Consistency-preserving refactoring of refinement structures in Event-B models

  • Tsutomu KobayashiEmail author
  • Fuyuki Ishikawa
  • Shinichi Honiden
Original Article


Event-B has been attracting much interest because it supports a flexible refinement mechanism that reduces the complexity of constructing and verifying models of complicated target systems by taking into account multiple abstraction layers of the models. Although most previous studies on Event-B focused on model construction, the constructed models need to be maintained. Moreover, parts of existing models are often reused to construct other models. In this paper, a method is introduced that improves the maintainability and reusability of existing Event-B models. It automatically reconstructs the refinement structure of existing models by constructing models about different sets of variables than that used in the original models, while maintaining the consistencies checked in the original models. The method automatically decomposes each refinement step into multiple steps by taking certain predicates from existing models and deriving additional predicates from the consistency conditions of existing models to create new models consistent with the original ones. By combining the decomposing of refinement steps with the composing of refinement steps, this method automatically restructures a refinement step in accordance with given sets of variables to be taken into account in refinement steps of the refactored models. The results of case studies in which large refinement steps in existing models were decomposed and existing models were restructured to extract reusable parts for constructing other models demonstrated that the proposed method facilitates effective use of the refinement mechanism of Event-B.


Event-B Action systems Refinement Abstraction Refactoring Interpolation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



We thank Michael Butler and three anonymous referees for valuable critical comments on the previous versions of this paper. This work was supported by JST ACT-I Grant Number JPMJPR17UA and JSPS KAKENHI Grant Number 17H07323.


  1. ABH+10.
    Abrial J-R, Butler M, Hallerstede S, Hoang TS, Mehta F, Voisin L. (2010) Rodin: an Open Toolset for Modelling and Reasoning in Event-B. International Journal on Software Tools for Technology Transfer 12(6): 447–466CrossRefGoogle Scholar
  2. Abr05.
    Abrial J-R (2005) The B-book: assigning programs to meanings. Cambridge University Press, CambridgezbMATHGoogle Scholar
  3. Abr10.
    Abrial J-R (2010) Modeling in Event-B: system and software engineering. Cambridge University Press, CambridgeCrossRefzbMATHGoogle Scholar
  4. Adv.
    Advance Project. Advanced design and verification environment for cyber-physical system engineering.
  5. AGR16.
    Arcaini P, Gargantini A, Riccobene E (2016) Smt-based automatic proof of asm model refinement. In: SEFM 2016, pp 253–269Google Scholar
  6. AH07.
    Abrial J-R, Hallerstede S (2007) Refinement, decomposition, and instantiation of discrete models: application to Event-B. Fundam Inform 77(1-2): 1–28MathSciNetzbMATHGoogle Scholar
  7. AM13.
    Albarghouthi A, McMillan KL (2013) Beautiful interpolants. In: CAV 2013. Springer, Berlin, pp 313–329Google Scholar
  8. Bac90.
    Back RJR (1990) Refinement calculus, part II: parallel and reactive programs. In: Stepwise refinement of distributed systems models, formalisms, correctness. Springer, Berlin, pp 67–93Google Scholar
  9. Bac93.
    Back RJR (1993) Refinement of parallel and reactive programs. In: Program design calculi. Springer, Berlin, pp 73–92Google Scholar
  10. BB13.
    Banach R, Butler M (2013) Cruise control in hybrid Event-B. In: ICTAC 2013. Springer, Berlin, pp 76–93Google Scholar
  11. BFRR10.
    Bryans JW, Fitzgerald JS, Romanovsky A, Roth A (2010) Patterns for modelling time and consistency in business information systems. In: ICECCS 2010, Mar 2010, pp 105–114Google Scholar
  12. BKS89.
    Back RJR, Kurki-Suonio R (1989) Decentralization of process nets with centralized control. Distrib Comput 3(2): 73–87CrossRefGoogle Scholar
  13. Bör03.
    Börger E (2003) The ASM refinement method. Formal Asp Comput 15(2): 237–257CrossRefzbMATHGoogle Scholar
  14. BS03.
    Börger E, Stark Robert F (2003) Abstract state machines: a method for high-level system design and analysis. Springer, BerlinCrossRefzbMATHGoogle Scholar
  15. But09.
    Butler M (2009) Decomposition structures for Event-B. In: IFM 2009, vol 5423. Springer, Heidelberg, pp 20–38Google Scholar
  16. BvW94.
    Back RJR, von Wright J (1994) Trace refinement of action systems. In: CONCUR 1994. Springer, Berlin, pp 367–384Google Scholar
  17. BvW12.
    Back R-J, von Wright J (2012) Refinement calculus: a systematic introduction. Springer, BerlinzbMATHGoogle Scholar
  18. CGJ+00.
    Clarke E, Grumberg O, Jha S, Lu Y, Veith H (2000) Counter example-Guided Abstraction Refinement. In: CAV 2000, vol 1855. Springer, Heidelberg, pp 154–169Google Scholar
  19. Chl11.
    Chlipala A (2011) Certified programming with dependent types. MIT Press, New YorkzbMATHGoogle Scholar
  20. Cra57.
    Craig W (1957) Three uses of the Herbrand–Gentzen theorem in relating model theory and proof theory. J Symb Logic 22(3): 269–285MathSciNetCrossRefzbMATHGoogle Scholar
  21. CWB07.
    Correa A, Werner C, Barros M (2007) An empirical study of the impact of OCL smells and refactorings on the understandability of OCL specifications. In: MoDELS 2007, vol 4735. Springer, Heidelberg, pp 76–90Google Scholar
  22. DAAU14.
    Degiovanni R, Alrajeh D, Aguirre N, Uchitel S (2014) Automated goal operationalisation based on interpolation and sat solving. In: ICSE 2014. ACM, New York, pp 129–139Google Scholar
  23. Dep.
  24. dMB08.
    de Moura L, Bjørner N (2008) Z3: an efficient smt solver. In: TACAS 2008. Springer, Berlin, pp 337–340Google Scholar
  25. FB99.
    Fowler M, Beck K (1999) Refactoring: improving the design of existing code. Addison-Wesley, ReadingGoogle Scholar
  26. Goo16.
    Goodspeed B (2016) Formal methods for secure software construction. Master’s thesis, Saint Mary’s UniversityGoogle Scholar
  27. HA11.
    Hoang TS, Abrial J-R (2011) Reasoning about liveness properties in Event-b. In: ICFEM 2011. Springer, pp 456–471Google Scholar
  28. HFA13.
    Hoang TS, Fürst A, Abrial J-R (2013) Event-B patterns and their tool support. Softw Syst Model 12(2): 229–244CrossRefGoogle Scholar
  29. ITL+10.
    Iliasov A, Troubitsyna E, Laibinis L, Romanovsky A, Varpaaniemi K, Ilic D, Latvala T (2010) Supporting reuse in Event B development: modularisation approach. In: ABZ 2010. Springer, Berlin, pp 174–188Google Scholar
  30. Jac02.
    Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol 11(2): 256–290CrossRefGoogle Scholar
  31. Jon86.
    Jones CB (1986) Systematic software development using VDM, vol 2. CiteseerGoogle Scholar
  32. KIH16.
    Kobayashi T, Ishikawa F, Honiden S (2016) Refactoring refinement structure of Event-B machines. In: FM 2016. Springer, pp 444–459Google Scholar
  33. Lam94.
    Lamport L (May 1994) The temporal logic of actions. ACM Trans Program Lang Syst 16(3):872-923Google Scholar
  34. LB03.
    Leuschel M, Butler M (2003) ProB: A model checker for B. In: FME 2003. Springer, Berlin, pp 855–874Google Scholar
  35. LM13.
    Li Z, Miao H (2013) Introducing agents in multi-agent system with superposition refinement. In: SNPD 2013, pp 342–347Google Scholar
  36. Mey92.
    Meyer B (Oct 1992) Applying ‘design by contract’. Computer 25(10):40–51Google Scholar
  37. MS08.
    McComb T, Smith G (2008) A minimal set of refactoring rules for Object-Z. In: FMOODS 2008, vol 5051. Springer, Heidelberg, pp 170–184Google Scholar
  38. Req08.
    Requet A (2008) BART: a tool for automatic refinement. In: ABZ 2008. Springer, Berlin, pp 345–345Google Scholar
  39. Doc.
    Rodin user documentation. Refactoring framework.
  40. RP04.
    Rohit G, Paulo B (2004) Refactoring alloy specifications. Electron Notes Theor Comput Sci 95: 227–243CrossRefGoogle Scholar
  41. RT13.
    Romanovsky A, Thomas M (2013) Industrial deployment of system engineering methods. Springer, BerlinCrossRefGoogle Scholar
  42. SA92.
    Spivey JM, Abrial J-R (1992) The Z notation. Prentice Hall, Hemel HempsteadGoogle Scholar
  43. SAZ14.
    Su W, Abrial J-R, Zhu H (2014) Formalizing hybrid systems with Event-B and the Rodin platform. Sci Comput Program 94(Part 2):164–202Google Scholar
  44. SB09.
    Silva R, Butler M (2009) Supporting reuse of Event-B developments through generic instantiation. In: ICFEM 2009. Springer, Berlin, pp 466–484Google Scholar
  45. SFG12.
    Shahir HY, Farahbod R, Glässer U (2012) Refactoring abstract state machine models. In: ABZ 2012, vol 7316, pp 345–348. Springer, HeidelbergGoogle Scholar
  46. SFI02.
    Susan S, Fiona P, Ian T. (2002) Refactoring in maintenance and development of Z specifications and proofs. ENTCS 70(3): 50–69zbMATHGoogle Scholar
  47. SMA10.
    Sanaz Y, Michael B, Abdolbaghi R (2010) Evaluation of a Guideline by formal modelling of cruise control system in Event-B. In: NFM 2010, Apr 2010. NASA, pp 182–191Google Scholar
  48. TPTL15.
    Tarasyuk A, Pereverzeva I, Troubitsyna E, Latvala T (2015) The formal derivation of mode logic for autonomous satellite flight formation. In: SAFECOMP 2015, vol 9337. Springer, Heidelberg, pp 29–43Google Scholar
  49. TTL15.
    Tarasyuk A., Troubitsyna E., Laibinis L. (2015) Integrating stochastic reasoning into Event-B development. Formal Asp Comput 27(1): 53–77MathSciNetCrossRefzbMATHGoogle Scholar
  50. Whi13.
    Whiteside IJ (2013) Refactoring proofs. PhD thesis, The University of EdinburghGoogle Scholar

Copyright information

© British Computer Society 2019

Authors and Affiliations

  • Tsutomu Kobayashi
    • 1
    Email author
  • Fuyuki Ishikawa
    • 1
  • Shinichi Honiden
    • 1
    • 2
  1. 1.National Institute of InformaticsChiyoda-ku, TokyoJapan
  2. 2.Waseda UniversityShinjuku-ku, TokyoJapan

Personalised recommendations