1 CS 501 Spring 2005 CS 501: Software Engineering Lecture 10 Requirements 4
2 CS 501 Spring 2005 Course Administration Presentations, March 9-10 Read the instructions on the Assignments web page Reserve a time slot by sending to Time slots are listed on the home page of the web site. First-come-first- served.
3 CS 501 Spring 2005 Formal Specification Why? Precise standard to define and validate software. Why not? May be time consuming Methods are not suitable for all applications
4 CS 501 Spring 2005 Remember Formal specification does not prescribe the implementation With formal specification it is possible, at least theoretically, to generate code automatically from the specification, but this may not be the most effective way: Writing the generator may be a very large programming task. The resulting code may perform badly. Formal specification does not guarantee correctness If the specification is wrong, the system will be wrong.
5 CS 501 Spring 2005 Formal Specification using Mathematical Notation Mathematical requirements can be specified formally. Example: requirements from a mathematical package: B 1, B 2,... B k is a sequence of m x m matrices 1, 2,... k is a sequence of m x m elementary matrices B 1 -1 = 1 B 2 -1 = 2 1 B k -1 = k... 2 1 The numerical accuracy must be such that, for all k, B k B k -1 - I <
6 CS 501 Spring 2005 Formal Specification Using Diagrams digit unsigned integer digit. E + - unsigned integer unsigned number Example: Pascal number syntax
7 CS 501 Spring 2005 Formal Specification of Programming Languages ::= | ::= { } ::=. { } |. { } E | E ::= | ::= + | - Example: Pascal number syntax
8 CS 501 Spring 2005 Formal Specification using Z ("Zed") Z is a specification language developed by the Programming Research Group at Oxford University around Z is used for describing and modeling computing systems. It is based on axiomatic set theory and first order predicate logic. Ben Potter, Jane Sinclair, David Till, An Introduction to Formal Specification and Z (Prentice Hall) 1991 Jonathan Jacky The Way of Z (Cambridge University Press) 1997
9 CS 501 Spring 2005 Informal: The function intrt(a) returns the largest integer whose square is less than or equal to a. Formal (Z): intrt: N N a : N intrt(a) * intrt(a) < a < (intrt(a) + 1) * (intrt(a) + 1) Example: Specification using Z
10 CS 501 Spring 2005 Example: Implementation of intrt (2n - 1) = n 2 Static specification does not describe the design of the system. A possible algorithm uses the mathematical identity:
11 CS 501 Spring 2005 Example: Program for intrt int intrt (int a) /* Calculate integer square root */ { int i, term, sum; term = 1; sum = 1; for (i = 0; sum <= a; i++) { term = term + 2; sum = sum + term; } return i; }
12 CS 501 Spring 2005 Formal Specification of Finite State Machine Using Z A finite state machine is a broadly used method of formal specification: Event driven systems (e.g., games) User interfaces Protocol specification etc., etc.,...
13 CS 501 Spring 2005 State Transition Diagram Patients Fields SetupReady Beam on Enter Start Stop Select field Select patient (lock on) (lock off)
14 CS 501 Spring 2005 State Transition Table Select Patient Select Field Enter lock off StartStop lock on Patients Fields Setup Ready Beam on Fields Patients Setup Ready Beam on Ready
15 CS 501 Spring 2005 Z Specification STATE ::= patients | fields | setup | ready | beam_on EVENT ::= select_patient | select_field | enter | start | stop | lock_off | lock_on FSM == (STATE X EVENT) STATE no_change, transitions, control : FSM Continued on next slide
16 CS 501 Spring 2005 Z Specification (continued) control = no_change transitions no_change = { s : STATE; e : EVENT (s, e) s } transitions = { (patients, enter) fields, (fields, select_patient) patients, (fields, enter) setup, (setup, select_patient) patients, (setup, select_field) fields, (setup, lock_off) ready, (ready, select_patient) patients, (ready, select_field) fields, (ready, start) beam_on, (ready, lock_on) setup, (beam_on, stop) ready, (beam_on, lock_on) setup }
17 CS 501 Spring 2005 Schemas Schema: The basic unit of formal specification. Enables complex system to be specified as subsystems Describes admissible states and operations of a system.
18 CS 501 Spring 2005 LibSys: An Example of Z Library system: Stock of books. Registered users. Each copy of a book has a unique identifier. Some books on loan; other books on shelves available for loan. Maximum number of books that any user may have on loan.
19 CS 501 Spring 2005 LibSys: Operations Issue a copy of a book to a reader. Reader returns a book. Add a copy to the stock. Remove a copy from the stock. Inquire which books are on loan to a reader. Inquire which readers has a particular copy of a book. Register a new reader. Cancel a reader's registration.
20 CS 501 Spring 2005 LibSys: Modeling Formal Specifications are models. As with all models, it is necessary to decide what should be included and what can be left out. Level of detail Assume given sets: Copy, Book, Reader Global constant: maxloans
21 CS 501 Spring 2005 Domain and Range dom mXY x ran m y m : X Y dom m = { x X : y Y x y} ran m = { y Y : x X x y} m domain: range:
22 CS 501 Spring 2005 LibSys: Schema for Abstract States Library stock : Copy Book issued : Copy Reader shelved : F Copy readers: F Reader shelved dom issued = dom stock shelved dom issued = Ø ran issued readers r : readers #(issued {r}) maxloans < finite subset Name Declaration part Predicate
23 CS 501 Spring 2005 Schema Inclusion LibDB stock : Copy Book readers: F Reader LibLoans issued : Copy Reader shelved : F Copy r : Reader #(issued {r}) maxloans shelved dom issued = Ø <
24 CS 501 Spring 2005 Schema Inclusion (continued) Library LibDB LibLoans dom stock = shelved dom issued ran issued readers
25 CS 501 Spring 2005 Schemas Describing Operations Naming conventions for objects: Before: plain variables, e.g., r After: with appended dash, e.g., r' Input: with appended ?, e.g., r? Output: with appended !, e.g., r!
26 CS 501 Spring 2005 Operation: Issue a Book Inputs: copy c?, reader r? Copy must be shelved initially: c? shelved Reader must be registered: r? readers Reader must have less than maximum number of books on loan: #(issued {r?}) < maxloans Copy must be recorded as issued to the reader: issued' = issued {c? r?} The stock and the set of registered readers are unchanged: stock' = stock; readers' = readers
27 CS 501 Spring 2005 Operation: Issue a Book stock, stock' : Copy Book issued, issued' : Copy Reader shelved, shelved': F Copy readers, readers' : F Reader c?: Copy; r? :Reader [See next slide] Issue
28 CS 501 Spring 2005 Operation: Issue a Book (continued) [See previous slide] Issue shelved dom issued = dom stock shelved' dom issued' = dom stock' shelved dom issued = Ø; shelved' dom issued' = Ø ran issued readers; ran issued' readers' r : readers #(issued {r}) maxloans r : readers' #(issued' {r}) maxloans c? shelved; r? readers; #(issued {r?}) < maxloans issued' = issued {c? r?} stock' = stock; readers' = readers < <
29 CS 501 Spring 2005 Schema Decoration Issue Library Library' c? : Copy; r? : Reader c? shelved; r? readers #(issued {r?}) < maxloans issued' = issued {c? r?} stock' = stock; readers' = readers
30 CS 501 Spring 2005 Schema Decoration Issue Library c? : Copy; r? : Reader c? shelved; r? readers #(issued {r?}) < maxloans issued' = issued {c? r?} stock' = stock; readers' = readers
31 CS 501 Spring 2005 The Schema Calculus Schema inclusion Schema decoration Schema disjunction: AddCopy AddKnownTitle AddNewTitle Schema conjunction: AddCopy EnterNewCopy AddCopyAdmin Schema negation Schema composition = ^ = ^
32 CS 501 Spring 2005 Z in Practice In carefully monitored industrial use, Z has been shown to improve the timeliness and accuracy of software development, yet it is widely used in practice. Complexity of notation makes communication with client difficult. Few software developers are comfortable with the underlying axiomatic approach. Heavy notation is awkward to manipulate with conventional tools, such as word processors.