This article describes the Event-B modeling of a landing gear system of an aircraft whose complete description can be found in Boniol and Wiels (The Landing Gear System Case Study, ABZ Case Study, Communications in Computer Information Science, vol 433, Springer, Berlin, 2014). This real-life case study has been proposed by the ABZ’2014 track that took place in Toulouse, the European capital of the aeronautic industry. Our modeling is based on the Parnas and Madey’s 4-Variable Model that permits to consider the different parts of a system. These parts are incrementally introduced using the Event-B refinement technique. The entire development has been carried out with the Rodin toolset. To ensure the correctness of the different components, we use several verification techniques (animation, model checking and proof) depending on the complexity and the kind of the properties to verify. Basically, prior to the proof phase that can be tedious and complex, we use the animator AnimB and the model checker ProB that permit to discover some trivial inconsistencies. Once no error is reported, we start the proof phase by using the Atelier B and SMT provers which we installed on Rodin. We conclude the article by drawing up some key findings of and lessons learned from this experience.

Similar content being viewed by others
The choice of the boolean type for variables \(door\_cylinder\_locked\_p\) and \(gear\_cylinder\_locked\_p\) are completely arbitrary. Another solution would be to define a new set \(\{locked, unlocked\}\).
In this paper, we make the assumption that there is a unique sensor on each of these elements.
Abrial, J.-R.: The B-book, Assigning Programs to Meanings. Cambridge University Press, Cambridge (2005)
Abrial, J.-R.: Modeling in Event-B—System and Software Engineering. Cambridge University Press, Cambridge (2010)
Boniol, F., Wiels, V.: The Landing Gear System Case Study, ABZ Case Study, Communications in Computer Information Science, vol. 433. Springer, Berlin (2014)
Alur, R., Dill, D.-L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)
Butler, M.: Towards a cookbook for modelling and refinement of control problems. Working paper. ECS, University of Southampton. http://deploy-eprints.ecs.soton.ac.uk/108/1/cookbook (2009)
Butler, M.: Using Event-B refinement to verify a control strategy, working paper. ECS, University of Southampton, http://deploy-eprints.ecs.soton.ac.uk/107/ (2009)
Cansell, D., Méry, D., Rehm, J.: Time constraint patterns for Event B development. In: Proceeding of 7th International Conference of B Users (B2007), pp. 140–154 (2007)
Clarke, E.-M., Emerson, E.-A.: Design and synthesis of synchronization skeletons using branching-time temporal logic. In: Kozen, D. (ed.) Logics of Programs. Workshop, Yorktown Heights, New York, May 1981, pp. 52–71. Springer, Berlin, Heidelberg (1981)
Dutertre, B., Sorea, M.: Modeling and verification of a fault-tolerant real-time startup protocol using calendar automata, FORMATS/FTRTF, pp. 199–214 (2004)
Frappier, M., Gervais, F., Laleau, R., Fraikin, B., Denis, RSt: Extending statecharts with process algebra operators. ISSE 4(3), 285–292 (2008)
Frappier, M., Gervais, F., Laleau, R., Milhau, J.: Refinement patterns for ASTDs. Formal Asp. Comput. 26(5), 919–941 (2014)
Hudon, S., Hoang, T.S.: Development of control systems guided by models of their environment. Electron. Notes Theor. Comput. Sci. 280, 57–68 (2011)
Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A., Varpaaniemi, K., Ilic, D., Latvala, T.: Supporting Reuse in Event-B Development: Modularisation Approach. ABZ’2010, pp. 174–188. Springer, LNCS 5977 (2010)
Jeffords, R.-D., Heitmeyer, C.-L., Archer, M., Leonard, E.-I.: Model-based construction and verification of critical systems using composition and partial refinement. Formal Methods Syst. Des. 37(2–3), 265–294 (2010)
Leuschel, M., Butler, M.: Prob: a model checker for B. In: FME 2003: Formal Methods. In: International Symposium of Formal Methods Europe, pp. 855–874 (2003)
Leuschel, M., Butler, M.-J.: ProB: an automated analysis toolset for the B method. In: International Journal on Software Tools for Technology Transfer, vol. 10, no. 2, pp. 185–203 (2008)
Lorge Parnas, D., Madey, J.: Functional documents for computer systems. Sci. Comput. Program. 25(1), 41–61 (1995)
Miller, S.-P., Tribble, A.-C.: Extending the four-variable model to bridge the system-software gap. In: Proceedings of the 20th Digital Avionics Systems Conference (DASC01), Daytona Beach, Florida (2001)
Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, pp. 46–57 (1977)
Sarshogh, M.-R., Butler, M.: Specification and refinement of discrete timing properties in Event-B. In: Electronic Communication of the European Association of Software Science and Technology, Vol. 46 (2011)
Silva, R., Pascal, C., Hoang, T.-S., Butler, M.: Decomposition tool for Event-B. Softw. Pract. Exp. 41(2), 199–208 (2011)
Author information
Authors and Affiliations
Corresponding author
Additional information
In loving memory of my late beloved mother, Fariza-Ourida Mokrani (died on January 26th 2015). I cannot thank you enough for the sacrifices you’ve made for my education and my well-being. May your rest be sweet as your heart was good. Your Daughter Amel.
Rights and permissions
About this article
Cite this article
Mammar, A., Laleau, R. Modeling a landing gear system in Event-B. Int J Softw Tools Technol Transfer 19, 167–186 (2017). https://doi.org/10.1007/s10009-015-0391-0
Issue Date:
DOI: https://doi.org/10.1007/s10009-015-0391-0