A CSP Account of Event-B Refinement
نویسندگان
چکیده
Event-B provides a flexible framework for stepwise system development via refinement. The framework supports steps for (a) refining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can moreover possibly be anticipated or convergent. All such steps are accompanied with precise proof obligations. Still, it remains unclear what the exact relationship in terms of a behaviour-oriented semantics between an Event-B machine and its refinement is. In this paper, we give a CSP account of Event-B refinement, with a treatment for the first time of splitting events and of anticipated events. To this end, we define a CSP semantics for Event-B and show how the different forms of Event-B refinement can be captured as CSP refinement.
منابع مشابه
Bounded Retransmission in Event-B∥CSP: a Case Study
Event-B‖CSP is a combination of Event-B and CSP in which CSP controllers are used in conjunction with Event-B machines to allow a more explicit approach to control flow. Recent results have provided an approach to stepwise refinement of such combinations. This paper presents a simplified Bounded Retransmission Protocol case study, inspired by Abrial’s treatment of this example, to illustrate se...
متن کاملChanging System Interfaces Consistently: A New Refinement Strategy for CSP||B
This paper introduces action refinement in the context of CSP‖B. Our motivation to include this notion of refinement within the CSP‖B framework is the desire to increase flexibility in the refinement process. We introduce the ability to change the events of a CSP process and the B machines when refining a system. Notions of refinement based on traces and on traces/divergences are introduced in ...
متن کاملOn the refinement of state-based and event-based models
The specification and development of a large, complex system might involve the construction of a variety of models, each of which might address a different aspect of design. Where two or more models are proposed for the same component, it is useful to be able to compare them, and check that the views they present are consistent. If the models are constructed in the same language, this compariso...
متن کاملThe Safety-Critical Java Mission Model: A Formal Account
Safety-Critical Java (SCJ) is a restriction of the Real-Time Specification for Java to support the development and certification of safety-critical applications. It is the result of an international effort from industry and academia. Here we present the first formalisation of the SCJ execution model, covering missions and event handlers. Our formal language is part of the Circus family; at the ...
متن کاملCompositional Verification of a Network of CSP Processes: using FDR2 to verify refinement in the event of interface difference
The paper [5] presented an implementation relation formalising what it means for one process to “implement” another in the CSP (Communicating Sequential Processes, [15]) framework in the event that the two processes have different interfaces. An improved version of the relation appears in [6] and allows for compositional verification of a network of CSP processes. The model checker FDR2([15]) m...
متن کامل