Specification of an X Protocol C Binding using the B-method Andreas Enbacka Department of Computer Science ˚ Abo Akademi University FIN-20520, Turku, Finland aenbacka@abo.fi Abstract XCB [4] is a currently developed C binding li- brary for X. The purpose of XCB is to improve on the current Xlib, introducing among other things latency-hiding. The X server imposes several con- straints that XCB needs to adhere to. In order to deal with these constraints and to verify the correct- ness of the algorithm, a Z XCB specification ([3]) has been developed to help formally reason about important properties. However, one drawback of the Z notation is the lack of tool support for for- mal verification and code generation. One formal method that has such automated tool support is the B Method. In this paper we present a correspond- ing specification of the X Protocol C Binding using the B Method, based on the original Z specifica- tion. 1 Introduction XCB [4] (X C Binding) is a library of X Server Pro- tocol bindings for C programs, which is currently under development. The aim is to improve upon the existing X Binding Library (Xlib) that is used today, and address some of its shortcomings. Ar- eas improved upon are for instance latency-hiding (i.e. in Xlib requests requiring replies are blocked until the reply is available, whether or not the reply is needed) and the handling of multi-threaded (as well as single-threaded) applications. A Xlib com- patibility layer (XCL) [8] is also being developed, making it easier for existing Xlib applications to take advantage of the new and improved function- ality offered by XCB. As the XCB algorithm and the constraints imposed on it by the X server are quite complex, a formal specification was developed using the Z [9] formal notation. By specifying the algorithm using ex- act mathematical/logical notation, important prop- erties like dead-lock freeness can be shown and proved (either formally or semi-formally). How- ever Z is a formal notation which is better suited for pen-and-paper style proofs. Therefore, very lim- ited tool support exists for Z to assist with proofs, refinement and code generation. One formal method that has such tool support is the B-method [1], developed by J. R. Abrial (also the creator of Z). The purpose of this paper is to present a model in B (based on the Z specification) of the XCB algorithm, which can be analyzed and proved (as well as further refined) using the B sup- port tools. 2 Motivation The main advantage of B over Z is the robust commercially available tool support in the form of B-Toolkit from B-Core (UK) Ltd. and Atelier- B from Steria (France). These toolkits provide support for syntax and type-checking of specifica- tions, animation,proof-obligation generation, proof (both automatic and interactive), refinement and automatic code generation (e.g. to C). Refine- ment means stepwise transformation of the initial abstract specification into a final implementation from which executable code can be generated. For this project the main tool used is B-Toolkit. Some tool support exists for the Z notation as well, for example Z/EVES providing syntax and type-checking of specifications. Some progress to- wards formal proofs of key properties of the XCB Z model described in [3] was made using the Z/EVES tool. However, the tools supporting the B-method has additional support for refinement and code gen- eration from the final implementation. The B-method [1] is based on the first-order predi- cate calculus and set theory, and the concept of an abstract machine encapsulating a program state as well as operations on that state. Abstract machines can be compared to classes of an object-oriented language like C++ (or alternatively, an ADA pack- age). Specification in B is done using the Ab- stract Machine Notation (AMN), and operations