Results 1 
7 of
7
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
"... Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of ..."
Abstract

Cited by 16 (13 self)
 Add to MetaCart
Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Controlling Control Systems: An Application of Evolving Retrenchment
"... We review retrenchment as a liberalisation of refinement, for the description of applications too rich (e.g. using continuous and infinite types) for refinement. A specialisation of the notion, evolving retrenchment is introduced, motivated by the need for an approximate, evolving notion of simu ..."
Abstract

Cited by 15 (12 self)
 Add to MetaCart
We review retrenchment as a liberalisation of refinement, for the description of applications too rich (e.g. using continuous and infinite types) for refinement. A specialisation of the notion, evolving retrenchment is introduced, motivated by the need for an approximate, evolving notion of simulation. The focus of the paper is the case study, a substantial secondorder linear control system. The design step from continuous to zeroorder hold discrete system is expressible as an evolving retrenchment. Thus we demonstrate that the retrenchment approach can formalise the development of useful applications, which are outside the scope of refinement. The work is presented in a data typeenriched language containing the B language of J.R. Abrial. 1
Retrenchment: Extending Refinement for Continuous and Control Systems
, 2000
"... Discussion of a radiation dose calculation example demonstrates various expressive limitations of the refinement calculus, particularly for systems with continuous variables. A liberalization of refinement, called retrenchment, is proposed, which will support an analogous formal development calculus ..."
Abstract

Cited by 10 (10 self)
 Add to MetaCart
Discussion of a radiation dose calculation example demonstrates various expressive limitations of the refinement calculus, particularly for systems with continuous variables. A liberalization of refinement, called retrenchment, is proposed, which will support an analogous formal development calculus. Useful concrete system behaviour can be specified outside the domain of pure refinement, in particular behaviour under controlled precision decay. A syntax and a formal definition are presented for retrenchment in the B notation of J.R. Abrial. Necessary transitivity and monotonicity properties for a formal development calculus are stated. A generalisation, evolving retrenchment, is proposed, and a simple example demonstrates its utility, by analogy, in control systems applications. Evolution in retrenchment is demonstrated to offer the expressive power to describe useful simulationlike behaviour, with evolving precision, in software for control systems. Finally, the dosimetry ...
Structuring retrenchments in B by decomposition
 PROC. FME2003: FORMAL METHODS, VOLUME 2805 OF LNCS
, 2003
"... Simple retrenchment is briefly reviewed in the B language of J.R. Abrial [1] as a liberalization of classical refinement, for the formal description of application developments too demanding for refinement. This work initiates the study of the structuring of retrenchmentbased developments in B b ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
Simple retrenchment is briefly reviewed in the B language of J.R. Abrial [1] as a liberalization of classical refinement, for the formal description of application developments too demanding for refinement. This work initiates the study of the structuring of retrenchmentbased developments in B by decomposition. A given coarsegrained retrenchment relation between specifications is decomposed into a family of more finegrained retrenchments. The resulting family may distinguish more incisively between refining, approximately refining, and nonrefining behaviours. Two decomposition results are given, each sharpening a coarsegrained retrenchment within a particular syntactic structure for operations at concrete and abstract levels. A third result decomposes a retrenchment exploiting structure latent in both levels. The theory is illustrated by a simple example based on an abstract model of distributed computing, and methodological aspects are considered.
Configurable Proof Obligations in the Frog Toolkit
 IN PROC. FIFTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND FORMAL METHODS, IEEE COMPUTER
, 2007
"... In model based formal methods, incompatible tools for different techniques is the norm. However, greater applicability to industrial scale systems increasingly requires combining the strengths of different techniques, in line with the Verification Grand Challenge. The Frog tool embodies a construct ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
In model based formal methods, incompatible tools for different techniques is the norm. However, greater applicability to industrial scale systems increasingly requires combining the strengths of different techniques, in line with the Verification Grand Challenge. The Frog tool embodies a constructbased specification syntax, and its metalanguage FrogCCL allows the generic configuration of both a constructâ€™s syntax and its proof obligations. For a specific system, Frog generates the systemâ€™s verification conditions mechanically from the generic ones. Relationships between systems such as refinement and retrenchment can be configured. An example retrenchment between two simple systems illustrates the technique.
Structuring Retrenchments in the small with B
, 2002
"... Simple retrenchment is briefly reviewed as a liberalisation of classical refinement, for the formal description of application developments too demanding for refinement. Two generalisations, output and evolving retrenchment, are presented. Simple monotonicity results for retrenchment are recalle ..."
Abstract
 Add to MetaCart
Simple retrenchment is briefly reviewed as a liberalisation of classical refinement, for the formal description of application developments too demanding for refinement. Two generalisations, output and evolving retrenchment, are presented. Simple monotonicity results for retrenchment are recalled, forming the basis of a piecewise development method.
Filtering Retrenchments into Refinements
"... Retrenchment is a weakening of model based refinement that enables many development steps not expressible by refinement to be formally described nevertheless. The greater flexibility of retrenchment comes at the price of much feebler guarantees as compared with refinement, and so the interplay betwe ..."
Abstract
 Add to MetaCart
Retrenchment is a weakening of model based refinement that enables many development steps not expressible by refinement to be formally described nevertheless. The greater flexibility of retrenchment comes at the price of much feebler guarantees as compared with refinement, and so the interplay between retrenchment and refinement can hope to offer the best of both worlds. The paper explores the strategy of filtering the information in a retrenchment to yield a refinement under a suitable notion of observation. A general construction is given that enables a retrenchment, with its intrinsic notion of observability, to be filtered to produce a refinement with its intrinsic notion of observability. A simple running example illustrates the theory. 1.