# CS 501: Software Engineering Fall 2000 Lecture 10 Formal Specification.

## Presentation on theme: "CS 501: Software Engineering Fall 2000 Lecture 10 Formal Specification."— Presentation transcript:

CS 501: Software Engineering Fall 2000 Lecture 10 Formal Specification

Formal Specification Why? Precise standard to define and validate software Why not? May be time consuming Methods not suitable for all applications

Formal Specification Ben Potter, Jane Sinclair, David Till, An Introduction to Formal Specification and Z (Prentice Hall) 1991 Jonathan Jacky The Way of Z (Cambridge University Press) 1997

Mathematical Specification Example of specification B 1, B 2,... B k is a sequence of m x m matrices  1,  2,...  k is a sequence of m x m elementary matrices B 1 -1 =  1 B 2 -1 =  2  1 B k -1 =  k...  2  1 The numerical accuracy must be such that, for all k, B k B k -1 - I < 

Specification of Programming Languages ::= | ::= { } ::=. { } |. { } E | E ::= | ::= + | - Pascal number syntax

Formal Specification Using Diagrams digit unsigned integer digit. E + - unsigned integer unsigned number

Two Rules Formal specification does not guarantee correctness Formal specification does not prescribe the implementation

Informal: The function intrt(a) returns the largest integer whose square is less than or equal to a. Formal (Z): intrt: N N a : N intrt(a) * intrt(a) < a < (intrt(a) + 1) * (intrt(a) + 1) Example: Z Specification Language

Example: Algorithm 1 + 3 + 5 +... (2n - 1) = n 2

Example: Program int intrt (int a) /* Calculate integer square root */ { int i, term, sum; term = 1; sum = 1; for (i = 0; sum <= a; i++) { term = term + 2; sum = sum + term; } return i; }

Finite State Machine A broadly used method of formal specification: Event driven systems (e.g., games) User interfaces Protocol specification etc., etc.,...

Finite State Machine Example: Therapy control console [informal description]

State Transition Diagram Patients Fields SetupReady Beam on Enter Start Stop Select field Select patient (interlock) (ok)

State Transition Table Select Patient Select Field Enter ok StartStop interlock Patients Fields Setup Ready Beam on Fields Patients Setup Ready Beam on Ready

Z Specification STATE ::= patients | fields | setup | ready | beam_on EVENT ::= select_patient | select_field | enter | start | stop | ok | interlock FSM == (STATE X EVENT) STATE no_change, transitions, control : FSM Continued on next slide

Z Specification (continued) control = no_change transitions no_change = { s : STATE; e : EVENT (s, e) s } transitions = { (patients, enter) fields, (fields, select_patient) patients, (fields, enter) setup, (setup, select_patient) patients, (setup, select_field) fields, (setup, ok) ready, (ready, select_patient) patients, (ready, select_field) fields, (ready, start) beam_on, (ready, interlock) setup, (beam_on, stop) ready, (beam_on, interlock) setup }

Schemas Schema: The basic unit of formal specification. Describes admissible states and operations of a system.

LibSys: An Example of Z Library system: Stock of books Registered users. Each copy of a book has a unique identifier. Some books on loan; other books on shelves available for loan. Maximum number of books that any user may have on loan.

LibSys: Operations Issue a copy of a book to a reader. Reader return a book. Add a copy to the stock. Remove a copy from the stock. Inquire which books are on loan to a reader. Inquire which readers has a particular copy of a book. Register a new reader. Cancel a reader's registration.

LibSys Level of Detail: Assume given sets: Copy, Book, Reader Global constant: maxloans

Schemas Describing Operations Naming conventions for objects: Before: plain variables, e.g., r After: with appended dash, e.g., r' Input: with appended ?, e.g., r? Output: with appended !, e.g., r!

Operation: Issue a Book Inputs: copy c?, reader r? Copy must be shelved initially: c?  shelved Reader must be registered: r?  readers Reader must have less than maximum number of books on loan: #(issued  {r?}) < maxloans Copy must be recorded as issued to the reader: issued' = issued  {c? r?} The stock and the set of registered readers are unchanged: stock' = stock; readers' = readers

Domain and Range dom mXY x ran m y m : X Y dom m = { x  X :  y  Y  x y} ran m = { y  Y :  x  X  x y}

Operation: Issue a Book stock, stock' : Copy Book issued, issued' : Copy Reader shelved, shelved': F Copy readers, readers' : F Reader c?: Copy; r? :Reader [See next slide] Issue

Operation: Issue a Book (continued) [See previous slide] Issue shelved  dom issued = dom stock shelved'  dom issued' = dom stock' shelved  dom issued = Ø; shelved'  dom issued' = Ø ran issued  readers; ran issued'  readers'  r : readers  #(issued  {r}) maxloans  r : readers'  #(issued'  {r}) maxloans c?  shelved; r?  readers; #(issued  {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers < <

LibSys: Schema for Abstract States Library stock : Copy Book issued : Copy Reader shelved : F Copy readers: F Reader shelved  dom issued = dom stock shelved  dom issued = Ø ran issued  readers  r : readers #(issued  {r}) maxloans <

Schema Inclusion LibDB stock : Copy Book readers: F Reader LibLoans issued : Copy Reader shelved : F Copy  r : Reader #(issued  {r}) maxloans shelved  dom issued = Ø <

Schema Inclusion (continued) Library LibDB LibLoans dom stock = shelved  dom issued ran issued  readers

Schema Decoration Issue Library Library' c? : Copy; r? : Reader c?  shelved; r?  readers #(issued  {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers

Schema Decoration Issue  Library c? : Copy; r? : Reader c?  shelved; r?  readers #(issued  {r?}) < maxloans issued' = issued  {c? r?} stock' = stock; readers' = readers