Engineering and theoretical underpinnings of retrenchment

Refinement is reviewed, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as a specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation proof obligation, simple examples, its use in requirements engineering and model evolution, and simulation properties. The interaction of retrenchment with refinement notions of correctness is overviewed, as is a range of other technical issues. Two case study scenarios are presented. One is a simple digital redesign control theory problem, and the other is an overview of the application of retrenchment to the Mondex Purse development.

[1]  Bengt Jonsson Simulations Between Specifications of Distributed Systems , 1991, CONCUR.

[2]  Egon Börger,et al.  A Programmer Friendly Modular Definition of the Semantics of Java , 1999, Formal Syntax and Semantics of Java.

[3]  R. Banach,et al.  Sharp Retrenchment , Modulated Refinement and Punctured Simulation , 2008 .

[4]  Giuseppe Scollo,et al.  Lotos specifications, their implementations and their tests , 1995 .

[5]  Gene F. Franklin,et al.  Digital control of dynamic systems , 1980 .

[6]  Ralph-Johan Back,et al.  Decentralization of Process Nets with Centralized Control , 1983, PODC.

[7]  H. E. Johns,et al.  Physics of Radiology , 1983 .

[8]  David R. Lester Real Number Calculations and Theorem Proving , 2008, TPHOLs.

[9]  Henk Doornbos A Relational Model of Programs Without the Restriction to Egli-Milner-Monotone Constructs , 1994, PROCOMET.

[10]  Egon Börger,et al.  Architecture Design and Validation Methods , 2012, Springer Berlin Heidelberg.

[11]  Chen C. Chang,et al.  Model Theory: Third Edition (Dover Books On Mathematics) By C.C. Chang;H. Jerome Keisler;Mathematics , 1966 .

[12]  Manfred Broy,et al.  Partial abstract types , 1982, Acta Informatica.

[13]  Derek Coleman,et al.  The clean termination of Pascal programs , 2004, Acta Informatica.

[14]  Richard Jüllig,et al.  Specware: Formal Support for Composing Software , 1995, MPC.

[15]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[16]  Manfred Broy,et al.  Specification and development of interactive systems: focus on streams, interfaces, and refinement , 2001 .

[17]  R. Courant,et al.  Methods of Mathematical Physics , 1962 .

[18]  Ralph-Johan Back,et al.  Refinement Calculus, Part I: Sequential Nondeterministic Programs , 1989, REX Workshop.

[19]  Edsger W. Dijkstra,et al.  Predicate Calculus and Program Semantics , 1989, Texts and Monographs in Computer Science.

[20]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[21]  Hartmut Ehrig,et al.  Functorial Theory of Parameterized Specifications in a General Specification Framework , 1994, Theor. Comput. Sci..

[22]  Richard Banach,et al.  Book Review: "Concurrency Verification: Introduction to Compositional and Non-compositional Methods" by Willem-Paul de Roever, Frank de Boer, Ulrich Hanneman, Jozef Hooman, Yassine Lakhnech, Mannes Poel and Job Zwiers (eds.) , 2003, J. Log. Comput..

[23]  J. B. Wordsworth Software Engineering with B , 1996 .

[24]  Parasuram Anantharam Modelling systems , 2000, SOEN.

[25]  DPhil John Derrick BSc,et al.  Refinement in Z and Object-Z , 2001, Formal Approaches to Computing and Information Technology.

[26]  Heike Wehrheim Behavioral Subtyping Relations for Active Objects , 2003, Formal Methods Syst. Des..

[27]  J. R. Cunningham KEYNOTE ADDRESS: DEVELOPMENT OF COMPUTER ALGORITHMS FOR RADIATION TREATMENT PLANNING , 1989 .

[28]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[29]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Specification 2: Module Specifications and Constraints , 1990 .

[30]  Manfred Broy,et al.  Specification and Development of Interactive Systems , 2001, Monographs in Computer Science.

[31]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[32]  George J. Pappas,et al.  Hybrid Systems: Computation and Control , 2004, Lecture Notes in Computer Science.

[33]  Czeslaw Tadeusz Jeske,et al.  Algebraic Integration of Retrenchment and Refinement , 2006 .

[34]  Richard Banach,et al.  Retrenchment and Punctured Simulation , 1999, IFM.

[35]  Frank Waters,et al.  The B Book , 1971 .

[36]  C. A. R. Hoare,et al.  Unifying theories of programming , 1998, RelMiCS.

[37]  Elena Troubitsyna,et al.  Rigorous Open Development Environment for Complex Systems ) , 2005 .

[38]  Susan Stepney,et al.  Retrenching the Purse: Finite Exception Logs, and Validating the Small , 2006, 2006 30th Annual IEEE/NASA Software Engineering Workshop.

[39]  Amir Pnueli,et al.  Hybrid Systems: Computation and Control , 2003, Lecture Notes in Computer Science.

[40]  Oded Maler,et al.  Hybrid and Real-Time Systems , 1997 .

[41]  Susan Stepney,et al.  Retrenching the Purse: The Balance Enquiry Quandary, and Generalised and (1, 1) Forward Refinements , 2007, Fundam. Informaticae.

[42]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[43]  Antonio Gavilanes-Franco,et al.  A First Order Logic for Partial Functions , 1990, Theor. Comput. Sci..

[44]  Benjamin C. Kuo,et al.  Digital Control Systems , 1977 .

[45]  Giovanni Sambin,et al.  A Preview of the Basic Picture: A New Perspective on Formal Topology , 1998, TYPES.

[46]  Egon Börger,et al.  Abstract State Machines , 2003 .

[47]  Richard Banach,et al.  Sharp Retrenchment, Modulated Refinement and Simulation , 2005, Formal Aspects of Computing.

[48]  Jim Woodcock,et al.  More Powerful Z Data Refinement: Pushing the State of the Art in Industrial Refinement , 1998, ZUM.

[49]  Susan Stepney,et al.  Breaking the Model: Finalisation and a Taxonomy of Security Attacks , 2005, REFINE.

[50]  Alexander Bunkenburg,et al.  Partiality and Nondeterminacy in Program Proofs , 1998, Formal Aspects of Computing.

[51]  Frits W. Vaandrager,et al.  Hybrid Systems: Computation and Control: Second International Workshop, HSCC’99 Berg en Dal, The Netherlands, March 29–31, 1999 Proceedings , 1999, Lecture Notes in Computer Science.

[52]  Prof. Dr. Robert F. Stärk,et al.  Java and the Java Virtual Machine , 2001, Springer Berlin Heidelberg.

[53]  Klaus Weihrauch,et al.  Computable Analysis: An Introduction , 2014, Texts in Theoretical Computer Science. An EATCS Series.

[54]  Ben Strulo How Firing Conditions Help Inheritance , 1995, ZUM.

[55]  Peter Gorm Larsen,et al.  Modelling Systems: Practical Tools and Techniques in Software Development , 1998 .

[56]  Richard Banach,et al.  Retrenchment: Extending Refinement for Continuous and Control Systems , 2000, IWFM.

[57]  van der Arjan Schaft,et al.  Hybrid and Real-Time Systems , 1997, Lecture Notes in Computer Science.

[58]  Samuel N. Kamin,et al.  Partial Implementations of Abstract Data Types: A Dissenting view on Errors , 1984, Semantics of Data Types.

[59]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[60]  Jean-Raymond Abrial Event Based Sequential Program Development: Application to Constructing a Pointer Program , 2003, FME.

[61]  Richard Banach,et al.  Fragmented retrenchment, concurrency and fairness , 2000, ICFEM 2000. Third IEEE International Conference on Formal Engineering Methods.

[62]  Egon Börger Specification and validation methods , 1995 .

[63]  Susan Stepney,et al.  Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties , 2006, Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006).

[64]  Eric C. R. Hehner A Practical Theory of Programming , 1993, Texts and Monographs in Computer Science.

[65]  Richard Banach,et al.  Composition mechanisms for retrenchment , 2008, J. Log. Algebraic Methods Program..

[66]  Richard Banach,et al.  Controlling Control Systems: An Application of Evolving Retrenchment , 2002, ZB.

[67]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[68]  Philip M. Morse,et al.  Methods of Mathematical Physics , 1947, The Mathematical Gazette.

[69]  Edsger W. Dijkstra,et al.  Notes on structured programming , 1970 .

[70]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[71]  Shmuel Katz,et al.  A superimposition control construct for distributed systems , 1993, TOPL.

[72]  John A. McDermid,et al.  Formal Methods: Use and Relevance for the Development of Safety-Critical Systems , 1992, Comput. J..

[73]  Marc Spielmann Automatic Verification of Abstract State Machines , 1999, CAV.

[74]  MA John Harrison PhD Theorem Proving with the Real Numbers , 1998, Distinguished Dissertations.

[75]  Nancy A. Lynch,et al.  Hybrid Systems: Computation and Control , 2002, Lecture Notes in Computer Science.

[76]  Howard Bowman,et al.  Comparing LOTOS and Z Refinement Relations , 1996, FORTE.

[77]  Richard Banach,et al.  Retrenchment: extending the reach of refinement , 1999, 14th IEEE International Conference on Automated Software Engineering.

[78]  Colin J. Fidge,et al.  Incremental Development of Real-Time Requirements: The Light Control Case Study , 2000, J. Univers. Comput. Sci..

[79]  Manfred Broy,et al.  Generalized Heterogeneous Algebras and Partial Interpretations , 1983, CAAP.

[80]  Richard Banach,et al.  Safety Requirements and Fault Trees Using Retrenchment , 2004, SAFECOMP.

[81]  R. Banacha,et al.  Retrenching Partial Requirements into System Definitions : A Simple Feature Interaction Case Study , 2022 .

[82]  Cliff B. Jones,et al.  Systematic software development using VDM (2. ed.) , 1990, Prentice Hall International Series in Computer Science.

[83]  Ian J. Hayes,et al.  Specification case studies , 1987 .

[84]  Marco Bozzano,et al.  Retrenchment, and the Generation of Fault Trees for Static, Dynamic and Cyclic Systems , 2006, SAFECOMP.

[85]  Gerhard Schellhorn Verification of ASM Refinements Using Generalized Forward Simulation , 2001, J. Univers. Comput. Sci..

[86]  R. Banacha,et al.  Retrenchment : An Engineering Variation on Refinement , 2022 .

[87]  Eerke Albert Boiten,et al.  Refinement in Z and Object-Z: Foundations and Advanced Applications , 2001 .

[88]  Brendan P. Mahony The Specification and Refinement of Timed Processes , 1992 .

[89]  Graeme Smith Stepwise development from ideal specifications , 2000, Proceedings 23rd Australasian Computer Science Conference. ACSC 2000 (Cat. No.PR00518).

[90]  Bengt Jonsson,et al.  On Decomposing and Refining Specifications of Distributed Systems , 1989, REX Workshop.

[91]  Andrzej Blikle,et al.  The clean termination of iterative programs , 1981, Acta Informatica.

[92]  Gerhard Schellhorn Verification of Abstract state Machines , 1999 .

[93]  Cliff B. Jones,et al.  Case studies in systematic software development , 1990 .

[94]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[95]  Maria Domenica Di Benedetto,et al.  Hybrid Systems: Computation and Control , 2001, Lecture Notes in Computer Science.

[96]  Manfred Broy,et al.  Partial Interpretations of Higher Order Algebraic Types (Extended Abstract) , 1986, MFCS.

[97]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[98]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[99]  Peter B. Andrews An introduction to mathematical logic and type theory - to truth through proof , 1986, Computer science and applied mathematics.

[100]  Richard Banach,et al.  Model Based Engineering of Specifications by Retrenching Partial Requirements , 2001 .

[101]  Susan Stepney,et al.  Retrenching the Purse: Finite Sequence Numbers, and the Tower Pattern , 2005, FM.

[102]  Jacques Fleuriot A Combination of Geometry Theorem Proving and Nonstandard Analysis with Application to Newton's Principia , 2001 .

[103]  Mogens Nielsen,et al.  The RAISE language, method and tools , 2005, Formal Aspects of Computing.

[104]  José Meseguer,et al.  Order-Sorted Algebra I: Equational Deduction for Multiple Inheritance, Overloading, Exceptions and Partial Operations , 1992, Theor. Comput. Sci..

[105]  Egon Börger,et al.  Abstract State Machines , 2003 .

[106]  Ralph-Johan Back,et al.  On Correct Refinement of Programs , 1981, J. Comput. Syst. Sci..

[107]  Greg Nelson,et al.  A generalization of Dijkstra's calculus , 1989, ACM Trans. Program. Lang. Syst..

[108]  Edsger W. Dijkstra,et al.  Structured programming , 1972, A.P.I.C. Studies in data processing.

[109]  Eerke A. Boiten,et al.  Relational Concurrent Refinement , 2003, Formal Aspects of Computing.

[110]  David R. Lester,et al.  Using PVS to Validate the Inverse Trigonometric Functions of an Exact Arithmetic , 2003, Numerical Software with Result Verification.

[111]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[112]  Ira R. Forman,et al.  Superimposition for Interacting Processes , 1990, CONCUR.

[113]  Kaisa Sere,et al.  Program Development by Refinement: Case Studies Using The B Method , 1998 .

[114]  R. Stärk,et al.  Abstract State Machines , 2003, Springer Berlin Heidelberg.

[115]  D. S. Neilson From Z to C : illustration of a rigorous development method , 1989 .

[116]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[117]  Kevin Lano,et al.  Specification in B: An Introduction Using the B Toolkit , 1996 .

[118]  Joseph M. Morris,et al.  A Theoretical Basis for Stepwise Refinement and the Programming Calculus , 1987, Sci. Comput. Program..

[119]  Richard Banach,et al.  Minimally and Maximally Abstract Retrenchments , 2002, IFM.

[120]  Grady Booch,et al.  Software engineering with Ada , 1983 .

[121]  F. Khan The physics of radiation therapy , 1985 .

[122]  Cliff B. Jones,et al.  RODIN (Rigorous Open Development Environment for Complex Systems) , 2005 .

[123]  Eerke Albert Boiten,et al.  Grey Box Data Refinement , 1998 .

[124]  Kaisa Sere,et al.  Superposition refinement of reactive systems , 2005, Formal Aspects of Computing.

[125]  Wolfram Schulte,et al.  Modular design for the Java virtual machine architecture , 2000 .

[126]  Ralph-Johan Back,et al.  A calculus of refinements for program derivations , 1988, Acta Informatica.

[127]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[128]  Steve Dunne Recasting Hoare and He's Unifying Theory of Programs in the Context of General Correctness , 2001, IWFM.

[129]  Carroll Morgan,et al.  Programming from specifications (2nd ed.) , 1994 .

[130]  Marian B. Pour-El,et al.  An Introduction to Computable Analysis , 1989 .

[131]  Egon Börger,et al.  Why Use Evolving Algebras for Hardware and Software Engineering? , 1995, SOFSEM.

[132]  César A. Muñoz,et al.  Real Number Calculations and Theorem Proving , 2008, TPHOLs.

[133]  Emil Sekerinski,et al.  Class Refinement and Interface Refinement in Object-Oriented Programs , 1997, FME.

[134]  David Crocker,et al.  Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm , 2004 .

[135]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[136]  Richard Banach,et al.  Retrenchment, Refinement, and Simulation , 2000, ZB.

[137]  Eerke Albert Boiten,et al.  IO-refinement in Z , 1998, FM-Trends 1998.

[138]  Fred B. Schneider On Concurrent Programming , 1997, Graduate Texts in Computer Science.

[139]  Kaisa Sere,et al.  Program Development by Refinement , 1999, Formal Approaches to Computing and Information Technology FACIT.

[140]  Leslie Lamport,et al.  Artificial Intelligence and Language Processing ]acques Cohen Editor a Simple Approach to Specifying Concurrent Systems , 2022 .

[141]  J R Cunningham Development of computer algorithms for radiation treatment planning. , 1989, International journal of radiation oncology, biology, physics.

[142]  Dominique Cansell,et al.  Refinement and Reachability in EventB , 2005, ZB.

[143]  G. Sambin Intuitionistic Formal Spaces — A First Communication , 1987 .

[144]  Janusz Glowacki,et al.  Guards , 1985, The Unfinished History of the Iran-Iraq War.

[145]  Eerke A. Boiten,et al.  Guards, Preconditions, and Refinement in Z , 2000, ZB.

[146]  Thomas A. Henzinger,et al.  Hybrid systems III : verification and control , 1996 .

[147]  José Luiz Fiadeiro,et al.  Categorical Semantics of Parallel Program Design , 1997, Sci. Comput. Program..

[148]  J. W. Sanders,et al.  Specification by interface separation , 1995, Formal Aspects of Computing.

[149]  Dirk van Dalen,et al.  Logic and structure , 1980 .

[150]  Joakim von Wright The lattice of data refinement , 2005, Acta Informatica.

[151]  Egon Börger,et al.  High Level System Design and Analysis Using Abstract State Machines , 1998, FM-Trends.

[152]  Olaf Owe,et al.  Partial logics reconsidered: A conservative approach , 1993, Formal Aspects of Computing.

[153]  Shaoying Liu Evolution: a more practical approach than refinement for software development , 1997, Proceedings. Third IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.97TB100168).

[154]  R. Knoll,et al.  Object oriented construction handbook Object oriented construction handbook , 2007 .

[155]  Thomas A. Henzinger,et al.  Hybrid Systems: Computation and Control , 1998, Lecture Notes in Computer Science.

[156]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Specification 1: Equations and Initial Semantics , 1985 .

[157]  Niklaus Wirth,et al.  Program development by stepwise refinement , 1971, CACM.

[158]  Richard Banach,et al.  Maximally abstract retrenchments , 2000, ICFEM 2000. Third IEEE International Conference on Formal Engineering Methods.

[159]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[160]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[161]  Steve Dunne,et al.  Specification and refinement in general correctness , 1998, FM-Trends 1998.

[162]  R. Banach Retrenchment and System Properties , 2003 .

[163]  Robert Balzer,et al.  On the inevitable intertwining of specification and implementation , 1982, CACM.

[164]  F. B. Hildebrand Advanced Calculus for Applications , 1962 .