Combining formal methods for the development of reactive systems

This paper deals with the use of two verification approaches: theorem proving and model checking. We focus on the Event-B method by using its associated theorem proving tool (Click_n_Prove), and on the language TLA(+) by using its model checker TLC. By considering the limitation of the Event-B method to invariance properties, we propose to apply the language TLA(+) to verify liveness properties on a software behaviour. We extend first the expressivity and the semantics of a B model (called temporal B model) to deal with the specification of fairness and eventuality properties. Second, we give transformation rules from a temporal B model into a TLA(+) module. We present in particular, our prototype system called B2TLA(+), that we have developed to support this transformation; then we can verify these properties thanks to the model checker TLC on finite state systems. For the verification of infinite-state systems, we propose the use of the predicate diagrams. We illustrate our approach on a case study of a parcel sorting system.