| Refinement checking and FDR |
|
|
|
|
| Specification |
|||
| An abstract description of the protocol, |
|||
| where properties are easy to check |
|||
|
|
|
|
|
|
|
| Refinement |
||||||
| A transformation
preserving the properties |
||||||
| Usually this
means that the implementation |
||||||
| must be less nondeterministic than the |
||||||
| specification. |
||||||
| Question:
why? |
||||||
|
|
| Answer:
the properties usually are universal: |
|
| they must be valid in
all runs |
|
|
|
|
|
| Implementation |
|||
| A formal
description of the real system and |
|||
| its components |
|||
