents only,

• on Selected and transitively linked to obtain the operation graph in the selectedcomponents and in all their refinements and abstractions.

4. Type in the Operation Name field the name of the operation you want to see thegraph of. If you don’t indicate anything the graphs of all operations will be gen-erated. If you want to obtain the graph of the INITIALISATION clause, typeINITIALISATION.

5. Click on OK to display the graph.The window of the DaVinci tool is displayed.


Figure 7.5: Operations Call Graph window

Usable parameters

ATB*OPT TOOLS <SYSTEM>*DaVinci PathPositioned at Atelier B installationEntire path to the daVinci executable.

ATB*GRAPH*BackGroundColorwhiteColor of the window background.

ATB*GRAPH*ComponentNodeColorwhiteColor of the nodes of the graph representing a component.

ATB*GRAPH*IdentNodeColorwhiteColor of the nodes of the graph representing an identifier.

ATB*GRAPH*NodeColorwhiteColor of the graph nodes.

ATB*GRAPH*Font

Font used in the graph.

ATB*GRAPH*daVinci*Orientationtop downOrientation of the graph : top down, bottom up, left right or right left.

ATB*GRAPH*CutBelowDepth

Minimum depth of the graph (Integer ≥ 1).

ATB*GRAPH*CutAfterDepth

Maximum depth of the graph (Integer ≥ 1).


ATB*GRAPH*AddIdentificater

Add the data corresponding to the given identifier list.

ATB*GRAPH*ExcludeIdentifier

Exclude the data corresponding to the given identifier list.

ATB*GRAPH*AddComponentData

Add the data corresponding to the given component list.

ATB*GRAPH*ExcludeComponentData

Exclude the data corresponding to the given component list.

ATB*GRAPH*ExcludeLibraryData

Exclude the data corresponding to the given library list.

ATB*GRAPH*ExcludeAllLibrariesData

Exclude the data corresponding to all the libraries.

ATB*GRAPH*CALL*PrintMachineNameTRUEWrite the name of the components in nodes.

ATB*GRAPH*CALL*daVinci*OpShapeboxRepresentation of an operation : box, circle, ellipse, rhombus, triangle or text.


7.7 Formula graph

Description

This command is available only if the workstation has the DaVinci tool installed (refer toAtelier B - Administrator’s Manual).

A formula graph represents a predicate, an expression or a substitution of a B componentclause. This graph is a binary tree. It permits to visualise immediatly the prioritiesbetween operators. Such a graph is useful during the syntax and semantic checks (to helpunderstanding an error message), or during the proof phase ( is the written predicate theone you really wanted?).

In order to avoid having a too much complex graph, the user can indicate the depth orthe graph level he wants to have:

• If the user indicates a n (n ≥ 2)level, all the nodes of the graph that have almostn-1 descendants level are represented in a textual form rather than a graphical one.

• If the user indicates a n (n ≥ 1) depth, all the grah nodes that have n-1 ancestorsare represented in a textual form rather than a graphical one.

These two options are exclusive: it is not possible to indicate a level and a depth at thesame time.

If the user requires the formula with the name of a local operation, it is the implementationgraph of this operation that is generated.

The figure 7.6 on page 128 gives an example of a formula graph.

The figure 7.7 on page 129 gives an example of a formula graph with a level equal to 3.

The figure 7.8 on page 129 gives an example of a formula graph with a depth equal to 3.

The formula graphs can be included in the documentations automatically produced byAtelier B (refer to chapter 8.1).


The user interface is started up, you already have opened a project.To obtain a formula graph, type the following command: formula_graph or fg.

This command includes four parameters:

1. the name of a component,

2. the name of a clause or of an operation,

3. the level, or 0.

4. the depth, or 0,

Warning: as the level and the depth are exclusive, one of these two parameters must be 0.

Example : To display the graph of the INVARIANT clause of the op_name componentwith a depth of 3, you must type :formula_graph comp_name INVARIANT 0 3


Figure 7.6: Example of a formula graph


Figure 7.7: Example of a formula graph (level = 3)

Figure 7.8: Example of a formula graph (depth = 3)


Figure 7.9: Formula Graph window

or :fg comp_name INVARIANT 0 3


The user interface is already started up, you are in the components window.To obtain a formula graph, perform the following operations:

1. Select the component you want to see the graph of in the components list.

2. Click on the Analysing ... button, select Formula Graph.The window shown in figure 7.9 on page 130 is displayed.

3. Type in the Clause Name field the name of the clause you want to see the graph of.

4. If you want to indicate a level, update the Fold Level field using the arrows.

5. If you want to indicate a depth, update the Fold Depth field using the arrows.Warning: as the level and the depth are exclusive, the modification of either oneresets the other to 0.


Usable parameters

ATB*OPT TOOLS <SYSTEM>*DaVinci PathPositioned at Atelier B installation.Entire path to the daVinci executable.






ATB*GRAPH*Font


FonteATB*GRAPH*daVinci*Orientationtop downOrientation of the graph : top down, bottom up, left right or right left.


Minimum depth of the graph (Entire ≥ 1).


Maximum depth of the graph (Entire ≥ 1).

ATB*GRAPH*FORMULA*daVinci*LeafShapeboxRepresentation of a graph leaf: box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*FORMULA*daVinci*OperatorShapecircleRepresentation of an operator : box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*FORMULA*daVinci*FoldedShapeellipseRepresentation of a folded formula : box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*FORMULA*daVinci*RootShaperhombusRepresentation of the graph root : box, circle, ellipse, rhombus, triangle or text.

Possible errors

Cannot give fold level and fold depth togetherYou specified a level and a depth at the same time. But these two options areexclusive.

Unexpected fold level value: <n> (expected 0 or >= 2)If you want to indicate a level, the value you choose must be greater than or equalto 2. Otherwise, you must give the 0 value.

Unexpected fold depth value: <n> (expected positive value)If you want to indicate a depth, the value you choose must be a non negative integerwhole number. Otherwise, you must give the 0 value.

One and Only One Component Must be SelectedYou selected several components. You must select only one component.


Figure 7.10: Example of an homonymy graph

7.8 Homonymy graph

Description

This command is available only if the workstation has the DaVinci tool installed (refer toAtelier B - Administrator’s Manual).

The homonymy graph permits to visualise homonymy links between data of a B project.It underlines the way they are refined, then implemented.

The homonymy graph of an identifier is provided for a list of selected components, forthese components and all those they depend on or for all the components of a project.

The figure 7.10 on page 132 gives an example of an homonymy graph.

The homonymy graphs can be included in the documentation automatically produced byAtelier B (refer to chapter 8.1).


The user interface is started up, you already have opened a project.To obtain a homonymy graph, type the following command:homonymy_graphor :hg.

This command takes three parameters:

1. The name of a component or the “*” value to obtain a graph on all the project,


Figure 7.11: Homonymy Graph window

2. the name of an identifier or the “*”to have the graphs of all identifiers,

3. 0 if you don’t want to extend the graph to the components transitively linked, 1otherwise.

Example : To display the homonymy graph of identifier ident_name in component comp_nameand all the components that are transitively linked to it, type the following command:homonymy_graph comp_name ident_name 1ou :hg comp_name ident_name 1


The user interface is already started up, you are in the components window.To obtain a homonymy graph, you must perform the following operations:

1. If you want to obtain a graph from some components, select them in the componentslist.

2. Click on the Analysing ... button, select Homonymy Graph.The window shown in the figure 7.11 on page 133 is displayed.

3. Click in Component field :

• on All to obtain a graph on the entire project,

• on Selected Only to obtain a graph that for the selected components only,

• on Selected and transitively linked to obtain a graph for the selected componentsand all the components that are linked to them.

4. Type in the Ident Name field the name of the identifier you want the graph of. Ifyou don’t indicate anything, the graphs of all the identifiers will be generated.



Usable parameters

ATB*OPT TOOLS <SYSTEM>*DaVinci PathPositioned at Atelier B installationEntire path to the daVinci executable.





ATB*GRAPH*Font


ATB*GRAPH*daVinci*Orientationtop downOrientation of the graph : top down, bottom up, left right or right left.


Minimum depth of the graph (Entire ≥ 1).


Maximum depth of the graph (Entire ≥ 1).

ATB*GRAPH*AddIdentifier

Add the data corresponding to the given identifier list.

ATB*GRAPH*ExcludeIdentifier

Exclude the data corresponding to the given identifier list.

ATB*GRAPH*AddComponentData

Add the data corresponding to the given component list.

ATB*GRAPH*ExcludeComponentData

Exclude the data corresponding to the given component list.


ATB*GRAPH*ExcludeLibraryData

Exclude the data corresponding to the given librariy list.

ATB*GRAPH*ExcludeAllLibrariesData

Exclude the data corresponding to all libraries.

ATB*GRAPH*HOMO*daVinci*ConcreteVariableShapeboxRepresentation of a concrete variable: box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*HOMO*daVinci*AbstractVariableShaperhombusRepresentation of an abstract variable : box, circle, ellipse, rhombus, triangle ortext.

ATB*GRAPH*HOMO*daVinci*ConcreteConstantShapecircleRepresentation of a concrete constant : box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*HOMO*daVinci*AbstractConstantShapeellipseRepresentation an abstract constant : box, circle, ellipse, rhombus, triangle or text.

ATB*GRAPH*HOMO*daVinci*AbstractSetShapetriangleRepresentation an abstract set: box, circle, ellipse, rhombus, triangle or text.


7.9 Cross References

Description

This function performs searches on the identifiers defined in the project components.

For each identifiers, the function displays:

• its type: variable, set, ...

• the place where it is typed,

• the names of the components and the clauses where it is defined.

• the names of the components and the clauses where it is used.

• the names of the components and the clauses where it is modified (for variablesonly).

Identifiers are sorted by type.

The user can request this information:

• for a specific identifier,

• for all of the identifiers defined in a component,

• for all of the identifiers defined in the project: the user will obtain a dictionary ofthe terms used in the project.To distinguish the specifications and implemantaions of local operations, the namesof the implemantations of local operations are preceded by refinement_of_.

Example:

_____________________________________________________________________

VARIABLES

end_delay

concrete variable

Definition of "end_delay" in B_Delais.mch (CONCRETE_VARIABLES)

Use of "end_delay" in B_Delay.mch (INVARIANT)

Use of "end_delay" in B_Delay.mch (INVARIANT)

Modification of "end_delay" in B_Delay.mch (INITIALISATION)

Modification of "end_delay" in B_Delay.mch (b_init_delay)

Modification of "end_delay" in B_Delay.mch (b_stopper_delay)

Modification of "end_delay" in B_Delay.mch (b_delay_elapsed)

.....

_____________________________________________________________________

OPERATIONS

b_delay_elapsed

operation name

Definition of "b_delay_elapsed" in B_Delay.mch

.....

_____________________________________________________________________

OPERATION PARAMETERS

end_del

operation output parameter


Definition of "end_del" in B_Delay.mch (b_delay_elapsed)

Modification of "end_del" in B_Delay.mch (b_delay_elapsed)

This information can be included in the project documentation automatically generatedby Atelier B (refer to sub-section 8.3).

Warning: Calling this function generates a semantic analysis of the concerned compo-nents.


The user interface is started up, you already have opened a project.To obtain cross references, type the following command:get_project_xreforgpxThis command includes one or two parameters:

1. The filter on identifiers:

• 0 for all identifiers of the component specified as second parameter,

• 1 for on identifier of the current project specified as second parameter,

• 2 for all identifiers of the project,

2. The component for filter 0 or identifier for filter 1.

Examples:

To obtain cross references for all of the identifiers defined in the component comp, typethe following command:get_project_xref 0 comp

To obtain cross references on an identifier ident, type the following command:get_project_xref 1 ident

To obtain cross references for all the identifiers defined in the project, type the followingcommand:get_project_xref 2


The user interface has already been started up, you are in the components window.To obtain cross references on all the identifiers defined in the project, perform the followingoperations:

1. Click on the Tracking ... button, select Cross Reference menu.The window shown in figure 7.12 on page 138 is displayed.

2. Click on Project.


Figure 7.12: Cross Reference window

3. Click on OK to perform the search.The results are displayed in the Atelier B start-up window.They are also decribed in a PDB window named project_name.dico_ascii.

To obtain cross references on all the identifiers defined in a project component, performthe following operations:

1. Select the component in the list of components.

2. Click on the Analysing ... button, select Cross Reference.The window shown in figure 7.12 on page 138 is displayed.

3. Click on Component.

4. Click on OK to perform the search.The results are displayed in the Atelier B start-up window.

To obtain cross references on a specific identifier, perform the following operations:

1. Click on the Analysing ... button, select Cross Reference.The window shown in figure 7.12 on page 138 is displayed.

2. Click on Identifier.An additional field is displayed in the window.

3. Type the name of the identifier in the Identifier Name field.

4. Click on OK to perform the search.The results are displayed in the Atelier B start-up window.

Possible errors

Cannot update component <comp name>, it belongs to library project <lib name>The component that you tried to get cross references depends on a componentpresent in a library. This library is not updated, the components that it containshave not been syntaxically checked. Ask the library manager to update it.

No current projectYou use the command mode interface and you requested cross references on compo-nents without opening a project before. You must open the project first.


Cannot find component <comp name> in the projectThe component specified as a parameter is not part of the project. Check the nameof the component by displaying the list of project components.

Xref error in <project name>The Cross reference tool has detected an error in the analysis of the B source dataspecified as parameters. These error messages present below of this one, specify thetype of error. The format of these messages is :file name:line number:column number: Text message. In general, these messagesrefers to syntax or semantic errors. To check if your components are correct, call upthe Atelier B type check function.


7.10 Extracting Metrics

Description

This function extracts metrics from an implementation or from all the implementations ofthe project.

These metrics are used to:

• measure the complexity of an implementation or of the analysed project,

• check that the implementation or the analysed project complies with programmingrules.

• measure the minimum memory size required for implementing the data layouts usedin the B sources.

The metrics extracted are exctracted accoeding to the data present in a configuration file.This configuration file contains the following information:

• The reference value for each metric.

• The list of metrics to display in the project report; the project report is a table thatcontains metrics for all the project implementations.

• The list of metrics to display in the implementation report; the implementationreport is a table that contains metrics for a specified implementation.

• The list of metrics to display in the operation report; the operation report is a tablethat contains metrics for an operation in a specified implementation.

The user can use the configuration files provided by Atelier B or create his own configu-ration files.

The configuration files supplied with Atelier B are located in the AB/press/lib/LC direc-tory. The files have a .cvl extension.

Example of a project report:

+--------------------+---------+---------+---------+---------+---------+---------+

| Name | (1) | (2) | (3) | (4) | (5) | (6) |

+--------------------+---------+---------+---------+---------+---------+---------+

| Reference Values | 500 | 100 | 10 | 3 | 2 | 100 |

+--------------------+---------+---------+---------+---------+---------+---------+

| Distributor_imp | 14 | 12 | 1 | 2 | 1 | 5 |

+--------------------+---------+---------+---------+---------+---------+---------+

| Screen_imp | 13 | 6 | 1 | !4! | 1 | 1 |

+--------------------+---------+---------+---------+---------+---------+---------+

(1)=NB_INST_OPER

(2)=NB_INST_SEQ

(3)=NB_CTRL_SEQ

(4)=NB_CTRL_IMB

(5)=NB_WHILE_IMB

(6)=LG_CONDITION


The first line shows the names of the metrics that are repeated after the table.The second line remains the reference value for each metric.The next lines show the values of the metrics for each project implementation.If a metric value exceeds the reference, it is enclosed between !<value>! (example !4!).

Example of an implementation report:

METRICS FOR IMPLEMENTATION : Ecran_imp

+----------------------+------------+------------+------------+------------+

| Title | Value | Ref | % > ref | CR |

+----------------------+------------+------------+------------+------------+

| NB_INST_OPER | 13 | 500 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_INST_SEQ | 6 | 100 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_CTRL_SEQ | 1 | 10 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_CTRL_IMB | 4 | 3 | 25 | KO |

+----------------------+------------+------------+------------+------------+

| NB_WHILE_IMB | 1 | 2 | -- | OK |

+----------------------+------------+------------+------------+------------+

| LG_CONDITION | 1 | 100 | 0 | OK |

+----------------------+------------+------------+------------+------------+

The first column shows the names of the metrics.The second column shows the maximum value of each metric for all implementation op-erations.The third column shows the reference value for each metric.The fourth column shows the excess percentage according to the reference value.The last column shows OK if the value is below the reference value, KO if not.

Example of an operation report:

METRICS FOR OPERATION : message_controler_code

+----------------------+------------+------------+------------+------------+

| Title | Value | Ref | % > ref | CR |

+----------------------+------------+------------+------------+------------+

| NB_INST_OPER | 6 | 500 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_INST_SEQ | 4 | 100 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_CTRL_IMB | 4 | 3 | 25 | KO |

+----------------------+------------+------------+------------+------------+

| NB_CTRL_SEQ | 1 | 10 | -- | OK |

+----------------------+------------+------------+------------+------------+

| NB_WHILE_IMB | 0 | 2 | -- | OK |

+----------------------+------------+------------+------------+------------+

| LG_CONDITION | 1 | 100 | 0 | OK |

+----------------------+------------+------------+------------+------------+

The second column shows the value of each metric for the analised operation. The meaningof the other table columns is the same as in the implementation report.

The following table shows the list of the available metrics:


Metric Code Calculation performed

NB_SEE_MACH number of seen machinesNB_IMPORT_MACH number of imported machinesNB_MACH_EXTEND number of extended machinesNB_ENUM_SET number of enumerated setsNB_ABSTR_SET number of abstract setsNB_ENUM_ITEM maximum number of elements in a enumerated setNB_MACH_PAR number of machine formal parametersTOT_NB_ENUM total number of enumerated elementsNB_CONC_VAR number of concrete variablesNB_OPER number of operationsNB_CONST number of concrete constantsNB_LOC_VAR maximum number of local variables per operationNB_INPUT_PAR number of input parameters per operationNB_OUTPUT_PAR number of output parameters per operationNB_INST_OPER total number of instructions in an operationNB_NEST_CTRL maximum number of control statements nested in an operationNB_SEQ_CTRL maximum number of control statements in sequence in an oper-

ationNB_NEST_WHILE number of nested whilesNB_SEQ_INST number of instructions in sequence in an operationNB_VAR_IN number of VAR IN in an operationLG_PREFIX maximum size of rename prefixesLG_PAR_MACH maximum size of a machine parameterLG_IMP implementation name sizeLG_INPUT_PAR maximum size of an operation input parameterLG_OUTPUT_PAR maximum size of an operation output parameterLG_SET maximum size of a set identifierLG_ITEM_SET maximum size of a set element identifierLG_CST maximum size of a visible constant identifierLG_CONC_VAR maximum size of a visible variable identifierLG_LITERAL maximum size of a literal character string in an operationLG_LOC_VAR maximum size of a local variable identifierLG_OPER maximum size of an operation identifierLG_OPER_MACH maximum size of an operation identifier + machine identifierLG_CONDITION maximum size of a condition expression for an operation (num-

ber of operators)SZ_ARRAY memory space taken by the arraysNB_OP_PROMUE number of operations promoted and extendedSZ_CONC_VAR memory space taken by the visible variables other than arraysSZ_CST memory space taken by visible constants other than arrays


The user interface is started up, you already have opened a project.To calculate the metrics on all the implementations of a project, type the following com-mand:lchecker_project config_path outputorlcp path_config output

The first parameter is the complete path of the configuration file to use, for example<rep_Atelierb>AB/press/lib/LC/CONFIG_clause.cvl.The second parameter is the output format; the values 0,1,4,6 and 8 correspond respec-tively to a LATEX, Interleaf, ASCII, FrameMaker or Word displaying.The values 2,3,5 and 7 correspond respectively to a LATEX, Interleaf, ASCII, FrameMaker


Figure 7.13: Limit Checker window

or Word print out.

To calculate metrics on a project implementation, type the following command:lchecker_mach name_imp config_path outputorlcm imp_name config_path output

The first parameter is the implementation name. The two other one have the same mean-ing that for lcp .


The user interface is already started up, you are in the components window.To calculate metrics, perform the following operations:

1. Click on the Limit Checker button.The window shown in figure 7.13 on page 143 is displayed.

This window contains two fields:

(a) the upper field is used to choose the metric configuration files,

(b) the lower field that only appears when you click on Limit Checker, is used tochoose the output format produced by the tool.

2. Select the configuration file directory in the upper field.You can move around in the directories by ”double-clicking” on the Directories listfield or by directly typing the access path in the Directory name field.Each time the directory changes the Files list contains the list of the directory’s files


with a “.cvl” extension.The configuration files are by default located in the <rep_atelierb>AB/press/lib/LCdirectory.

3. Select, from the Files list , the configuration file.The name of the configuration file is displayed in the File Name field.

4. To edit the selected configuration file, click on Edit Config File, then OK.The file is edited with the standard editor.

5. To calculate the metrics, click on Limit Checker.The lower field in the data entry window is displayed.

6. To perform a calculation on all of the project implementations, click on All. If youclick on Selected Only, the calculation will only be performed on the implementationsselected from the list of components.

7. Select the output formats in the Output Format field.Warning, a display on screen is only possible in ASCII and LATEXformats.

8. Select the type of output from the Output format. If you select Print you must alsospecify the printer name.

9. Click on OK to perform the extraction.The results are displayed in the Atelier B start-up window.If the output format is ASCII the results are displayed with the standard editor.If the output format is LATEX, the results are displayed with xdvi.

Usable parameters

ATB*OPT TOOLS <SYSTEM>*Latex Binary DirectoryPositioned at Atelier B installation.Directory where to find the Latex binaries.

ATB*OPT TOOLS <SYSTEM>*Latex Postscript TranslatorPositioned at Atelier B installation.Name of the Latex translator to PostScript.


ATB*OPT TOOLS <SYSTEM>*Editor PathPositioned at Atelier B installation.Access path to the text editor.


Possible errors

B Pretty Printer error while translating into LATEX format file <filename>You requested the displaying or the printing-out of the metrics using LATEX. The BPretty Printer is the tool that converts B formulae to the formats of the differentword processors. This message is displayed if the tool fails.

B Pretty Printer error while translating into RTF format file <filename>You requested the displaying or the printing-out of the metrics using Word (RTF).The B Pretty Printer is the tool that converts B formulae to the formats of thedifferent word processors. This message is displayed if the tool fails.

Cannot read file <filename>.cvlThe configuration file specified as a parameter is not accessible in read mode. Checkthe rights of this file.

Error editing file <filename>.cvlThe configuration file specified as a parameter is not accessible in read mode or theeditor is not accessible. Atelier B cannot edit the configuration file. Check the rightsof this file.

<comp name> is not an implementationThe component specified as a parameter is not an implementation. The LimitChecker only works on implementations.

Latex error in file <comp name>.avl.texYou requested the displaying or printing-out of the metrics using LaTeX. This mes-sage is displayed if LaTeX sent back an error. Check your LaTeX installation andtry to run the command outside of Atelier B, directly in the PDB:cd PDBlatex <comp name>.avl.tex

Limit Checker error in <comp name>The Limit Checker detected an error in one of the implementations specified as aparameter. Refer to the messages displayed in the start-up window.

Problem with LATEX PostScript traductor of <comp name>You requested a print-out of the metrics using LaTeX. This message is displayed ifthe dvips program sent back an error. Check your LaTeX installation and try torun the command outside of Atelier B, directly in the PDB:cd PDBdvips <comp name>.avl.dvi -o <comp name>.avl.ps

Chapter 8

B Project Documentation

8.1 Presentation

These commands are only available if the workstation has one of the following word pro-cessors installed: LATEXor Word.

Atelier B provides a number of commands used to generate automatically complete doc-uments containing the following pieces of information:

• B source files,

• user rule files (.pmm),

• status tables for the project and each component,

• different graphs,

• cross references.

In these documents:

• the B language symbols are displayed using math fonts.

• the B language key words are displayed in bold face characters.

The two commands offered by Atelier B are:

• Displaying a B source only.

• Create a complete document that may contain all the above information in the orderchosen by the user.

147


8.2 Displaying a B Source

Description

This function applies itself on any component of a B project. The B source file (specifica-tion or refinement) is converted in an understable format of the selected word processor.

If the output format is LATEX the document is displayed on the screen using the xdvi toolor converted into a file in PostScript format by the dvips tool and sent to the printer.

For other output formats, the file is generated but the user must edit it directly from hisword processor.

When converting the B source file, the user can choose two types of presentations, he can:

• keep his original presentation,

• use the presentation supplied by Atelier B.

Normal comments are deleted from the B source file, only the comments enclosed between”/*?” and ”?*/” character sequences are retained.


The user interface is started up, you already have opened a project.To display-convert a B source into a word processor format, use one of the followingcommands:

• show_doc_latex or sdl: This function converts the B source into LATEX format,then calls up the latex tool and the xdvi tool to display it on the screen.

• print_doc_latex or pdl: This function converts the B source into LATEX format,then calls-up the latex tool and the dvips tool to produce a file in PostScriptformat. This file is then automatically sent to the selected printer. To change theselected printer, use the set_print_params command.

• create_doc_rtf or cdr: This function converts the B source into Word format. Thename of the file produced is displayed in the start-up window. You should then editthe file using Word.

The first parameter for these functions is the component name.The second parameter is the type of required presentation. To retain the original presen-tation, specify the value PLAIN. Use the NORM value for a standardised presentation.


The user interface is already started up, you are in the components window.To convert a B source to word processor format, perform the following operations:

1. Select the component from the list of components.

B PROJECT DOCUMENTATION 149

Figure 8.1: Documentation window

2. Click on the Document ... button, select Component.The window shown by figure 8.1 on page 149 is displayed.

3. In the Output Format field, click on the selected word processor.

4. Click on Yes in the Normalization field, if you don’t want to keep the original pre-sentation.

5. Click on the output type in the Output field.If you select Print you must specify the printer name and the pages to print.The Print format is only available for LATEX.

6. Click on OK to confirm the selection.The B source file is converted to the word processor format.If the output format is LATEX, Atelier B calls up the latex tool, then the xdvi ordvips tool.For the Word format, the name of the file produced is displayed in the start-upwindow. You should then open this file directly from your word processor.

Usable parameters





Possible errors

LATEX error for <comp name>This message indicates an error sent back by the LATEXtool. Check yourLATEXinstallation. You can try starting LATEX directly on the file generated byAtelier B:cd <pdb dir>latex <comp name>.texErrors can come from your Latex configuration. Latex file gen-erated by Atelier B contain the same heading defined in the file<rep\_atelierb>AB/press/lib/BBeautifuler/ENTETE_LATEX. You can mod-ify this file to be conform to your Latex configuration.

LATEX DVI error viewing <comp name>This message indicates an error sent back by the xdvi tool. This tool is the LATEX dis-playing module. Check your LATEX installation. You can try to start xdvi directlyon the file generated by Atelier B:cd <pdb dir>xdvi <comp name>.dvi

LATEX PostScript error translating <comp name>This message indicates an error sent back by the dvips tool. This tool convertsLATEX format to PostScript format. Check your LATEX installation. You can try tostart xdvi directly on the file generated by Atelier B:cd <pdb dir>dvips <comp name>.dvi -o <comp name>.ps

Error while generating the documentation of <comp name>This message indicates an error in the tool that converts the B source into the wordprocessor format. Refer to the messages displayed in the start-up window.

B PROJECT DOCUMENTATION 151

8.3 Creating Complete Documents

This function permits the automatic creation of the documents of the projects managedby Atelier B.

The created documents can contain the following information:

• a cover page,

• a table of contents (only in LATEX),

• sections (5 levels),

• free text provided by the user,

• B source files,

• user rule files (.pmm),

• status tables for the project and each component,

• dependency graphs (files in PostScript format),

• a dictionary of the terms used in the project.

The user can organise this information as he wants to.

Atelier B provides documentation models. These models define a specific documentationlayout, they are a working base to assist the user in creating his own models.

Documentation creation includes three steps:

1. Creating a model for the project, from a predefined model: during this step, AtelierB creates sections for each project component.This step is performed by the Create Model function.

2. Modifying the project model: the user can add, delete or move sections, information,...

3. Automatic document creation: The user chooses the target word processor andAtelier B automatically creates the document.

For more information on this function, read the Model Editor - User’s Manual

This document contains using examples of this function, as well as an absolute descriptionof the Motif user interface.

This function is not available from the command mode user interface.

Usable parameters


Appendix A

Limitations of ProjectDocumentation Tools

The outputs in Word (.rtf) formats are limited. This is due to the abilities of the pro-grams and their formats. This functionality should be used with care.

For the Word output format, the limitations are the following :

1. The logo is not included in the generated document.

2. The table of contents is not generated.

3. Be careful when including Postscript files:

• no check is performed to ensure that the file is present on generation;

• the file must be present on the disk;

• Word must recognize Postscript files;

• The printer must be able to interpret the Postscript.

4. The files are intended for PCs and cannot be used directly on Macintosh computers.

153

Appendix B

Files Created by Atelier B

The table below describes all the files created by Atelier B:

File Location Contentsproject_name.desc Atelier data base Project descriptor (directories, manager, users,

libraries)project_name.db Project data base Project components (name, localization,

owner).usedby_* Project data base Marker indicating that the project is opened by

a user.project Project data base, transla-

tion directoryMarker indicating that the directory is occupiedby a project

.lib Project data base Directory of library project PDBs*.lock Project data base Markers used to ensure mutual exclusion be-

tween users of the same projectdeB*,versB* Project data base FIFOs for communication between the user in-

terface and the Logic Solversrc/*.* Project data base B source files with expanded definitions. There

is one file per component even ifexpand_src/*.* Project data base B source files, one per component*.nf Project data base normalized form of component*.tse Project data base Extended table of symbols generated by

B0Checker*.po Project data base Component proof obligations*.opo Project data base component obvious proof obligations*.pmi Project data base Saved component interactive proof*.pmm Project data base Rules defined by the user for each componentproject_name.gdl Project data base Dependency graphproject_name.stg Project data base ”Project Status” table in SGML format.*.stg Project data base ”Component Status” table in SGML format.*.tex Project data base Files generated by the documentation tools for

translation into LaTeX.*.rtf Project data base Files generated by the documentation tools for

translation into Word.*.dvi Project data base Files generated by LaTeX for display or print-

out.continued on next page

155


continued from previous page

File Location Contents*.ps Project data base LaTeX files converted into PostScript format

for printing-out.*.bod, *.str,*.blf

Translation directorysub-directory ada

Object files generated by the ADA translator.

*.ads,*.adb Translation directorysub-directory ada

Files generated by the ADA translator after linkedition.

makefile Translation directorysub-directory ada

Directives for ADA compiler.

*.bod, *.str*.blf

Translation directorysub-directory hia

Object files generated by the HIA translator.

*.hia,*.h Translation directorysub-directory hia

Files generated by the HIA translator after linkedition.

makefile Translation directorysub-directory hia

Directives for HIA compiler.

*.bdy, *.spe*.blf

Translation directorysub-directory cpp

Object files generated by the C++ translator.

*.cpp,*.h Translation directorysub-directory cpp

Files generated by the C++ translator afterlink edition.

makefile Translation directorysub-directory cpp

Directives for C++ compiler.

*.bdy, *.spe*.blf

Translation directorysub-directory c

Object files generated by the C translator.

*.cpp,*.h Translation directorysub-directory c

Files generated by the C translator after linkedition.

makefile Translation directorysub-directory c

Directives for C compiler.