Algebraic Specification

Algebraic Specification
Marija Rakic Roshanak Roshandel 11/13/2018 CS599 - Formal Methods in SW Architectures

CS599 - Formal Methods in SW Architectures
11/13/2018 CS599 - Formal Methods in SW Architectures

OBJ3 Entities Objects – encapsulates executable code Theories – defines properties that may (or may not) be satisfied by another object or theory Views – bindings of entities declared in some theory to entities in some other module, as well as an assertion that the other module satisfies the properties declared in the theory OBJ program is conceptually a graph of modules 11/13/2018 CS599 - Formal Methods in SW Architectures

OBJ3 Objects Strong sorting and subsorts Operation and Expression syntax Equations and Semantics Operational Semantics is Reduction Denotational Semantics Exceptions Attributes Order of evaluation Propositional calculus 11/13/2018 CS599 - Formal Methods in SW Architectures

Object Obj BITS is … Endo. Sorting – same as types Unsorted logic –too permissive First-name(not(age(3*false))) iff 2*(birthplace(temperature(329)) Sorts in OBJ -> OSA (Order Sorted Algebra) sorts (SortIdList). -> sorts Nat Int Rat. subsort(SortId1)<(SortId2) 11/13/2018 CS599 - Formal Methods in SW Architectures

Operation and Expression Syntax
op (OpForm) : (SortIdList) -> (SortId) . op top_:Stack ->Int; op if_then_else_fi :Bool Int Int ->Int obj BITS is sorts Bit Bits. subsorts Bit < Bits. ops 0 1 : ->Bit. op _._ : Bit Bits -> Bits. Endo. 11/13/2018 CS599 - Formal Methods in SW Architectures

Equations and Semantics
Equations: eq (Exp1)=(Exp2). Cond. Eq. :cq (Exp1)=(Exp2) if (Bexp). Variables: vars (VarIdList):SortId. 11/13/2018 CS599 - Formal Methods in SW Architectures

Reduction obj LIST_OF_INT is sort List. protecting INT. subsort Int<List. op _ _:Int List -> List. op length_:List->Int. var I:Int. var L: List. eq length I=1. eq length (I L)=1+ length(L). endo. reduce length (17 –4 329) length(17 –4 329)=> 1+length(–4 329)=> 1+(1+ length(329))=> 1+(1+1)=> 1+2=> 3 11/13/2018 CS599 - Formal Methods in SW Architectures

Exceptions (-4/-2)! – does not parse since parser doesn’t know to what will it evaluate (Rat or Nat) Parser can insert retract – special operation symbol (r: Rat>Nat) removed at runtime if the subexpression evaluates to Nat but otherwise remains behind as informative error message. 11/13/2018 CS599 - Formal Methods in SW Architectures

Exceptions – Example obj STACK_OF_NAT is sorts Stack NeStack. subsort NeStack<Stack. protecting NAT. op empty: -> Stack. op push:Nat Stack->NeStack. op top_: NeStack-> Nat. op pop_: NeStack-> Stack. var X:Nat. var S: Stack. eq top push(X,S)=X. eq pop push(X,S)=S. endo Reduce top push(1, empty) Should be 1 Reduce pop push(1, empty) Should be empty Reduce top empty Yields: Result Nat:top r:Stack>NeStack(empty) 11/13/2018 CS599 - Formal Methods in SW Architectures

Attributes op _or_: Bool Bool -> Bool [assoc id:false] Or is an associative binary infix operation on truth values op _+_: Int Int->Int [assoc comm id:0 prec 33] Precedence of an operation is a number (0-127) where lower value indicates tighter binding. obj LIST_OF_INT is sort List. protecting INT. subsort Int<NeList<List. op nil: ->List; op _ _:List List -> List [assoc id:nil]. op _ _:NeList List -> NeList [assoc]. endo. Reduce 0 nil 1 nil 3. 0 nil 1 nil 3 => 0 1 nil 3=> 0 1 3 11/13/2018 CS599 - Formal Methods in SW Architectures

Hierarchical structure
Conceptual clarity – breaking a program into modules (1988) Many modules - hierarchical structure of module dependency explicit (if the module uses sorts or operations declared in another , the other must be imported explicitly in the first, and must be defined earlier in program text) Importing modules: Using Extending (ModExp)-module expression such as INT Protecting 11/13/2018 CS599 - Formal Methods in SW Architectures

Parameterized programming
Maximize reuse of software trough systematic use of parameterized programming. Successful software reuse: Finding old parts that are close enough to what you need Understanding those parts Getting them to do what you need now Putting them all together correctly. (nothing new in this section) – like templates in C++ 11/13/2018 CS599 - Formal Methods in SW Architectures

Theories Express properties of modules and module interfaces OBJ3 theories have the same structure as objects. Difference is that the objects are executable, while theories only define properties. Example: partially ordered sets (“<“ is anti-reflexive and transitive) th POSET is sort Elt. op _<_: Elt Elt ->Bool. vars E1 E2 E3 : Elt. eq E1 < E1 =false. cq E1 < E3=true if E1<E2 and E2<E3. endth. th EQV is sort Elt. op _eq_: Elt Elt ->Bool [comm]. vars E1 E2 E3 : Elt. eq (E1 eq E1) =true. cq (E1 eq E3)=true if (E1 eq E2) and (E2 eq E3). endth. 11/13/2018 CS599 - Formal Methods in SW Architectures

Views A object can satisfy a theory in more than one way, but that can be arbitrarily hard to find. A view V from a theory T to a module M indicated V:T=>M consists of a mapping from the sorts of T to the sorts of M preserving the subsort relation and a mapping from the operations of T to the operations of M preserving sort, and attributes such that every equation in T is true of every model of M view NATG from POSET to NAT is sort Elt to Nat. op _<_ to _>_. endv. This view interprets _<_ in POSET as _>_ in NAT. 11/13/2018 CS599 - Formal Methods in SW Architectures

Instantiation Parametrized object LEXL[X::POSET] can be instantiated with a : make LEXL_NATG is LEXL[NATG] endm. Also: make STACK_OF_LIST_OF_RAT is STACK[LIST[RAT]] endm. 11/13/2018 CS599 - Formal Methods in SW Architectures

Tools Kumo - UCSD - is a web-based proof assistant, having the following features: Kumo assists with proofs in first order hidden logic, using OBJ3 as a reduction engine. Kumo generates proof documentation for the web Kumo supports distributed cooperative proving. Users can send proof parts to the other members in the same group, and receive proof parts from them. The BOBJ (for Behavioral OBJ) language extends OBJ3 by adding behavioral modules for behavioral specification of objects (i.e., state machines), and first order sentences for modules with loose semantics. 11/13/2018 CS599 - Formal Methods in SW Architectures

OBJ3 in SW Engineering TOOR: A System for Tracing Object Oriented Requirements Based on OBJ3 For formal specification of requirements and their tracing. The idea is to specify the objects that can take part in a software development process, use TOOR to input these objects as they are created, and then trace requirements, making use of the relations among the current collection of objects. In this approach requirements are also objects OOZE: An Object Oriented Z Envirnoment OOZE is an object oriented environment for Z, built on top of the FOOPS system, which in turn is built in top of the OBJsystem 11/13/2018 CS599 - Formal Methods in SW Architectures

The Larch Family of Specification Languages Parameterized programming in LILEANNA Roshanak Roshandel 11/13/2018 CS599 - Formal Methods in SW Architectures

What is Larch? Family of Specification Languages Specification components: Larch Interface Language – particular to specific PL Larch Shared Language – common to all languages LIL: tailored to a programming language LSL: an algebraic language 11/13/2018 CS599 - Formal Methods in SW Architectures

Some Aspects of Larch Languages
Composability. Incremental construction of specifications from other specifications Emphasis on Presentation. Readable. Larch composition mechanisms are operations on specification, rather than on theories or models. Suitability for integrated interactive tools. Good for interactive construction and incremental checking of specs. Semantic Checking. Checking of specs when they are being constructed. (i.e. theorem prover for semantic checking) 11/13/2018 CS599 - Formal Methods in SW Architectures

And Some More… Localized programming language dependencies. Each LIL encapsulates features needed to write specifications in a particular Programming Language and incorporates LSL in a uniform way. 11/13/2018 CS599 - Formal Methods in SW Architectures

Trait: is the basic unit of specification in LSL. It introduces operators and specifies their properties. Sometimes collection of operators correspond to an ADT. Theory: is a set of theorems that can be proved about the terms defined in a trait. Theory contains equations and inequation (~(true = false)) that can be proved by substituting equal for equal. BUT, if 2 terms can not be proven to be equal then they are not necessarily unequal. Also if two terms are not provably unequal, it does not mean they are equal. 11/13/2018 CS599 - Formal Methods in SW Architectures

… Two-tiered specification in Larch Implementation
Program unit Interface spec Root trait Trait Implementation Programming Language L Larch Interface Language (Larch/L) Local Specification Incorporates (includes, imports, or assumes) satisfies Based on Larch shared language Two-tiered specification in Larch 10/12/00

Signature: domains and range of the operators used for sort-check (similar to type-check in PL). Constraints: limit the operators by means of equations that relate the terms containing them. 11/13/2018 CS599 - Formal Methods in SW Architectures

TableSpec: trait introduces new: – Table add: Table,Index,Val – Table #έ#: Index, Table – Bool eval: Table,Index – Val isEmpty: Table – Bool size: Table – Card Constrains new, add, έ, eval, isEmpty, size so that for all [ind, ind1 :Index, val: Val, t:Table] eval (add(t, ind, val), ind1) = if ind = ind1 then val else eval(t, ind1) ind έ new = false ind έ add(t,ind1,val) = (ind = indl) | (ind έ t) size (new) = 0 size(add(t,ind,val))= if ind έ t then size(t) else size(t)+1 isEmpty(t) = (size(t) = 0) 11/13/2018 CS599 - Formal Methods in SW Architectures

Container: trait introduces new: – C insert: C, E – C Constrains C so that C generated by [new, insert] IsEmpty: trait assumes Container introduces IsEmpty: C – Bool constrains IsEmpty, new, insert so that for all [c:C, e:E] IsEmpty(new) = true IsEmpty(insert(c,e)) = false implies converts [IsEmpty] Next: trait introduces next C – E constrains next insert so that for all [e:E} next(insert(new,e)) = e exempts next(new) 11/13/2018 CS599 - Formal Methods in SW Architectures

Rest: trait assumes Container introduces rest C – C constrains rest insert so that for all [e:E} rest(insert(new,e)) = new exempts rest(new) Size: trait imports Cardinal introduces size C – Card constrains size so that size(new) =0 Enumerable: trait includes Container, Next, Rest, IsEmpty constrains C so that C partitioned by[next,rest,IsEmplty] Partitioned by If Next(t1) = Next (t2), Rest(t1) = Rest(t2), IsEmpty(t1) = IsEmpty(t2) then t1=t1 11/13/2018 CS599 - Formal Methods in SW Architectures

Larch Interface Languages
Interface specification describe program units to be implemented. Role of LSL traits is to define the theories that give meaning to operators that appear in the Interface specification. Particular to the programming language, and influenced by them. 11/13/2018 CS599 - Formal Methods in SW Architectures

Type Specification in LIL
Header giving the type name and the names of externally visible routines. Associated traits and a mapping from the types in the data abstraction to sorts in the traits. The Interface specification for each routine (procedure or function) of a type. 11/13/2018 CS599 - Formal Methods in SW Architectures

Preliminary design of Larch/Java
LIL for C, ADA, Modula-3 C++, Smalltalk Generic Interface Language for new languages preliminary proposal for Larch/CORBA-IDL Larch/JAVA from C++ Supports concurrency Synchronization (when) myID (client), lock, waiting set (thread and mutual exclusion) 11/13/2018 CS599 - Formal Methods in SW Architectures

Larch/Java for Software Architecture
Design of the structure of a software system, including its overall behavior and its decomposition in simpler computational elements. Software architecture Components, Connectors, Configurations 11/13/2018 CS599 - Formal Methods in SW Architectures

Ports: Interface between each component and its environment Roles: Interaction point among participating components component: trait includes Set(iport, Set[iport]), Set (oport, Set[oport]) component tuple of inports:Set[iport], outports:Set[oport] connector:trait includes Set(irole, Set[irole]}, Set (orole, Set[orole]) connector tuple of inroles:Set[irole], outroles:Set[orole] 11/13/2018 CS599 - Formal Methods in SW Architectures

Client-Server architecture
Client:trait includes component, Queue(data, inputstream) Queue(data, outputstream); Client tuple of comp:component,inputs:inputstream, outputs:outputstream introduces Initclient: -> Client Isconnected: Client -> Bool IsValid: Client -> Bool asserts \forall c: Client IsValid(c) == size(c.comp.inports) =1 /\ size(c.comp.outports) = 1; 11/13/2018 CS599 - Formal Methods in SW Architectures

Server:trait includes component, Queue(data, inputstream) Queue(data, outputstream); Server tuple of comp:component, inputs: inputstream, outputs:outputstream introduces Initserver: -> Server Isconnected: Server -> Bool 11/13/2018 CS599 - Formal Methods in SW Architectures

Rpc: trait includes connector, Queue(data, inputstream) Queue(data, outputstream); Rpc tuple of conn:connector, inputs: inputstream, outputs:outputstream introduces Initrpc: -> Rpc Initinputstream: -> inputstream Initoutputstream: -> outputstream IsValid: Rpc -> Bool asserts \forall r: Rpc IsValid(r) == size(r.conn.inroles) =1 /\ size(r.conn.outroles) = 1; 11/13/2018 CS599 - Formal Methods in SW Architectures

The LIL specification modules describe the functional behavior of each component. Client: responsible for starting the communication and the retrieval of result data. Server: listens for incoming requests; services a client as soon as possible. RPC connector: sets up the connection for the exchange of data between the client and the server. Java socket interface is used as protocol of communication between hosts on the network. The LIL modules for the Server component and the RPC connector are developed. 11/13/2018 CS599 - Formal Methods in SW Architectures

Notes LSL is used to specify a theory, rather than a model. LIL are built around predicate calculus rather than an operational notation. Larch specifications are less prone to implementation bias. LSL has mechanisms for building one specification from another (assumes, includes, imports) and to insert checkable redundancy (constraints, converts). LIL does not have corresponding mechanism. 11/13/2018 CS599 - Formal Methods in SW Architectures

More notes Larch semantics are simple: Operators and sorts in the shared specifications are treated as “auxiliary” and are never implemented. Issues that are dealt with in LIL are not dealt with in LSL. Larch was fun! 11/13/2018 CS599 - Formal Methods in SW Architectures

LIL + ANNA in a tiny Nutshell
An implementation of LIL (Library Interconnect Language), a MCL (Module Composition Language) Parameterized programming paradigm Language for formally specifying and generating Ada packages. 11/13/2018 CS599 - Formal Methods in SW Architectures

What sets reusable software apart is how it is put together!
Design and development of parameterized components and software architecture Layered architectures Integrate (glue) the instantiated components together to form new capabilities. Module expressions 11/13/2018 CS599 - Formal Methods in SW Architectures

Introduction Supports: Parameterized programming in Ada by introducing: Vertical and horizontal structuring and composition of applications through multiple inheritance and module expressions. theories views And enhancing: package specifications 11/13/2018 CS599 - Formal Methods in SW Architectures

LILEANNA package: template for actual Ada package specifications. Theory: high level abstraction to describe a module’s syntactical and semantic of interface or properties of parameters. View: mapping between types, operations and exceptions. Vertical hierarchy: levels of abstraction and /or stratification Horizontal hierarchy : aggregation and inheritance (type and code) 11/13/2018 CS599 - Formal Methods in SW Architectures

Module semantics: Expressed as a set of individual assertions or as a whole axiomatically. Operations explained in terms of other operations (axioms) Functionality expressed in terms of pre- and post cond. make Integer_set is LIL_Set[Integer_view] End; view Integer_View :: Triv => Standard is types (Element => Integer); 11/13/2018 CS599 - Formal Methods in SW Architectures

View can be given a name and reused in other instantiation Make Integer_set is LIL_Set [view Triv => Standard is types (Element => Integer);] End; 11/13/2018 CS599 - Formal Methods in SW Architectures

Comparison of MILs LILEANNA, MIL75, Thomas’s MIL, Cooprider’s MIL, INTERCOL and PIC Units of Modularization, Version/Implementation Control, Implementation/Dependency relationship, Export/Interface definition. Only LIL provides inheritance as a structuring mechanism, supports both syntactic and semantic spec. of a module interface, and has a module parameterization and generation capability. Other MILs have toolsets providing more static analysis of dependency conflicts. 11/13/2018 CS599 - Formal Methods in SW Architectures

THE END! 11/13/2018 CS599 - Formal Methods in SW Architectures

Algebraic Specification

Similar presentations

Presentation on theme: "Algebraic Specification"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Algebraic Specification

Similar presentations

Presentation on theme: "Algebraic Specification"— Presentation transcript:

Similar presentations

About project

Feedback