Abstract
Inspired by the properties of the refinement development of the Mondex Electronic Purse, we view an isolated atomic action as a family of transitions with a common before-state, and different after-states corresponding to different possible outcomes when the action is attempted. We view a protocol for an atomic action as a computation DAG, each path of which achieves in several steps one of the outcomes of the atomic action. We show that in this picture, the protocol can be viewed as a relational refinement of the atomic action in a number of ways. Firstly, it yields a ‘big diagram’ simulation à la ASM. Secondly, it yields a ‘small diagram’ simulation, in which the atomic action is synchronised with an individual step along each path through the protocol, and all the other steps of the path simulate skip. We show that provided each path through the protocol contains one step synchronised with the atomic action, the choice of synchronisation point can be made freely. We describe the relationship between such synchronisations and forward and backward simulations. We relate this theory to serialisations of system runs containing multiple interleaved transactions, showing how the clean picture of the refinement of an isolated atomic action to an isolated protocol becomes obscured by the details of the interleaving. In effect, the fact that protocols are typically executed by a number of co-operating agents, not all of which embark on executing the protocol at the same moment, results in ‘ragged starts’ and ‘ragged ends’ to protocol instantiations, leading to potential overlaps between unrelated protocol instances that the theory must handle. We show how existing Mondex refinements embody the ideas developed, and describe a mechanical verification of the results presented.
Similar content being viewed by others
References
Abrial J-R, Hallerstede S (2006) Refinement, decomposition, and instantiation of discrete models: application to event-B. Fundamenta Informaticae, vol 21
Clearsy. b4free tool home page. http://www.b4free.com
Boudol G, Castellani I (1988) Concurrency and atomicity. J Theor Comput Sci 59: 25–84
Bernstein PA, Hadzilacos V, Goodman N (1987) Concurrency control and recovery in database systems. Addison-Wesley, Reading
Bernstein PA, Newcomer E (1997) Transaction processing. Morgan Kaufmann, San Francisco
Boudol G (1990) Flow event structures and flow nets. In: Guessarian I (ed) Semantics and systems of concurrent processes, Proc. LITP-90, pp 62–95. LNCS 469. Springer, Berlin
Banach R, Poppleton M, Jeske C, Stepney S (2007) Retrenching the purse: the balance enquiry quandary, and generalised and (1,1) forward refinements. Fund Inf 77: 29–69
Banach R, Schellhorn G, Atomic actions, and their refinements to not-so-isolated protocols (in preparation)
Börger E, Stärk RF (2003) Abstract state machines: a method for high level system design and analysis. Springer, Berlin
CoFI (The Common Framework Initiative) (2004) Casl reference manual. LNCS 2960 (IFIP Series). Springer, Berlin
Derrick J, Boiten E (2001) Refinement in Z and object-Z. FACIT. Springer, Berlin
Department of Trade and Industry (1991) Information technology security evaluation criteria. http://www.cesg.gov.uk/site/iacs/itsec/media/formal-docs/Itsec.pdf
Derrick J, Wehrheim H (2003) Using coupled simulations in non-atomic refinement. In: Bert D, Bowen J, King S, Walden M (eds) ZB 2003: formal specification and development in Z and B, pp 127–147. LNCS 2651. Springer, Berlin
Gray J, Reuter A (1993) Transaction processing. Morgan Kaufmann, San Francisco
Gurevich Y (1995) Evolving algebras 1993: Lipari guide. In: Börger E (eds) Specification and validation methods.. Oxford University Press, NY, USA, pp 9–36
Haxthausen AE, George C, Schütz M (2006) Specification and proof of the Mondex electronic purse. In: Reed M, Xin C, Liu Z (eds) Proceedings of 1st Asian working conference on verified software, AWCVS’06, UNU-IIST Reports 348, Macau
International Standards Organisation (2005) Common criteria for information security evaluation. ISO 15408, v. 3.0 rev. 2
ISO/IEC 13568 (2002) Information technology—Z formal specification notation—syntax, type system and semantics: international standard. http://www.iso.org/iso/en/ittf/PubliclyAvailableStandards/c021573_ISO_IEC_13568_2002(E).zip
Jones CB, O’Hearne P, Woodcock J (2006) Verified software: a grand challenge. IEEE Comput 39(4): 93–95
Jones C, Woodcock J (eds) (2008) FAC special issue on the Mondex verification. Formal Aspects Comput 20(1): 1–139
Web presentation of the Mondex case study in KIV (2006). http://www.informatik.uni-augsburg.de/swt/projects/mondex.html
Web presentation of isolated protocol refinement in KIV (2007). http://www.informatik.uni-augsburg.de/swt/projects/Refinement/protocolrefine.html
Lynch NA, Vaandrager FW (1993) Forward and backward simulations—Part I. Untimed systems. Technical Report CS-R9313, C. W. I.
Nielsen M, Plotkin G, Winskel G (1981) Petri nets, event structures and domains. J Theor Comput Sci 13: 85–108
Owre S, Rushby JM, Shankar N (1992) PVS: a prototype verification system. In: Kapur D (ed) Proceedings of the automated deduction—CADE-11. LNAI 607, pp 748–752. Saratoga Springs, NY, USA, Springer, Berlin
Pinna G, Poigne A (1995) On the nature of events: another perspective in concurrency. J Theor Comput Sci 183: 425–454
Reif W, Schellhorn G, Stenzel K, Balser M (1998) Structured specifications and interactive proofs with KIV. In: Bibel W, Schmitt P (eds) Automated deduction—a basis for applications, vol II: Systems and implementation techniques of applied logic series, chap 1: Interactive theorem proving. Kluwer Academic Publishers, Dordrecht, pp 13–39
Schellhorn G, Banach R (2008) A concept-driven construction of the Mondex protocol using three refinements. In: Proceedings of ABZ 2008, pp 57–70. LNCS, vol 5238. Springer, Berlin
Schellhorn G (2001) Verification of ASM refinements using generalized forward simulation. J Universal Comput Sci (J.UCS), 7(11):952–979. http://www.jucs.org
Schellhorn G (2005) ASM refinement and generalizations of forward simulation in data refinement: a comparison. J Theor Comput Sci 336(2–3): 403–435
Stepney S, Cooper D, Woodcock J (2000) An electronic purse: specification, refinement and proof. Technical Report PRG-126, Oxford University Computing Laboratory
Schellhorn G, Grandy H, Haneberg D, Moebius N, Reif W (2007) A systematic verification approach for Mondex electronic purses using ASMs. In: Glässer U, Abrial J-R (eds) Proceedings of the Dagstuhl seminar on rigorous methods for software construction and analysis, LNCS. Springer, Berlin (submitted, extended version available as [SGHR06a])
Schellhorn G, Grandy H, Haneberg D, Reif W (2006) A systematic verification approach for Mondex electronic purses using ASMs. Technical Report 27, Universität Augsburg, Fak. für Informatik, 2006. Available at [KIV06]
Schellhorn G, Grandy H, Haneberg D, Reif W (2006) The Mondex challenge: machine checked proofs for an electronic purse. In: Misra J, Nipkow T, Sekerinski E (eds) Proc. FM 2006, pp 16–31. LNCS, vol 4085. Springer, Berlin
Spivey JM (1992) The Z Notation: a reference manual, 2nd edn. Prentice-Hall, Englewood Cliffs
TheRAISE Language Group (1992) The RAISE specification language. The BCS practitioners series. Prentice-Hall, Englewood Cliffs
Woodcock J, Banach R (2007) The verification grand challenge. JUCS 13(5): 661–668
Winskel G (1986) Event structures. In: Brauer W, Reisig W, Rozenberg G (eds) Advances in petri nets, pp 325–392. LNCS 255. Springer, Berlin
Winskel G (1988) An introduction to event structures. In: de Bakker J, de Roever W, Rozenberg G (eds) Proc. REX Workshop, pp 364–397. LNCS 354. Springer, Berlin
Winskel G, Nielsen M (1995) Models for concurrency. In: Abramsky S, Gabbay D, Maibaum T (eds) Handbook of logic in computer science. Semantic modelling, vol 4, pp 1–148. Oxford University Press, NY, USA
Woodcock J (2006) First steps in the the verified software grand challenge. IEEE Comput 39(10): 57–64
Weikum G, Vossen G (2002) Transaction processing. Morgan Kaufmann, San Francisco
Author information
Authors and Affiliations
Corresponding author
Additional information
E.A. Boiten, M.J. Butler, J. Derrick and G. Smith
Rights and permissions
About this article
Cite this article
Banach, R., Schellhorn, G. Atomic actions, and their refinements to isolated protocols. Form Asp Comp 22, 33–61 (2010). https://doi.org/10.1007/s00165-009-0103-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-009-0103-1