Presentation is loading. Please wait.

Presentation is loading. Please wait.

An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate.

Published byHope Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate."— Presentation transcript:

1 An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate the components of a UML class diagram with those of a VDM specification; declare constants and specify functions to enhance the specification; explain the use of a state invariant to place a global constraint on the system; explain the purpose of the nil value in VDM.

2 The Incubator case study The temperature of the incubator needs to be carefully controlled and monitored; Initially we will specify the software needed to monitor the incubator temperature; Later we will specify the software needed to monitor and control the incubator temperature. Safety requirements : -10 Celsius TEMPERATURE +10 Celsius

3 The UML specification IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer

4 Specifying the ‘state’ in VDM-SL in VDM-SL the state refers to the permanent data that must be stored by the system, and which can be accessed by means of operations; It corresponds to the attributes in the class diagram; The state is specified by declaring variables, in a similar manner a programming language and UML. Each variables is given a name, and a VDM-SL type.

5 The intrinsic types available in VDM-SL  :natural numbers (positive whole numbers)  1 :natural numbers excluding zero  : integers (positive and negative whole numbers)  : real numbers (positive and negative numbers that can include a fractional part)  : boolean values (true or false) Char : the set of alphanumeric characters

6 Specifying the state of the Incubator Monitor System IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer state IncubatorMonitor of end temp :  UML VDM-SL

7 Specifying the operations in VDM-SL IncubatorMonitor temp : Integer increment() decrement() getTemp() : Integer Each operation specified in VDM-SL as follows: the operation header the external clause the precondition the postcondition

8 The increment operation increment() ext ? pre ? post ? temp < 10 wr ? temp :  temp = + 1 + 1 = temp temp - = 1 temp >

9 The decrement operation decrement() ext ? pre ? post ? temp > -10 temp = - 1 wr ? temp : 

10 The getTemp operation getTemp() ext ? pre ? post ? currentTemp :  rdtemp :  currentTemp = temp TRUE

11 Declaring constants It is possible in VDM-SL to specify constants; It is done by using the keyword values; The declaration would come immediately before the state definition: values MAX :  = 10 MIN :  = -10 decrement() ext wrtemp :  pre temp > -10 post temp = - 1 MIN

12 Specifying functions A function is a set of assignments from one set to another; The function receives an input value (or values) and maps this to an output value according to some rule; hasPassed 46 79 50 FALSE TRUE  There are two ways in which we can specify a function in VDM-SL

13 Specifying a function explicitly The style of this specification is algorithmic; We explicitly define the method of transforming the inputs to the output. Example add:      add(x, y) ∆ x + y signaturedefinition

14 Specifying a function implicitly We use a pre- and postcondition in the same way as we described for operations; A function, however, does not access the state variables. add( ) pre ? post ? x, y : :  : :  z:  z = x + y TRUE

15 An absolute function defined implicitly abs( ) pre ? post ? z :  r :  z<0  r = -z  z  0  r = z TRUE

16 An absolute function defined explicitly abs:    abs(z) ∆if z < 0 then -z else z

17 Recursive functions Some functions can be neatly specified by a recursive definition, whereby the function calls itself. Example a factorial function: factorial:    factorial(n) ∆ if n = 0 then 1 else n x factorial(n - 1)

18 State invariants Before we specified local constraint with preconditions. We can also specify a global constraint. In VDM-SL we incorporate such a restriction into the specification with a function called a state invariant; The invariant definition uses the keyword inv. Its signature will be: inv : State  

19 Adding a state invariant into the IncubatorMonitor system inv mk-IncubatorMonitor(t)  MIN  t  MAX -10 Celsius TEMPERATURE +10 Celsius

20 Specifying an initialization function An initialization function is given the name init; We will assume that when the incubator is turned on, its temperature is adjusted until a steady 5 degrees Celsius is obtained. init mk-IncubatorMonitor(t)  t = 5

21 The modified state specification values MAX :  = 10 MIN :  = -10 state IncubatorMonitor of temp :  inv mk-IncubatorMonitor(t)  MIN  t  MAX init mk-IncubatorMonitor(t)  t = 5 end

22 Improving the Incubator System IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

23 Enumerated types The signal sent to the hardware could be one of 3 possible values: 1.an instruction to the hardware to increase the temperature; 2.an instruction to the hardware to decrease the temperature; 3.an instruction to the hardware to do nothing. A type that consists of a number of named values is often referred to as an enumerated type;

24 A standard method of marking a UML class as an enumerated type is to add > above the type name: Enumerated types in UML > Signal INCREASE DECREASE DO_NOTHING

25 In VDM-SL the types clause is the appropriate place to define new types. Enumerated types in VDM-SL types Signal = < INCREASE >|< DECREASE >|< DO_NOTHING > values ….. state ….. end

26 The nil value It is common in the programming world for a value to be undefined; VDM-SL allows for this concept by including the possibility of a term or expression having the value nil, meaning that it is undefined; We do that by placing square brackets around the type name: [  ] natural numbers or nil [  ] integers or nil. When the incubator system first comes into being, the actual and requested values will be undefined, and must therefore be set to nil;

27 Specifying the IncubatorController state state IncubatorController of requestedTemp : [  ] actualTemp : [  ] IncubatorController requestedTemp : Integer actualTemp : Integer setIInitialTemp(Integer) requestChange(Integer) : Signal increment() : Signal decrement() : Signal getRequestedTemp() : Integer getActualTemp() : Integer

28 The invariant The actual temperature must not be allowed to go outside the range of -10 to +10 degrees; However we need now to allow for the possibility that it could be equal to the nil value; The same is true for the requested temperature. inv mk-IncubatorController (r, a)  (MIN  r  MAX  r = nil)(MIN  a  MAX  a = nil) 

29 Improving the readability of the spec by using a function inRange( ) pre post val :  result :  result  MIN  val  MAX TRUE inv mk-IncubatorController (r, a)  (inRange(r)  r = nil)  (inRange(a)  a = nil)

30 The initialisation function init mk-IncubatorController (r, a)  r = nil  a = nil

31 Specifying the setInitialTemp operation setInitialTemp( ) ext pre post tempIn :  wractualTemp : [  ] actualTemp = tempIn inRange(tempIn)actualTemp = nil 

32 The requestChange operation requestChange( ) ext pre post tempIn :  signalOut : Signal requestedTemp : [  ]wr actualTemp : [  ]rd requestedTemp = tempIn ( )  signalOut = < INCREASE > signalOut = < DECREASE > signalOut = < DO_NOTHING > tempIn < actualTemp  tempIn > actualTemp  tempIn = actualTemp    actualTemp  nil  inRange(tempIn)

33 The increment operation increment () ext pre post signalOut : Signal requestedTemp : [  ] rd actualTemp : [  ] wr actualTemp = actualTemp + 1 signalOut = < INCREASE> signalOut = < DO_NOTHING> ( )   actualTemp < requestedTemp  actualTemp = requestedTemp  actualTemp < requestedTemp  requestedTemp  nil  actualTemp  nil

34 The getRequestedTemp operation getRequestedTemp() ext pre post currentRequested : [  ] requestedTemp : [  ] rd currentRequested = requestedTemp TRUE

35 The getActualTemp operation getActualTemp() ext pre post currentActual : [  ] actualTemp : [  ] rd currentActual = actualTemp TRUE

36 A standard template for VDM-SL specifications types SomeType = ….. values constantName : ConstantType = someValue state SystemName of attribute1 : Type : attributen : Type inv mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) init mk-SystemName(i1:Type,..., in:Type)  Expression(i1,..., in) end functions specification of functions..... operations specification of operations.....

Download ppt "An introduction to specification in VDM-SL At the end of this lecture you should be able to: write a formal specification of a system in VDM-SL; correlate."

Similar presentations

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 2: Data types and addressing modes dr.ir. A.C. Verschueren.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 2: Data types and addressing modes dr.ir. A.C. Verschueren.
Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.

Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.
Fields, Constructors, Methods

Fields, Constructors, Methods
Chapter 7: User-Defined Functions II

Chapter 7: User-Defined Functions II
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 3: Primitive Data Types.
Introduction to Computers and Programming Lecture 7:

Introduction to Computers and Programming Lecture 7:
© Janice Regan, CMPT 102, Sept. 2006 0 CMPT 102 Introduction to Scientific Computer Programming Expressions and Operators Program Style.

© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming Expressions and Operators Program Style.
Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.

Vienna Development Method SIM5104. one of the longest-established Formal Methods for the development of computer- based systemsFormal Methods Originating.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
0 Chap. 2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations Imperative Programming, B. Hirsbrunner,

0 Chap. 2. Types, Operators, and Expressions 2.1Variable Names 2.2Data Types and Sizes 2.3Constants 2.4Declarations Imperative Programming, B. Hirsbrunner,
CS100A, Fall 1997, Lectures 221 CS100A, Fall 1997 Lecture 22, Tuesday 18 November Introduction To C Goal: Acquire a reading knowledge of basic C. Concepts:

CS100A, Fall 1997, Lectures 221 CS100A, Fall 1997 Lecture 22, Tuesday 18 November Introduction To C Goal: Acquire a reading knowledge of basic C. Concepts:
1 Midterm Review COMP 102. Tips l Eat a light meal before the exam l NO electronic devices (including calculators, dictionaries, phones, pagers, etc.)

1 Midterm Review COMP 102. Tips l Eat a light meal before the exam l NO electronic devices (including calculators, dictionaries, phones, pagers, etc.)
Describing Syntax and Semantics

Describing Syntax and Semantics
© The McGraw-Hill Companies, 2006 Chapter 7 Implementing classes.

© The McGraw-Hill Companies, 2006 Chapter 7 Implementing classes.
Recursion In general there are two approaches to writing repetitive algorithms. One uses loops(while, do while and for): the other uses recursion. Recursion.

Recursion In general there are two approaches to writing repetitive algorithms. One uses loops(while, do while and for): the other uses recursion. Recursion.
Chapter 3: Introduction to C Programming Language C development environment A simple program example Characters and tokens Structure of a C program –comment.

Chapter 3: Introduction to C Programming Language C development environment A simple program example Characters and tokens Structure of a C program –comment.
Functions. Program complexity the more complicated our programs get, the more difficult they are to develop and debug. It is easier to write short algorithms.

Functions. Program complexity the more complicated our programs get, the more difficult they are to develop and debug. It is easier to write short algorithms.
Fortran- Subprograms Chapters 6, 7 in your Fortran book.

Fortran- Subprograms Chapters 6, 7 in your Fortran book.
Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

Sequences At the end of this lecture you should be able to: provide a definition of a VDM sequence; utilize and interpret sequence notation; make appropriate.

Similar presentations

Ads by Google