1 Introduction
2 Literature Review
3 Pattern Specification
3.1 Contexts and Machines Relationships
3.2 Structural Features
AXIOMS
clause (\(Entity\_partition\)).
CONSTANTS
clause. Formally, we specify {C\(_{1}\),...,C\(_{n}\)} \(\in \) Component \(\wedge \) C\(_{1}\) \(\ne \) C\(_{2}\) \(\wedge \)...\(\wedge \) C\(_{n-1}\) \(\ne \) C\(_{n}\).CONSTANTS
clause. The set of Connectors is composed of all Connectors name. This is specified formally with a partition (\(Connector\_partition\)).
SETS
clause. Messages name M\(_i\) are specified in the CONSTANTS
clause. They are attributed with their type with a partition in the AXIOMS
clause (\(Message\_partition\)).
3.3 Behavioral Features
3.4 Formal Verification
INVARIANTS
, AXIOMS
, THEOREMS
) or with guards in the events. It is also ensured by proof obligations generated by the Rodin platform. They define what is to be proved to ensure the consistency of an Event-B pattern model. As example of consistency constraints, we check that no entity can send a message if it is not authorised. This is controlled by an invariant called Can_Send_INV. For sequence diagrams, we require that every message must start activation. Our approach ensures that the specified IoT design patterns are correct by construction. It offers architects the ability to reuse correct pattern models, which saves their efforts to prove the correctness of the patterns.