Refinement
Encyclopedia
In formal methods
, program refinement is the verifiable
transformation of an abstract (high-level) formal specification
into a concrete (low-level) executable program. Stepwise refinement allows this process to be done in stages. Logically, refinement normally involves implication
, but there can be additional complications.
(e.g., a procedure). The postcondition
can be strengthened and/or the precondition
weakened in this process. This reduces any nondeterminism
in the specification, typically to a completely deterministic implementation.
For example, x ∈ {1,2,3} (where x is the value of the variable
x after an operation) could be refined to x ∈ {1,2}, then x ∈ {1}, and implemented as x := 1. Implementations of x := 2 and x := 3 would be equally acceptable in this case, using a different route for the refinement. However, we must be careful not to refine to x ∈ {} (equivalent to false) since this is unimplementable; it is impossible to select a member from the empty set
.
The term reification
is also sometimes used (coined by Cliff Jones). Retrenchment
is an alternative technique when formal refinement is not possible. The opposite of refinement is abstraction
.
Algorithm
Refinement calculus
is a formal system
(inspired from Hoare logic
) that promotes program refinement. The FermaT Transformation System
is an industrial-strength implementation of refinement. B-Method
is also a Formal method that extends refinement calculus with a component language: it has been used in industrial developments.
In type theory
, a refinement type is a type endowed with a predicate which is assumed to hold for any element of the refined type. Refinement types can express precondition
s when used as function arguments or postcondition
s when used as return type
s: for instance, the type of a function which accepts natural numbers and returns natural numbers greater than 5 may be written as . Refinement types are thus related to behavioral subtyping.
Formal methods
In computer science and software engineering, formal methods are a particular kind of mathematically-based techniques for the specification, development and verification of software and hardware systems...
, program refinement is the verifiable
Formal verification
In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics .- Usage :Formal verification can be...
transformation of an abstract (high-level) formal specification
Formal specification
In computer science, a formal specification is a mathematical description of software or hardware that may be used to develop an implementation. It describes what the system should do, not how the system should do it...
into a concrete (low-level) executable program. Stepwise refinement allows this process to be done in stages. Logically, refinement normally involves implication
Implication
Implication may refer to:In logic:* Logical implication, entailment, or consequence, a relation between statements* Material implication, or conditional implication, a binary truth functionIn linguistics, specifically in pragmatics:...
, but there can be additional complications.
Data refinement
Data refinement is used to convert an abstract data model (in terms of sets for example) into implementable data structures (such as arrays). Operation refinement converts a specification of an operation on a system into an implementable programComputer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
(e.g., a procedure). The postcondition
Postcondition
In computer programming, a postcondition is a condition or predicate that must always be true just after the execution of some section of code or after an operation in a formal specification. Postconditions are sometimes tested using assertions within the code itself...
can be strengthened and/or the precondition
Precondition
In computer programming, a precondition is a condition or predicate that must always be true just prior to the execution of some section of code or before an operation in a formal specification....
weakened in this process. This reduces any nondeterminism
Nondeterministic algorithm
In computer science, a nondeterministic algorithm is an algorithm that can exhibit different behaviors on different runs, as opposed to a deterministic algorithm. There are several ways an algorithm may behave differently from run to run. A concurrent algorithm can perform differently on different...
in the specification, typically to a completely deterministic implementation.
For example, x ∈ {1,2,3} (where x is the value of the variable
Variable (programming)
In computer programming, a variable is a symbolic name given to some known or unknown quantity or information, for the purpose of allowing the name to be used independently of the information it represents...
x after an operation) could be refined to x ∈ {1,2}, then x ∈ {1}, and implemented as x := 1. Implementations of x := 2 and x := 3 would be equally acceptable in this case, using a different route for the refinement. However, we must be careful not to refine to x ∈ {} (equivalent to false) since this is unimplementable; it is impossible to select a member from the empty set
Empty set
In mathematics, and more specifically set theory, the empty set is the unique set having no elements; its size or cardinality is zero. Some axiomatic set theories assure that the empty set exists by including an axiom of empty set; in other theories, its existence can be deduced...
.
The term reification
Reification (computer science)
Reification is the process by which an abstract idea about a computer program is turned into an explicit data model or other object created in a programming language. A computable/addressable object — a resource — is created in a system as a proxy for a non computable/addressable object...
is also sometimes used (coined by Cliff Jones). Retrenchment
Retrenchment (computing)
Retrenchment is a technique associated with Formal Methods that was introduced to address some of the perceived limitations of formal, model based refinement, for situations in which refinement might be regarded as desirable in principle, but turned out to be unusable, or nearly unusable, in practice...
is an alternative technique when formal refinement is not possible. The opposite of refinement is abstraction
Abstraction (computer science)
In computer science, abstraction is the process by which data and programs are defined with a representation similar to its pictorial meaning as rooted in the more complex realm of human life and language with their higher need of summarization and categorization , while hiding away the...
.
AlgorithmAlgorithmIn mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
refinement
Refinement calculusRefinement Calculus
Refinement calculus is a formalized approach to stepwise refinement for program construction. The required behaviour of the final executable program is specified as an abstract and perhaps non-executable "program", which is then refined by a series of correctness-preserving transformations into an...
is a formal system
Formal system
In formal logic, a formal system consists of a formal language and a set of inference rules, used to derive an expression from one or more other premises that are antecedently supposed or derived . The axioms and rules may be called a deductive apparatus...
(inspired from Hoare logic
Hoare logic
Hoare logic is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. It was proposed in 1969 by the British computer scientist and logician C. A. R. Hoare, and subsequently refined by Hoare and other researchers...
) that promotes program refinement. The FermaT Transformation System
FermaT Transformation System
The FermaT Transformation System is an industrial strength programtransformation system targeted at reverse engineering, program comprehensionand migration between programming languages...
is an industrial-strength implementation of refinement. B-Method
B-Method
The B method is method of software development based on B, a tool-supported formal method based around an abstract machine notation, used in the development of computer software. It was originally developed by Jean-Raymond Abrial in France and the UK. B is related to the Z notation and supports...
is also a Formal method that extends refinement calculus with a component language: it has been used in industrial developments.
In type theory
Type theory
In mathematics, logic and computer science, type theory is any of several formal systems that can serve as alternatives to naive set theory, or the study of such formalisms in general...
, a refinement type is a type endowed with a predicate which is assumed to hold for any element of the refined type. Refinement types can express precondition
Precondition
In computer programming, a precondition is a condition or predicate that must always be true just prior to the execution of some section of code or before an operation in a formal specification....
s when used as function arguments or postcondition
Postcondition
In computer programming, a postcondition is a condition or predicate that must always be true just after the execution of some section of code or after an operation in a formal specification. Postconditions are sometimes tested using assertions within the code itself...
s when used as return type
Return type
In computer programming, the return type defines and constrains the data type of value returned from a method or function...
s: for instance, the type of a function which accepts natural numbers and returns natural numbers greater than 5 may be written as . Refinement types are thus related to behavioral subtyping.