Experiences in Modelling of a Microcontroller Instruction Set Using B Val´erio Medeiros Jr 1 , David D´eharbe 2 1 Federal Institute of Education, Science and Technology of Rio Grande do Norte, Natal RN 59015-000, Brazil 2 Federal University of Rio Grande do Norte, Natal RN 59078-970, Brazil Abstract. This paper describes an approach to model the functional aspects of the in- struction set of microcontroller platforms and several details about the representation of elements from microcontrollers. Several models were developed using the notation of the B method. They are used to develop a formally verified software up to the assembly level and allow the simulation of models. This simulation is able to guarantee the consistency between the execution of a software model and a real execution of software, it has wide variety of usages in industry and academia. This paper presents specifically the case of the Z80 platform and quote a theoretic case study important in tanks of the petroleum industry. This work is a contribution towards the extension of the B method to handle developments up to the assembly level code. Keywords: Embedded Software, Simulation, B method and Verification 1 Introduction The B method [1] supports the construction of safety systems models by generating proof obli- gation that must be verified to guarantee its correctness. So, an initial abstract model of the system requirements is defined and then it is refined up to the implementation model. Develop- ment environments based on the B method also include source code generators for programming languages, but the result of this translation cannot be compared by formal means. The paper [6,9] has presented recently an approach to extend the scope of the B method up to the assembly level language. One key component of this approach is to build, within the framework of the B method, formal models of the instruction set of such assembly languages. This work presents a new version of the formal modelling [9] of the instruction set of the Z80 microcontroller [26]. The modelling [9] was verified completely, but it cannot be animated. This modelling was changed to support animation in ProB[13]. Basically, the new modelling 3 changed elements represented by infinite sets and adjusted the implications of this change. Using the responsibility division mechanism provided by B, auxiliary libraries of basic modules were developed as part of the construction of microcontroller model. Such library has many definitions about common concepts used in the microcontrollers; besides the new Z80 model, a theoretic case study in petroleum production test system was developed using Z80 assembly language to analyse the code simulation and verification process. Other possible uses of a formal model of a microcontroller instruction set include documenta- tion, the construction of simulators, and can be possibly the starting point of a verification effort for the actual implementation of a Z80 design. Moreover, the model of the instruction set could be instrumented with non-functional aspects, such as the number of cycles it takes to execute an 3 The interested reader in more details is invited to visit our repository at: http://code.google.com/p/b2asm/.