Download presentation
Presentation is loading. Please wait.
Published byPaulina Walton Modified over 9 years ago
1
1 COSC 4406 Software Engineering COSC 4406 Software Engineering Haibin Zhu, Ph.D. Dept. of Computer Science and mathematics, Nipissing University, 100 College Dr., North Bay, ON P1B 8L7, Canada, haibinz@nipissingu.ca, http://www.nipissingu.ca/faculty/haibinz haibinz@nipissingu.ca
2
2 Lecture 16 Formal Methods Ref. Chap 21 (7 th Ed.) Lecture 16 Formal Methods Ref. Chap 21 (7 th Ed.)
3
3 Problems with Conventional Specification contradictions contradictions ambiguities ambiguities vagueness vagueness incompleteness incompleteness mixed levels of abstraction mixed levels of abstraction
4
4 Formal Specification Desired properties—consistency, completeness, and lack of ambiguity—are the objectives of all specification methods Desired properties—consistency, completeness, and lack of ambiguity—are the objectives of all specification methods The formal syntax of a specification language (Section 28.4) enables requirements or design to be interpreted in only one way, eliminating ambiguity that often occurs when a natural language (e.g., English) or a graphical notation must be interpreted The formal syntax of a specification language (Section 28.4) enables requirements or design to be interpreted in only one way, eliminating ambiguity that often occurs when a natural language (e.g., English) or a graphical notation must be interpreted The descriptive facilities of set theory and logic notation (Section 28.2) enable clear statement of facts (requirements). The descriptive facilities of set theory and logic notation (Section 28.2) enable clear statement of facts (requirements). Consistency is ensured by mathematically proving that initial facts can be formally mapped (using inference rules) into later statements within the specification. Consistency is ensured by mathematically proving that initial facts can be formally mapped (using inference rules) into later statements within the specification.
5
5 Formal Methods Concepts data invariant—a condition that is true throughout the execution of the system that contains a collection of data data invariant—a condition that is true throughout the execution of the system that contains a collection of data state state Many formal languages, such as OCL (Section 28.5), use the notion of states as they were discussed in Chapters 7 and 8, that is, a system can be in one of several states, each representing an externally observable mode of behavior. Many formal languages, such as OCL (Section 28.5), use the notion of states as they were discussed in Chapters 7 and 8, that is, a system can be in one of several states, each representing an externally observable mode of behavior. The Z language (Section 28.6)defines a state as the stored data which a system accesses and alters The Z language (Section 28.6)defines a state as the stored data which a system accesses and alters operation—an action that takes place in a system and reads or writes data to a state operation—an action that takes place in a system and reads or writes data to a state precondition defines the circumstances in which a particular operation is valid precondition defines the circumstances in which a particular operation is valid postcondition defines what happens when an operation has completed its action postcondition defines what happens when an operation has completed its action
6
6 An Block Handler
7
7 States and Data Invariant No block will be marked as both unused and used. No block will be marked as both unused and used. All the sets of blocks held in the queue will be subsets of the collection of currently used blocks. All the sets of blocks held in the queue will be subsets of the collection of currently used blocks. No elements of the queue will contain the same block numbers. No elements of the queue will contain the same block numbers. The collection of used blocks and blocks that are unused will be the total collection of blocks that make up files. The collection of used blocks and blocks that are unused will be the total collection of blocks that make up files. The collection of unused blocks will have no duplicate block numbers. The collection of unused blocks will have no duplicate block numbers. The collection of used blocks will have no duplicate block numbers. The collection of used blocks will have no duplicate block numbers.
8
8 Operations add(): An operation which adds a collection of blocks to the end of the queue, add(): An operation which adds a collection of blocks to the end of the queue, remove(): An operation which removes a collection of used blocks from the front of the queue and place them in the collection of unused blocks remove(): An operation which removes a collection of used blocks from the front of the queue and place them in the collection of unused blocks check(): An operation which checks whether the queue of blocks is empty check(): An operation which checks whether the queue of blocks is empty
9
9 Pre- & Postconditions For the first operation: Precondition: the blocks to be added must be in the collection of used blocks. Postcondition: the collection of blocks is now found at the end of the queue. For the second operation: Precondition: the queue must have at least one item in it. Postcondition: the blocks must be added to the collection of unused blocks. For the third one: Precondition: no Postcondition: delivers the value of true if the queue is empty and false otherwise.
10
10 Mathematical Concepts sets and constructive set specification sets and constructive set specification set operators set operators logic operators logic operators e.g., i, j: i > j => i 2 > j 2 e.g., i, j: i > j => i 2 > j 2 which states that, for every pair of values in the set of natural numbers, if i is greater than j, then i 2 is greater than j 2. which states that, for every pair of values in the set of natural numbers, if i is greater than j, then i 2 is greater than j 2. sequences sequences
11
11 Sets and Constructive Specification A set is a collection of objects or elements and is used as a cornerstone of formal methods. A set is a collection of objects or elements and is used as a cornerstone of formal methods. Enumeration Enumeration {C++, Pascal, Ada, COBOL, Java} {C++, Pascal, Ada, COBOL, Java} #{C++, Pascal, Ada, COBOL, Java} implies cardinality = 5 #{C++, Pascal, Ada, COBOL, Java} implies cardinality = 5 Constructive set specification is preferable to enumeration because it enables a succinct definition of large sets. Constructive set specification is preferable to enumeration because it enables a succinct definition of large sets. {x, y : N | x + y = 10●(x, y 2 )} {x, y : N | x + y = 10●(x, y 2 )}
12
12 Set Operators A specialized set of symbology is used to represent set and logic operations. A specialized set of symbology is used to represent set and logic operations. Examples Examples The є operator is used to indicate membership of a set. For example, the expression The є operator is used to indicate membership of a set. For example, the expression x є X x є X y є X y є X The union operator, U, takes two sets and forms a set that contains all the elements in the set with duplicates eliminated. The union operator, U, takes two sets and forms a set that contains all the elements in the set with duplicates eliminated. {File1, File2, Tax, Compiler} U {NewTax, D2, D3, File2} is the set {File1, File2, Tax, Compiler} U {NewTax, D2, D3, File2} is the set {Filel, File2, Tax, Compiler, NewTax, D2, D3} {Filel, File2, Tax, Compiler, NewTax, D2, D3} , ×, P, , ×, P,
13
13 Logic Operators Another important component of a formal method is logic: the algebra of true and false expressions. Examples: Λ and Λ and Vor Vor ¬not ¬not =>implies Universal quantification is a way of making a statement about the elements of a set that is true for every member of the set. Universal quantification uses the symbol,. An example of its use is Universal quantification is a way of making a statement about the elements of a set that is true for every member of the set. Universal quantification uses the symbol,. An example of its use is i, j : N●i > j => i 2 > j 2 i, j : N●i > j => i 2 > j 2 which states that for every pair of values in the set of natural numbers, if i is greater than j, then i 2 is greater than j 2.
14
14 Sequences Sequences are designated using angle brackets. For example, the preceding sequence would normally be written as Sequences are designated using angle brackets. For example, the preceding sequence would normally be written as <> Catenation, ͡ is a binary operator that forms a sequence constructed by adding its second operand to the end of its first operand. For example, Catenation, ͡ is a binary operator that forms a sequence constructed by adding its second operand to the end of its first operand. For example, ͡ = ͡ = Other operators that can be applied to sequences are head, tail, front, and last. head = 2 head = 2 tail = tail = last = 101 last = 101 front = front =
15
15 Formal Specification Languages A formal specification language is usually composed of three primary components: A formal specification language is usually composed of three primary components: a syntax that defines the specific notation with which the specification is represented a syntax that defines the specific notation with which the specification is represented semantics to help define a "universe of objects" [WIN90] that will be used to describe the system semantics to help define a "universe of objects" [WIN90] that will be used to describe the system a set of relations that define the rules that indicate which objects properly satisfy the specification a set of relations that define the rules that indicate which objects properly satisfy the specification The syntactic domain of a formal specification language is often based on a syntax that is derived from standard set theory notation and predicate calculus. The syntactic domain of a formal specification language is often based on a syntax that is derived from standard set theory notation and predicate calculus. The semantic domain of a specification language indicates how the language represents system requirements. The semantic domain of a specification language indicates how the language represents system requirements.
16
16 Object Constraint Language (OCL) a formal notation developed so that users of UML can add more precision to their specifications a formal notation developed so that users of UML can add more precision to their specifications All of the power of logic and discrete mathematics is available in the language All of the power of logic and discrete mathematics is available in the language However the designers of OCL decided that only ASCII characters (rather than conventional mathematical notation) should be used in OCL statements. However the designers of OCL decided that only ASCII characters (rather than conventional mathematical notation) should be used in OCL statements.
17
17 OCL Overview Like an object-oriented programming language, an OCL expression involves operators operating on objects. Like an object-oriented programming language, an OCL expression involves operators operating on objects. However, the result of a complete expression must always be a Boolean, i.e. true or false. However, the result of a complete expression must always be a Boolean, i.e. true or false. The objects can be instances of the OCL Collection class, of which Set and Sequence are two subclasses. The objects can be instances of the OCL Collection class, of which Set and Sequence are two subclasses. See Table 28.1 for summary of OCL notation See Table 28.1 for summary of OCL notation
18
18 BlockHandler using UML
19
19 Key OCL Notation (1)
20
20 Key OCL Notation (2)
21
21 Key OCL Notation (3)
22
22 BlockHandler in OCL (1) No block will be marked as both unused and used. No block will be marked as both unused and used. context BlockHandler inv: context BlockHandler inv: (self.used->intersection(self.free)) ->isEmpty() (self.used->intersection(self.free)) ->isEmpty() All the sets of blocks held in the queue will be subsets of the collection of currently used blocks. All the sets of blocks held in the queue will be subsets of the collection of currently used blocks. context BlockHandler inv: context BlockHandler inv: blockQueue->forAll(aBlockSet | used-> includesAll(aBlockSet )) blockQueue->forAll(aBlockSet | used-> includesAll(aBlockSet ))
23
23 BlockHandler in OCL (2) No elements of the queue will contain the same block numbers. No elements of the queue will contain the same block numbers. context BlockHandler inv: context BlockHandler inv: blockQueue->forAll(blockSet1, blockSet2 | blockQueue->forAll(blockSet1, blockSet2 | blockSet1 <> blockSet2 implies blockSet1 <> blockSet2 implies blockSet1.elements.number- >excludesAll(blockSet2.elements.number)) blockSet1.elements.number- >excludesAll(blockSet2.elements.number)) The expression before implies is needed to ensure we ignore pairs where both elements are the same Block. The expression before implies is needed to ensure we ignore pairs where both elements are the same Block.
24
24 BlockHandler in OCL (3) The collection of used blocks and blocks that are unused will be the total collection of blocks that make up files. The collection of used blocks and blocks that are unused will be the total collection of blocks that make up files. context BlockHandler inv: context BlockHandler inv: allBlocks = used->union(free) allBlocks = used->union(free) The collection of unused blocks will have no duplicate block numbers. The collection of unused blocks will have no duplicate block numbers. context BlockHandler inv: context BlockHandler inv: free->isUnique(aBlock | aBlock.number) free->isUnique(aBlock | aBlock.number) The collection of used blocks will have no duplicate block numbers. The collection of used blocks will have no duplicate block numbers. context BlockHandler inv: context BlockHandler inv: used->isUnique(aBlock | aBlock.number)
25
25 BlockHandler in OCL (4) Preconditions and postconditions for operations: Preconditions and postconditions for operations: context BlockHandler::removeBlock() context BlockHandler::removeBlock() pre: blockQueue->size()>0 pre: blockQueue->size()>0 post: used = used@pre-block@pre->first() and post: used = used@pre-block@pre->first() and free = free@pre->union(blockQueue@pre->first()) and free = free@pre->union(blockQueue@pre->first()) and blockQueue = blockQueue@pre-> excluding(blockQueue@pre->first) blockQueue = blockQueue@pre-> excluding(blockQueue@pre->first) context BlockHandler::addBlock() context BlockHandler::addBlock() pre: used->includesAll(aBlockSet.elements) pre: used->includesAll(aBlockSet.elements) post: blockQueue.elements = blockQueueSet.elements@pre post: blockQueue.elements = blockQueueSet.elements@preblockQueueSet.elements@pre ->append(aBlockSet)) and ->append(aBlockSet)) and used = used@pre and used = used@pre and free = free@pre free = free@pre
26
26 Formal Specification in Z Notation The block handler The block handler The block handler maintains a reservoir of unused blocks and will also keep track of blocks that are currently in use. When blocks are released from a deleted file they are normally added to a queue of blocks waiting to be added to the reservoir of unused blocks. The block handler maintains a reservoir of unused blocks and will also keep track of blocks that are currently in use. When blocks are released from a deleted file they are normally added to a queue of blocks waiting to be added to the reservoir of unused blocks. The state The state used, free: P BLOCKS BlockQueue: seq P BLOCKS Data Invariant Data Invariant used free = ΦΛ used υ free = AllBlocks Λ i: dom BlockQueue ● BlockQueue i used Λ i: dom BlockQueue ● BlockQueue i used Λ i, j : dom BlockQueue ● i ≠ j => BlockQueue i BlockQueue j =Φ i, j : dom BlockQueue ● i ≠ j => BlockQueue i BlockQueue j =Φ Remove: Remove: Precondition Precondition #BlockQueue > 0 #BlockQueue > 0 Postcondition Postcondition used' = used \ head BlockQueue Λ free’ = free υ head BlockQueue Λ BlockQueue' = tail BlockQueue Pages 578-579
27
27 Summary Basic concepts Basic concepts An example: block handler An example: block handler Mathematical preliminaries Mathematical preliminaries Formal Specification for the block handler Formal Specification for the block handler OCL OCL The block handler in OCL The block handler in OCL
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.