Results 1  10
of
13
Products in the Refinement Calculus
, 1999
"... We study program states that are described as tuples, i.e., product state spaces. Modeling programs as predicate transformers, we define a product operator on program statements that describes the independent execution of statements on disjoint state spaces. The algebraic properties of this product ..."
Abstract

Cited by 31 (2 self)
 Add to MetaCart
We study program states that are described as tuples, i.e., product state spaces. Modeling programs as predicate transformers, we define a product operator on program statements that describes the independent execution of statements on disjoint state spaces. The algebraic properties of this product operator are studied, in particular the basic monotonicity and distributivity properties that the operator has, and their applications. We also consider how to extend the state space by adding new state components, and show how this is modeled using the product operator. Finally, we show how products are useful to formulate data refinement, both as a general concept and as a technique for replacing local state components of program blocks.
Controlling Control Systems: An Application of Evolving Retrenchment
"... We review retrenchment as a liberalisation of refinement, for the description of applications too rich (e.g. using continuous and infinite types) for refinement. A specialisation of the notion, evolving retrenchment is introduced, motivated by the need for an approximate, evolving notion of simu ..."
Abstract

Cited by 16 (12 self)
 Add to MetaCart
We review retrenchment as a liberalisation of refinement, for the description of applications too rich (e.g. using continuous and infinite types) for refinement. A specialisation of the notion, evolving retrenchment is introduced, motivated by the need for an approximate, evolving notion of simulation. The focus of the paper is the case study, a substantial secondorder linear control system. The design step from continuous to zeroorder hold discrete system is expressible as an evolving retrenchment. Thus we demonstrate that the retrenchment approach can formalise the development of useful applications, which are outside the scope of refinement. The work is presented in a data typeenriched language containing the B language of J.R. Abrial. 1
Retrenchment: Extending the Reach of Refinement
"... Discussion of a simple example demonstrates various expressive limitations of the refinement calculus, and suggests a liberalization of refinement, called retrenchment, which will support an analogous formal development calculus. Useful concrete system behaviour can be specified outside the domain o ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
Discussion of a simple example demonstrates various expressive limitations of the refinement calculus, and suggests a liberalization of refinement, called retrenchment, which will support an analogous formal development calculus. Useful concrete system behaviour can be specified outside the domain of pure refinement, and a case is made for fluidity between I/O and state components across the development step. A syntax and a formal definition are presented for retrenchment, which has some necessary properties for a formal development calculus: transitivity gives stepwise composition of retrenchments, and monotonicity w.r.t. the specification language constructors gives piecewise construction of retrenchments.
Retrenchment: Extending Refinement for Continuous and Control Systems
, 2000
"... Discussion of a radiation dose calculation example demonstrates various expressive limitations of the refinement calculus, particularly for systems with continuous variables. A liberalization of refinement, called retrenchment, is proposed, which will support an analogous formal development calculus ..."
Abstract

Cited by 11 (11 self)
 Add to MetaCart
Discussion of a radiation dose calculation example demonstrates various expressive limitations of the refinement calculus, particularly for systems with continuous variables. A liberalization of refinement, called retrenchment, is proposed, which will support an analogous formal development calculus. Useful concrete system behaviour can be specified outside the domain of pure refinement, in particular behaviour under controlled precision decay. A syntax and a formal definition are presented for retrenchment in the B notation of J.R. Abrial. Necessary transitivity and monotonicity properties for a formal development calculus are stated. A generalisation, evolving retrenchment, is proposed, and a simple example demonstrates its utility, by analogy, in control systems applications. Evolution in retrenchment is demonstrated to offer the expressive power to describe useful simulationlike behaviour, with evolving precision, in software for control systems. Finally, the dosimetry ...
Structuring retrenchments in B by decomposition
 PROC. FME2003: FORMAL METHODS, VOLUME 2805 OF LNCS
, 2003
"... Simple retrenchment is briefly reviewed in the B language of J.R. Abrial [1] as a liberalization of classical refinement, for the formal description of application developments too demanding for refinement. This work initiates the study of the structuring of retrenchmentbased developments in B b ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
Simple retrenchment is briefly reviewed in the B language of J.R. Abrial [1] as a liberalization of classical refinement, for the formal description of application developments too demanding for refinement. This work initiates the study of the structuring of retrenchmentbased developments in B by decomposition. A given coarsegrained retrenchment relation between specifications is decomposed into a family of more finegrained retrenchments. The resulting family may distinguish more incisively between refining, approximately refining, and nonrefining behaviours. Two decomposition results are given, each sharpening a coarsegrained retrenchment within a particular syntactic structure for operations at concrete and abstract levels. A third result decomposes a retrenchment exploiting structure latent in both levels. The theory is illustrated by a simple example based on an abstract model of distributed computing, and methodological aspects are considered.
PerformanceOriented Refinement
, 2001
"... We introduce the probabilistic action system formalism which combines refinement with performance. Performance is expressed by means of probability and expected costs. Probability is needed to express uncertainty present in physical environments. Expected costs express physical or abstract quantitie ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We introduce the probabilistic action system formalism which combines refinement with performance. Performance is expressed by means of probability and expected costs. Probability is needed to express uncertainty present in physical environments. Expected costs express physical or abstract quantities that describe a system. They encode the performance objective. The behaviour of probabilistic action systems is described by traces of expected costs. Corresponding notions of refinement and simulationbased proof rules are introduced. Formal notations like B [2] or action systems [8] support a notion of refinement. Refinement relates an abstract specification A to a more deterministic concrete specification C. Knowing A and C one proves C refines, or implements, specification A. In this study we consider specification A as given and concern ourselves with a way to find a good candidate for specification according to their performance. The performance of a
Structuring Retrenchments in the small with B
, 2002
"... Simple retrenchment is briefly reviewed as a liberalisation of classical refinement, for the formal description of application developments too demanding for refinement. Two generalisations, output and evolving retrenchment, are presented. Simple monotonicity results for retrenchment are recalle ..."
Abstract
 Add to MetaCart
Simple retrenchment is briefly reviewed as a liberalisation of classical refinement, for the formal description of application developments too demanding for refinement. Two generalisations, output and evolving retrenchment, are presented. Simple monotonicity results for retrenchment are recalled, forming the basis of a piecewise development method.
Theorem Proving in Higher Order Logics
, 2002
"... Syntax in Nuprl ::::::::::::::::::::::::::::::::::::::::::::: 23 Eli Barzilay, Stuart Allen DOVE: a Graphical Tool for the Analysis and Evaluation of Critical Systems :::::::::::::::::::::: 33 Tony Cant, Jim McCarthy, Brendan Mahony Formalising General Correctness ::::::::::::::::::::::::::::::: ..."
Abstract
 Add to MetaCart
Syntax in Nuprl ::::::::::::::::::::::::::::::::::::::::::::: 23 Eli Barzilay, Stuart Allen DOVE: a Graphical Tool for the Analysis and Evaluation of Critical Systems :::::::::::::::::::::: 33 Tony Cant, Jim McCarthy, Brendan Mahony Formalising General Correctness ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 36 Jeremy E. Dawson Automatic Constraint Calculation using Lax Logic ::::::::::::::::::::::::::::::::::::::::::::: 48 Jeremy E. Dawson, Matt Fairtlough Automating FraenkelMostowski Syntax :::::::::::::::::::::::::::::::::::::::::::::::::::::: 60 Murdoch J. Gabbay AFormal Correctness Proof of the SPIDER Diagnosis Protocol :::::::::::::::::::::::::::::::::: 71 Alfons Geser, Paul S. Miner Using HOL to Study Sugar 2.0 Semantics ::::::::::::::::::::::::::::::::::::::::::::::::::::: 87 Michael J. C. Gordon Extending DOVE with Product Automata :::::::::::::::::::::::::::::::::::::::::::::::::::: 101 Elsa L. Gunter, Yi Meng A HigherOrder System for Representing Metabolic Pathways ::::::::::::::::::::::::::::::::::: 112 Sara Kalvala HigherOrder Pattern Unification and Proof Irrelevance ::::::::::::::::::::::::::::::::::::::::: 121 Jason Reed AVerification of Rijndael in HOL :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 128 Konrad Slind The K Combinator as a Semantically TransparentTagging Mechanism:::::::::::::::::::::::::::: 139 Konrad Slind, Michael Norrish FCM 2002 Invited Talk Real Numbers in Real Applications ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 146 John Harrison v vi FCM 2002 Workshop Papers A PVS Service for MathWeb :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 147 A. A. Adams, A. Franke, J. Zimmer Formalizing Real Calculus in Coq :::::::::::::::::::::::::::::::::::...
University of Southampton, Highfield,
"... Abstract. Some of the success stories of model based refinement are recalled, as well as some of the annoyances that arise when refinement is deployed in the engineering of large systems. The way that retrenchment attempts to alleviate such inconveniences is reviewed. The Mondex Electronic Purse for ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Some of the success stories of model based refinement are recalled, as well as some of the annoyances that arise when refinement is deployed in the engineering of large systems. The way that retrenchment attempts to alleviate such inconveniences is reviewed. The Mondex Electronic Purse formal development provides a highly credible testbed for examining how real world refinement difficulties can be treated via retrenchment. The contributions of retrenchment to integrating the real implementation with the formal development are surveyed, and the extraction of commonly occurring ‘retrenchment patterns’is suggested. 1 Refinement: Pros and Cons system designs towards implementations. The abstract designs are typically expressed in a modelling language permitting the maximum of expressivity, abstraction, mathematical rigour, and succinctness, without concern for executability. The lower level models lean increasingly towards the actual capabilities of real computing devices, and the algorithms that they must utilise. There are a number of specific formulations of model based refinement, which can differ as regards particular technical details, but which share the same overall strategy for establishing the correctness of an implementation: namely that for every run of the concrete system, there must be a run of the abstract system which maintains the desired notion of correct correspondence between them. Among the more well known techniques we can mention Z [25, 32, 17],