Maximally Abstract Retrenchments
 In Proc. IEEE ICFEM00
, 2000
Abstract

Abstract. The drawbacks of using refinement alone in the construction of specifications from simple abstract models is used as the spur for the introduction of retrenchment — a method based on the main ideas of refinement but one which is more liberal in character. The basics of the retrenchment mechanism are reviewed in preparation for exploring its integration with refinement. The particular aspect of integration investigated in this paper is the factorisation of a retrenchment step from an abstract to a concrete model into a refinement followed by a retrenchment. The objective is to engineer a system which is at the level of abstraction of the concrete model, but is refinable from the abstract one. The construction given here solves the problem in a universal manner, there being a canonical factorisation of the original retrenchment into an I/Ofiltered refinement to the universal system followed by a retrenchment. The universal property arises from the fact that the refinement component of any similar factorisation is refinable to the universal system. An idempotence property supports the claim that the construction is at the correct level of abstraction. A synopsis of an earlier result which factorised a retrenchment step into a canonical retrenchment to a universal system followed by a refinement is presented. A refinement relationship is then shown to exist between the two universal systems. Finally, the consequences of including termination criteria are briefly explored. Keywords. Refinement, Retrenchment, Integration. 1
Controlling Control Systems: An Application of Evolving Retrenchment
Abstract

We review retrenchment as a liberalisation of refinement, for the description of applications too rich (e.g. using continuous and infinite types) for refinement. A specialisation of the notion, evolving retrenchment is introduced, motivated by the need for an approximate, evolving notion of simulation. The focus of the paper is the case study, a substantial secondorder linear control system. The design step from continuous to zeroorder hold discrete system is expressible as an evolving retrenchment. Thus we demonstrate that the retrenchment approach can formalise the development of useful applications, which are outside the scope of refinement. The work is presented in a data typeenriched language containing the B language of J.R. Abrial. 1
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
Abstract

Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Structuring retrenchments in B by decomposition
 PROC. FME2003: FORMAL METHODS, VOLUME 2805 OF LNCS
, 2003
Abstract

Simple retrenchment is briefly reviewed in the B language of J.R. Abrial [1] as a liberalization of classical refinement, for the formal description of application developments too demanding for refinement. This work initiates the study of the structuring of retrenchmentbased developments in B by decomposition. A given coarsegrained retrenchment relation between specifications is decomposed into a family of more finegrained retrenchments. The resulting family may distinguish more incisively between refining, approximately refining, and nonrefining behaviours. Two decomposition results are given, each sharpening a coarsegrained retrenchment within a particular syntactic structure for operations at concrete and abstract levels. A third result decomposes a retrenchment exploiting structure latent in both levels. The theory is illustrated by a simple example based on an abstract model of distributed computing, and methodological aspects are considered.
Reconciling Retrenchments and Refinements
, 2002
Abstract

The more obvious and well known drawbacks of using refinement as the sole means of progressing from an abstract model to a concrete implementation are reviewed. Retrenchment is presented in a simple partial correctness framework as a more flexible development concept for formally capturing the early otherwise preformal stages of development, and briefly justified. Given both a retrenchment of an abstract model, and a refinement of the same model, the problem of finding a model that is both a refinement of the retrenchment and a retrenchment of the refinement, is examined. A construction is given that solves the problem in a universal manner, giving the most abstract reconciliation of the two. The universality amounts to the fact that any similar reconciliation of the original retrenchment and refinement is refinable from the universal one, factoring through it.
Structuring Retrenchments in the small with B
, 2002
Abstract
Simple retrenchment is briefly reviewed as a liberalisation of classical refinement, for the formal description of application developments too demanding for refinement. Two generalisations, output and evolving retrenchment, are presented. Simple monotonicity results for retrenchment are recalled, forming the basis of a piecewise development method.
Reconciling Retrenchments and Refinements II
Abstract
The drawbacks of using refinement alone in the construction of specifications from simple abstract models is used as the spur for the introduction of retrenchment, a method based on the main ideas of refinement, but one which is more liberal in character. The basics of the retrenchment mechanism are reviewed in preparation for exploring its integration with refinement. The particular