Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture 12 – Formal Specifications 1COMP201 - Software Engineering
Recap on Formal Specification Objectives: To explain why formal specification techniques help discover problems in system requirements To describe the use of: algebraic techniques (for interface specification) and model-based techniques (for behavioural specification) To introduce Abstract State Machine Model (ASML) 2COMP201 - Software Engineering
Behavioural Specification Algebraic specification can be cumbersome when the object operations are not independent of the object state Model-based specification exposes the system state and defines the operations in terms of changes to that state 3COMP201 - Software Engineering
OSI Reference Model Application Model-based specification Algebraic specification 4COMP201 - Software Engineering
Abstract State Machine Language (AsmL) AsmL is a language for modelling the structure and behaviour of digital systems. We will see a basic introduction to ASML and how some concepts can be encoded formally. (We will not go into too many details but just see the overall format ASML uses). AsmL can be used to faithfully capture the abstract structure and step-wise behaviour of any discrete systems, including very complex ones such as: Integrated circuits Software components Devices that combine both hardware and software 5COMP201 - Software Engineering
Abstract State Machine Language An AsmL model is said to be abstract because it encodes only those aspects of the system’s structure that affect the behaviour being modelled The goal is to use the minimum amount of detail that accurately reproduces (or predicts) the behaviour of the system that we wish to model This means we may obtain an overview of the system without becoming bogged down in irrelevant implementation details and concentrate on important concerns such as concurrency. 6COMP201 - Software Engineering
Abstract State Machine Language Abstraction helps us reduce complex problems into manageable units and prevents us from getting lost in a sea of details AsmL provides a variety of features that allows us to describe the relevant state of a system in a very economical and high-level way 7COMP201 - Software Engineering
Abstract State Machines and Turing Machines An abstract state machine is a particular kind of mathematical machine, like a Turing machine (TM) But unlike a TM, abstract state machines may be defined by a very high level of abstraction An easy way to understand ASMs is to see them as defining a succession of states that may follow an initial state 8COMP201 - Software Engineering
9 Sets Described Algorithmically Sometimes, we may wish to describe a set algorithmically. We shall now see how this may be done is ASML. Problem: Suppose we have a set that includes the integers from 1 to 20 and we want to find those numbers that, when doubled, still belong to the set. Solution: A = {1..20} C = {i | i in A where 2*i in A} Main() step WriteLine(C) Informal Formal (ASML)
10 Sequences A Sequence is a collection of elements of the same type, just as a set is but they differ from sets in two ways: A sequence is ordered while a set is not. A sequence can contain duplicate elements while a set does not. Elements of sequences are contained within square brackets: [ ]: e.g. [1,2,3,4], [4,3,2,1], [a,e,i,o,u], [a,a,e,i,o,u]
11 Sequences X={1,2,3,4} Y={1,1,2,3,4} Z=[1,1,2,3,4] Main() step WriteLine(“X=” +X) step WriteLine (“Y=” +Y) The result is: X = {1,2,3,4} Y = {1,2,3,4} Z = [1,1,2,3,4]
SORT Algorithm We shall now consider a simple specification of a one-swap- at-a-time sorting algorithm and how it can be written in ASML. 12COMP201 - Software Engineering
Sorting Example COMP201 - Software Engineering
ASML Example var A as Seq of Integer swap() choose i in {0..length(A)-1}, j in {0..length(A)-1} where i A(j) A(j) := A(i) A(i) := A(j) sort() step until fixpoint swap() Main() step A := [-4,6,9,0, 2,-12,7,3,5,6] step WriteLine(“Sequence A : ") step sort() step WriteLine("after sorting: " + A) 14COMP201 - Software Engineering Method declaration Continue to do next operation ( swap() ) until “fixpoint”, i.e. no more changes occur. A is a sequence (i.e. Ordered set) of integers
ASML Example var A as Seq of Integer swap() choose i in {0..length(A)-1}, j in {0..length(A)-1} where i A(j) A(j) := A(i) A(i) := A(j) sort() step until fixpoint swap() Main() step A := [-4,6,9,0, 2,-12,7,3,5,6] step WriteLine(“Sequence A : ") step sort() step WriteLine("after sorting: " + A) 15COMP201 - Software Engineering Choose indices i,j such that i < j and A(i) < A(j) (thus the array elements i,j are not currently ordered). Swap elements A(i) and A(j) Continue to call swap() until there are no more updates possible (thus the sequence is ordered)
Hoare’s Quicksort l Quicksort was discovered by Tony Hoare (published in 1962). l Here is the outline Pick one item from the array--call it the pivot Partition the items in the array around the pivot so all elements to the left are smaller than the pivot and all elements to the right are greater than the pivot Use recursion to sort the two partitions 16COMP201 - Software Engineering
An Example Initial array COMP201 - Software Engineering
Hoare's Quicksort using Sequences and Recursion qsort(s as Seq of Integer) as Seq of Integer if s = [] then return [] else pivot = Head(s) rest = Tail(s) return qsort([y | y in rest where y < pivot]) + [pivot] + qsort([y | y in rest where y ≥ pivot]) A sample main program sorts the Sequence [7, 8, 2, 42] and prints the result: Main() WriteLine(qsort([7, 8, 2, 42])) 18COMP201 - Software Engineering
Shortest Paths Algorithm l Specification of Shortest Paths from a given node s. l The nodes of the graph are given as a set N. l The distances between adjacent nodes are given by a map D, where D(n,m)=infinity denotes that the two nodes are not adjacent. 19COMP201 - Software Engineering
What is the Shortest Distance from SeaTac to Redmond? SeaTacSeattle Bellevue Redmond COMP201 - Software Engineering
Graph Declaration structure Node s as String infinity = 9999 SeaTac = Node("SeaTac") Seattle = Node("Seattle“) Bellevue = Node("Bellevue") Redmond = Node("Redmond") N = {SeaTac, Seattle, Bellevue, Redmond} D = {(SeaTac, SeaTac) -> 0, (SeaTac, Seattle) -> 11, (SeaTac, Bellevue) -> 13, (SeaTac, Redmond) -> infinity, // to be calculated (Seattle, SeaTac) -> 11, (Seattle, Seattle) -> 0, (Seattle, Bellevue) -> 5, (Seattle, Redmond) -> 9, (Bellevue, SeaTac) -> 13, (Bellevue, Seattle) -> 5, (Bellevue, Bellevue) -> 0, (Bellevue, Redmond) -> 5, (Redmond, SeaTac) -> infinity, // to be calculated (Redmond, Seattle) -> 9, (Redmond, Bellevue) -> 5, (Redmond, Redmond) -> 0} 21COMP201 - Software Engineering
shortest( s as Node, N as Set of Node, D as Map of (Node, Node) to Integer) as Map of Node to Integer var S = {s -> 0} merge {n -> infinity | n in N where n ne s} step until fixpoint forall n in N where n ne s S(n) := min({S(m) + D(m,n) | m in N}) step return S min(s as Set of Integer) as Integer require s ne {} return (any x | x in s where forall y in s holds x lte y) Shortest Path Implementation 22COMP201 - Software Engineering
S(n) := min({S(m) + D(m,n) | m in N}) s m n S(m) D(m,n) ? 23COMP201 - Software Engineering
The Main Program Main() // … Graph specification … shortestPathsFromSeaTac = shortest(SeaTac, N, D) WriteLine("The shortest distance from SeaTac to Redmond is” + shortestPathsFromSeaTac(Redmond) + " miles.") The shortest distance from SeaTac to Redmond is 18 miles. 24COMP201 - Software Engineering
Lecture Key Points Formal system specification complements informal specification techniques. Formal specifications are precise and unambiguous. They remove areas of doubt in a specification. Formal specification forces an analysis of the system requirements at an early stage. Correcting errors at this stage is cheaper than modifying a delivered system. Formal specification techniques are most applicable in the development of critical systems and standards. 25COMP201 - Software Engineering
Lecture Key Points Algebraic techniques are suited to interface specification where the interface is defined as a set of object classes. Model-based techniques model the system using sets and functions. This simplifies some types of behavioural specification. Operations are defined in a model-based spec. by defining pre and post conditions on the system state. AsmL is a language for modelling the structure and behaviour of digital systems. 26COMP201 - Software Engineering