Engineering and theoretical underpinnings of retrenchment
Refinement is reviewed, highlighting in particular the distinction between its use as a
specification constructor at a high level, and its use as an implementation mechanism at a …
specification constructor at a high level, and its use as an implementation mechanism at a …
Hemodialysis machine in hybrid Event-B
R Banach - Abstract State Machines, Alloy, B, TLA, VDM, and Z: 5th …, 2016 - Springer
The hemodialysis machine case study is examined in Hybrid Event-B (an extension of Event-
B that includes provision for continuously varying behaviour as well as the usual discrete …
B that includes provision for continuously varying behaviour as well as the usual discrete …
The landing gear system in multi-machine Hybrid Event-B
R Banach - International Journal on Software Tools for Technology …, 2017 - Springer
A system development case study problem based on a set of aircraft landing gear is
examined in Hybrid Event-B (an extension of Event-B that includes provision for …
examined in Hybrid Event-B (an extension of Event-B that includes provision for …
Retrenchment and refinement interworking: the tower theorems
R Banach, C JESKE - Mathematical Structures in Computer Science, 2015 - cambridge.org
Retrenchment is a flexible model evolution formalism that compensates for the limitations
imposed by specific formulations of refinement. Its refinement-like proof obligations feature …
imposed by specific formulations of refinement. Its refinement-like proof obligations feature …
Graded refinement, retrenchment, and simulation
R Banach - ACM Transactions on Software Engineering and …, 2023 - dl.acm.org
Refinement of formal system models towards implementation has been a mainstay of system
development since the inception of formal and Correct by Construction approaches to …
development since the inception of formal and Correct by Construction approaches to …
A continuous ASM modelling approach to pacemaker sensing
The cardiac pacemaker system, proposed as a problem topic in the Verification Grand
Challenge, offers a range of difficulties to address for formal specification, development, and …
Challenge, offers a range of difficulties to address for formal specification, development, and …
Continuous KAOS, ASM, and formal control system design across the continuous/discrete modeling interface: a simple train stopping application
A very simple model for train stopping is used as a vehicle for investigating how the
development of a control system, initially designed in the continuous domain and …
development of a control system, initially designed in the continuous domain and …
Simulation and formal modelling of yaw control in a drive-by-wire application
R Banach, P Van Schaik… - … Federated Conference on …, 2015 - ieeexplore.ieee.org
Cyberphysical systems, with their interdependence between physical behaviour and digital
control, need insights from frequency domain control engineering, state space control …
control, need insights from frequency domain control engineering, state space control …
Retrenching the purse: finite exception logs, and validating the small
R Banach, M Poppleton… - 2006 30th Annual IEEE …, 2006 - ieeexplore.ieee.org
The Mondex electronic purse is an outstanding example of industrial scale formal
refinement, and was the first verification to achieve ITSEC level E6 certification. A formal …
refinement, and was the first verification to achieve ITSEC level E6 certification. A formal …
The mechanical generation of fault trees for reactive systems via retrenchment II: clocked and feedback circuits
The retrenchment approach to the mechanical construction of fault trees, introduced in the
first paper for combinational logic circuits, is extended to handle clocked circuits and then …
first paper for combinational logic circuits, is extended to handle clocked circuits and then …