Trace semantics and refinement patterns for real-time properties in event-B models

Abstract

• Formal trace semantics and refinement semantics of timed Event-B models. • Prove infinite state trace simulation with Zorn's Lemma. • Formal definition of hiding operator of infinite traces. • Provide generic refinement semantics with proofs. Event-B is a formal method that utilizes a stepwise development approach for system-level modeling and analysis. We are interested in reasoning about real-time deadlines and delays between trigger and response events. There is existing work on treating these properties in Event-B but it lacks a semantic treatment in terms of trace behaviors. Because timing properties require fairness assumptions, we use infinite traces and develop conditions under which all infinite traces of a machine satisfy trigger-response and timing properties. We present refinement semantics of models whose behavior traces are infinite. In addition, we generalize our previous work by allowing a relation between concrete states and abstract states to simulate infinite state traces. Forward simulation, which is a proof technique for refinement, has been used to verify the consistency between different refinement levels regarding finite traces. Based on forward simulation, fairness assumptions, relative deadlock freedom, and conditional convergence are adopted as additional conditions that guarantee infinite trace refinement of timed models. The bounded retransmission protocol is used to illustrate the required proof obligations for timed traces.