Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods in SE Lecture 20. Agenda 2  Relations in Z Specification Formal Methods in SE.

Published byFrederick Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "Formal Methods in SE Lecture 20. Agenda 2  Relations in Z Specification Formal Methods in SE."— Presentation transcript:

1 Formal Methods in SE Lecture 20

2 Agenda 2  Relations in Z Specification Formal Methods in SE

3 Domain and Range Restriction 3  A new relation may be created by restricting the domain or range of a relation to a set  The resulting relation only has pairs where the first (domain restriction) or second (range restriction) element is a member of the restricting set. Formal Methods in SE

4 Domain and Range Restriction 4 Formal Methods in SE

5 Domain and Range Subtraction 5  Similarly, elements may be subtracted from the domain or range to yield a new relation = ? Formal Methods in SE

6 Relation Inverse and Relation Image 6 Formal Methods in SE

7 Contd… 7 Formal Methods in SE

8 Relation Composition 8 Formal Methods in SE  If the target of one relation matches the source of another, it may be useful to consider their relational composition  The composition of two relations relates objects in the source of the first to objects in the target of the second, provided that some intermediate point exists.

9 Relation Composition 9 Formal Methods in SE

10 Relation Example 10 Formal Methods in SE  A project must be located in a city, but any city may have many projects located within it. Many workers can work on a project, and a worker can work on many projects. A worker can have many skills (e.g. preparing material requisitions, checking drawings, etc.), but he/she may only use a given skill on a particular project if that skill is required.

11 Relation Example 11 Formal Methods in SE  Sets Required  Project a set of projects  City a set of cities  Worker a set of workers  Skill a set of skills  Building Relations  A project must be located in a city, but any city may have many projects located within it.  Many workers can work on a project, and a worker can workon many projects.

12 Relation Example 12 Formal Methods in SE  A worker can have many skills (e.g. preparing material requisitions, checking drawings, etc.), but he/she may only use a given skill on a particular project if that skill is required.  Model can be visualized as

13 VDM Formal Methods in SE Qaisar Javaid, Assistant Professor

14 Formal Specification Languages 14 A formal specification language is a formal language used for expressing models of computing systems. Such languages typically provide support for abstraction and rigour. General Purpose VDM-SL Z RSL Act One Clear Special Purpose CCS CSP Real-Time Logic Deontic Logics Formal Methods in SE

15 Formal Specification Languages: VDM-SL 15 Vienna Development Method (VDM) Spec Language is VDM-SL ISO Standardised: fully formal Support Tools are available Good record of industrial use Support for abstraction of data and functionality Formal Methods in SE

16 16 Basic logical operators We build more complex logical expressions out of simple ones using logical connectives: not negation and conjunction or disjunction => implication (if … then …) biimplication (if and only if) Formal Methods in SE

17 17 Basic logical operators Negation Negation allows us to state that the opposite of some logical expression is true, e.g. The temperature in the monitor mon is not rising: not Rising(mon) A true false not A false true Truth table for negation: Formal Methods in SE

18 18 Basic logical operators Disjunction Disjunction allows us to express alternatives that are not necessarily exclusive: OverLimit: Monitor -> bool A true false B true false true false A or B true false Formal Methods in SE

19 19 Basic logical operators Conjunction Conjunction allows us to express the fact that all of a collection of facts are true. Continually over limit: all the readings in the sample exceed 400 C COverLimit: Monitor -> bool COverLimit(m) == m.temps(1) > 400 and m.temps(2) > 400 and m.temps(3) > 400 and m.temps(4) > 400 and m.temps(5) > 400 A true false B true false true false A and B true false Formal Methods in SE

20 20 Basic logical operators Implication Implication allows us to express facts which are only true under certain conditions (“if … then …”): Safe: If readings do not exceed 400 C by the middle of the sample, the reactor is safe. If readings exceed 400 C by the middle of the sample, the reactor is still safe provided that the reading at the end of the sample is less than 400 C. Safe: Monitor -> bool A true false B true false true false A => B true false true Formal Methods in SE

21 21 Basic logical operators Biimplication Biimplication allows us to express equivalence (“if and only if”). Alarm: The alarm is to be raised if and only if the reactor is not safe This can be recorded as an invariant property: Monitor :: temps : seq of int alarm : bool inv m == len m.temps = 5 and A true false B true false true false A B true false true Formal Methods in SE

22 22 Quantifiers For large collections of values, using a variable makes more sense than dealing with each case separately. inds m.temps represents indices (1-5) of the sample The “over limit” condition can then be expressed more economically as: exists i in set inds m.temps & temps(i) > 400 The “continually over limit” condition can then be expressed using “ forall ”: Formal Methods in SE

23 23 Quantifiers Syntax: forall binding & predicate exists binding & predicate There are two types of binding: Type Binding, e.g. x:nat n: seq of char Set Binding, e.g. i in set inds m x in set {1,…,20} A type binding lets the bound variable range over a type (a possibly infinite collection of values). A set binding lets the bound variable range over a finite set of values. Formal Methods in SE

24 24 Quantifiers Several variables may be bound at once by a single quantifier, e.g. forall x,y in set {1,…,5} & not m.temp(x) = m.temp(y) Would this predicate be true for the following value of m.temp ? [320, 220, 105, 119, 150] Formal Methods in SE

25 25 coping with undefinedness Suppose sensors can fail in such a way that they generate the value Error instead of a valid temperature. In this case we can not make comparisons like Error < 400 The logic in VDM is equipped with facilities for handling undefined applications of operators (e.g. if division by zero could occur). Truth tables are extended to deal with the possibility that undefined values can occur, e.g. A true false * not A false true * * represents the undefined value Formal Methods in SE

26 26 Disjunction in LPF A true false * B true false * true false * true false * A or B true false * true * If one disjunct is true, we know that the whole disjunction is true, regardless of whether the other disjunct is true, false or undefined. Formal Methods in SE

27 27 Conjunction in LPF A true false * B true false * true false * true false * A and B true false * false * false * If one conjunct is false, we know that the whole conjunction is false, regardless of whether the other disjunct is true, false or undefined. Formal Methods in SE

Download ppt "Formal Methods in SE Lecture 20. Agenda 2  Relations in Z Specification Formal Methods in SE."

Similar presentations

The Logic of Quantified Statements

The Logic of Quantified Statements
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
L41 Lecture 2: Predicates and Quantifiers.. L42 Agenda Predicates and Quantifiers –Existential Quantifier  –Universal Quantifier 

L41 Lecture 2: Predicates and Quantifiers.. L42 Agenda Predicates and Quantifiers –Existential Quantifier  –Universal Quantifier 
Week 1 Chapter 1 + Appendix A Signals carry information Signals are represented by functions Systems transform signals Systems are represented by functions,

Week 1 Chapter 1 + Appendix A Signals carry information Signals are represented by functions Systems transform signals Systems are represented by functions,
Computability and Complexity 8-1 Computability and Complexity Andrei Bulatov Logic Reminder.

Computability and Complexity 8-1 Computability and Complexity Andrei Bulatov Logic Reminder.
9/28/98 Prof. Richard Fikes First-Order Logic Knowledge Interchange Format (KIF) Computer Science Department Stanford University CS222 Fall 1998.

9/28/98 Prof. Richard Fikes First-Order Logic Knowledge Interchange Format (KIF) Computer Science Department Stanford University CS222 Fall 1998.
EECS 20 Lecture 3 (January 22, 2001) Tom Henzinger Sets, Tuples, Functions.

EECS 20 Lecture 3 (January 22, 2001) Tom Henzinger Sets, Tuples, Functions.
1 Math 306 Foundations of Mathematics I Math 306 Foundations of Mathematics I Goals of this class Introduction to important mathematical concepts Development.

1 Math 306 Foundations of Mathematics I Math 306 Foundations of Mathematics I Goals of this class Introduction to important mathematical concepts Development.
1 Predicates and quantifiers Chapter 8 Formal Specification using Z.

1 Predicates and quantifiers Chapter 8 Formal Specification using Z.
EECS 20 Lecture 2 (January 19, 2001) Tom Henzinger Mathematical Language.

EECS 20 Lecture 2 (January 19, 2001) Tom Henzinger Mathematical Language.
Week 1 1.websitewebsite 2.takehome examtakehome 3.Chapter 1.1 + Appendix A.

Week 1 1.websitewebsite 2.takehome examtakehome 3.Chapter Appendix A.
Discrete Mathematics Math 6A Instructor: M. Welling.

Discrete Mathematics Math 6A Instructor: M. Welling.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6 The Relational Algebra and Relational Calculus.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6 The Relational Algebra and Relational Calculus.
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
CSE115/ENGR160 Discrete Mathematics 01/20/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 01/20/11 Ming-Hsuan Yang UC Merced 1.
Adapted from Discrete Math

Adapted from Discrete Math
Predicates and Quantifiers

Predicates and Quantifiers
True or False Unit 3 Lesson 7 Building Blocks of Decision Making With Additions & Modifications by Mr. Dave Clausen True or False.

True or False Unit 3 Lesson 7 Building Blocks of Decision Making With Additions & Modifications by Mr. Dave Clausen True or False.
Discrete Mathematics Goals of a Discrete Mathematics Learn how to think mathematically 1. Mathematical Reasoning Foundation for discussions of methods.

Discrete Mathematics Goals of a Discrete Mathematics Learn how to think mathematically 1. Mathematical Reasoning Foundation for discussions of methods.

Similar presentations

Ads by Google