Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods in Software Engineering

Published byMelissa Flowers Modified over 6 years ago

Similar presentations

Presentation on theme: "Formal Methods in Software Engineering"— Presentation transcript:

1 Formal Methods in Software Engineering
Saima Zareen

2 Assignment Alpha group
A software system is to be developed to manage the records of patients who enter a clinic for treatment. The records include records of all regular patient monitoring (temperature, blood pressure, etc.) treatments given, patient reactions and so on. After treatment, the records of their stay are sent to the patient’s doctor who maintains their complete medical record. Identify the state variables and design an AMN.

3 Date of submission Before next lecture Evaluation policy
Individual assignment Copied assignments shall be marked ZERO

4 Assignment Omega group
An automated ticket-issuing system sells rail tickets. Users select their destination and input a credit card and a personal identification number. The rail ticket is issued and their credit card account charged. When the user presses the start button, a menu display of potential destinations is activated, along with a message to the user to select a destination. Once a destination has been selected, users are requested to input a personal identifier. When the credit transaction has been validated, the ticket is issued.

5 Date of submission Before next lecture Evaluation policy
Individual assignment Copied assignments shall be marked ZERO

6 Query Operations A query operation is one which provides some information as output about the state of the machine, but does not alter the state. The body of the a query operation will typically consist of a number of assignments to output variables, but with no assignments to any of the state variables. Query operations may also have input variables.

7 Query Operations contd..
Query operations are always consistent with the invariant. There are never any proof obligations associated with query operations of a machine.

8 MACHINE parameters All machines in a development must have different names. Parameters must be listed after the name of the machine. Two kinds of parameters. Set valued Written in uppercase Parameter must be instantiated with a non empty set when the machine is used. Scalar valued Written in lowercase

9 MACHINE parameters contd..
E.g. MACHINE Store(ITEM) ITEM as a type in its other clauses in the same way that N and N1 are available as types for variables. Scalar value parameter must be instantiated with a scalar value. The club machine has one parameter, capacity and so this is declared as follows: MACHINE club(capacity) Its type N1 is not given with the parameter, but will instead be given in the CONSTRAINTS clause.

10 CONSTRAINTS CONSTRAINTS clause provides explicit information about any further restrictions on the values of the parameters. It must include type information about any scalar parameters, either as one of the set parameters, that is also passed. CONSTRAINT clause may also contain any other information about parameters. It bears the same relationship to machine parameters as the INVARIANT clause does to the machine variables.

11 CONSTRAINTS contd.. E.g CONSTRAINTS capacity € N1 ⋀ capacity ≤ 4096

12 RECAP My name is …………………… I remember ………………….

13 SETS in addition passing sets to a machine via its parameters, other types can be introduced into a specification by explicitly listing them in the SETS clause. They are written in uppercase. Sets introduced might simply be named without any further information being provided, deferring their definition until some later stage of the development. E.g. SETS REPORT={yes, no};NAME

14 CONSTANTS Names of the constants that are to be used within the machine. Their type must be given in the properties clause. Constants can be of any type that is known to the machine: Types introduced through sets Provided as parameters Standard types such as N Type constructors such as the powerset constructor P, the product constructor x

15 CONSTANTS contd.. E.g. CONSTANTS total

16 PROPERTIES Describes the conditions that must hold on the sets and constants described in those two clauses. These can be related to the parameters that are passed to the machine. For example in the club machine the size of the set NAME introduced in the SETS clause is bounded below by the parameter capacity. E.g. PROPERTIES card(NAME)>capacity ⋀total €N1 ⋀ capacity< total

17 PROPERTIES contd.. Parameters instantiations for the sets and constants should meet the PROPERTIES clause.

18 Context Parameters, constants, sets, properties define the particular behavior of the machine known as framework or context. The visibility between the items can be introduced into a machine description and the information about those items. The invariant and the various operations can refer to any of the parameters, sets, and constants as appropriate. On the other hand the constraints can refer to only parameters The properties can refer to the parameters, sets and constants.

19 Visibility of items in a machine description

20 Context of the Club machine

21 The clauses of machine

22 Proof obligations for CONSTRAINTS
If C describes the constraints on the parameters of the machine, then there should be some values of the parameters p that meet these constraints. Otherwise it will never be possible to successfully invoke any instantiation of the machine. Proof obligation ∃p.C ∃ capacity.(capacity €ℕ1 ⋀ capacity ≤4096)

23 Proof obligation for PROPERTIES
Given the constraints of parameters are satisfied, It is necessary to ensure that there will always be sets ST and constants k that meet the PROPERTIES clause B. C=> ST, k.B Whenever C is true then parameters are acceptable. In the club machine the proof obligation is Capacity €ℕ1⋀ capacity ≤4096 =>∃ NAME,REPORT, total.(card(NAME))> capacity ⋀ total € ℕ1 ⋀ total > 4096.

24 Proof obligation for INVARIANT
It should allow at least one legitimate state of the machine. The values of the parameters, sets, and constants need to be taken into account. Once the parameters, sets, and constants are all provided, the constraints C and properties B are true. Under these conditions the machine should have at least one state A setting of its variables v Which satisfies its invariant I.

25 Proof obligation for INVARIANT
B ⋀ C=>∃v. I

26 Proof obligations for INITIALIZATION and OPERATIONS
It is necessary that the initialization T is guaranteed to establish the invariant I, under the assumption that C and B hold that the context of the machine is satisfactory. B⋀C=>[T]I It is necessary to prove that all operations PRE p THEN S END preserve the invariant, gain under the assumption that C and B hold. When an operation is called appropriately the invariant I will be true.

27 Proof obligations for INITIALIZATION and OPERATIONS
Its precondition should also be true otherwise the user has no right to call the operation. B and C are known to be static part of the machine description. (B^C^I^P)=>[S]I If I and P are true then the operation should be guaranteed to establish I again.

28 Summary AMN can contain parameters and these parameters are defined in Constraint, SETS and PROPERTIES Clause. We call them as the context of the AMN. In order to find the consistency of the AMN, its proof obligations need to be re-visited in terms of CNSTRAINT, PROPERTIES and INVARIANT clauses.

Download ppt "Formal Methods in Software Engineering"

Similar presentations

Chapter 4: Requirements Engineering

Chapter 4: Requirements Engineering
Introduction to Defining Classes. Objectives: Design and implement a simple class from user requirements. Organize a program in terms of a view class.

Introduction to Defining Classes. Objectives: Design and implement a simple class from user requirements. Organize a program in terms of a view class.
Computer ScienceSoftware Engineering Slide 1 Requirements/Projects l FAA story l Requirements – specify functionality, constraints, domain restrictions.

Computer ScienceSoftware Engineering Slide 1 Requirements/Projects l FAA story l Requirements – specify functionality, constraints, domain restrictions.
Formal Methods in Software Engineering

Formal Methods in Software Engineering
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.

Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.
IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 12 – 11 – 2011 College Of Computer Science and Information, Information Systems.

IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 12 – 11 – 2011 College Of Computer Science and Information, Information Systems.
Unit 251 Summary  Requirements may be represented in itemized format or in visual modeling (UML). Once the complete set of requirements are in our hand,

Unit 251 Summary  Requirements may be represented in itemized format or in visual modeling (UML). Once the complete set of requirements are in our hand,
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Weakest pre-conditions and towards machine consistency Saima Zareen.

Weakest pre-conditions and towards machine consistency Saima Zareen.
Programming Logic and Design Fourth Edition, Introductory

Programming Logic and Design Fourth Edition, Introductory
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Copyright W. Howden1 Lecture 13: Programming by Contract.

Copyright W. Howden1 Lecture 13: Programming by Contract.
Chapter 11: Classes and Data Abstraction

Chapter 11: Classes and Data Abstraction
Describing Syntax and Semantics

Describing Syntax and Semantics
Java Methods By J. W. Rider. Java Methods Modularity Declaring methods –Header, signature, prototype Static Void Local variables –this Return Reentrancy.

Java Methods By J. W. Rider. Java Methods Modularity Declaring methods –Header, signature, prototype Static Void Local variables –this Return Reentrancy.
VIENNA DEVELOPMENT METHOD -II. Improving the Incubator System  The software will not only record the current temperature of the system, but will also.

VIENNA DEVELOPMENT METHOD -II. Improving the Incubator System  The software will not only record the current temperature of the system, but will also.
Analyzing the Requirements with Formal Specifications Vienna Development Method Specification Language (VDM-SL) Book: Formal Software Development From.

Analyzing the Requirements with Formal Specifications Vienna Development Method Specification Language (VDM-SL) Book: Formal Software Development From.
© The McGraw-Hill Companies, 2006 Chapter 4 Implementing methods.

© The McGraw-Hill Companies, 2006 Chapter 4 Implementing methods.
A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.

A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.

Similar presentations

Ads by Google