Abstract
The ProB disprover uses constraint solving to find counter-examples for B proof obligations. As the ProB kernel is now capable of determining whether a search was exhaustive, one can also use the disprover as a prover. In this paper, we explain how ProB has been embedded as a prover into Rodin and Atelier B. Furthermore, we compare ProB with the standard automatic provers and SMT solvers used in Rodin. We demonstrate that constraint solving in general and ProB in particular are able to deal with classes of proof obligations that are not easily discharged by other provers and solvers. As benchmarks we use medium sized specifications such as landing gear systems, a CAN bus specification and a railway system. We also present a new method to check proof obligations for inconsistencies, which has helped uncover various issues in existing (sometimes fully proven) models.
Sebastian Krings
Software Engineer
My interests include software analysis, formal methods and offensive security.