Retrenching partial requirements into system definitions: a simple feature interaction case study

In conventional model-oriented formal refinement, the abstract model is supposed to capture all the properties of interest in the system, in an as-clutter-free-as-possible manner. Subsequently, the refinement process guides development inexorably towards a faithful implementation. However, refinement says nothing about how to obtain the abstract model in the first place. In reality developers experiment with prototype models and their refinements until a workable arrangement is discovered.Retrenchment is a formal technique intended to capture some of the informal approach to a refinable abstract model in a formal manner that will integrate with refinement. This is in order that the benefits of a formal approach can migrate further up the development hierarchy. The basic ideas of retrenchment are presented, and a simple telephone system feature interaction case study is elaborated. This illustrates not only how retrenchment can relate incompatible and partial models to a more definitive consolidated model during the development of the contracted specification, but also that the same formalism is applicable in a re-engineering context, where the subsequent evolution of a system may be partly incompatible with earlier design decisions. The case study illustrates how the natural method of composing retrenchments can give results that are too liberal in certain cases, and stronger laws of composition are derived for systems possessing suitable properties. It is shown that the methodology can encompass more ad hoc and custom-built techniques such as Zave's layered feature engineering approach to applications exhibiting a feature-oriented architecture (such as telephony).

[1]  Niklaus Wirth,et al.  Program development by stepwise refinement , 1971, CACM.

[2]  Daniel Amyot,et al.  Feature Interactions in Telecommunications and Software Systems VII, June 11-13, 2003, Ottawa, Canada , 2003, FIW.

[3]  C. A. R. Hoare,et al.  Proof of Correctness of Data Representations (Reprint) , 2002, Software Pioneers.

[4]  Edsger W. Dijkstra,et al.  Notes on structured programming , 1970 .

[5]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[6]  Richard Banach,et al.  Retrenchment, Refinement, and Simulation , 2000, ZB.

[7]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[8]  Richard Banach,et al.  Sharp Retrenchment, Modulated Refinement and Simulation , 2005, Formal Aspects of Computing.

[9]  David Gries,et al.  On Structured Programming , 1978 .

[10]  John A. McDermid,et al.  Formal Methods: Use and Relevance for the Development of Safety-Critical Systems , 1992, Comput. J..

[11]  Mario Kolberg,et al.  Feature interaction: a critical review and considered forecast , 2003, Comput. Networks.

[12]  Ralph-Johan Back,et al.  Software Construction by Stepwise Feature Introduction , 2002, ZB.

[13]  Marc Spielmann Automatic Verification of Abstract State Machines , 1999, CAV.

[14]  Richard Banach,et al.  Retrenchment: An Engineering Variation on Refinement , 1998, B.

[15]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[16]  Richard Banach,et al.  Fragmented retrenchment, concurrency and fairness , 2000, ICFEM 2000. Third IEEE International Conference on Formal Engineering Methods.

[17]  Mandayam K. Srivas,et al.  A Tutorial Introduction to PVS , 1998 .

[18]  Michael Jackson,et al.  Distributed Feature Composition: A Virtual Architecture for Telecommunications Services , 1998, IEEE Trans. Software Eng..

[19]  Pamela Zave Requirements for evolving systems: a telecommunications perspective , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[20]  Robert Stärk Verification of Abstract State Machines , 2001 .

[21]  Kaisa Sere,et al.  Superposition refinement of reactive systems , 2005, Formal Aspects of Computing.

[22]  Gerhard Schellhorn Verification of ASM Refinements Using Generalized Forward Simulation , 2001, J. Univers. Comput. Sci..

[23]  Dominique Cansell,et al.  Playing with Abstraction and Refinement for Managing Features Interactions , 2000, ZB.