VDM - Part II Models and Analysis of Software Lecture 4 Jerzy Nawrocki Models and Analysis of Software Lecture 4 VDM - Part II Jerzy.Nawrocki@put.poznan.pl www.cs.put.poznan.pl/jnawrocki/mse/models/ Copyright, 2003 © Jerzy R. Nawrocki Models & Analysis of Software, Lecture 4

From the previous lecture.. Jerzy Nawrocki From the previous lecture.. Introduction to VDM VDM = Very Difficult Method Model-based: basic types (integer, real, ..) and compound types (sets, sequences, ..) Implicit specification (what?) and explicit one (how?). No explicit support for concurrency and time. J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

From the previous lecture.. Jerzy Nawrocki From the previous lecture.. Quantifiers That’s really different from Pascal! -- A prime number, n, is -- divisible only by 1 and n. IsPrime (n: N1) res: B post res  k  N1  (1 < k  k < n)  n mod k  0 J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

From the previous lecture.. Jerzy Nawrocki From the previous lecture.. Pre-conditions Quotient (-6, 2) = 3 Quotient (a, b: Z) res: N pre b  0 post res = (abs a) div (abs b) J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

From the previous lecture.. Jerzy Nawrocki From the previous lecture.. Sequences (I) -- CDs = sequence of Common Divisors CDs (a, b: N1) res: N1+ post res = [k | k  N1  a mod k = 0  b mod k = 0] J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Characters and strings Jerzy Nawrocki Plan of the lecture From the previous lecture.. Characters and strings Type invariants Records Miscellaneous J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Characters and strings char - alfanumeric characters char* - possibly empty sequence of char char+ - nonempty sequence of char 'a' - a character literal "ABBA" - a string of chars (text) "S. Covey" = ['S', '.', ' ', 'C', 'o', 'v', 'e', 'y'] "S. Covey"(1)= 'S' J. Nawrocki, Models & ...

Characters and strings Reversing a string -- Reversing a string of characters reverse(t: char*) res: char* post (t = [ ]  res = [ ])  (t  [ ]  res = (tl t) [hd t] reverse("top") = "pot" J. Nawrocki, Models & ...

Characters and strings Reversing a string -- Reversing a string of characters reverse(t: char*) res: char* post (t = [ ]  res = [ ])  (t  [ ]  res = reverse(tl t) [hd t] reverse("top") = "pot" Important modification J. Nawrocki, Models & ...

Characters and strings Integer to text conversion Can’t be simpler? d_seq= ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'] -- Integer to text conversion i2t(i: N) t: char+ post (i=0  t="0")  (i>0  t=i2t1(i)) i2t1(i: N) t: char* post (i=0  t= [ ])  (i>0  t=i2t1(i div 10) [d_seq(i mod 10 + 1)]) J. Nawrocki, Models & ...

Plan of the lecture Type invariants From the previous lecture.. Jerzy Nawrocki Plan of the lecture From the previous lecture.. Characters and strings Type invariants Records Miscellaneous J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Declaration of invariants Type invariants Declaration of invariants 0  b  b  1 resembles 0  b  1 Id = T inv Pattern  Boolean_condition Bit = N inv Bit  0  b  b  1 Bit = {b | b  N  0  b  b  1} J. Nawrocki, Models & ...

Defining prime numbers Type invariants Defining prime numbers More reusable and readable! Prime = N1 inv Prime   i N1  (1<i  i<a)  a mod i  0 is_prime(a: N1) res: B post res =  i N1  (1<i  i<a)  a mod i  0 Prime = N1 inv Prime  is_prime(a) J. Nawrocki, Models & ...

Here the defined type is used. Type invariants Using prime numbers -- Checking if every even number between a and b -- can be represented as a sum of 2 prime numbers goldbach(a,b: N1) res: B pre a  b post res =  i N1  (a  i  i  b  i mod 2 = 0)   x,y: Prime  i= x+y Here the defined type is used. J. Nawrocki, Models & ...

Plan of the lecture Records From the previous lecture.. Jerzy Nawrocki Plan of the lecture From the previous lecture.. Characters and strings Type invariants Records Miscellaneous J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Records Record definition ‘FamilyN’ Rec:: Field1 : T1 stands for ‘Family Name’ Rec:: Field1 : T1 Field2 : T2 . . . Fieldn : Tn Worker:: FamilyN: char+ FirstN: char+ Hours: N J. Nawrocki, Models & ...

Selecting the field ‘Hours’. Records Field selection Rec.Field WorkersFile = Worker* total_hours(w: WorkersFile) res: N post (w=[ ]  res = 0)  (w [ ]  res = (hd w).Hours + total_hours(tl w) Selecting the field ‘Hours’. J. Nawrocki, Models & ...

Plan of the lecture Miscellaneous From the previous lecture.. Jerzy Nawrocki Plan of the lecture From the previous lecture.. Characters and strings Type invariants Records Miscellaneous J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Unions T1 | T2 Enumerated types: Signal = RED | AMBER | GREEN J. Nawrocki, Models & ...

Optional types N N N nil - absence of a value Optional type: Optional type operator: Expression = nil  | nil or  [ ] N N N if next(P) = nil .. J. Nawrocki, Models & ...

Explicit functions N max: x x  max (x, y, z)  func_name: T1 x T2 x .. x Tn  T func_name(Id1, Id2, .., Idn)  E pre B max: x x  max (x, y, z)  if (y  x)  (z  x) then x elseif (x  y)  (z  y) then y else z N J. Nawrocki, Models & ...

Polymorphic functions max [ @num ]: @num x @num x @num  @num max (x, y, z)  if (y  x)  (z  x) then x elseif (x  y)  (z  y) then y else z result = max [ ] (1, 2, 3) N result = max [ ] (1.1, 2.2, 3.3) R J. Nawrocki, Models & ...

State N state Id of field_list inv invariant_definition init initialisation end state maximum of max: init mk_maximum(m)  m=0 end N J. Nawrocki, Models & ...

State R Another example state Id of field_list inv invariant_definition init initialisation end Another example state aircraft of speed: height: inv mk_aircraft(-,h)  (h  0.0) init mk_aircraft(s,h)  (s=0.0)  (h= 0.0) end R J. Nawrocki, Models & ...

Implicit operations N Op_name (Id1: T1, .., Idk:Tk) Idr: Tr ext Access_vars pre B post B’ Access_vars: rd or wr prefix MAX3() ext rd x, y, z: wr max: post (x  max)  (y  max)  (z  max)  (max  {x, y, z}) N J. Nawrocki, Models & ...

Implicit operations N Old state: variable MAX_NUM(n: ) ext wr max: post (n  max)  (max = max  max = n) N J. Nawrocki, Models & ...

Error definitions N PUT_YEAR(year: ) ext wr yr: pre year  1994 post yr = year errs yr2dXIX: 94  year  year  99  yr= year+1900 yr2dXX: year < 94  yr = year+2000 N J. Nawrocki, Models & ...

Explicit operations N o OPER_NAME: T1 x .. x Tn  T OPER_NAME (Id1, Id2, .., Idn)  Expression pre B MAX_NUM:  () MAX_NUM (n)  if max < n then max:= n else skip N o J. Nawrocki, Models & ...

Conditionals if B1 then ES1 elseif B2 then ES2 . . . elseif Bn then ESn else ES cases Es: P1  ES1 . . . Pn  ESn others  ES end J. Nawrocki, Models & ...

Iteration statements for Id= E1 to E2 by Inc do St for Id in Sq do St for Id in reverse Sq do St for all Id  E do St while B do St J. Nawrocki, Models & ...

Summary At last! Character string = sequence. Type invariants allow to define quite complicated types (e.g. prime numbers). Records allow do specify database-like computations. At last! J. Nawrocki, Models & ...

Jerzy Nawrocki Homework Specify a function digit 5 that returns a sequence of decimal digits of a number k (see functions digits3 and digits2). Specify an example of a function that would be an implementation of a JOIN operation in a relational database. Specify a polymorphic projection and selection operation. J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Jerzy Nawrocki Further readings A. Harry, Formal Methods Fact File, John Wiley & Sons, Chichester, 1996.  J. Nawrocki, Models & ... Models & Analysis of Software, Lecture 4

Quality assessment 1. What is your general impression? (1 - 6) 2. Was it too slow or too fast? 3. What important did you learn during the lecture? 4. What to improve and how? J. Nawrocki, Models & ...