ABSTRACTION

If we wish to produce a readable specification of a large system, then we must take care to present our description in a clear, structured fashion. At each level of abstraction, we identify the interfaces between system components and conceal any events which are not of interest. We express our specification as a series of service specifications, each describing the service provided by a particular component of the system. In this way, we may refine a description of the service provided by a system towards a satisfactory implementation.

The hiding operator provides the mechanism for abstraction in timed CSP; the expression P\ A denotes a process that behaves as P, except that

• events from A occur as soon as they become available

• only events from outside A are observed

In section 5.2.8 we gave an inference rule for this operator that was easy to derive, but difficult to apply. We can achieve a significant reduction in complexity if we separate the concerns of concealment and scheduling. To this end, we define a predicate actA which holds of any A-active behaviour:

Definition 6.1 actA(s, X) ≙ [0, end(s, X)) × A ⊆ X

A behaviour (s, X) is A-active if all events from set A occur as soon as they become available. If we wish to establish that P\A satisfies a specification S(s, X), it is sufficient to show that

• S(s, X) holds for all of the A-active behaviours of P

• S(s, X) is unaffected by the concealment of events from A

The second condition is satisfied if the truth of the specification is unaffected by the removal of A's events from the trace and refusal.