Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods in Software Engineering

Published bySky Colyar Modified over 10 years ago

Similar presentations

Presentation on theme: "Formal Methods in Software Engineering"— Presentation transcript:

1 Formal Methods in Software Engineering
Saima Zareen

2 Formal Specification of a System
Formal Specification describes the System behavior Operations of system Problem with formal specification is large amount of detailed information which is required for accurate system specification. A structured approach is required. The basic building block of a specification is abstract machine. Large specification can be constructed from smaller ones. AMN (abstract Machine Notation ) is used.

3 Compositional structuring Abstract Machines
The combination of abstract machine is also an abstract machine permitting hierarchical specification. Abstract Machines It is the specification of a system. It contains pieces of information, that describes various aspects of the specification. Specification must describe what the component should do?(Operations,Functions). Operations/Functions Take inputs from the user Supply outputs to the user. Affect any change within the component.

4 Components/parts of Abstract machines
Interface Collection of operations by which machine interacts with environment. Components/parts of Abstract machines It is required by the machine to maintain or process information. For this a local state is required. State is mentioned by the local variables. State variables are listed under VARIABLES heading. INVARIANT Their types and any other information are listed. The information which must be true of the state. For example type of variable must not be changed during the execution.

5 INITIALISATION Machine Name Represents initial state
Machine must have a name ,so that other machines can refer to it. The name is given under the heading MACHINE. Machine It is not like an object in object oriented sense. It has a name, internal state, and set of operations as do objects. It may be considered as a black box with buttons on the side corresponding to the operations, and a set of state variables inside.

6 Abstract machine Interaction must be through these buttons.

7 Example of abstract machine
Consider the example of ticket dispenser, which is used in shop to order the queue. On entry to the shop customer takes a numbered ticket from the dispenser. When a sales assistant is ready to serve, a display indicates the number of the customer who is to be served next. Customers wait until it is their turn to be served. The system is pictured in figure

8 A ticketing System

9 The behavior of ticket system can be represented using abstract machine.
First of all name the machine as MACHINE Ticket

10 VARIABLES To maintain the state of a system we define variables, a variable should be of the type which is suitable to express kind of value it can store. How the systems are understood rather than implemented. In terms of values, sets, relations, sequences . A variable can be of the type N, natural numbers set(0,1,2,…..). In the example we have two kind of tickets Ticket number being served Number of Next ticket to be dispensed. We can model with variables: next serve

11 VARIABLES serve, next INVARIANT
Provides information about the variables of the machine It gives type of values of variable Restrictions on their possible values Relationships to each other Values of variables may change but it describes the properties of the variables which must be true during execution process. Type of variable is expressed as: Either an element of a set var € TYPE Subset of a set var⊑ TYPE. Var=expression

12 INVARIANT serve € N ⋀ next € N ⋀ serve ≤ next
At least one invariant clause should be defined for each variable. Listed Next € N Sreve € N Furthure restrictions imposed by the operation can also be added In Ticket machine number being served must be less than the number of the ticket to be given out. server≤next INVARIANT serve € N ⋀ next € N ⋀ serve ≤ next

13 OPERATIONS It has following parts The name of the operation
Input parameters Output parameters What the operation requires.(restrictions, conditions) What the operation modifies (variables that are modified) The effects or behavior of the operation(what the operation does). In B, operation is described in a structured way Name, input, output parameters of an operation are given by an operation header Outputs⃖ name(inputs) Where name refers to operation name, outputs is a list of output and inputs is a list of inputs

14 Inputs and outputs are optional parameters.
Name must be given Inputs and outputs are optional parameters. Ticket machine will offer two operations One to serve customer and update the indicator board To provide the customer with the next ticket. Ss⃖serve_next tt ⃖ take_ticket Operation has precondition, It states that what the operation requires in order to behave correctly. Information of all input variables. Assumptions/state of the inputs

15 The requirements on the user to ensure that the requirements are met whenever the operation is called. For example, the serve_next operation will be called when the sales assistant has finished serving a customer. In this case serve must be less than next. If the shop is empty, then the value of serve will be the same as next. Thus the precondition will be serve ≤next Body of the operation, describes what the operation achieves. It must assign some value to one of the outputs. Output should be in terms of initial state and input values. Update the state of the variable

16 In AMN assignment is written as x:=E (pronounced x becomes E)
In case of serve_next, Serve should be incremented Output should be incremented to show state serve. In AMN assignment is written as x:=E (pronounced x becomes E) Serve:= serve+1 Output of this operation is assigned the same value Ss, serve:=serve+1,serve+1. Body shows the states, there is no intermediate statement in the operation, therefore multiple assignments must be shown in simultaneous assignment, rather than a sequence of assignments one after the other.

17 The complete specification of the operation serve_next is as follows

18 Type of the output variable ss is given by the assignment, there is no need to declare its type.
It is determined from the operation. After the execution of operation it must guarantee that the invariant is still true on the updated state. Then the operation is consistent. Is the operation serve_next consistent with the inavriant? If the precondition is weaker then there will be the chance of inconsistency with its variant.

19 Strengthening the precondition of serve_next to serve<next imposes more constraints on the user.
Then the operation becomes consistent. Operation take_ticket

20 If a precondition is true, it may be dropped from the specification

21 Is consistent with the invariant of the Ticket machine?

22 INITIALISATION serve, next:=0,0
Describes possible initial state of the machine. All variables listed must be initialised. The Ticket machine should start with 0 on the display board, 0 is the number of the first ticket to be taken. INITIALISATION serve, next:=0,0 INITILISATION can only be consistent if initial states are correct with respect to the invariant.

23 complete Specification of Ticket machine

24 Set Theory The B method makes use of the language of set theory and logic with in AMN in order to express these requirements in a formal and precise way. Set Collection of entities of some sort. Notation for set membership is e € S, pronounced e is a member of S for a set S and element e. Finite set Naming Convention of set in B Names of given sets are in upper case SMALLSQUARE={4, 16, 0, 1,9}

25 Empty set Set comprehension {}
Set can be defined as a collection of elements of some type which meet a particular property. SMALLSQUARE

26 Segment of the natural numbers can be expressed using the notation m…n, which defines the set of numbers between m and n Subset If all the members S are also the members of another set then S is said to be a subset of T S ⊑T

27 Set combinations If S and T are both sets ,then their union S⊔ T is another set which contains elements that appear in either S or T.. Generalized union ⊔ SS over set of SS. Elements that appear in any set S€ SS. Intersection The intersection of S∩T of two sets is the set of elements that are in both S and T. Generalized intersection ∩SS over a set of sets SS. The set of elements that appear in every set S€ SS. If S∩T={} then S and T are said to be disjoint

28 Set Subtraction Subset
S-T is used to obtain the set of members of S which are not members of T. For example CHESS_GO is the set of all chess players who do not play GO. Subset Sets which contain only elements from S. Empty set {} is always one such set. SET={alice,bob} {} {alice} {bob} {alice, bob}

29 Power set Cartesian Product
The collection of subsets of S is called power set and written as Cartesian Product S x T of two sets S and T will be the set of ordered pairs of elements (s, t) In which s€ S for the first element of the pair, and T€ T for the second element.

30 The Cartesian product is the set of all possible pairings of such elements.
For example {alice, bob} and {home, work} {alice, home} {alice, work} {bob, home} {bob, work} The Cartesian product of two sets is given by

31 Set theoretic notation

32 The size or cardinality of set s is written card(S).
It is the number of elements it contains. For example Card({alice, bob}) = 2 Task

Download ppt "Formal Methods in Software Engineering"

Similar presentations

Testing Relational Database

Testing Relational Database
Design by Contract.

Design by Contract.
Looking inside classes Fields, Constructors & Methods Week 3.

Looking inside classes Fields, Constructors & Methods Week 3.
Programming with Microsoft Visual Basic 2008 Fourth Edition

Programming with Microsoft Visual Basic 2008 Fourth Edition
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Weakest pre-conditions and towards machine consistency Saima Zareen.

Weakest pre-conditions and towards machine consistency Saima Zareen.
1.2 Row Reduction and Echelon Forms

1.2 Row Reduction and Echelon Forms
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Drawing System Sequence Diagrams

Drawing System Sequence Diagrams
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
An Introduction to Input/Output Automata Qihua Wang.

An Introduction to Input/Output Automata Qihua Wang.
Java Programming, 3e Concepts and Techniques Chapter 5 Arrays, Loops, and Layout Managers Using External Classes.

Java Programming, 3e Concepts and Techniques Chapter 5 Arrays, Loops, and Layout Managers Using External Classes.
Automating Tasks With Macros

Automating Tasks With Macros
Fall 2007CS 225 Introduction to Software Design Chapter 1.

Fall 2007CS 225 Introduction to Software Design Chapter 1.
Axiomatic Semantics Dr. M Al-Mulhem ICS535-091.

Axiomatic Semantics Dr. M Al-Mulhem ICS
Using Objects and Properties

Using Objects and Properties
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.

Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
CS 201 Functions Debzani Deb.

CS 201 Functions Debzani Deb.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Similar presentations

Ads by Google