Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Basic elements of a formal model Having explored the logic of VDM-SL, we go on to introduce the main data types and operators of the language. Recall.

Published byEvangeline Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Basic elements of a formal model Having explored the logic of VDM-SL, we go on to introduce the main data types and operators of the language. Recall."— Presentation transcript:

1 1 Basic elements of a formal model Having explored the logic of VDM-SL, we go on to introduce the main data types and operators of the language. Recall that a formal model is formed from type definitions and function definitions. The representation of data is therefore crucial to developing a useful formal model. Defining types and operators: total and partial operators The Traffic light control kernel: Quote types Type union Composite types Token types

2 2 Defining a type To define a type we need: a type symbol a way of writing values operators to manipulate values For each operator, we give a signature, e.g. + : nat * nat -> nat

3 3 Defining a typePartial Operators An operator op : T1 *... * Tn -> R is said to be total if, for any a1:T1,... an:Tn, the expression op(a1,..., an) is defined. If there exists some b1:T1,...,bn:Tn for which op(b1,...,bn) is undefined, op is said to be a partial operator. We avoid applying partial operators to values on which they are undefined!

4 4 Basic Types Type Symbol nat nat1 int real char bool token quote Values Natural numbers nat excluding 0 Integers Real Numbers Characters Booleans Structureless tokens Named quote values Example Values 0, 1, 2, … 1, 2, 3, … …,-1,0,1,2,… -23.334 ‘g’, ‘@’ true, false Not applicable, Operators +,-,*,/,… =, <> and, or, … =, <>

5 5 Type Constructors | Union types [_] Optional types :: Record types set of _ Finite sets seq of _ Finite sequences map _to _ Finite mappings Examples:

6 6 Traffic light controller kernel

7 7 Traffic light controller kernel Safety Requirements S1: If two paths conflict, then it must always be the case that the light on one of the conflicting paths is red. S2: There must be a delay of at least 5 seconds between a light turning red and the light in the conflicting direction turning green. S3: There must be a delay of at least 5 seconds between a light turning amber and the light turning red. Red Amber Green

8 8 Traffic light controller kernel Union & Quote Types Light = is a type containing one value, also called (a quote type). Thus: : Light : We can only compare quote literals by equality/inequality: x,y : Light x = y x <> y | |

9 9 Traffic light controller kernel Numeric Types Time = Is there an invariant on the time? real

10 10 Traffic light controller kernel Numeric Types Time = Is there an invariant on the time? real Time = real inv t == t > 0

11 11 Traffic light controller kernel Token Type Path = The token type is used when we do not need the details of the representation of a particular type. Values of token types may be compared only by = and <>. token

12 12 Traffic light controller kernel Token Type Constants are called values in VDM-SL: values p1 : Path = mk_token(“A1North”) p2 : Path = mk_token(“A1South”) p3 : Path = mk_token(“A66East”) p4 : Path = mk_token(“A66West”) Note that we can represent token values by using the “ mk_token ” constructor and an arbitrary value between the parentheses. Strictly speaking, this is an extension to the ISO Standard VDM-SL, which states that values of the type token can not be inspected or constructed.

13 13 Traffic light controller kernel Record Types Conflict :: path1 : Path path2 : Path Constructor mk_Conflit e.g. mk_Conflit(mk_token(“A1North”), mk_token(“A2”)) Selectors e.g. c.path1 c.path2 Invariant: A path is not in conflict with itself.

14 14 Traffic light controller kernel Record Types Conflict :: path1 : Path path2 : Path Invariant: A path is not in conflict with itself. inv c == c.path1 <> c.path2 Or inv mk_Conflict(p1,p2) == p1 <> p2

15 15 Traffic light controller kernel Record Types Kernel :: lights : conflicts : Example values: conflicts: set of Conflict = { mk_Conflict(p1,p3), mk_Conflict(p1,p4), mk_Conflict(p2,p3), mk_Conflict(p2,p4), mk_Conflict(p3,p1), mk_Conflict(p4,p1), mk_Conflict(p3,p2), mk_Conflict(p4,p2)}

16 16 Traffic light controller kernel Record Types An example value for the lights component of a Kernel : lights : map Path to Light = { p1 |->, p2 |->, p3 |->, p4 |-> }

17 17 Traffic light controller kernel Record Types An invariant on Kernel : Kernel :: lights : map Path to Light conflicts : set of Conflict inv mk_Kernel(ls,cs) == --The conflicting paths must have lights -- One of the paths in each conflict must have a red light -- The set of conflicts is symmetric

18 18 Traffic light controller kernel Record Types An invariant on Kernel : Kernel :: lights : map Path to Light conflicts : set of Conflict inv mk_Kernel(ls,cs) == --The conflicting paths must have lights forall c in set cs & c.path1 in set dom ls and c.path2 in set dom ls -- One of the paths in each conflict must have a red light forall c in set cs & ls(c.path1) = or ls(c.path2) = -- The set of conflicts is symmetric forall c in set cs & mk_Conflit(c.path2,c.path1) is in set cs

19 19 Traffic light controller kernel Functions f: T1 *... * Tn -> R f(a1,…,an) == expression defining result pre logical (Boolean) expression of assumptions ToGreen: Path * Kernel -> Kernel ToGreen(p, mk_Kernel(lights,conflicts)) == The functions for the other colours are similar. But are there any preconditions?

20 20 Traffic light controller kernel Functions ToGreen: Path * Kernel -> Kernel ToGreen(p, mk_Kernel(lights,conflicts)) == mk_Kernel( lights ++ { p |-> }, conflicts) pre -- p has a light! p in set dom lights -- p’s light is red! lights(p) = -- all paths conflicting with p have red lights forall con in set conflicts & p = con.path1 => lights(con.path2) =

21 21 Traffic light controller kernel Functions ToRed: Path * Kernel -> Kernel ToRed(p, mk_Kernel(lights,conflicts)) == mk_Kernel( lights ++ { p |-> }, conflicts) pre p in set dom lights and lights(p) = ToAmber: Path * Kernel -> Kernel ToAmber(p, mk_Kernel(lights,conflicts)) == mk_Kernel( lights ++ { p |-> }, conflicts) pre p in set dom lights and lights(p) =

22 22 Traffic light controller kernel Adding time Kernel :: lights : map Path to Light conflicts : set of Conflict lastch : map Path to Time inv mk_Kernel(ls,cs,lc) == dom ls = dom lc and forall c in set cs & mk_Conflict(c.path2, c.path1) in set cs and c.path1 in set dom ls and c.path2 in set dom ls and (ls(c.path1) = or ls(c.path2) = )

23 23 Traffic light controller kernel Adding time ToGreen: Path * Kernel * Time -> Kernel ToGreen(p, mk_Kernel(lights,conflicts,lastch),clock) == mk_Kernel( lights ++ { p |-> }, conflicts, lastch ++ { p |-> clock}) pre p in set dom lights and lights(p) = and forall con in set conflicts & p = con.path1 => ( lights(con.path2) = and clock-lastch(con.path2) >= 5 )

24 24 Traffic light controller kernel Adding time ToRed: Path * Kernel * Time -> Kernel ToRed(p, mk_Kernel(lights,conflicts,lastch),clock) == mk_Kernel( lights ++ { p |-> }, conflicts, lastch ++ { p |-> clock}) pre p in set dom lights and lights(p) = and clock-lastch(p) >= 5

25 25 Traffic light controller kernel Adding time ToAmber: Path * Kernel * Time -> Kernel ToAmber(p, mk_Kernel(lights,conflicts,lastch),clock) == mk_Kernel( lights ++ { p |-> }, conflicts, lastch ++ { p |-> clock}) pre p in set dom lights and lights(p) =

26 26 Traffic light controller kernel Review Requirements S1: If two paths conflict, then it must always be the case that the light on one of the conflicting paths is red. * Considered in the invariant of type Kernel S2: There must be a delay of at least 5 seconds between a light turning red and the light in the conflicting direction turning green. * Considered in precondition of function ToGreen S3: There must be a delay of at least 5 seconds between a light turning amber and the light turning red. * Considered in precondition of function ToGreen

27 27 Traffic light controller kernel Optional Types Light = | | LightFail = [Light]

28 28 Summary Defining a type: give type symbol, methods for expressing values and operators. Operators may be total or partial. Avoid application of partial operators outside their domains. Basic types: numerics, characters, Booleans, tokens, quote types Type constructors: union, records, optionals, finite sets, sequences and mappings.

Download ppt "1 Basic elements of a formal model Having explored the logic of VDM-SL, we go on to introduce the main data types and operators of the language. Recall."

Similar presentations

Introduction to Proofs

Introduction to Proofs
Z -Toolkit Z specification language is based on formal system: –Propositional and predicate calculus –Set theory –Relations and –Functions Thus Z offers.

Z -Toolkit Z specification language is based on formal system: –Propositional and predicate calculus –Set theory –Relations and –Functions Thus Z offers.
Programming Languages and Paradigms The C Programming Language.

Programming Languages and Paradigms The C Programming Language.
1 Modelling using sets Sets: The finite set type constructor Value definitions: enumeration, subrange, comprehension Operators on sets Case Study: the.

1 Modelling using sets Sets: The finite set type constructor Value definitions: enumeration, subrange, comprehension Operators on sets Case Study: the.
Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.

Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Regular Expressions Finite State Automaton. Programming Languages2 Regular expressions  Terminology on Formal languages: –alphabet : a finite set of.

Regular Expressions Finite State Automaton. Programming Languages2 Regular expressions  Terminology on Formal languages: –alphabet : a finite set of.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Constants and Data Types Constants Data Types Reading for this class: L&L, 2.2-2.3.

Constants and Data Types Constants Data Types Reading for this class: L&L,
Data Types in Java Data is the information that a program has to work with. Data is of different types. The type of a piece of data tells Java what can.

Data Types in Java Data is the information that a program has to work with. Data is of different types. The type of a piece of data tells Java what can.
Compiler Construction

Compiler Construction
©2004 Brooks/Cole Chapter 2 Variables, Values and Operations.

©2004 Brooks/Cole Chapter 2 Variables, Values and Operations.
Discrete Structures Chapter 5 Relations Nurul Amelina Nasharuddin Multimedia Department.

Discrete Structures Chapter 5 Relations Nurul Amelina Nasharuddin Multimedia Department.
1 Module 8 Closure Properties –Definition –Language class definition set of languages –Closure properties and first-order logic statements For all, there.

1 Module 8 Closure Properties –Definition –Language class definition set of languages –Closure properties and first-order logic statements For all, there.
1 Lecture 1:Modelling in VDM-SL (adapted from Fitzgerald & Larsen, 1998) Deriving a Model The Chemical Plant Alarm System: Requirements Data Types and.

1 Lecture 1:Modelling in VDM-SL (adapted from Fitzgerald & Larsen, 1998) Deriving a Model The Chemical Plant Alarm System: Requirements Data Types and.
Comp 205: Comparative Programming Languages User-Defined Types Enumerated types Parameterised types Recursive types Lecture notes, exercises, etc., can.

Comp 205: Comparative Programming Languages User-Defined Types Enumerated types Parameterised types Recursive types Lecture notes, exercises, etc., can.
Discussion #25 1/13 Discussion #25 Set Topics & Applications.

Discussion #25 1/13 Discussion #25 Set Topics & Applications.
Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.

Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.
1 Module 9 Closure Properties –Definition –Language class definition set of languages –Closure properties and first-order logic statements For all, there.

1 Module 9 Closure Properties –Definition –Language class definition set of languages –Closure properties and first-order logic statements For all, there.
Data Types.

Data Types.

Similar presentations

Ads by Google