Formal Aspects of Computing

, Volume 21, Issue 1–2, pp 65–102 | Cite as

Relational concurrent refinement part II: Internal operations and outputs

  • Eerke Boiten
  • John Derrick
  • Gerhard Schellhorn
Original Article


Two styles of description arise naturally in formal specification: state-based and behavioural. In state-based notations, a system is characterised by a collection of variables, and their values determine which actions may occur throughout a system history. Behavioural specifications describe the chronologies of actions—interactions between a system and its environment. The exact nature of such interactions is captured in a variety of semantic models with corresponding notions of refinement; refinement in state based systems is based on the semantics of sequential programs and is modelled relationally. Acknowledging that these viewpoints are complementary, substantial research has gone into combining the paradigms. The purpose of this paper is to do three things. First, we survey recent results linking the relational model of refinement to the process algebraic models. Specifically, we detail how variations in the relational framework lead to relational data refinement being in correspondence with traces–divergences, singleton failures and failures–divergences refinement in a process semantics. Second, we generalise these results by providing a general flexible scheme for incorporating the two main “erroneous” concurrent behaviours: deadlock and divergence, into relational refinement. This is shown to subsume previous characterisations. In doing this we derive relational refinement rules for specifications containing both internal operations and outputs that corresponds to failures–divergences refinement. Third, the theory has been formally specified and verified using the interactive theorem prover KIV.


Data refinement Simulations, Process algebraic semantics Failures–divergences refinement Deadlock Internal operations Outputs Mechanisation KIV 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abr96.
    Abrial J-R (1996) The B-Book: assigning programs to meanings. Cambridge University Press, CambridgezbMATHGoogle Scholar
  2. BdR03.
    Boiten EA, de Roever W-P (2003) Getting to the bottom of relational refinement: relations and correctness, partial and total. In: Berghammer R, Möller B (eds) 7th International seminar on relational methods in computer science (RelMiCS 7). University of Kiel, pp 82–88Google Scholar
  3. BDW99.
    Bolton C, Davies J, Woodcock JCP (1999) On the refinement and simulation of data types and processes. In: Araki K, Galloway A, Taguchi K (eds) International conference on integrated formal methods 1999 (IFM’99). Springer, Berlin, pp 273–292Google Scholar
  4. BeZ86.
    Berghammer R, Zierer H (1986) Relation algebraic semantics of deterministic and non-deterministic programs. Theor Comp Sci 43:123–147zbMATHCrossRefMathSciNetGoogle Scholar
  5. BHR84.
    Brookes SD, Hoare CAR, Roscoe AW (1984) A theory of communicating sequential processes. J ACM 31(3):560–599zbMATHCrossRefMathSciNetGoogle Scholar
  6. BoB88.
    Bolognesi T, Brinksma E (1988) Introduction to the ISO Specification Language LOTOS. Comput Networks ISDN 14(1):25–59CrossRefGoogle Scholar
  7. BoD02a.
    Boiten EA, Derrick J (2002) Unifying concurrent and relational refinement. In: Derrick J, Boiten EA, Woodcock JCP, von Wright J (eds) Refine 2002, ENTCS 70:94–131Google Scholar
  8. BoD02b.
    Bolton C, Davies J (2002) Refinement in Object-Z and CSP. In: Butler M, Petre L, Sere K (eds) Integrated formal methods (IFM 2002), Lecture notes in computer science, vol 2335. Springer, Berlin, pp 225–244Google Scholar
  9. BoD06.
    Bolton C, Davies J (2006) A singleton failures semantics for communicating sequential processes. Form Asp Comput 18:181–210zbMATHCrossRefGoogle Scholar
  10. BoG05.
    Bowman H, Gomez R (2005) Concurrency theory: calculi and automata for modelling untimed and timed concurrent systems. Springer, New YorkGoogle Scholar
  11. Bol02.
    Bolton C (2002) On the refinement of state-based and event-based models. Ph.D. thesis, University of OxfordGoogle Scholar
  12. BoL03.
    Bolton C, Lowe G (2003) A hierarchy of failures-based models. In: Corradini F, Nestmann U (eds) Proceedings of express 2003: 10th international workshop on expressiveness in concurrency. Elsevier Science, AmsterdamGoogle Scholar
  13. BoL05.
    Bolton C, Lowe G (2005) A hierarchy of failures-based models: theory and application. Theor Comp Sci 330(3):407–438zbMATHCrossRefMathSciNetGoogle Scholar
  14. BrR85.
    Brookes SD, Roscoe AW (1985) An improved failures model for communicating processes. In: Brookes SD, Roscoe AW, Winskel G (eds) Seminar on concurrency, Lecture notes in computer science, vol 197. Springer, Berlin, pp 281–305Google Scholar
  15. CSW02.
    Cooper D, Stepney S, Woodcock J (2002) Derivation of Z refinement proof rules: forwards and backwards rules incorporating input/output refinement. Technical Report YCS-2002-347, University of York. URL:
  16. DBB98.
    Derrick J, Boiten EA, Bowman H, Steen MWAS (1998) Specifying and refining internal operations in Z. Form Asp Comput 10:125–159zbMATHCrossRefGoogle Scholar
  17. DeB01.
    Derrick J, Boiten EA (2001) Refinement in Z and object-Z: foundations and advanced applications, FACIT series. Springer, LondonGoogle Scholar
  18. DeB03.
    Derrick J, Boiten EA (2003) Relational concurrent refinement. Form Asp Comput 15(1):182–214zbMATHCrossRefGoogle Scholar
  19. DeB06.
    Derrick J, Boiten EA (2006) Relational concurrent refinement with internal operations. In: Aichernig B, Boiten EA, Derrick J, Groves L (eds) BCS-FACS Refinement Workshop, ENTCS 187:35–53Google Scholar
  20. DeH06.
    Deutsch M, Henson MC (2006) An analysis of refinement in an abortive paradigm. Form Asp Comput 18(3):329–363zbMATHCrossRefGoogle Scholar
  21. Doo94.
    Doornbos H (1994) A relational model of programs without the restriction to Egli-Milner constructs. In: Olderog E-R (ed) PROCOMET ’94, IFIP, pp 357–376Google Scholar
  22. dRE98.
    De Roever W-P, Engelhardt K (1998) Data refinement: model-oriented proof methods and their comparison. Cambridge University Press, CambridgezbMATHGoogle Scholar
  23. DuC05.
    Dunne S, Conroy S (2005) Process refinement in B. In: Treharne H, King S, Henson MC, Schneider S (eds) ZB 2005: formal specification and development in Z and B, 4th international conference of B and Z users, Lecture notes in computer science, vol 3455. Springer, Berlin, pp 45–64Google Scholar
  24. Fis97.
    Fischer C (1997) CSP-OZ—A combination of CSP and Object-Z. In: Bowman H, Derrick J (eds) Second IFIP international conference on formal methods for open object-based distributed systems. Chapman & Hall, London, pp 423–438Google Scholar
  25. He89.
    He J (1989) Process refinement. In: McDermid J (ed) The theory and practice of refinement. Butterworths, LondonGoogle Scholar
  26. HeI93.
    Hennessy M, Ingólfsdóttir A (1993) A theory of communicating processes with value passing. Inf Comput 107(2):202–236zbMATHCrossRefGoogle Scholar
  27. HHS86.
    He J, Hoare CAR, Sanders JW (1986) Data refinement refined. In Robinet B, Wilhelm R (eds) Proc. ESOP’86. Lecture notes in computer science, vol 213. Springer, Berlin, pp 187–196Google Scholar
  28. Hoa85.
    Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  29. HoH98.
    Hoare CAR, He J (1998) Unifying theories of programming. Prentice-Hall, Englewood CliffsGoogle Scholar
  30. Jos88.
    Josephs MB (1988) A state-based approach to communicating processes. Distrib Comput 3:9–18zbMATHCrossRefGoogle Scholar
  31. Led91.
    Leduc G (1991) On the role of implementation relations in the design of distributed systems using LOTOS. Ph.D. thesis, University of LiègeGoogle Scholar
  32. MBD00.
    Miarka R, Boiten EA, Derrick J (2000) Guards, preconditions and refinement in Z. In: Bowen JP, Dunne S, Galloway A, King S (eds) ZB2000: Formal specification and development in Z and B. Lecture notes in computer science, vol 1878. Springer, Berlin, pp 286–303Google Scholar
  33. Mil89.
    Milner R (1989) Communication and concurrency. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  34. ReS06.
    Reeves S, Streader D (2006) State- and event-based refinement. Technical report, Department of Computer Science, University of WaikatoGoogle Scholar
  35. Ros98.
    Roscoe AW (1998) The theory and practice of concurrency. Prentice-Hall, Englewood CliffsGoogle Scholar
  36. RSS98.
    Reif W, Schellhorn G, Stenzel K, Balser M (1998) Structured specifications and interactive proofs with KIV. In: Bibel W, Schmitt P (eds) Automated deduction—a basis for applications, vol II: systems and implementation techniques, Chap. 1: Interactive Theorem Proving. Kluwer, Dordrecht, pp 13–39Google Scholar
  37. Sch05.
    Schellhorn G (2005) ASM refinement and generalizations of forward simulation in data refinement: a comparison. Theor Comp Sci 336(2–3):403–435zbMATHCrossRefMathSciNetGoogle Scholar
  38. Sch06.
    Schellhorn G (2006) Web presentation of the KIV proofs of ‘Relational Concurrent Refinement Part II: Internal Operations and Output’. URL:
  39. ScT04.
    Schneider S, Treharne H (2004) CSP theorems for communicating B machines. Form Asp Comput 17(4):390–422CrossRefGoogle Scholar
  40. SGH06.
    Schellhorn G, Grandy H, Haneberg D, Reif W (2006) The Mondex challenge: machine checked proofs for an electronic purse. In: Misra J, Nipkow T, Sekerinski E (eds) Formal methods 2006, Proceedings. Lecture notes in computer science, vol 4085. Springer, Berlin, pp 16–31Google Scholar
  41. SmD02.
    Smith G, Derrick J (2002) Abstract specification in Object-Z and CSP. In: George C, Miao H (eds) Formal methods and software engineering. Lecture notes in computer science, vol 2495. Springer, Berlin, pp 108–119Google Scholar
  42. Spi92.
    Spivey JM (1992) The Z notation: a reference manual, 2nd edn. Prentice-Hall, Englewood CliffsGoogle Scholar
  43. VaT95.
    Valmari A, Tienari M (1995) Compositional failure-based semantics models for basic LOTOS. Form Asp Comput 7(4):440–468zbMATHCrossRefGoogle Scholar
  44. vGl01.
    van Glabbeek, RJ (2001) The linear time—branching time spectrum I. The semantics of concrete sequential processes. In: Bergstra JA, Ponse A, Smolka SA (eds) Handbook of process algebra. North-Holland, Amsterdam pp 3–99Google Scholar
  45. WoD96.
    Woodcock JCP, Davies J (1996) Using Z: specification, refinement, and proof. Prentice-Hall, Englewood CliffszbMATHGoogle Scholar
  46. WoM90.
    Woodcock JCP, Morgan CC (1990) Refinement of state-based concurrent systems. In: Bjørner D, Hoare CAR, Langmaack H (eds) VDM’90: VDM and Z!—formal methods in software development, Lecture notes in computer science, vol 428. Springer, BerlinGoogle Scholar

Copyright information

© British Computer Society 2008

Authors and Affiliations

  1. 1.Computing LaboratoryUniversity of KentCanterburyUK
  2. 2.Department of Computer ScienceUniversity of SheffieldSheffieldUK
  3. 3.Institute of Software Engineering and Programming Languages, Department of Computer ScienceUniversity of AugsburgAugsburgGermany

Personalised recommendations