Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A framework for automated and certified refinement steps


The refinement calculus provides a methodology for transforming an abstract specification into a concrete implementation, by following a succession of refinement rules. These rules have been mechanized in theorem provers, thus providing a formal and rigorous way to prove that a given program refines another one. In a previous work, we have extended this mechanization for object-oriented programs, where the memory is represented as a graph, and we have integrated our approach within the rCOS tool, a model-driven software development tool providing a refinement language. Hence, for any refinement step, the tool automatically generates the corresponding proof obligations and the user can manually discharge them, using a provided library of refinement lemmas. In this work, we propose an approach to automate the search of possible refinement rules from a program to another, using the rewriting tool Maude. Each refinement rule in Maude is associated with the corresponding lemma in Isabelle, thus allowing the tool to automatically generate the Isabelle proof when a refinement rule can be automatically found. The user can add a new refinement rule by providing the corresponding Maude rule and Isabelle lemma.

This is a preview of subscription content, log in to check access.


  1. 1

    Abrial JR, Butler M, Hallerstede S, Hoang TS, Mehta F, Voisin L (2010) Rodin: an open toolset for modelling and reasoning in event-b. Int J Softw Tools Technol Transf 12: 447–466

  2. 2

    Back RJ (1978) On the correctness of refinement steps in program development. Ph.D. thesis, University of Helsinki, Finland. Report A–1978–4

  3. 3

    Back RJ, Fan X, Preoteasa V (2003) Reasoning about pointers in refinement calculus. Tech. Rep. 543, TUCS-Turku Centre for Computer Science, Turku, Finland

  4. 4

    Berger U, Schwichtenberg H (1994) Program extraction from classical proofs. In: Logical and Computational Complexity. Selected Papers. Logic and Computational Complexity, International Workshop LCC ’94, Indianapolis, Indiana, USA, 13–16 October 1994. Lecture Notes in Computer Science, vol 960. Springer, Berlin, pp 77–97

  5. 5

    Bonichon R, Delahaye D, Doligez D (2007) Zenon: an extensible automated theorem prover producing checkable proofs. In: Dershowitz N, Voronkov A (eds) LPAR. Lecture notes in computer science, vol 4790. Berlin, Springer, pp 151–165

  6. 6

    Brucker AD, Wolff B (2009) HOL-TestGen: An interactive test-case generation framework. In: Chechik M, Wirsing M (eds) Fundamental approaches to software engineering (FASE09), no. 5503. Lecture notes in computer science. Springer, Heidelberg, pp 417–420

  7. 7

    Calegari D, Luna C, Szasz N, Tasistro A (2012) A type-theoretic framework for certified model transformations. In: Davies et al. [18], pp 112–127

  8. 8

    Carrington D, Hayes I, Nickson R, Watson G, Welsh J (1996) A tool for developing correct programs by refinement. In: Proceedings of BCS 7th Refinement Workshop. Springer, Berlin

  9. 9

    Cavalcanti A, Naumann DA (2000) A weakest precondition semantics for refinement of object-oriented programs. IEEE Trans Softw Eng 26: 713–728

  10. 10

    Chaudhuri K, Doligez D, Lamport L, Merz S (2010) Verifying safety properties with the tla+ proof system. In: Giesl J, Hähnle R (eds) IJCAR. Lecture notes in computer science, vol 6173. Springer, Berlin, pp 142–148

  11. 11

    Chen Z, Liu Z, Ravn A, Stolz V, Yang L (2007) A refinement driven component-based design. In: Proceedings of 12th IEEE international conference on engineering complex computer systems (ICECCS07), pp 277–289. IEEE Computer Society, Aucland, New Zealand

  12. 12

    Chen Z, Liu Z, Ravn AP, Stolz V, Zhan N (2009) Refinement and verification in component-based model driven design. Sci Comput Program 74(4): 168–196 UNU-IIST TR 388

  13. 13

    Chen Z, Morisset C, Stolz V (2009) Specification and validation of behavioural protocols in the rCOS modeler. In: Arbab F, Sirjani M (eds) FSEN. Lecture notes in computer science, vol 5961. Berlin, Springer, pp 387–401

  14. 14

    Clarke DG, Potter JM, Noble J (1998) Ownership types for flexible alias protection. In: Proceedings of the 13th ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications, OOPSLA’98, pp 48–64. ACM

  15. 15

    Clavel M, Durn F, Eker S, Lincoln P, Mart-Oliet N, Meseguer J, Quesada J (1999) The maude system. In: Narendran P, Rusinowitch M (eds) Rewriting techniques and applications. Lecture notes in computer science, vol 1631. Springer, Berlin, pp 671–671. doi:10.1007/3-540-48685-2_18

  16. 16

    Crocker D (2003) Perfect developer: a tool for object-oriented formal specification and refinement. In: Tools Exhibition Notes at Formal Methods Europe

  17. 17

    Daum M, Maus S, Schirmer N, Seghir M (2005) Integration of a software model checker into Isabelle. In: Sutcliffe G, Voronkov A (eds) Logic for programming, artificial intelligence, and reasoning. Lecture notes in computer science, vol 3835. Springer, Berlin, pp 381–395. doi:10.1007/11591191_27

  18. 18

    Davies J, Silva L, da Silva Simão A (eds) (2011) Formal methods: foundations and applications—13th Brazilian Symposium on Formal Methods, SBMF 2010, Natal, Brazil, November 8–11, 2010, Revised Selected Papers. Lecture notes in computer science, vol 6527. Springer, Berlin

  19. 19

    Depasse C (2001) Constructing Isabelle proofs in a proof refinement calculus. Research Report, UCL

  20. 20

    Filliâtre JC (2003) Why: A multi-language multi-prover verification tool. Research Report 1366, LRI, Université Paris Sud

  21. 21

    Freitas L, Cavalcanti A, Woodcock J (2006) Taking our own medicine: Applying the refinement calculus to state-rich refinement model checking. In: Liu Z, He J (eds) Formal methods and software engineering. Lecture notes in computer science, vol 4260. Springer, Berlin, pp 697–716

  22. 22

    Hardin T, Pessaux F, Weis P, Doligez D (2009) Reference Manual of Focalize.

  23. 23

    Hoare C, He J (1998) Unifying theories of programming. Prentice-Hall, India

  24. 24

    Imperial PS, Steggles P, Software I (1994) Z tools survey

  25. 25

    Ke W, Liu Z, Wang S, Zhao L (2009) A graph-based operational semantics of OO programs. In: Proceedings of ICFEM’09, LNCS, vol 5885, pp 347–366

  26. 26

    Kent S (2002) Model driven engineering. In: Proceedings of the third international conference on integrated formal methods, IFM’02. Springer, London, pp 286–298

  27. 27

    Klein G, Nipkow T (2006) A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans Program Lang Syst 28(4): 619–695

  28. 28

    Laibinis L (2000) Mechanised formal reasoning about modular programs. Ph.D. thesis, Abo Akademi

  29. 29

    Lamport L (1995) How to write a proof. Am Math Mon 102(7): 600–608

  30. 30

    Lei B, Li X, Liu Z, Morisset C, Stolz V (2010) Robustness testing for software components. Sci Comput Program 75(10): 879–897

  31. 31

    Leino KRM, Müller P, Smans J (2009) Verification of concurrent programs with Chalice. In: Aldini A, Barthe G, Gorrieri R (eds) FOSAD. Lecture notes in computer science, vol 5705. Springer, Berlin, pp 195–222

  32. 32

    Leino KRM, Yessenov K (2010) Automated stepwise refinement of heap-manipulating code

  33. 33

    Letouzey P (2002) A new extraction for coq. In: Geuvers H, Wiedijk F (eds) TYPES. Lecture notes in computer science, vol 2646. Springer, Berlin, pp 200–219

  34. 34

    Liu Z, Morisset C, Stolz V (2010) rCOS: Theory and tool for component-based model driven development. In: Fundamentals of software engineering, Third IPM international conference, FSEN 2009, Kish Island, Iran, April 15–17, 2009, Revised Selected Papers, LNCS, vol 5961. Springer, Berlin, pp 62–80.

  35. 35

    Liu Z, Morisset C, Wang S (2010) A graph-based implementation for mechanized refinement calculus of OO programs. In: Davies et al. [18], pp 258–273

  36. 36

    Meng J, Quigley C, Paulson LC (2006) Automation for interactive proof: first prototype. Inf Comput 204(10): 1575–1596

  37. 37

    Mens T, Gorp PV (2006) A taxonomy of model transformation. Electronic Notes in Theoretical Computer Science. In: Proceedings of the International Workshop on Graph and Model Transformation (GraMoT 2005), vol 152, pp 125–142

  38. 38

    Morgan C (1994) Programming from specifications, 2nd edn. Prentice Hall International (UK) Ltd

  39. 39

    Paige R, Ostroff J, Brooke P (2003) Formalising Eiffel references and expanded types in PVS. In: Proceedings of international workshop on aliasing, confinement, and ownership in object-oriented programming

  40. 40

    Paige RF, Ostroff JS (2004) ERC—anobject-oriented refinement calculus for Eiffel. Form Asp Comput 16(1): 51–79

  41. 41

    Reynolds J (2002) Separation logic: a logic for shared mutable data structures. In: Logic in computer science, 17th annual IEEE symposium, pp 55–74. IEEE Computer Society

  42. 42

    Sagiv M, Reps T, Wilhelm R (1999) Parametric shape analysis via 3-valued logic. In: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL’99, pp 105–118. ACM

  43. 43

    Sekerinski E (1996) A type-theoretic basis for an object-oriented refinement calculus. In: Proceedings of formal methods and object technology. Springer, Berlin

  44. 44

    Stolz V (2010) An integrated multi-view model evolution framework. Innov Syst Softw Eng 6: 13–20

  45. 45

    Utting M, Robinson K (1993) Modular reasoning in an object-oriented refinement calculus. In: Bird R, Morgan C, Woodcock J (eds) Mathematics of program construction. Lecture notes in computer science, vol 669. Berlin, Springer, pp 344–367

  46. 46

    van den Berg J, Jacobs B (2001) The LOOP compiler for Java and JML. In: TACAS 2001: proceedings of the 7th international conference on tools and algorithms for the construction and analysis of systems. Springer, London, pp 299–312

  47. 47

    von Wright J (1994) Program refinement by theorem prover. In: BCS FACS sixth refinement workshop—theory and practise of formal software development. Springer, Berlin

  48. 48

    Zeyda F, Cavalcanti A (2011) Automating refinement of circus programs. In: Lecture notes in computer science, formal methods: foundations and applications, vol 6527, pp 274–290

Download references

Author information

Correspondence to Charles Morisset.

Additional information

This work has been supported by the project GAVES of the Macao S&TD Fund, the 973 program 2009CB320702, STCSM 08510700300, the projects NSFC-60970031 and NSFC-61100061, the EU FP7-ICT project NESSoS (Network of Excellence on Engineering Secure Future Internet Software Services and Systems) under the grant agreement n. 256980, and the EU FP7-PEOPLE project DiVerMAS (Distributed System Verification with MAS-based Model Checking) under the grant agreement n. 252184.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Griesmayer, A., Liu, Z., Morisset, C. et al. A framework for automated and certified refinement steps. Innovations Syst Softw Eng 9, 3–16 (2013).

Download citation


  • Refinement
  • Software Engineering
  • Certification