Presentation is loading. Please wait.

Presentation is loading. Please wait.

An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate.

Published byJasmine Benson Modified over 9 years ago

Similar presentations

Presentation on theme: "An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate."— Presentation transcript:

1 An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate the components of a UML class diagram with those of a VDM specification; declare constants and specify functions to enhance the specification; explain the use of a state invariant to place a global constraint on the system; explain the purpose of the nil value in VDM.

2 The Incubator case study The temperature of the incubator needs to be carefully controlled and monitored; Safety requirements : -10 Celsius TEMPERATURE +10 Celsius

3 The UML specification IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

4 Specifying the ‘state’ in VDM-SL

5 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

6 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer The VDM state refers to the permanent data stored by the system. In VDM-SL we use mathematical types

7 The intrinsic types available in VDM-SL

8  :natural numbers (positive whole numbers)  1 :natural numbers excluding zero  : integers (positive and negative whole numbers)  : real numbers (positive and negative numbers that can include a fractional part)  : boolean values (true or false) Char : the set of alphanumeric characters

9 Specifying the state of the Incubator Monitor System

10 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer state IncubatorMonitor of end temp :  UML VDM-SL

11 Specifying the operations in VDM-SL

12 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer Each operation specified in VDM-SL as follows: the operation header the external clause the precondition the postcondition

13 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

14 increment() ext ? pre ? post ? temp < 10 wr ? temp :  temp = + 1 + 1 = temp temp - = 1 temp >

15 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

16 decrement() ext ? pre ? post ? temp > -10 temp = - 1 wr ? temp : 

17 IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

18 getTemp( ) ext ? pre ? post ? currentTemp :  rdtemp :  currentTemp = temp TRUE

19 Declaring constants

20 Constants are specified using the keyword values. The declaration would come immediately before the state definition: values MAX :  = 10 MIN :  = -10 decrement() ext wrtemp :  pre temp > -10 post temp = - 1 MIN

21 Specifying functions

22 hasPassed 36 79 50 FALSE TRUE 

23 There are two ways in which we can specify a function in VDM-SL: Explicitlyand implicitly

24 Specifying a function explicitly Example add:      add(x, y) ∆ x + y signaturedefinition

25 Specifying a function implicitly add( ) pre ? post ? x, y : :  : :  z z = x + y TRUE : : 

26 An absolute function defined implicitly abs( ) pre ? post ? z :  r :  z<0  r = -z  z  0  r = z TRUE

27 An absolute function defined explicitly abs:    abs(z) ∆if z < 0 then -z else z

28 Two special functions The state invariant and initialisation

29 inv  State Returns true if the state meets global constraint and false otherwise

30 Adding a state invariant into the IncubatorMonitor system inv ?  ? -10 Celsius TEMPERATURE +10 Celsius

31 Adding a state invariant into the IncubatorMonitor system inv mk-IncubatorMonitor( t )  ? -10 Celsius TEMPERATURE +10 Celsius

32 Adding a state invariant into the IncubatorMonitor system inv mk-IncubatorMonitor(t)  MIN  t  MAX -10 Celsius TEMPERATURE +10 Celsius

33 init  State Returns true if the correct initial values have been given to the state and false otherwise

34 Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init ?  ?

35 Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init mk-IncubatorMonitor(t)  ?

36 Specifying an initialization function We will assume that when the incubator is turned on, its temperature should be adjusted until a steady 5 degrees Celsius is obtained. init mk-IncubatorMonitor(t)  t = 5

37 The modified state specification values MAX :  = 10 MIN :  = -10 state IncubatorMonitor of temp :  inv mk-IncubatorMonitor(t)  MIN  t  MAX init mk-IncubatorMonitor(t)  t = 5 end

38 Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer

39 IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment( ) : Signal decrement( ) : Signal getRequestedTemp( ) : Integer getActualTemp( ) : Integer Signal is an enumerated type

40 A standard method of marking a UML class as an enumerated type is to add > above the type name: Enumerated types in UML > Signal INCREASE DECREASE DO_NOTHING

41 In VDM-SL the types clause is the appropriate place to define new types. Enumerated types in VDM-SL types Signal = < INCREASE >|< DECREASE >|< DO_NOTHING > values ….. state ….. end

42 The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x :  ‘x’ must be a natural number

43 The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [  ] ‘x’ can be a natural number or nil

44 The nil value It is common in the programming world for a value to be undefined VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; x : [  ] When the incubator system first comes into being, the actual and requested values will be undefined, and must therefore be set to nil.

45 Specifying the IncubatorController state state IncubatorController of requestedTemp : ? actualTemp : ? IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

46 Specifying the IncubatorController state state IncubatorController of requestedTemp :  actualTemp :  IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

47 Specifying the IncubatorController state state IncubatorController of requestedTemp : [  ] actualTemp : [  ] IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

48 The invariant inv mk-IncubatorController (r, a)  MIN  r  MAX state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees

49 The invariant inv mk-IncubatorController (r, a)  MIN  r  MAX state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees The requested temperature could be nil r = nil

50 The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The requested temperature must be in the range of -10 to +10 degrees The requested temperature could be nil (MIN  r  MAX  r = nil)

51 The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil) MIN  a  MAX

52 The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil)MIN  a  MAX The actual temperature could be nil a = nil

53 The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] The actual temperature must be in the range of -10 to +10 degrees (MIN  r  MAX  r = nil)(MIN  a  MAX  a = nil) The requested temperature must be in the range of -10 to +10 degrees The actual temperature could be nil The requested temperature could be nil

54 The invariant inv mk-IncubatorController (r, a)  state IncubatorController of requestedTemp : [  ] actualTemp : [  ] (MIN  r  MAX  r = nil)(MIN  a  MAX  a = nil) 

55 Improving the readability of the spec by using a function inRange( ) pre post val :  result :  result  MIN  val  MAX TRUE inv mk-IncubatorController (r, a)  (inRange(r)  r = nil)  (inRange(a)  a = nil)

56 The initialisation function init mk-IncubatorController (r, a)  r = nil  a = nil

57 Specifying the setInitialTemp operation setInitialTemp( ) ext pre post tempIn :  wractualTemp : [  ] actualTemp = tempIn inRange(tempIn)actualTemp = nil 

58 The requestChange operation requestChange( ) ext pre post tempIn :  signalOut : Signal requestedTemp : [  ]wr actualTemp : [  ]rd requestedTemp = tempIn ( )  signalOut = < INCREASE > signalOut = < DECREASE > signalOut = < DO_NOTHING > tempIn < actualTemp  tempIn > actualTemp  tempIn = actualTemp    actualTemp  nil  inRange(tempIn)

59 The increment operation increment () ext pre post signalOut : Signal requestedTemp : [  ] rd actualTemp : [  ] wr actualTemp = actualTemp + 1 signalOut = < INCREASE> signalOut = < DO_NOTHING> ( )   actualTemp < requestedTemp  actualTemp = requestedTemp  actualTemp < requestedTemp  requestedTemp  nil  actualTemp  nil

60 The getRequestedTemp operation getRequestedTemp() ext pre post currentRequested : [  ] requestedTemp : [  ] rd currentRequested = requestedTemp TRUE

61 The getActualTemp operation getActualTemp() ext pre post currentActual : [  ] actualTemp : [  ] rd currentActual = actualTemp TRUE

62 A standard template for VDM-SL specifications types SomeType = ….. values constantName : ConstantType = someValue state SystemName of attribute1 : Type : attributen : Type inv mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) init mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) end functions specification of functions..... operations specification of operations.....

Download ppt "An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate."

Similar presentations

Numeric Types & Ranges. ASCII Integral Type Numerical Inaccuracies Representational error – Round-off error – Caused by coding a real number as a finite.

Numeric Types & Ranges. ASCII Integral Type Numerical Inaccuracies Representational error – Round-off error – Caused by coding a real number as a finite.
Introduction to C Systems Programming Concepts. Introduction to C A simple C Program A simple C Program –Variable Declarations –printf ( ) Compiling and.

Introduction to C Systems Programming Concepts. Introduction to C A simple C Program A simple C Program –Variable Declarations –printf ( ) Compiling and.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Fields, Constructors, Methods

Fields, Constructors, Methods
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Introduction to the C# Programming Language for the VB Programmer.

Introduction to the C# Programming Language for the VB Programmer.
Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.
92.3913Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.

Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.
0 Chap. 2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations Imperative Programming, B. Hirsbrunner,

0 Chap. 2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations Imperative Programming, B. Hirsbrunner,
1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.

1 Recitation 7. Developing loops Introduction. This recitation concerns developing loops using their invariants and bound functions. Your recitation instructor.
1.2 – Open Sentences and Graphs

1.2 – Open Sentences and Graphs
CSci 142 Data and Expressions. 2  Topics  Strings  Primitive data types  Using variables and constants  Expressions and operator precedence  Data.

CSci 142 Data and Expressions. 2  Topics  Strings  Primitive data types  Using variables and constants  Expressions and operator precedence  Data.
Sequences for system modelling. At the end of this lecture you should be able to: provide a definition of a VDM sequence; identify situations in which.

Sequences for system modelling. At the end of this lecture you should be able to: provide a definition of a VDM sequence; identify situations in which.
Programming in C++ Lecture Notes 6 Void Functions (Procedures) Andreas Savva.

Programming in C++ Lecture Notes 6 Void Functions (Procedures) Andreas Savva.
1 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University.

1 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University.
 Value, Variable and Data Type  Type Conversion  Arithmetic Expression Evaluation  Scope of variable.

 Value, Variable and Data Type  Type Conversion  Arithmetic Expression Evaluation  Scope of variable.
Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.
1 Chapter 9 Scope, Lifetime, and More on Functions.

1 Chapter 9 Scope, Lifetime, and More on Functions.
Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

Similar presentations

Ads by Google