In this paper we present an approach for modelling procedures (as they occur in imperative programs) in a weakest precondition semantics. We show how this approach can be implemented in the mechanisation of the refinement calculus theory in the HOL system. That makes it possible to derive a number of correctness and refinement properties of procedures. Finally, we show how our method for procedure handling can be integrated into a tool for transformational reasoning about programs -- the Refinement Calculator.

Abstract. Action systems provide a formal approach to modelling parallel and reactive systems. They have a well established theory of refinement supported by simulation-based proof rules. This paper introduces an automatic approach for verifying action system refinements utilising standard CTL model checking. To do this, we encode each of the simulation conditions as a simulation machine, a Kripke structure on which the proof obligation can be discharged by checking that an associated CTL property holds. This procedure transforms each simulation condition into a model checking problem. Each simulation condition can then be model checked in isolation, or, if desired, together with the other simulation conditions by combining the simulation machines and the CTL properties.