. We describe the Refinement Calculator, a tool which supports

This report discusses how to refine reactive systems using the HOL theorem prover. We show how Action Systems -- the formal framework supported -- can be formalised in HOL. We describe a simple refinement example. We also discuss how the work presented here can be used in connection with the Refinement Calculator, a tool supporting program refinement.

An action system is a framework for describing parallel or distributed systems, for which the refinement calculus offers a formalisation of the stepwise development method. Fairness is an important notion in modelling parallel or distributed systems, and this paper investigates a calculus for refinement of fair action systems. Simulations, which are proof techniques for refinement, are extended to verify fair action systems. Our work differs from others' in that the additional condition concerning fairness is expressed through termination of related iteration statements. For this purpose, existing proof rules for termination are extended. In the tradition of the refinement calculus, our approach to fairness is based on techniques developed mainly for sequential programming. 1. Introduction An action system is a framework for describing parallel or distributed systems. It focuses on specifying the logical behaviours of the systems by a collection of actions . Actions are expressed in ...

. In previous work, the verification system PVS has been used to support an assertional method for the specification and verification of distributed real-time systems. Essential part of the method is a compositional rule for parallel composition. In this paper we focus on the formalization of parallel composition in PVS. Two, equivalent, versions of the semantics of parallel composition are formulated in the specification language of PVS. Based on this semantics, several proof rules are shown to be sound, using the interactive proof checker of PVS. We indicate how the general framework can be instantiated for a particular class of applications by giving an axiomatization of asynchronous communication. 1 Introduction Based on Hoare triples (precondition, program, postcondition), a formal framework for the specification and verification of distributed real-time systems has been developed [Hoo91]. This framework has been applied to a number of case studies, such as a water leve...

ion Our existing work on stepwise refinement [9] is the foundation for our proposed research on multi-level simulation while our existing work on behavioural abstraction [38, 40] is important for our proposed research on both multi-level simulation and infinite-state model-checking. Abstract Interpretation Our existing work on partial evaluation and abstract interpretation [36, 19] is the basis for our proposed research on infinite-state modelchecking. Animation of Formal Specifications Our work on animation tools for formal methods [20, 24, 30] is important for our proposed research on multi-level simulation. Over the last 12 months, the Southampton DSSE team has been applying all of the above expertise in a collective effort in collaboration with ICL. This involved members of the team applying a range of formal methods, including B, CSP, the -calculus, Petri-Nets, Prolog, Spin and Z, to a system being developed by ICL [23]. The results of this were presented to a group of engineers...