An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate.

Slides:

Advertisements

Similar presentations

Numeric Types & Ranges. ASCII Integral Type Numerical Inaccuracies Representational error – Round-off error – Caused by coding a real number as a finite.

Advertisements

Introduction to C Systems Programming Concepts. Introduction to C A simple C Program A simple C Program –Variable Declarations –printf ( ) Compiling and.

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Fields, Constructors, Methods

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Introduction to the C# Programming Language for the VB Programmer.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.

0 Chap. 2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations Imperative Programming, B. Hirsbrunner,

1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.

1.2 – Open Sentences and Graphs

CSci 142 Data and Expressions. 2  Topics  Strings  Primitive data types  Using variables and constants  Expressions and operator precedence  Data.

Sequences for system modelling. At the end of this lecture you should be able to: provide a definition of a VDM sequence; identify situations in which.

Programming in C++ Lecture Notes 6 Void Functions (Procedures) Andreas Savva.

1 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University.

 Value, Variable and Data Type  Type Conversion  Arithmetic Expression Evaluation  Scope of variable.

Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

1 Chapter 9 Scope, Lifetime, and More on Functions.

Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

T U T O R I A L  2009 Pearson Education, Inc. All rights reserved Interest Calculator Application Introducing the For...Next Repetition Statements.

VIENNA DEVELOPMENT METHOD -II. Improving the Incubator System  The software will not only record the current temperature of the system, but will also.

Analyzing the Requirements with Formal Specifications Vienna Development Method Specification Language (VDM-SL) Book: Formal Software Development From.

2440: 211 Interactive Web Programming Expressions & Operators.

Model-Based Specification CIS 376 Bruce R. Maxim UM-Dearborn.

Sets Learning Outcomes At the end of this lecture you should be able to: Identify when it is appropriate to use a set for system modelling Define a set.

1 Chapter 8 Scope, Lifetime, and More on Functions Dale/Weems/Headington.

An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate.

VDM-SL Case Study Learning Outcomes At the end of this lecture you should be able to: Analyse and informally specify a complete system using UML class.

CSC264 Modelling and Computation 10. Modelling State Steve Riddle, John Fitzgerald, Maciej Koutny Computing Science Semester /06.

Lecture #5 Introduction to C++

Introduction to Z Copyright, 2002 © Jerzy R. Nawrocki Models and Analysis of Software.

Equation Jeopardy Add Mixed Multiply/ Divide Fractions Q $100 Q $200 Q $300 Q $400 Q $500 Q $100 Q $200 Q $300 Q $400 Q $500 Final Jeopardy Subtract.

1 OCL The Role of OCL in UML. 2 רשימת הנושאים  מבוא  מרכיבי השפה  דוגמאות  מקורות.

IM NTU Software Development Methods, Fall2006 Software Development Methods, Fall 2006 OCL 2006/12/ Object Constraint Language (OCL) Yih-Kuen Tsay.

Composite Objects Learning Outcomes At the end of this lecture you should be able to: Identify when it is appropriate to use a composite object type Use.

Primitive Variables.

Programming in Java (COP 2250) Lecture 4 Chengyong Yang Fall, 2005.

More Array Access Examples Here is an example showing array access logic: const int MAXSTUDENTS = 100; int Test[MAXSTUDENTS]; int numStudents = 0;... //

1 Context-aware Feature-Oriented Modeling with an Aspect Extension of VDM Naoyasu Ubayashi (Kyushu Institute of Technology) Shin Nakajima (National Institute.

 In the java programming language, a keyword is one of 50 reserved words which have a predefined meaning in the language; because of this,

ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.

1 Comments Allow prose or commentary to be included in program Importance Programs are read far more often than they are written Programs need to be understood.

Copyright 2004 Scott/Jones Publishing Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 6 Functions.

1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.

1 Chapter 9 Scope, Lifetime, and More on Functions.

1 Separation of Context Concerns --- Applying Aspect Orientation to VDM Naoyasu Ubayashi (Kyushu Institute of Technology) Shin Nakajima (National Institute.

Chapter 1 Java Programming Review. Introduction Java is platform-independent, meaning that you can write a program once and run it anywhere. Java programs.

0 Chap.2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations 2.5Arithmetic Operators 2.6Relational.

DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.

CCSA 221 Programming in C CHAPTER 11 POINTERS ALHANOUF ALAMR 1.

Stacks This presentation shows – how to implement the stack – how it can be used in real applications.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall. Chapter 2 Integers and Introduction to Variables.

Chapter 4: Variables, Constants, and Arithmetic Operators Introduction to Programming with C++ Fourth Edition.

Lecture 3: More Java Basics Michael Hsu CSULA. Recall From Lecture Two  Write a basic program in Java  The process of writing, compiling, and running.

Data Types Mr Tottman Link. Data Types Programs need to use data for calculations and for output to various devices The best programs will always use.

VDM: Vienna Development Method

Chap. 2. Types, Operators, and Expressions

Introduction to Computer Science / Procedural – 67130

Decisions Chapter 4.

Problem Solving and Control Statements: Part 2

VDM - Part II Models and Analysis of Software Lecture 4

ISpec: A Compositional Approach to Interface Specification

CSE-321 Programming Languages Introduction to Functional Programming

Output Variables {true} S {i = j} i := j; or j := i;

Binary Search and Loop invariants

Object Constraint Language (OCL)

CS October 2010 Read: Sec and chapter 7 on loops. The lectures on the ProgramLive CD can be a big help. Some anagrams A decimal point I'm.

Presentation transcript:

An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate the components of a UML class diagram with those of a VDM specification; declare constants and specify functions to enhance the specification; explain the use of a state invariant to place a global constraint on the system; explain the purpose of the nil value in VDM.

The Incubator case study The temperature of the incubator needs to be carefully controlled and monitored; Safety requirements : -10 Celsius TEMPERATURE +10 Celsius

The UML specification IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

Specifying the ‘state’ in VDM-SL

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer The VDM state refers to the permanent data stored by the system. In VDM-SL we use mathematical types

The intrinsic types available in VDM-SL

 :natural numbers (positive whole numbers)  1 :natural numbers excluding zero  : integers (positive and negative whole numbers)  : real numbers (positive and negative numbers that can include a fractional part)  : boolean values (true or false) Char : the set of alphanumeric characters

Specifying the state of the Incubator Monitor System

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer state IncubatorMonitor of end temp :  UML VDM-SL

Specifying the operations in VDM-SL

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer Each operation specified in VDM-SL as follows: the operation header the external clause the precondition the postcondition

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

increment() ext ? pre ? post ? temp < 10 wr ? temp :  temp = = temp temp - = 1 temp >

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

decrement() ext ? pre ? post ? temp > -10 temp = - 1 wr ? temp : 

IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

getTemp( ) ext ? pre ? post ? currentTemp :  rdtemp :  currentTemp = temp TRUE

Declaring constants

Constants are specified using the keyword values. The declaration would come immediately before the state definition: values MAX :  = 10 MIN :  = -10 decrement() ext wrtemp :  pre temp > -10 post temp = - 1 MIN

Specifying functions

hasPassed FALSE TRUE 

There are two ways in which we can specify a function in VDM-SL: Explicitlyand implicitly

Specifying a function explicitly Example add:      add(x, y) ∆ x + y signaturedefinition

Specifying a function implicitly add( ) pre ? post ? x, y : :  : :  z z = x + y TRUE : : 

An absolute function defined implicitly abs( ) pre ? post ? z :  r :  z<0  r = -z  z  0  r = z TRUE

An absolute function defined explicitly abs:    abs(z) ∆if z < 0 then -z else z

Two special functions The state invariant and initialisation

inv  State Returns true if the state meets global constraint and false otherwise

Adding a state invariant into the IncubatorMonitor system inv ?  ? -10 Celsius TEMPERATURE +10 Celsius

Adding a state invariant into the IncubatorMonitor system inv mk-IncubatorMonitor( t )  ? -10 Celsius TEMPERATURE +10 Celsius

Adding a state invariant into the IncubatorMonitor system inv mk-IncubatorMonitor(t)  MIN  t  MAX -10 Celsius TEMPERATURE +10 Celsius

init  State Returns true if the correct initial values have been given to the state and false otherwise

Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init ?  ?

Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init mk-IncubatorMonitor(t)  ?

Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init mk-IncubatorMonitor(t)  t = 5

The modified state specification values MAX :  = 10 MIN :  = -10 state IncubatorMonitor of temp :  inv mk-IncubatorMonitor(t)  MIN  t  MAX init mk-IncubatorMonitor(t)  t = 5 end

Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer

IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer Signal is an enumerated type

A standard method of marking a UML class as an enumerated type is to add > above the type name: Enumerated types in UML > Signal INCREASE DECREASE DO_NOTHING

In VDM-SL the types clause is the appropriate place to define new types. Enumerated types in VDM-SL types Signal = < INCREASE >|< DECREASE >|< DO_NOTHING > values ….. state ….. end

The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x :  ‘x’ must be a natural number

The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [  ] ‘x’ can be a natural number or nil

The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [  ] When the incubator system first comes into being, the actual and requested values will be undefined, and must therefore be set to nil.

Specifying the IncubatorController state state IncubatorController of requestedTemp : ? actualTemp : ? IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

Specifying the IncubatorController state state IncubatorController of requestedTemp :  actualTemp :  IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

Specifying the IncubatorController state state IncubatorController of requestedTemp : [  ] actualTemp : [  ] IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

The invariant inv mk-IncubatorController (r, a)  MIN  r  MAX state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees

The invariant inv mk-IncubatorController (r, a)  MIN  r  MAX state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees The requested temperature could be nil r = nil

The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees The requested temperature could be nil (MIN  r  MAX  r = nil)

The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil) MIN  a  MAX

The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil)MIN  a  MAX The actual temperature could be nil a = nil

The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil)(MIN  a  MAX  a = nil) The requested temperature must be in the range of -10 to +10 degrees The actual temperature could be nil The requested temperature could be nil

The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] (MIN  r  MAX  r = nil)(MIN  a  MAX  a = nil) 

Improving the readability of the spec by using a function inRange( ) pre post val :  result :  result  MIN  val  MAX TRUE inv mk-IncubatorController (r, a)  (inRange(r)  r = nil)  (inRange(a)  a = nil)

The initialisation function init mk-IncubatorController (r, a)  r = nil  a = nil

Specifying the setInitialTemp operation setInitialTemp( ) ext pre post tempIn :  wractualTemp : [  ] actualTemp = tempIn inRange(tempIn)actualTemp = nil 

The requestChange operation requestChange( ) ext pre post tempIn :  signalOut : Signal requestedTemp : [  ]wr actualTemp : [  ]rd requestedTemp = tempIn ( )  signalOut = < INCREASE > signalOut = < DECREASE > signalOut = < DO_NOTHING > tempIn < actualTemp  tempIn > actualTemp  tempIn = actualTemp    actualTemp  nil  inRange(tempIn)

The increment operation increment () ext pre post signalOut : Signal requestedTemp : [  ] rd actualTemp : [  ] wr actualTemp = actualTemp + 1 signalOut = < INCREASE> signalOut = < DO_NOTHING> ( )   actualTemp < requestedTemp  actualTemp = requestedTemp  actualTemp < requestedTemp  requestedTemp  nil  actualTemp  nil

The getRequestedTemp operation getRequestedTemp() ext pre post currentRequested : [  ] requestedTemp : [  ] rd currentRequested = requestedTemp TRUE

The getActualTemp operation getActualTemp() ext pre post currentActual : [  ] actualTemp : [  ] rd currentActual = actualTemp TRUE

A standard template for VDM-SL specifications types SomeType = ….. values constantName : ConstantType = someValue state SystemName of attribute1 : Type : attributen : Type inv mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) init mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) end functions specification of functions..... operations specification of operations.....