Formal Aspects of Computing

, Volume 26, Issue 2, pp 251–280 | Cite as

The behavioural semantics of Event-B refinement

Article

Abstract

Event-B provides a flexible framework for stepwise system development via refinement. The framework supports steps for (a) refining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can be indicated as convergent (to be made internal) or anticipated (treatment deferred to a later refinement step). All such steps are accompanied with precise proof obligations. However, no behavioural semantics has been provided to validate the proof obligations, and no formal justification has previously been given for the application of these rules in a refinement chain. Behavioural semantics expresses a clear relationship between the first and last machines in a refinement chain. The framework we present provides a coherent justification for Abrial’s approach to refinement in Event-B, and its generalisation to interface extension: adding events to the interface. In this paper, we give a behavioural semantics for Event-B refinement, with a treatment for the first time of splitting events and of anticipated events, adding to the well-understood treatment of convergent events. To this end, we define a CSP semantics for Event-B and show how the different forms of Event-B refinement can be captured as CSP refinement. It turns out that the appropriate CSP refinement relationship is influenced by the particular Event-B development strategy taken. We present two such strategies, one allowing, the other disallowing interface extensions.

Keywords

Event-B CSP Refinement Traces Divergences Development strategy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ABH+10.
    Abrial J-R, Butler MJ, Hallerstede S, Hoang TS, Mehta F, Voisin L (2010) Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6): 447–466CrossRefGoogle Scholar
  2. ABHV08.
    Abrial J-R, Butler MJ, Hallerstede S, Voisin L (2008) A roadmap for the Rodin toolset. In: Börger E, Butler MJ, Bowen JP, Boca P (eds) ABZ. Lecture notes in computer science, vol 5238. Springer, Berlin, p 347Google Scholar
  3. Abr05.
    Abrial J-R (2005) The B-book—assigning programs to meanings. Cambridge University PressGoogle Scholar
  4. Abr10.
    Abrial J-R (2010) Modeling in Event-B: system and software engineering. Cambridge University PressGoogle Scholar
  5. BD02.
    Bolton C, Davies J (2002) Refinement in object-Z and CSP. In: Butler M, Petre L, Sere K (eds) IFM 2002: integrated formal methods. LNCS, vol 2335, pp 225–244Google Scholar
  6. BD09.
    Boiten EA, Derrick J (2009) Modelling divergence in relational concurrent refinement. In: Leuschel M, Wehrheim H (eds) Proceedings of 7th international conference on integrated formal methods, IFM 2009, Düsseldorf, Germany, February 16–19, 2009. Lecture notes in computer science, vol 5423. Springer, Berlin, pp 183–199Google Scholar
  7. BH07.
    Butler MJ, Hallerstede S (2007) The Rodin formal modelling tool. In: BCS-FACS Christmas 2007 Meeting—formal methods in industryGoogle Scholar
  8. But92.
    Butler MJ (1992) A CSP approach to action systems. DPhil thesis, Oxford UniversityGoogle Scholar
  9. But00.
    Butler MJ (2000) csp2B: a practical approach to combining CSP and B. In: FACS, pp 182–196Google Scholar
  10. But09.
    Butler MJ (2009) Decomposition structures for Event-B. In: Leuschel M, Wehrheim H (eds) Proceedings of 7th international conference on integrated formal methods, IFM 2009, Düsseldorf, Germany, February 16–19, 2009. Lecture notes in computer science, vol 5423. Springer, Berlin, pp 20–38Google Scholar
  11. But12.
    Butler M (2012) External and internal choice with event groups in Event-B. Form Asp Comput 24(4–6): 555–567CrossRefMATHMathSciNetGoogle Scholar
  12. BvW98.
    Back R-J, von Wright J (1998) Refinement calculus: a systematic introduction. In: (eds) In: Graduate texts in computer science. Springer, BerlinGoogle Scholar
  13. DB01.
    Derrick J, Boiten EA (2001) Refinement in Z and object-Z. Springer, BerlinCrossRefMATHGoogle Scholar
  14. DB03.
    Derrick J, Boiten EA (2003) Relational concurrent refinement. Form Asp Comput 15(2–3): 182–214CrossRefMATHGoogle Scholar
  15. DS03.
    Derrick J, Smith G (2003) Structural refinement of systems specified in object-Z and CSP. Form Asp Comput 15(1): 1–27CrossRefMATHGoogle Scholar
  16. EB11.
    Event-B.org (2011) Rodin platform version 2.2.2. Released 6 Jan 2011. http://www.event-b.org/
  17. For.
    Formal Systems (Europe) Ltd (2011) The FDR model checker. http://www.fsel.com/. Accessed 8 Mar 2011
  18. HA10.
    Hoang TS, Abrial J-R (2010) Event-B decomposition for parallel programs. In: Frappier M, Glässer U, Khurshid S, Laleau R, Reeves S (eds) ABZ. Lecture notes in computer science, vol 5977. Springer, Berlin, pp 319–333Google Scholar
  19. HA11.
    Hoang TS, Abrial J-R (2011) Reasoning about liveness properties in Event-B. In: Qin S, Qiu Z (eds) ICFEM. Lecture notes in computer science, vol 6991. Springer, Berlin, pp 456–471Google Scholar
  20. Hal11.
    Hallerstede S (2011) On the purpose of Event-B proof obligations. Form Asp Comput 23(1): 133–150CrossRefMATHMathSciNetGoogle Scholar
  21. Hoa85.
    Hoare CAR (1985) Communicating sequential processes. Prentice-HallGoogle Scholar
  22. Ili09.
    Iliasov A (2009) On Event-B and control flow. Technical report CS-TR-1159, School of Computing Science, Newcastle University, August 2009Google Scholar
  23. Jac02.
    Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol 11(2): 256–290CrossRefGoogle Scholar
  24. MAV05.
    Métayer C, Abrial J-R, Voisin L (2010) Event-B language, 2005. RODIN Project Deliverable 3.2. http://rodin.cs.ncl.ac.uk/deliverables/D7.pdf. Accessed 25 May 2010
  25. Mor88.
    Morgan CC (1988) The specification statement. ACM Trans Program Lang Syst 10(3): 403–419CrossRefMATHGoogle Scholar
  26. Mor90.
    Morgan CC (1990) Of wp and CSP. Beauty is our business: a birthday salute to E. W. Dijkstra, pp 319–326Google Scholar
  27. OW05.
    Olderog E-R, Wehrheim H (2005) Specification and (property) inheritance in CSP-OZ. Sci Comput Program 55(1–3): 227–257CrossRefMATHMathSciNetGoogle Scholar
  28. Ros98.
    Roscoe AW (1998) Theory and practice of concurrency. Prentice-HallGoogle Scholar
  29. Sch99.
    Schneider S (1999) Concurrent and real-time systems: the CSP approach. Wiley, New YorkGoogle Scholar
  30. SHWI11.
    Silva RA, Hoang TS, Wei W, Iliasov A (2001) A survey on Event-B decomposition. In: Workshop on automated verification of critical systems (AVOCS 2011)Google Scholar
  31. ST05.
    Schneider S, Treharne H (2005) CSP theorems for communicating B machines. Form Asp Comput 17(4): 390–422CrossRefMATHGoogle Scholar
  32. STW10.
    Schneider S, Treharne H, Wehrheim H (2010) A CSP approach to control in Event-B. In: IFM, pp 260–274Google Scholar
  33. STW11a.
    Schneider S, Treharne H, Wehrheim H (2011) Bounded retransmission in Event-B\({\parallel}\) CSP: a case study. In: Workshop B 2011, ENTCSGoogle Scholar
  34. STW11b.
    Schneider S, Treharne H, Wehrheim H (2011) A CSP account of Event-B refinement. In: Derrick J, Boiten EA, Reeves S (eds) Refine 2011. EPTCS, vol 55, pp 139–154Google Scholar
  35. STW11c.
    Schneider S, Treharne H, Wehrheim H (2011) Stepwise refinement in Event-B\({\parallel}\) CSP. Technical Report CS-11-03, University of SurreyGoogle Scholar
  36. WC02.
    Woodcock J, Cavalcanti A (2002) The semantics of circus. In: Bert D, Bowen JP, Henson MC, Robinson K (eds) ZB 2002. Lecture notes in computer science, vol 2272. Springer, Berlin, pp 184–203Google Scholar
  37. WD96.
    Woodcock JCP, Davies J (1996) Using Z: specification, refinement, and proof. Prentice HallGoogle Scholar

Copyright information

© British Computer Society 2012

Authors and Affiliations

  • Steve Schneider
    • 1
  • Helen Treharne
    • 1
  • Heike Wehrheim
    • 2
  1. 1.Department of ComputingUniversity of SurreySurreyUK
  2. 2.Department of Computer ScienceUniversity of PaderbornPaderbornGermany

Personalised recommendations